last executing test programs: 10m13.719965726s ago: executing program 0 (id=503): sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000280)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_WINDOW(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="09090000000000000000010000d02200000008410000004c00180000006062726f6164636173742d6c696e6b00"/74], 0x68}}, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4020}, 0x80) bind$unix(0xffffffffffffffff, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) accept(0xffffffffffffffff, 0x0, 0x0) getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0x20002078) 10m5.177939551s ago: executing program 3 (id=531): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x3, 0x0, @remote, 0x5}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x952b, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x50) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r1}, 0x0, 0x0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = socket$inet(0x2, 0x1, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x1, 0x41, "0062ba7d82000000000000000000f7ffffff00"}) r7 = syz_open_pts(0xffffffffffffffff, 0x0) r8 = dup3(r7, 0xffffffffffffffff, 0x0) read$usbmon(r8, &(0x7f0000000300)=""/204, 0xcc) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r10, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x4000) sendmsg$TIPC_NL_KEY_SET(r8, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x50, r10, 0x8, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_BEARER={0x3c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @multicast1}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x48, @private2, 0x6}}}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x20048845) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x2, 0x3, 0x290, 0xb, 0x0, 0xf0, 0xf8, 0xf0, 0x1f8, 0x1f8, 0x1f8, 0x1f8, 0x1f8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'ip6gretap0\x00', 'syzkaller1\x00', {}, {}, 0x11}, 0xb000000, 0xd8, 0xf8, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x8}}, @common=@unspec=@quota={{0x38}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f0) 10m1.903431684s ago: executing program 0 (id=535): sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) socket$packet(0x11, 0x2, 0x300) timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8936, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x3f}, 0x78}) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000440), 0x210400, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r4}}) bind$tipc(r2, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$tipc(r6, &(0x7f0000000540)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x2, {{0x40}, 0xffffffbc}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8800}, 0x10) 10m0.17365559s ago: executing program 0 (id=538): socket$packet(0x11, 0x3, 0x300) r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000580)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f00000001c0)={0x1, &(0x7f0000005700)=[{0x6, 0x0, 0x0, 0xfc}]}) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300)) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000001f00)) sendmmsg(r1, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000007c0)="0281", 0x2}], 0x1}}], 0x1, 0x24005805) 9m59.998283936s ago: executing program 3 (id=539): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000001c0)={0x0, 0x1}, 0x8) r1 = dup(r0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x36d, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000280)={0x16, 0xfffffe88, 0xfa00, {0x0, 0x4, 0xffffffffffffffff, 0x10, 0x0, @in={0x2, 0x4e22, @multicast1}}}, 0xa0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000040)={0x8, 0x2, 0x9fb, 0x2}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x13f, 0x1}}, 0xfed7) sendto$inet6(r1, &(0x7f0000000400)='(', 0x1, 0x48d5, 0x0, 0x0) 9m59.861677878s ago: executing program 0 (id=541): connect$inet(0xffffffffffffffff, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r1, 0x0, 0x0) connect$rose(r1, &(0x7f00000001c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @bcast}, 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 9m59.525332302s ago: executing program 3 (id=542): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) syz_emit_ethernet(0xa6, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c200000000000000000086dd6000400000703afffe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0) 9m59.461781289s ago: executing program 0 (id=543): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000002140), 0x902, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000000)={0x5000000000000000, 0x2, 0x0, 0x0, 0x20}) 9m59.257672773s ago: executing program 3 (id=544): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r5, 0x891c, &(0x7f0000000e80)={'syz_tun\x00', {0x2, 0x4e25, @empty}}) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000680)=ANY=[], 0x50) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0xb) mkdir(&(0x7f0000000540)='./file0\x00', 0x108) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000002c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) 9m49.652685913s ago: executing program 32 (id=533): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[], 0xb0) write$FUSE_INIT(r2, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) utime(0x0, 0x0) 9m48.144671367s ago: executing program 4 (id=550): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 9m47.805468102s ago: executing program 4 (id=551): socket$packet(0x11, 0x3, 0x300) r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000580)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f00000001c0)={0x1, &(0x7f0000005700)=[{0x6, 0x0, 0x0, 0xfc}]}) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300)) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000001f00)) sendmmsg(r1, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000007c0)="0281", 0x2}], 0x1}}], 0x1, 0x24005805) 9m47.465292172s ago: executing program 4 (id=553): connect$inet(0xffffffffffffffff, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r1, 0x0, 0x0) connect$rose(r1, &(0x7f00000001c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @bcast}, 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 9m46.329509507s ago: executing program 4 (id=555): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x1ae, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tipc_packet={0xc, 0x6, "2c1137", 0x178, 0x6, 0x0, @loopback, @mcast2, {[@fragment={0x4, 0x0, 0x80, 0x1, 0x0, 0x6, 0x68}, @srh={0xff, 0xc, 0x4, 0x6, 0x90, 0x70, 0x8e4a, [@remote, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x1d}, @rand_addr=' \x01\x00', @dev={0xfe, 0x80, '\x00', 0x24}]}, @dstopts={0x2f, 0x0, '\x00', [@padn]}, @routing={0x5c, 0x6, 0x2, 0x81, 0x0, [@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @private2, @private0]}, @dstopts={0x73, 0xa, '\x00', [@calipso={0x7, 0x38, {0x0, 0xc, 0x7, 0x6, [0x6, 0x7, 0x7, 0x2, 0x277879ac, 0x7]}}, @enc_lim={0x4, 0x1, 0x1}, @padn, @generic={0x8, 0x12, "4de8c188045f8b77e186c5454f1ca239db86"}]}], @name_distributor={{0x60, 0x0, 0x0, 0x0, 0x0, 0xa, 0xb, 0x2, 0x5, 0x0, 0x0, 0xfff9, 0x8, 0x2, 0x4e23, 0x4e24, 0x2, 0x1, 0x0, 0x0, 0x1}, [{0x4, 0x8, 0x1, 0x2, 0xac1, 0x80, 0x9, 0x200}, {0x7f, 0xffff, 0x7f, 0xf8e, 0x400, 0x3, 0x3, 0xffffff9}]}}}}}}, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) 9m46.030969988s ago: executing program 3 (id=556): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x18) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 9m44.972956702s ago: executing program 4 (id=558): syz_usb_connect(0x0, 0x5a, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0xf03, 0x4, 0x5}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x902, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r4}, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) socket$packet(0x11, 0xa, 0x300) r5 = socket$packet(0x11, 0x2, 0x300) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r6, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r5, &(0x7f0000000300)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @remote}, 0x14) r9 = socket$packet(0x11, 0x3, 0x300) bind$packet(r9, &(0x7f0000000000)={0x11, 0x0, r8, 0x1, 0x10, 0x6, @link_local}, 0x14) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) 9m44.693013321s ago: executing program 0 (id=559): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x66, &(0x7f0000000500)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x5, 0x0, 0x0, @broadcast=0x1000000, {0xf, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0x13}, @multicast2, {[@timestamp_addr={0x44, 0x4, 0x1}, @timestamp_addr={0x44, 0x24, 0x0, 0x1, 0x0, [{@multicast1}, {@rand_addr=0x64010102}, {@dev}, {@dev}]}]}}}}}}}, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) gettid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000)={0x3c6c, 0xc, 0x8001, 0x0, 0x9}) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) 9m42.975639677s ago: executing program 4 (id=561): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mlock(&(0x7f00006d3000/0x1000)=nil, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00), 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) connect$inet6(r3, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x300, 0x18c, 0x203, 0x0, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) 9m41.383948419s ago: executing program 1 (id=563): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x4d, 0x0, 0x8) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r2, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12}, 0x94) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r5, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x3}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0) 9m38.596549063s ago: executing program 1 (id=564): connect$inet(0xffffffffffffffff, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r1, 0x0, 0x0) connect$rose(r1, &(0x7f00000001c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @bcast}, 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 9m38.117022754s ago: executing program 1 (id=565): bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000200)={0x4, 0x0}, 0x8) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000240)={r0}, 0x4) 9m37.941155356s ago: executing program 1 (id=566): sched_setscheduler(0x0, 0x1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000180)=0x2, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x2, &(0x7f0000000240)=0x9, 0x4) setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0xd2, &(0x7f0000000d00)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60000000009c1100fe8000000000000000000000000000bbff02000000000000000000000000000100000e22009c90"], 0x0) 9m37.758111824s ago: executing program 1 (id=567): sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}}, 0xb8}, 0x1, 0x0, 0x0, 0x40080}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}}], {0x14}}, 0x3c}}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x4, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x4}}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in=@private=0xa010100, @in=@rand_addr=0x6, 0x6c, 0x0, 0x0, 0x0, 0xa, 0xa}]}]}, 0xa0}}, 0x0) 9m37.55073259s ago: executing program 1 (id=568): pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000040)=ANY=[], 0x15) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) keyctl$setperm(0x5, 0x0, 0x2000004) 9m35.7349013s ago: executing program 5 (id=549): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000080)=ANY=[@ANYBLOB="0200000000000000010000000400000000000000000000000700000000000000ff0100000000000000000100000000000800000007000000010e00000300"/71]) 9m31.945330088s ago: executing program 3 (id=569): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f0000"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{r3}, &(0x7f0000005680), &(0x7f00000056c0)}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0xfc, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0xd4, 0x8, 0x0, 0x1, [{0x54, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x8, 0x9, 0x0, 0x1, [{0x4}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "eff93d58460ea431f2cb4a6894ddb2834088d7445bf5afdd0619ce173f1db717"}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "491bc0be1dc1f88092e741a88b64f6dd9218ad21b44b472e44f1d0807ee6675c"}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ALLOWEDIPS={0x8, 0x9, 0x0, 0x1, [{0x4}]}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r7}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000073010d00000000009500000000000000f1be3631f6cdf4d7dfcd4dcc35dfd6d736146d9e6126c50a8876"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) 9m29.650305599s ago: executing program 33 (id=559): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x66, &(0x7f0000000500)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x5, 0x0, 0x0, @broadcast=0x1000000, {0xf, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0x13}, @multicast2, {[@timestamp_addr={0x44, 0x4, 0x1}, @timestamp_addr={0x44, 0x24, 0x0, 0x1, 0x0, [{@multicast1}, {@rand_addr=0x64010102}, {@dev}, {@dev}]}]}}}}}}}, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) gettid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f0000000000)={0x3c6c, 0xc, 0x8001, 0x0, 0x9}) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) 9m27.641087952s ago: executing program 34 (id=561): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mlock(&(0x7f00006d3000/0x1000)=nil, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00), 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) connect$inet6(r3, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x300, 0x18c, 0x203, 0x0, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) 9m21.645723061s ago: executing program 35 (id=568): pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000040)=ANY=[], 0x15) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) keyctl$setperm(0x5, 0x0, 0x2000004) 9m20.575892379s ago: executing program 36 (id=549): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000080)=ANY=[@ANYBLOB="0200000000000000010000000400000000000000000000000700000000000000ff0100000000000000000100000000000800000007000000010e00000300"/71]) 9m16.64315621s ago: executing program 37 (id=569): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f0000"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{r3}, &(0x7f0000005680), &(0x7f00000056c0)}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0xfc, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0xd4, 0x8, 0x0, 0x1, [{0x54, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x8, 0x9, 0x0, 0x1, [{0x4}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "eff93d58460ea431f2cb4a6894ddb2834088d7445bf5afdd0619ce173f1db717"}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "491bc0be1dc1f88092e741a88b64f6dd9218ad21b44b472e44f1d0807ee6675c"}]}, {0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ALLOWEDIPS={0x8, 0x9, 0x0, 0x1, [{0x4}]}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r7}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000001800)=ANY=[@ANYBLOB="1800000000000000000000000000000073010d00000000009500000000000000f1be3631f6cdf4d7dfcd4dcc35dfd6d736146d9e6126c50a8876"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) 14.525796849s ago: executing program 2 (id=1886): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000280), 0x8) getsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000003280)=""/76, &(0x7f00000002c0)=0x4c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f00000027c0)=0x3, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002800)=ANY=[@ANYBLOB="380000004800090329bd7000fddbdf250a008000", @ANYRES32=0x0, @ANYRESOCT=r1], 0x38}, 0x1, 0x0, 0x0, 0x4008840}, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000740)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) listen(r2, 0x1) ioctl$sock_TIOCINQ(r2, 0x541b, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$igmp(0x2, 0x3, 0x2) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000040)={@remote, @empty, 0x1, "4ef7289910e0843a8f13f2fe244b73fb24e0fe49951c925bca907f6a609d8f49"}, 0x3c) r6 = add_key$user(&(0x7f00000000c0), &(0x7f0000000280)={'syz', 0x3}, &(0x7f0000000180)="d3a24845fed3b644db111f6660fcd399052be391b829c18141634298ceeb56ee051e22d30dbb5f2c5ab2078c2c8cf5b9a0385ac162b836c7957ec2752acb894b12c965ca0e6ef3be0e26d7ce463ba7d45d493070046ee8bf617e890cd5321ff6387b3c061c485ebc22948c0292c94d7463b0a2daf8dd3e66c957e3aef3a4b95f4935d34e1bcbc49fc30eb919f98f0c8eeedbb598bc77f0ea766d13268eb19b0cfd6d9624efc20e49f72912e99e06f832a5d6a336636bcef1293071e0a88f8453", 0xc0, 0xffffffffffffffff) r7 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)="f9", 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000002940)={r7, r6, r7}, &(0x7f0000000440)=""/68, 0x44, &(0x7f0000000400)={&(0x7f00000002c0)={'xcbc(aes)\x00'}}) setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000040)={@remote, @empty, 0x0, "005c2beeb0801bd73c676461644cf36dfc15ea56886fff778a41757aa3ae714d"}, 0x3c) r8 = socket$l2tp(0x2, 0x2, 0x73) r9 = socket$phonet_pipe(0x23, 0x5, 0x2) recvmsg(r9, &(0x7f0000002780)={&(0x7f0000000080)=@pptp={0x18, 0x2, {0x0, @empty}}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000003300)=""/4096, 0x1000}, {&(0x7f0000000200)=""/124, 0x7c}, {&(0x7f0000000300)=""/224, 0xe0}, {&(0x7f0000000100)=""/24, 0x18}, {&(0x7f00000004c0)=""/55, 0x37}, {&(0x7f0000002840)=""/211, 0xd3}, {&(0x7f0000000500)=""/128, 0x80}, {&(0x7f0000000580)=""/63, 0x3f}], 0x8, &(0x7f0000002680)=""/228, 0xe4}, 0x10001) setsockopt$inet_mreq(r8, 0x0, 0x20, &(0x7f0000000000)={@initdev={0xac, 0x1e, 0x1, 0x0}, @empty}, 0x8) close(0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[0x0, &(0x7f0000000a40)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']}) 14.348109103s ago: executing program 9 (id=1887): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x3000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 11.149679178s ago: executing program 9 (id=1891): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2a32}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f00000001c0), &(0x7f0000000200)=0x30) 9.821534051s ago: executing program 9 (id=1894): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000007fc0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) (async, rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xf, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000d1000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003100000095"], &(0x7f0000000300)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94) (rerun: 32) write$binfmt_script(r1, &(0x7f0000000040), 0x55af) (async) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118) (async, rerun: 64) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) (async, rerun: 64) bind$inet(r2, 0x0, 0x0) (async) setsockopt$sock_int(r2, 0x1, 0x1, &(0x7f0000000000)=0xf, 0x4) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) (async) bpf$BPF_LINK_CREATE(0x8, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff, 0xb, 0x0, @val=@tracing={0x0, 0x7fffffffffffffff}}, 0x20) (async) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x66, &(0x7f0000000080), &(0x7f0000000000)=0x8) 9.732621847s ago: executing program 2 (id=1897): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000630124000000000095"], &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad", @ANYBLOB, @ANYRESOCT]) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20040800) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000000025000000000000004831ff53"], 0x3d}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffe, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x4000, 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x80000000], 0x0, 0x41901}) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$cgroup_ro(r2, &(0x7f00000000c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$UHID_CREATE2(r6, &(0x7f0000000400)=ANY=[], 0x1df) write$binfmt_misc(r6, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0xffffffffffffbffc]}}) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x5}) ioctl$UI_SET_FFBIT(r7, 0x4004556b, 0x51) ioctl$UI_DEV_CREATE(r7, 0x5501) r8 = syz_open_dev$evdev(&(0x7f0000000100), 0x72, 0x0) ioctl$EVIOCSFF(r8, 0x40304580, &(0x7f0000000500)={0x51, 0x0, 0xa, {0x2, 0xdac}, {0x7, 0xf}, @period={0x5a, 0x7f, 0x7ff, 0xbfb, 0x8, {0xff, 0x4, 0x40, 0x9ac}, 0x0, 0x0}}) ioctl$EVIOCGKEY(r1, 0x80404518, &(0x7f0000000140)=""/207) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) 9.42154729s ago: executing program 6 (id=1898): read$msr(0xffffffffffffffff, &(0x7f00000003c0)=""/145, 0x91) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, &(0x7f0000000200)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, 0x0, 0x0) creat(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000004c0)=ANY=[], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x20}, 0x94) mq_open(&(0x7f0000000180)='.[\x00', 0x60d5f43f07f35d73, 0x38, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000040)={0x200000000000001}, 0x8) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0x8, 0x80}) syslog(0x1, 0x0, 0x0) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0x1d, r5, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, 0x0, 0xc0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="04002dbd7000fddbdf250700000008003200030000000500350000000000290b12ea4d0cd0c3761efb6174ece6b6b6ac30d45431f168ae1951a04b200eeaddac26ace4206bab18c2b6af9e7832c16285b99d18f21e16a1d3a6393d88a4d1cbff57979a9cd7a2448f405be00700"/122], 0x24}}, 0x1) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 9.420794562s ago: executing program 9 (id=1899): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) getsockopt$IP_SET_OP_GET_BYNAME(0xffffffffffffffff, 0x1, 0x53, 0x0, &(0x7f00000003c0)) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r2 = syz_open_procfs$pagemap(0xffffffffffffffff, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200000000c40, 0x0, 0x0, 0x200000000c70, 0x200000000ca0], 0x11, 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="0000000000080000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffff"]}, 0xce) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x2, &(0x7f00000004c0)=[{0xc91a, 0x6, 0x4}, {0xc23, 0x1, 0x9}, {0x9, 0x8, 0x7fff}, {0x8, 0x7, 0xfd}, {0x9, 0xaa, 0x7f}, {0x0, 0x9, 0x2}, {0x6, 0x5a3, 0x8001}, {0x80000000, 0x9, 0xfffffffffffffffb}], 0x8, 0x0, 0x0, 0x0, 0x2, 0x2}) socket$alg(0x26, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x800000) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r4, 0xc0bc5351, 0x0) writev(r3, &(0x7f0000000480), 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_io_uring_setup(0x5dbf, &(0x7f0000000240)={0x0, 0xbca8, 0x400, 0x1, 0xdb}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffff9, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) bpf$MAP_CREATE(0xb00000000000000, &(0x7f0000004080)=@base={0x8, 0x4, 0x4, 0xe02, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) io_uring_enter(r5, 0x847ba, 0x0, 0xe, 0x0, 0x0) dup(0xffffffffffffffff) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000003e00)=[{&(0x7f0000000340)=ANY=[@ANYBLOB="140100002e000100000000000000000001"], 0x114}], 0x1}, 0x0) 8.627887442s ago: executing program 8 (id=1900): sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x12, 0x40002050, 0x0, 0x58) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$netlink(0x10, 0x3, 0x19) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a140efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb737ae996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be500e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef1d7ee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000440)='/sys/fs/smackfs/access2\x00', 0x2, 0x0) write$smackfs_access(r3, &(0x7f0000000040)={'*\x9a\xcf\xb8\x9b\xe9\xec\xc3+\x9e0\fw\xd1\xe5a\x90kd\xcf\x05\xd0y3\x8c\xa70\vH/\x98\xc9\x82\xfah\xa2\x89\x91f\xd4}\xbdG7\xc2\xbdn0\xe9\x16h\xee\xc3\x88\xfd[P\xef~.b\xd4\xe6\xfc\xf3N\xe5{s w\xab\xb24\x19\xb2<\xb7\xe6\xd7q\n%\xa3[\xb5', 0x20, '-\x01\x01\x00\x00\xff', 0x20, 'rwxtbl'}, 0x65) sendto$inet6(r2, &(0x7f0000000400), 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c) setsockopt$inet6_int(r2, 0x29, 0x5, &(0x7f0000000140)=0x6, 0x4) r4 = syz_open_procfs(0xffffffffffffffff, 0x0) write$binfmt_script(r4, 0x0, 0x0) recvmmsg(r2, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r1, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) fsetxattr$security_ima(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 7.872000275s ago: executing program 6 (id=1902): sendto(0xffffffffffffffff, &(0x7f0000000540)="0cc31a4098ddc80dadd3a0aa2bea9050d9f47bcde4cbb8170d3d61aabbdbd869e8a75ab95a3b8e8b960477dbbbbf5cb0fd4a98ea0032d054de676f19c5e1f84def57482d1b3eb94a2a1d3c0af33709610ece6cb54ae7f8c3ed385c3890244d348c9bcfb556ee478845ff23d8a9f2a492531e7c7ce719ef1983bdaf4008386323fc593be590321dbe51aa4ecabebf495efc0f722637337e20cc541399dc617deafa840b68f2b22e5f7c6afb3825871b966ab90a79a4d6d72f29a1e43abdf4d25f6352dfa26c57684224fdb0e14151550796aaa09b4669e71d9f4255f63905467b709f6d7185347a078538e4443f0dad324393274e857979db0a9e3894857aacabc2f2ccd9457fda98a520e2b8c83085a206c8aea9dd18a0b66c87b3b61f95fafed84303436c7ae3782f714dc364c10102788b02d3aed05cb29fe974b75e7bf53dfd2554d7b700dcbf24a6fa021732b747a2c7d6d2a649e1ca523f91ba57da29e6e5050da7ec9466884aea64349e0c65b40bd78fe25622a5f854d351fd3282e85e37989b73e1a3b9fe874ad7131850117f28a930f8fb5afe15040fd20cd9c861c95b2c1f9844ac1f8b3cd0a7f22269e235866414acb5f4d9d0b64301cd5b4e8c2da68caacd3f7dda0f325120ad99c05a55736067c87cceda7b850758e60ab8829b0dbfdc1ca8322e6716e643e00c2f665781461f08282a0aa366d9927036d685c3a721530dafe21e62906c5710c3214621d6374d9f5eef47eca1e5080e21510000009822a3bf99784f7b19e2dfaa7b8ba39dc5212c94585af38e7a50cbf6d619e3f1b8e4c17351203fa037ca4ce7ef32fd8b4387b8583ebd32a0be47c5aeb06ec1c054377d5532c370aba18abe561e2bfcfa6d92c0c3d0419f5f4936772b6a0026a623914f09b04cf5d7c2b3ab010c676e9932f5807240a765b3d92d2bddd63a91bd0f1c795fe0ecdda5e50ec8fd0a68115986168fb8bb67fa020ed3c416a716fb12d5d918b8522931dcf2bfd0c7bf7d9c56c490c9880309240d0c2cf1a3cafb647e1a9e1fde434cdbcae9eeac3f8c652a85d6aea69b3e9a922cb2727ed8f50e6babd152b96ca223be94c4aedf7e6848650026a7e1", 0x314, 0x4000, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x0, 0x5}}, './file0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r3) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, 0x0, 0x0) r4 = syz_io_uring_setup(0x88e, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x0, 0xbfdfffbc}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r1, 0x80, &(0x7f00000002c0)=@phonet={0x23, 0x5, 0x9, 0x6}, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x32d7, 0x0, 0x46, 0x0, 0x0) sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, 0x0, 0x4000040) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x41) setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) read$FUSE(r0, &(0x7f0000003680)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000880)={0x2a0, 0x0, r7, [{{0x2, 0x3, 0x1, 0xfffffffffffffc00, 0x6, 0x9, {0x2, 0x8, 0x2, 0x8001, 0x1, 0xb7d, 0x2, 0x617, 0xe33f, 0xa000, 0x5, r8, r9, 0x81, 0x5a51}}, {0x1, 0x6, 0x1, 0x3, '\x00'}}, {{0x0, 0x2, 0x8, 0x0, 0x75c, 0x7, {0x5, 0x0, 0x3, 0x401, 0x0, 0x4, 0x9, 0x0, 0x1, 0xc000, 0x5, r8, r9, 0xfffffc00, 0x64e}}, {0x0, 0xfffffffffffffffe, 0xd, 0x9, '/dev/net/tun\x00'}}, {{0x1, 0x1, 0x8000000000000000, 0x3, 0x10, 0x822, {0x6, 0x5, 0x10, 0x4e1f, 0x7, 0x1000, 0x0, 0x8001, 0x1ff, 0x4000, 0x4f6e, r8, r9, 0x40, 0x3}}, {0x4, 0x7fffffff, 0x5, 0xc2d, '}[.%@'}}, {{0x2, 0x1, 0x6, 0x0, 0x10, 0xff, {0x4, 0x1ff, 0x6, 0x6, 0x1000, 0x8, 0x56, 0x9, 0x1, 0x1000, 0x7950, r8, r9, 0x5, 0x1}}, {0x1, 0x6, 0xd, 0xfffffffb, '/dev/net/tun\x00'}}]}, 0x2a0) 7.261576817s ago: executing program 2 (id=1903): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x800) syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0x92e1, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x114, &(0x7f0000000300)=0xfffffff8, 0x0, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000040)={0x0}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r4, 0x0, 0xd}, 0x18) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r3, 0xc01064c7, &(0x7f0000000380)={0x0, 0x0, 0x0}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2a, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) syz_usb_connect(0x1, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000138a27083d1b1401e5da0102030109022400010000000009041f00027fa2cd0009050101ff03fa9ef85832fbdd3e02010209668632390d8d4b3673f8859753b92b823eeabb"], 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) socket$alg(0x26, 0x5, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, 0x0, 0x0) r5 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000001a000100000000000000000081"], 0x24}}, 0x4000080) mknod(&(0x7f0000000100)='./file0\x00', 0x40, 0x1ff) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) gettid() fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) readlink(&(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)=""/29, 0x1d) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) 6.769844734s ago: executing program 8 (id=1905): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000170000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r1, 0x27, 0xe, 0x0, &(0x7f0000000080)="f8ad48cc02cb29dcc8007f5b88a8", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x50, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691}}, {0x4, 0x1b}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) 6.60045799s ago: executing program 6 (id=1906): sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1) r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10) syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0) (async) syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private=0x300, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x1, 0x0, &(0x7f0000000000)='%', 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x1, 0x0, &(0x7f0000000000)='%', 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) close(0x3) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x18, 0x0, 0x0, 0xa, 0x0, 0xfffffffc, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}, @sadb_address={0x3, 0x6, 0x0, 0x20, 0x0, @in={0x2, 0x4e24, @empty}}]}, 0x50}}, 0x0) (async) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x2, 0x18, 0x0, 0x0, 0xa, 0x0, 0xfffffffc, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}, @sadb_address={0x3, 0x6, 0x0, 0x20, 0x0, @in={0x2, 0x4e24, @empty}}]}, 0x50}}, 0x0) syz_io_uring_setup(0x1458, &(0x7f00000003c0)={0x0, 0x4, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100), &(0x7f00000000c0)) (async) syz_io_uring_setup(0x1458, &(0x7f00000003c0)={0x0, 0x4, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100), &(0x7f00000000c0)) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) (async) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x5, 0x0, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, &(0x7f0000001040)={0xa, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3266078b089b3b083844090890e0878f0e1ac6e7049b3d6d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b333b0d07680936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0afc9397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6258742317662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e0088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76ccc2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2e57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849d11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f9d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f0712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1ccced94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1025}}, 0x1006) (async) write$UHID_INPUT(r5, &(0x7f0000001040)={0xa, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b3266078b089b3b083844090890e0878f0e1ac6e7049b3d6d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b333b0d07680936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0afc9397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6258742317662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e0088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76ccc2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2e57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849d11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f9d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f0712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1ccced94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1025}}, 0x1006) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x184}}, 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}, 0x1, 0x0, 0x0, 0x41}, 0x37aea8e708e70634) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118) (async) write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118) preadv(r2, &(0x7f0000000140)=[{&(0x7f00000008c0)=""/144, 0x90}], 0x1, 0xfff, 0x401) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000300)='task\x00') fchdir(r7) write$uinput_user_dev(r7, &(0x7f0000000440)={'syz0\x00', {0x3, 0x200, 0x101, 0x9}, 0x1b, [0x1, 0x6, 0x6, 0x0, 0x2, 0xc8, 0x2, 0x1ff, 0x8, 0x3, 0x0, 0xfffffffe, 0x0, 0x4, 0x0, 0x401, 0x0, 0x8, 0x800, 0x6, 0x5, 0x1, 0x3, 0x6, 0x4, 0xd77, 0x9, 0x2, 0x400, 0x1, 0x80000001, 0x2, 0x7, 0x2, 0x6, 0x4, 0x5, 0x1, 0x6, 0xe51, 0x8, 0x4, 0x4, 0x7, 0x3, 0x5163, 0xe3, 0x7, 0xb, 0x5, 0x4, 0x8e, 0x1d50600a, 0x1, 0x8, 0x8000, 0x4a9, 0x6, 0x8, 0x1, 0x0, 0x80000000, 0x6, 0x1], [0x5, 0x10000, 0x5, 0x7f, 0x5, 0x8, 0x80000001, 0x2, 0x9, 0x8, 0x6, 0xff4, 0x1, 0x1, 0xe, 0x8001, 0x7, 0x40, 0x9, 0x8, 0x1, 0x1, 0x6, 0xffc00000, 0x1, 0xcb, 0x1000, 0x6, 0x2, 0x80000000, 0x770, 0x401, 0x7, 0x8, 0x2, 0x7fffffff, 0xfffffff7, 0x8, 0x6, 0x1, 0x0, 0x1, 0xfffffffd, 0x6, 0xeeb2, 0x81, 0x8000, 0x4d, 0x0, 0xc, 0x6, 0x80000001, 0x9, 0x800, 0xd, 0x9, 0x4, 0x9, 0x2, 0x1, 0x5acf, 0x6, 0x5, 0xfffffffc], [0x80000001, 0x9, 0x2, 0x8, 0x2, 0x9, 0x4, 0x10000, 0x6, 0x7, 0x8, 0x100, 0x1000, 0x6, 0xb, 0x1, 0x2, 0x0, 0x5, 0x1000, 0x1, 0x80000001, 0x3, 0xf7c, 0xc0, 0x7, 0x1eec, 0x3ff, 0x9, 0x0, 0xf, 0x7, 0x6, 0x0, 0x4, 0x7fffffff, 0xf, 0x6, 0x6187, 0x1, 0x96, 0x8, 0x657, 0x71, 0x3, 0x7, 0x53, 0x9, 0x400, 0x3, 0x2, 0x800000, 0x8, 0x9, 0x5, 0x10, 0xbe4, 0x6, 0x3, 0x40, 0x5, 0x4, 0x1000, 0x4], [0xffffff32, 0x3, 0x3, 0x99, 0x3, 0x1, 0x100, 0x9, 0xfffffe01, 0xd5dd, 0x3, 0x0, 0x2, 0x400, 0x9, 0x3, 0x6, 0x5, 0xfffffe01, 0x80, 0x4, 0x2, 0x9, 0x8a52, 0x8, 0x1ff, 0x3, 0x7, 0x2, 0xb6, 0x9, 0x3, 0x4, 0x0, 0x6, 0x40, 0x9, 0x4, 0x1, 0x8, 0x3, 0x3, 0x4, 0x9, 0x0, 0x8001, 0x0, 0x2240, 0x40, 0xfffff768, 0x7, 0x10000, 0x400, 0x7, 0x9, 0x1, 0x566ed850, 0x2, 0x0, 0x1, 0x1, 0x3, 0x9]}, 0x45c) (async) write$uinput_user_dev(r7, &(0x7f0000000440)={'syz0\x00', {0x3, 0x200, 0x101, 0x9}, 0x1b, [0x1, 0x6, 0x6, 0x0, 0x2, 0xc8, 0x2, 0x1ff, 0x8, 0x3, 0x0, 0xfffffffe, 0x0, 0x4, 0x0, 0x401, 0x0, 0x8, 0x800, 0x6, 0x5, 0x1, 0x3, 0x6, 0x4, 0xd77, 0x9, 0x2, 0x400, 0x1, 0x80000001, 0x2, 0x7, 0x2, 0x6, 0x4, 0x5, 0x1, 0x6, 0xe51, 0x8, 0x4, 0x4, 0x7, 0x3, 0x5163, 0xe3, 0x7, 0xb, 0x5, 0x4, 0x8e, 0x1d50600a, 0x1, 0x8, 0x8000, 0x4a9, 0x6, 0x8, 0x1, 0x0, 0x80000000, 0x6, 0x1], [0x5, 0x10000, 0x5, 0x7f, 0x5, 0x8, 0x80000001, 0x2, 0x9, 0x8, 0x6, 0xff4, 0x1, 0x1, 0xe, 0x8001, 0x7, 0x40, 0x9, 0x8, 0x1, 0x1, 0x6, 0xffc00000, 0x1, 0xcb, 0x1000, 0x6, 0x2, 0x80000000, 0x770, 0x401, 0x7, 0x8, 0x2, 0x7fffffff, 0xfffffff7, 0x8, 0x6, 0x1, 0x0, 0x1, 0xfffffffd, 0x6, 0xeeb2, 0x81, 0x8000, 0x4d, 0x0, 0xc, 0x6, 0x80000001, 0x9, 0x800, 0xd, 0x9, 0x4, 0x9, 0x2, 0x1, 0x5acf, 0x6, 0x5, 0xfffffffc], [0x80000001, 0x9, 0x2, 0x8, 0x2, 0x9, 0x4, 0x10000, 0x6, 0x7, 0x8, 0x100, 0x1000, 0x6, 0xb, 0x1, 0x2, 0x0, 0x5, 0x1000, 0x1, 0x80000001, 0x3, 0xf7c, 0xc0, 0x7, 0x1eec, 0x3ff, 0x9, 0x0, 0xf, 0x7, 0x6, 0x0, 0x4, 0x7fffffff, 0xf, 0x6, 0x6187, 0x1, 0x96, 0x8, 0x657, 0x71, 0x3, 0x7, 0x53, 0x9, 0x400, 0x3, 0x2, 0x800000, 0x8, 0x9, 0x5, 0x10, 0xbe4, 0x6, 0x3, 0x40, 0x5, 0x4, 0x1000, 0x4], [0xffffff32, 0x3, 0x3, 0x99, 0x3, 0x1, 0x100, 0x9, 0xfffffe01, 0xd5dd, 0x3, 0x0, 0x2, 0x400, 0x9, 0x3, 0x6, 0x5, 0xfffffe01, 0x80, 0x4, 0x2, 0x9, 0x8a52, 0x8, 0x1ff, 0x3, 0x7, 0x2, 0xb6, 0x9, 0x3, 0x4, 0x0, 0x6, 0x40, 0x9, 0x4, 0x1, 0x8, 0x3, 0x3, 0x4, 0x9, 0x0, 0x8001, 0x0, 0x2240, 0x40, 0xfffff768, 0x7, 0x10000, 0x400, 0x7, 0x9, 0x1, 0x566ed850, 0x2, 0x0, 0x1, 0x1, 0x3, 0x9]}, 0x45c) 6.596331532s ago: executing program 9 (id=1907): read$msr(0xffffffffffffffff, &(0x7f00000003c0)=""/145, 0x91) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, &(0x7f0000000200)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, 0x0, 0x0) creat(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000004c0)=ANY=[], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x20}, 0x94) mq_open(&(0x7f0000000180)='.[\x00', 0x60d5f43f07f35d73, 0x38, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000040)={0x200000000000001}, 0x8) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0x8, 0x80}) syslog(0x1, 0x0, 0x0) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0x1d, r5, 0x0, 0x0) add_key$user(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000400)="d9edd5", 0x3, r5) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c) setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, 0x0, 0xc0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="04002dbd7000fddbdf250700000008003200030000000500350000000000290b12ea4d0cd0c3761efb6174ece6b6b6ac30d45431f168ae1951a04b200eeaddac26ace4206bab18c2b6af9e7832c16285b99d18f21e16a1d3a6393d88a4d1cbff57979a9cd7a2448f405be00700"/122], 0x24}}, 0x1) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 6.381524367s ago: executing program 8 (id=1908): socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x0, 0x0, 0x0, 0x10000010, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200000}, 0x94) setsockopt$WPAN_WANTLQI(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000000)={0xc140, 0xd4, {0x0}, {0xee01}, 0xe}) prlimit64(r0, 0xe, &(0x7f0000000140)={0x5, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) pipe(&(0x7f0000000200)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x800) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f0000000100)={{0x14004, 0x100000, 0x10, 0x1, 0xfe}, {0x0, 0x2000, 0xf, 0xfe, 0x0, 0x0, 0x0, 0xff, 0x8, 0x0, 0x5}, {0xd000, 0x2, 0x0, 0x80, 0xf9, 0x0, 0x0, 0x0, 0x23, 0x0, 0x4}, {0x5000, 0x2, 0xf, 0x41, 0x0, 0x2, 0x1, 0xfc, 0x0, 0x3}, {0x4000, 0xeeef0000, 0xc, 0x1, 0x3, 0x10, 0xc0, 0x0, 0x1, 0x0, 0x4}, {0x0, 0x100000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x8000000, 0x2000, 0xa, 0x0, 0x2, 0xfd, 0x0, 0x7, 0x3a, 0x2}, {0x0, 0x2, 0x0, 0x2, 0x0, 0x6, 0x7, 0x0, 0xfe, 0x0, 0xfe, 0x5}, {0x0, 0x400}, {}, 0xddf8ffdb, 0x0, 0x0, 0x100, 0x7, 0x8000, 0xffff1000, [0x0, 0x10000000020, 0x2]}) ioctl$KVM_TRANSLATE(r4, 0xc018ae85, &(0x7f0000001280)={0x0, 0xdddd0000, 0x2, 0x5, 0x50}) r5 = syz_open_procfs(0x0, &(0x7f0000000440)='net/if_inet6\x00') pread64(r5, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c) io_setup(0x8, &(0x7f0000004200)=0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r6, 0x20000000000000f7, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r7, 0x0}]) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) r8 = landlock_create_ruleset(&(0x7f00000003c0)={0x0, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r8, 0x0) r9 = socket(0x1e, 0x4, 0x0) connect$tipc(r9, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) syz_open_procfs(0x0, &(0x7f0000001200)='attr\x00') 6.272576856s ago: executing program 7 (id=1909): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0200, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0xe9503, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000d9bb000085000000b500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) io_setup(0x8, &(0x7f00000002c0)=0x0) r1 = openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000000140)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x1000}]) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x88100, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r3, 0x891b, &(0x7f00000000c0)={'geneve0\x00', {0x2, 0x0, @private}}) ppoll(&(0x7f0000002200)=[{r2}], 0x1, &(0x7f0000002240)={0x0, 0x3938700}, 0x0, 0x0) eventfd(0xffffffff) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000180)={0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x5, 0x10, 0x0, 0x0, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x5, 0xfc, 0x2}, {0xfffffff9, 0x4004, 0x0, 0x0, 0x0, 0xf6, 0x1, 0x8, 0x4, 0xff, 0x4, 0x0, 0x5}, {0xffffff01, 0x35, 0x0, 0x0, 0x4, 0x5, 0x7, 0xfe, 0x5, 0x2, 0x0, 0x4}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 0x7fffffff], 0x80a0000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 5.315958466s ago: executing program 7 (id=1910): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000)=0x9, 0x8, 0x0) get_mempolicy(0x0, 0x0, 0x78, &(0x7f00002a0000/0x1000)=nil, 0x2) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) r1 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000480)="00e6af00000000000000f8708c06f366f9327247bac14cdb9f2fc0d130a82edc06bfa81f809b7f686b229f2af1bc990c4bfd9f82f2141e161fdf814b3a86ebef4ce51b7b648dee65af47d31827c9dc0047a2f985579fcf251148df363bdaa75d8e8ad731adf940d4ca8152686d", 0x6d, 0x0) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xf1, 0xfffffffffffffffd) r3 = socket(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) fcntl$getownex(r3, 0x10, 0x0) ptrace$setopts(0x4206, 0x0, 0x5, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x2) keyctl$dh_compute(0x17, &(0x7f00000000c0)={r1, r2, r1}, 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={'sha512-ssse3\x00'}}) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) syz_emit_ethernet(0x82, &(0x7f00000006c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb88a800008100000086dd60fc104600442f00fc000000000000000000000000000000ff020000000000000000000000000001242081000000000000000800000086dd080088be86ddffff100000000100000000000000080022eb000000002000e00002000000000000000000000008006558000000007822bcc5b98fde77b3e16dd65ff64d7432b536279b98f3d009395118fa8d4a7278761da7d73b75936fd4496dc5a406020dd5fe04666f3e014c5555130ec35dd0a840b01dbfa4677b1723a2ac34e263965bdba4980486d2fd6b4efbda215d7b4caa491a6295159d4e50bd2f102bd36716da5c426fd249e88697e281abd9952d2f34cbf3997ca252b02e5413c3b8ed2161ab68683a"], 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) 5.091476946s ago: executing program 8 (id=1911): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) socket$netlink(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200)) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=@newqdisc={0x6c, 0x24, 0x714, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x2, 0x3}, {0x1, 0xe}, {0xfff1, 0xd}}, [@TCA_STAB={0x48, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xf6, 0x10, 0x5, 0x2, 0x1, 0x20000, 0x6}}, {0x4}}, {{0x1c, 0x1, {0xb, 0x81, 0x252, 0x5, 0x0, 0x8, 0x630, 0x2}}, {0x8, 0x2, [0x3, 0x5]}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c051) recvmsg$can_raw(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001c00)=""/4096, 0x1000}], 0x1}, 0x10120) 4.263481926s ago: executing program 6 (id=1912): read$msr(0xffffffffffffffff, &(0x7f00000003c0)=""/145, 0x91) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, &(0x7f0000000200)) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, 0x0, 0x0) creat(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000004c0)=ANY=[], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x20}, 0x94) mq_open(&(0x7f0000000180)='.[\x00', 0x60d5f43f07f35d73, 0x38, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000040)={0x200000000000001}, 0x8) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0x8, 0x80}) syslog(0x1, 0x0, 0x0) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0x1d, r5, 0x0, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, 0x0, 0xc0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="04002dbd7000fddbdf250700000008003200030000000500350000000000290b12ea4d0cd0c3761efb6174ece6b6b6ac30d45431f168ae1951a04b200eeaddac26ace4206bab18c2b6af9e7832c16285b99d18f21e16a1d3a6393d88a4d1cbff57979a9cd7a2448f405be00700"/122], 0x24}}, 0x1) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 4.142678027s ago: executing program 8 (id=1913): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x19, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000630124000000000095"], &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad", @ANYBLOB, @ANYRESOCT]) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20040800) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000000025000000000000004831ff53"], 0x3d}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffe, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x4000, 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x80000000], 0x0, 0x41901}) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$cgroup_ro(r2, &(0x7f00000000c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$UHID_CREATE2(r6, &(0x7f0000000400)=ANY=[], 0x1df) write$binfmt_misc(r6, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0xffffffffffffbffc]}}) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x5}) ioctl$UI_SET_FFBIT(r7, 0x4004556b, 0x51) ioctl$UI_DEV_CREATE(r7, 0x5501) r8 = syz_open_dev$evdev(&(0x7f0000000100), 0x72, 0x0) ioctl$EVIOCSFF(r8, 0x40304580, &(0x7f0000000500)={0x51, 0x0, 0xa, {0x2, 0xdac}, {0x7, 0xf}, @period={0x5a, 0x7f, 0x7ff, 0xbfb, 0x8, {0xff, 0x4, 0x40, 0x9ac}, 0x0, 0x0}}) ioctl$EVIOCGKEY(r1, 0x80404518, &(0x7f0000000140)=""/207) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) 3.401800494s ago: executing program 2 (id=1914): sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x12, 0x40002050, 0x0, 0x58) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$netlink(0x10, 0x3, 0x19) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a140efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb737ae996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be500e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef1d7ee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000440)='/sys/fs/smackfs/access2\x00', 0x2, 0x0) write$smackfs_access(r3, &(0x7f0000000040)={'*\x9a\xcf\xb8\x9b\xe9\xec\xc3+\x9e0\fw\xd1\xe5a\x90kd\xcf\x05\xd0y3\x8c\xa70\vH/\x98\xc9\x82\xfah\xa2\x89\x91f\xd4}\xbdG7\xc2\xbdn0\xe9\x16h\xee\xc3\x88\xfd[P\xef~.b\xd4\xe6\xfc\xf3N\xe5{s w\xab\xb24\x19\xb2<\xb7\xe6\xd7q\n%\xa3[\xb5', 0x20, '-\x01\x01\x00\x00\xff', 0x20, 'rwxtbl'}, 0x65) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c) setsockopt$inet6_int(r2, 0x29, 0x5, &(0x7f0000000140)=0x6, 0x4) r4 = syz_open_procfs(0xffffffffffffffff, 0x0) write$binfmt_script(r4, 0x0, 0x0) recvmmsg(r2, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r1, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) fsetxattr$security_ima(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 3.321973255s ago: executing program 6 (id=1915): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$inet(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x18, 0x7, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4c}, 0x94) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f00000002c0)={'xfrm0\x00'}) mkdir(&(0x7f0000000000)='./file0\x00', 0x18a) r3 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000001180)='./bus\x00') mkdirat(r4, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0) r5 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r5, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r5, &(0x7f00000002c0)='./file0\x00', 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "98ce692e52f6bc163e55002c446f7058ac4b0f7cd457ee383c02f4b015a6c271e0ade3069be66b206edb8983b1c70fe157a0103e2be2c710ab36aea46748ed7c", 0x18}, 0x48, 0xfffffffffffffffb) 1.911781896s ago: executing program 6 (id=1916): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x14, 0x0, 0x0, 0x0, 0x0}) io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000040), 0x5, 0x0) 1.731120413s ago: executing program 8 (id=1917): socket$xdp(0x2c, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = semget(0x3, 0x1, 0x206) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000200)=[0xf24, 0x5, 0xe0fc, 0x5]) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000100)=[0x9, 0x5, 0x9, 0x246, 0x1000, 0x780, 0x1]) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x12ac, &(0x7f00000002c0)={0x0, 0x7495, 0x0, 0x2, 0x2de}, &(0x7f0000000380), &(0x7f0000000340)=0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffe96, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYRESDEC=0x0, @ANYRES64=r6, @ANYRES32=r2, @ANYBLOB="08001b"], 0x34}}, 0x40400d0) r7 = socket(0x2, 0x3, 0x6) bind$inet(r7, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendto$inet(r7, 0x0, 0x5b, 0x0, &(0x7f0000000600)={0x2, 0x0, @remote}, 0x10) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8) rmdir(0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(r8, 0x4068aea3, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0xc, 0x0, 0x0, @u32=0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000804) 1.668168825s ago: executing program 2 (id=1918): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000170000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r1, 0x27, 0xe, 0x0, &(0x7f0000000080)="f8ad48cc02cb29dcc8007f5b88a8", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x50, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x691}}, {0x4, 0x1b}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) 1.573701394s ago: executing program 7 (id=1919): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000009d00000000000000000a50000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d14000980100002800c00018008000140000008fc140000001000010000000000000000000084000a"], 0x78}}, 0x20050800) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000140)=ANY=[@ANYBLOB="0a0101010a4238c553bf44617b63c26ca62ca07101010200000000010000007f000001"], 0x14) socket$nl_generic(0x10, 0x3, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfefb, 0x4000040, &(0x7f000005ffe4)={0xa, 0x4ea3, 0x0, @loopback, 0xfffffffc}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setfsuid(0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x6, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x7b, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) openat$vimc0(0xffffff9c, 0x0, 0x2, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2a32}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r4, 0x0, 0x487, &(0x7f00000001c0), &(0x7f0000000200)=0x30) connect$phonet_pipe(r3, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x20040010) 891.304973ms ago: executing program 7 (id=1920): sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x12, 0x40002050, 0x0, 0x58) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$netlink(0x10, 0x3, 0x19) r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a140efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb737ae996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be500e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef1d7ee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"}) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000440)='/sys/fs/smackfs/access2\x00', 0x2, 0x0) write$smackfs_access(r3, &(0x7f0000000040)={'*\x9a\xcf\xb8\x9b\xe9\xec\xc3+\x9e0\fw\xd1\xe5a\x90kd\xcf\x05\xd0y3\x8c\xa70\vH/\x98\xc9\x82\xfah\xa2\x89\x91f\xd4}\xbdG7\xc2\xbdn0\xe9\x16h\xee\xc3\x88\xfd[P\xef~.b\xd4\xe6\xfc\xf3N\xe5{s w\xab\xb24\x19\xb2<\xb7\xe6\xd7q\n%\xa3[\xb5', 0x20, '-\x01\x01\x00\x00\xff', 0x20, 'rwxtbl'}, 0x65) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c) setsockopt$inet6_int(r2, 0x29, 0x5, &(0x7f0000000140)=0x6, 0x4) r4 = syz_open_procfs(0xffffffffffffffff, 0x0) write$binfmt_script(r4, 0x0, 0x0) recvmmsg(r2, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r1, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) fsetxattr$security_ima(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 782.617761ms ago: executing program 2 (id=1921): syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[], 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000880)={0x0, 0x4, 0x30}, &(0x7f00000008c0)=0xc) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=@newsa={0x128, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000}, {0x0, 0x200000, 0x7}, {0x40000, 0xfffffffd, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}, @lifetime_val={0x24, 0x9, {0xb4, 0x8000000000000001, 0xb4, 0x5}}]}, 0x128}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0x104, 0x1a, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x1b}, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0xb400, 0x2}, {0x0, 0x200000, 0x7, 0xfffffffffffffffd}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) 647.276202ms ago: executing program 7 (id=1922): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, 0x0, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r2, 0x7b1, &(0x7f0000000140)={0x0, 0x5, 0x0, 0xc}) sendmmsg(r1, &(0x7f00000002c0)=[{{&(0x7f0000000040)=@sco, 0x80, &(0x7f0000001940)=[{&(0x7f00000000c0)="7bd8ab611ae2b113a54e6e214fa8c6531339b50e10f4083dfb96340ae23045b9f63d643f02ba14ce8ea9d685b193e1f73487b9d68299a46ee5e2b60b29690ae54c298c393d1f4c260c1ec32a7f4dccedcd0b7aabd78d593c2bc6494b62414bbe9df5ad3b34c3186a7e616cd400bbabbaac02867e269ac2f5f4554ed52828b459", 0x80}, {&(0x7f0000000480)="5ed2e78ad55ebfa4f2077bef17b2b368b19325cf702cab17bf41a2a1dbc58baeccc45a42b737c84c6ffdd658d8c73794fd0b9081afe6f59cb2b15197491fc4afc3feac5e694cf24814a4c348813e3c8b19473d0febc246065ebfe914071e86c19bef9cbd390f5a1e25e40c2d2e61bdd40d4e7f7506e64e85540cb6219b98887faad1d8151c636c77569ab6793957121e5084be21bd17d8bd0c2a5c069f8962f1bdcae3dff0bae318dae3daf3c20b8f69bc5e7a", 0xb3}, {&(0x7f0000000240)="102bcfa89fa7c0f67b4cb30585a4dd4eab573bb7657bbaf9f6fdba19066e38023f9ab8e79d9d9a91c90d7cd37b9220963d62a159894ceca57f20e8bcdea31a8a03b2a38e06c2104a4689f5f71ad2a459b2", 0x51}, {&(0x7f0000000580)="3953bec99057abfff82352a918bde342ef1ae3aedaaa75b1f9e9bf455381f806ef1b6c15f20ccd46e4374fdf21bd4b1d14fd1ef13f0ee25e192f61f57d204d99f77dc1d2d5d457cea54cba1e0d3602b91e47fde8f1e67276a797d948eea4ea3068c6ba585d47f620921310ea716ec21f13295f0be983432bc0ad3347f19e5f82141021218d47f3f87337acf536cc330a556ddafb500dc830d619f603a68455c65315a326914e95a1b2f0eca4aab76edf1d543753d081f7a058b6e97864b5793ec9ef4f864a8e8669149599e68ca6ed6fc147abffb3ec3b1f5908284cd1cd438e6c4f307b88fe9436a9fd2cc40422445865b3b5f78bcb4974f61cc266b10fd067b88610dd3713956fa3f260fd96dee920ca9c940a882e4d583a2ce66a13971f4f17efd58e6887adfb2f2084813a48d646db1744206fc812dc5e5dc74669c1f5137be6e5a8c69ecd865020ab500c2fd4b54b8aa39042027f6e8ee6ee5cf9d2c1b085e3a13fa028aebee6a56d3220b5db7f2e73573b07433d93d24464a733913371e311d6be7435758c4065707cc92fdaea9b5c4d300c508efa573220c1fc5453f5a5450a97345f67e656bb252331084229d3a295192c779d1af6bfa60e3f433fed8aef2c4d7034ed6ff6f26c62b2bcc7988f4ead7144626743763ef19f851508df2c8c2a8af06ed053f93ce31c0edc5dad4bcbc955019fb0b1e5b42512fb913b8561d4fbbb167fc2e57bbd6dd29280b7700e787d8b29eb191a1381410b55d1954f9b85968b08424754c7722f2505cb7ebcecb1819f9ce45a288d50b7c2e4dba16092c8bdc3415785f17f78e8caf90d4ffbd68c302b32bb95e859f57a5e74e4ae0e080a5434e8ee017791e18f071add15b0cb69917cea15daa8a8a5eac1b318bbca9a9a894948d58a21ca212386657fae476e010215cc57938fbba15aee9c16c8d1685c2e2304641f334611502df7ff0e723ca32efc7ea7d50f7d2f0314c71c39aaf08efaf3602298302e06a9187c01635217e9fa16d0b360ae1c2a3a5d00113edca8b06f3bb8375bdb7b2234286cb91f5e4d06887b98b99ea76cef408aa163a3b0c3eef15ba3964163a2d259cfc96a7158da9828cc3c0e1f1a9b6436d2880cbf815f5dffc71ab0552eafac68cdb142415796478549784362a05cefbf00f3495aeb0b1d2d0a9d311a0325b915bbe42834061348bf488f8acc7c0d42df99dac9740882e76a683fc72b39dab9f2103c5e0478aa9d14dc6235463ba4784ba39e392d2ca0a0f7fa0398110ac92d2725098a5f97e2debaf8125ab1e87f91688c475a932a2d53aac9b39adde4af66f2671d71cb145c0bec702584d3ae19346e4a00b9af9356dde3ce242d66bbb4eb6124caa39b681e47ca02379eb56a7493aedca9af724664eda86e4c463fa0138da6038cdbfcda38f6e17c8c4732b20e9be3317dc0aec5a4579ebcdb009ff56292137292e38d765259081dd241b1372249e098130958fb4807e598002a7e160d07c7e98f50a44ecf0dce432a82f3cb6ca14ceee2ba226de3c1d275b748975bdd400ccddd50f6a5b6d5722faa4de200b84acc114d1fae95db0e03d6c8517047397b15711a923a82800073935358e13eba1bc447e2d2ada0fd40281c1fa98a0eaed39e506f1df61ade214094de5dc09f5a80ef0b00abeaf25fa0a2fb50974c3161685c619a975669b75e7fdc85498237d929c5664bcb7fd41eb040d55e26fc658fa93b8827156a7afde85acee3ffd60e619fac153c856d3602a89112d7c1c0808c9719145b58f7e047660374c5e0d5fb416d7c431a55ac64376619e6e0ab7a78c45fc9db308b33eb69d2531d64b10f1d2466a6db8fcb8e7d054d4d69406b71df3ecb615d99765c6fe4421db54c60d89b414765c8face2c4cff3f48877b855d6eeda1c9b9a702196f746b3c6a2f56ef034b1dcaad318001ba94a83016c5ebb184d2111a957bbe78892d03db40e4e86b0cac704e9d7dda1499e080c78e43a88791eb22e9768a232a43e8838aa060814ae7fd6dd49299ca0802370c2bddc5f961e659703cd33434b2fd3a1ee931861c145a734001372b0e9fd95121c6bea4b0825df0cc3a01c450442971328ca20ba562a0dddb4cdac155420a1bf4e25d66f4099f3b88c4b59f9c1d5014bda1a36d88aa4012f424616fee822534f230b70ea3c4846234d599b4e56a097023d73e6ab35a94ad32a9c994e01f89c94ca0784aca6cc408868a707e2b33acc5d0508407f6d5e572eda80b0c0cbcc05c8db16afb8b01eb29e84bf1a3f7a86542e1bbd4cead376c0ad1d2477956c8bec71328176bcf4c52965e905c90bef753149cc503577622d3ceb3aa2e9ed3b9c091139cdb6b63fe78147359dded2128e3a6afc3f2103773f4333810cc31ad910e05baf942e9f7dc27270a3bb1e2906fbfd7aa3bd52ba8f91930258289f3e2ca8d0c3ef4b182f7644ed689b11bca659020d9c4b51a1786ef3d79b5141dd372f0426a994fac4c95b310747c2cbcf7b86f212c5b89c1ba2694641f2b94c561898e7cf1b7b9f13bb9b90ca86f56bef8c5583983b3ceb50091da9eae279a216534ba88bab0f836656718e93de8bad1dffe5a1c72231a847720d9ce63b59bc6f6ec61365456e32746c776617d8c01036304ec04275f01774ad1874259a52b6647505bdfcc5cc89c804925fbcbd4ac02d2ac4231901a308dc87bec71b83d391f281f3cfca16105056ec956619e301043a5fa439e03afc8e83c44fe40c0793c54ac1a6e2822ef363e776ea66195fcf1b8ce4a1c067a41252899d8fb2745f1b76c31e44b046708c001c1dc2dcc2b4bbafd476b6cf891e77ed99aee0310be24272ff5deff70a0a152f9c29e17db5f622b9f41fdb5d8c5f43ab02d967cb17e480ec68600baa62e58394eba1c0dedd55cffc8fa1387c89bdae8400d4f142d4ca9a782cd989faa5a4971726583eecb6be9285f71aa5e2bbb475203dcc707f6c48ac37c26220976115580817981c01557286a3b62133d76f4f5fa50b0f1078956a2ed70f2e62921f65717101b0f55e9772f3fe04bb15acc03a39a3350dbded22e759e40e2f2360b7d31937b57353ff5f742adb84a5ccb01cdf1e60cfb44aec94e463b1d4f62bb9f2bb519c4743d3027280c6be04b547fb10adec305ebafdab13267446b0e9709e31aa25990f7e52b9186d54e482b28375fa02d0b1878e4affb7fd57a59d1012cfd0b2dc3ea3d99671784180215511ec2a5206393633036924a136f2f5c4cd20bba93be3723a70abda3bcbaf9f157f6c092506a2e64f7b4363e1257e5f2abc4a094068f8c6b37719deab6fec571e75db8786e106389f854c067808006fcd161ecc8c50bf39f998fd87c72f147ba34964435d29a163ba80de5e040ebedccc5f1902e2daee7360a6afdaff8ac60e6364b1facd4c50c18a2f6ae04101150a415063a147cfcda009a68c41cbbe8477d3f3d0fa92e98b50b9c3004a3aa9309a4a4ac932058b0182cd472a62b55504a9f213c66e2ff2d2d6395fb808acd5472b230a7344b0dd27b444f11aaa685df6a171850c899fe4b30220be456e3cfc0f477676724d8c1a6337ae1ce454e2b8f191f53149f2facd416002e3cd92790c16cae2fbf47e59456a20ad2d79727470427fda769d986fcb9e6d0fca331029573262ad5a2fa279a116bef4124806189cc552d5e17bc327c856926593b825c0fdd2dbb50e7ce581ac1092628102f20caab2047fa873ab2bdffbb2035154156c580b7cdbbef3c728d0be9d157b5faba3c3fb3e7df4db92b0816eef4861e974a599f2e2d7ed6f57af64638729b91c119ee3971c14e7331f55bcf00b6c7a15f89a77e646ea048b420feaf192f8c5c465bcb15cf6cb8e22287165300c91edcfbfcce43c03d864a5d5d3a163e4873ebe5f7b90c35be648a7338efa805cb1f2de4d81b23204d094e5b46ca92c687574bd94e267c783fd43369f1caa7b32ebe9097939567ac69810fb4cbe5c5998a3d5e640234fba1b803af7051c3585c8eb9ac88ca8f8b6f3695b04df4285649deb52735b8d8e4bc51530d029b55a62ae3d3f11f00370425262f8b15c85f3f6fa7bfc052077411f27eda128ceebcad243a5dba5b438ff9086c1a0642ce70f423622af3b8fd10be720ec47b818ddcbb70e1858df30c1222325eac80e1bfbb9481266624094e491e11168b374f648a5acf31c75cf8429af43643233b3cf6004e6e99459f1ed27aee399904e47e86bb14eac13c723c8646b9e1945d48105036fd8a0b341b8bf4a92f2af789a6f73222472ee03f21f0f6090ab04ac49e9ff035c9a89f34e44aa0c162a15f8b19f88ade809d62b85cef84e22f211deb6753c2a1e3d487a164bcede4e007cda6e8f1b4f812292e86bee93156a6aed25f37fb7e243e9cac9f64520ea9f9a388875d4a4c3f587855c20c0b0478cc5b23b977e6c34188200bb2193f4b8f5023793bcebbc19c76409ee399e8e3c8e1bf223e21f721455eb8f611f5e2a248b7f7b0d6f48c3f8757c51f055cf64e7137e947b0bfa21b9f48abb10506ef7dd96750907668b25e4424bbdb61e980182c76d961fd5a8f69259381f741f67cc3edba3c30ca5eedf9f6bb6ea4af87f6e35332bcf48840560b91a5e54276372d78c6f9a0c1e11673196624f21029cb66e493d85da8cd7e20ee785bb9ca71013bde2f7accffbdf693fabf357f7041936df11e26d041a83f39f639f8b02abffeb7bb9ab19cd9ff0eef6915a2acf2639c618a30a41d8d1804452ccb375a9c1a6bb5a23d8b65125dd370ea26290abcd9843d6e32ca47acd7e3a315de06e0d0a19c5a3281f10c2f572269b06af4b7df9b4aadd5b23cbaa488f09aa08735017dfd479b1cdf699ac3d1af73bb7aa2ed71a39abf722eb8ed8c6124e8b595d0357b473b14ce322d893c54b35af7c1c92c7ea325062681fe8d7f1c8b31129db4cc7b9bb4f0f5291ff5b3738a484c164acddeb29c3a0cbdf62757370d2c5eee191e9997678407a2c540806f0ace33c702866bd06a433f9af8584d41c3d62eade74b5834331aaf03a4efe8df1ce2ab48488c80276a43d5d366beef3bfaed93492ecfc50f5f65e8df58c0d42526c5f50b24baec9dfb85fd747c45f921105e25679fade00eef900bb95a9ca6330f366873fa179abd0a62bfadeed629b0fcc3a5b4cfc93ea02424ffd0d329d2c6cf6d82967c69992c90203c61a20ff797aae40b933e7c5844583791b5b90a608d7aa493b2b064873ce678f1c38d3bfafbcd2d98fa174e8cd6f6a8696bd14075eaab70270e0d26f887523f8d9b8d5142b43b769c80e2d4df97e3709677a478c94ed74dce88dd52af148498b8d7e94134d56aac8eaace40dfd3953f82c3b4a6fd4bc34cb3b5b33924f58db6f63e8b0cf14012256d7c72b48b71c0e71da7ea89cfb6f3211b5369c2ac42b54b4626dc05ed426f86083fc940cd77a32e308f0f97884e28f3e34fb8d27e4d0643b81b9c4c49157c32579af1663023cb734bf7153d27109529c44a59b0d7ac74d424e416036a2554fdafc32cc5899bf8e9913a79ee942044f783db343f0ad10e154325a015d21100c5a67a46a72898e34bbbeefe7b0e058614faae4031e0f5a6e26835d2472264d3a670ca0d4c7ff3f289b57d28a098cd6bb854c104d328111364db33b37e17588dc04f2eeedec894e284c07ea7bda8651eebe19137c1702944b823d2314900b9e877d403895b4ff6afa1772271ac13e3492526309740e47993076e3ab14107213379e184eb2f805f0a5be823c8c861a49a0ae736a9f157b178e7681b356aa55ae706bf", 0x1000}, {&(0x7f0000001580)="5e6132aa75661c9079778bbb9c520da8f36ab1b0eb27b666ce967a87e2fd6d516ae6d20de57d5c1dbc53e3b0f95a215c379b670b0e434f627eeae6c4d7ac95b2e40ac724d7c9d3fee387080046f850acecf3decdbcf8f869298e0dd840b1aafa4f6a37f7f59be5753af8d7f5d1ca343345231de1c03733f79d1f63ac7b9a5c213fcf86b19bc2d2797a329b3b196ae1a70a8955b136a35452519491106c238b42734c351234ae5d8544e6c51056cb97880a58b51fe6638d9f54534a2a7f200e8f05c961d56ddddd92d67b5e7b2984681198356ea164055d6ca7e011e1203d7e2416da22fc", 0xe4}, {&(0x7f0000001680)}, {&(0x7f00000001c0)}, {&(0x7f0000001700)="e82e8ab72a2f90c2316556109768d8d5755b07334828f6d54a33cdb4a3aa95b1c63d9fce304aff46306b420273e7ecaf92e872958b14eba162961481617838d5c32f9744ac6c8b9d73c020eea4700de4de9ca5db6844d8bf51ee84acabc90b402400f6a922cf4537d1e7048abe241f8ca5f53a129865a32410a6362a3ffd3026bf927fb973e18a76cd737899575f169e33", 0x91}, {&(0x7f00000017c0)="88fcc9c18b7cb2cef245e1905695b8a0f37bb918f971c5a884710df30bba34af094a4afeab77660e8f186e25e1d6d6e60bc3b329c5b6f0515385ec1439ecf2f8d96088d65e665e46deeaa0e7637279ff78cbd13725cda42744cc7467454837cd0faa634db82c88d5400d3614325d1732d964ee9449ee0f1962936e6eaea4826e682489b11f6900be1ca5ac2838f345eef720d48c872f3e95d8", 0x99}, {&(0x7f0000001880)="c4a8ce77434ff31c5f21d02fdfe418bb777f6dccc6969bb1014b7856141e4bfe276f3a7d37bfd0b8e33dcf64a841dc7cbb0987e4df35e091bd0b5d468cdeba9e3392e53b3a27dedb715a3cf4c873dff68acb2305892e6684f36b3d74ac8eab047844c9caad22fed7cb2db93ec2a33d8872bac5071dd751914513a36023be222d10171c1d00212991a6344ae8766b60b39b46912988c923c251890b0359e94b0c89684293b35e0c7c89", 0xa9}], 0xa, &(0x7f0000001a00)=[{0xa8, 0x84, 0x0, "5ee7a080543df735e61bee20b50768f3071eb19d12c62b1bb8ab2b5be77615f63a34b53309b4ad04c8e4effa6116fa242690e6ace2af05f9bc0b73fbc09591985eed608343ce9e7947506652f00f6043cf7bc995a3232f4329f2fcd2b80e877c6d17ad81302efb6e66d00df97094c44abfe307af3b8ae8fc4cd6b6529ecb3f692527c97aa6a83a1d9ce4af04317eb92968ae46"}], 0xa8}}], 0x1, 0x4040080) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000300)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x38, 0x4, 0x0, 0x0, 0x10c, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local, {[@timestamp={0x44, 0xc, 0xaa, 0x0, 0x2, [0xffff8000, 0x925a]}, @timestamp_addr={0x44, 0x3c, 0x46, 0x1, 0x0, [{@broadcast, 0x1}, {@broadcast, 0xffffffff}, {@private=0xa010101, 0x3ff}, {@broadcast, 0x9}, {@remote, 0x1}, {@broadcast, 0x4}, {@rand_addr=0x64010100, 0xe}]}, @timestamp_prespec={0x44, 0x34, 0x82, 0x3, 0xd, [{@multicast1, 0x6}, {@remote, 0x3}, {@multicast2}, {@loopback, 0x582c}, {@multicast1, 0xee}, {@private=0xa010102, 0x7}]}, @timestamp_addr={0x44, 0x24, 0x23, 0x1, 0x1, [{@loopback, 0xf55}, {@local, 0x9}, {@rand_addr=0x64010102, 0xfffffff7}, {@loopback}]}, @timestamp={0x44, 0x10, 0x6, 0x0, 0x7, [0x7fffffff, 0x9738, 0x0]}, @cipso={0x86, 0x13, 0xffffffffffffffff, [{0x2, 0xd, "489f25d89c4d9f8942970c"}]}, @noop, @generic={0x83, 0x2}, @rr={0x7, 0x3, 0x83}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x500, 0x0, 0x1c, {[@window={0xb, 0x3}, @timestamp={0x5, 0xa, 0xfffe, 0x88000}, @generic={0x0, 0x8, "d58838068b91"}]}}}}}}, 0x11a) 282.366058ms ago: executing program 9 (id=1923): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[], 0x10) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="a8"], 0xa8) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl']) chdir(&(0x7f0000000080)='./file1\x00') lsetxattr$security_smack_transmute(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), &(0x7f0000000200), 0x4, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000100)=0x2) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_INIT(r3, 0x0, 0x0) syz_fuse_handle_req(r3, 0x0, 0x0, 0x0) r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x101091, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r4, 0x40049366, 0x0) syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000dae11c105e0484028fa4010203010902240001000000000904000002437d67000905fc57d4"], 0x0) 0s ago: executing program 7 (id=1924): syz_emit_ethernet(0x1a6, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tipc_packet={0xc, 0x6, "2c1137", 0x170, 0x6, 0x0, @loopback, @mcast2, {[@fragment={0x4, 0x0, 0x80, 0x1, 0x0, 0x6, 0x68}, @srh={0xff, 0xa, 0x4, 0x5, 0x90, 0x70, 0x8e4a, [@remote, @remote, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x1d}, @rand_addr=' \x01\x00']}, @dstopts={0x2f, 0x0, '\x00', [@padn]}, @routing={0x5c, 0x6, 0x2, 0x81, 0x0, [@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @private2, @private0]}, @dstopts={0x73, 0xb, '\x00', [@calipso={0x7, 0x38, {0x0, 0xc, 0x7, 0x6, [0x6, 0x7, 0x7, 0x2, 0x277879ac, 0x7]}}, @enc_lim={0x4, 0x1, 0x1}, @padn, @generic={0x8, 0x18, "4de8c188045f8b77e186c5454f1ca239db86d0d77c322dfc"}]}], @name_distributor={{0x60, 0x0, 0x0, 0x0, 0x0, 0xa, 0xb, 0x2, 0x5, 0x0, 0x0, 0xfff9, 0x8, 0x2, 0x4e23, 0x4e24, 0x2, 0x1, 0x0, 0x0, 0x1}, [{0x4, 0x8, 0x1, 0x2, 0xac1, 0x80, 0x9, 0x200}, {0x7f, 0xffff, 0x7f, 0xf8e, 0x400, 0x3, 0x3, 0xffffff9}]}}}}}}, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b04, &(0x7f0000000000)={'wlan1\x00'}) kernel console output (not intermixed with test programs): r=04a5, idProduct=3003, bcdDevice=c8.07 [ 570.101047][ T5846] usb 3-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60 [ 570.143429][ T5846] usb 3-1: Product: syz [ 570.148178][ T5846] usb 3-1: Manufacturer: syz [ 570.152880][ T5846] usb 3-1: SerialNumber: syz [ 570.176796][ T5846] usb 3-1: config 0 descriptor?? [ 570.411854][ T5846] usb 3-1: USB disconnect, device number 8 [ 572.523688][T10451] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1172'. [ 573.398685][ T3091] libceph: connect (1)[c::]:6789 error -101 [ 573.440261][ T3091] libceph: mon0 (1)[c::]:6789 connect error [ 573.520972][ T3091] libceph: connect (1)[c::]:6789 error -101 [ 573.723972][ T3091] libceph: mon0 (1)[c::]:6789 connect error [ 573.734326][T10449] ceph: No mds server is up or the cluster is laggy [ 573.924790][T10459] FAULT_INJECTION: forcing a failure. [ 573.924790][T10459] name failslab, interval 1, probability 0, space 0, times 0 [ 573.937813][T10459] CPU: 1 UID: 0 PID: 10459 Comm: syz.6.1174 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 573.937843][T10459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 573.937856][T10459] Call Trace: [ 573.937865][T10459] [ 573.937873][T10459] dump_stack_lvl+0x189/0x250 [ 573.937903][T10459] ? __pfx____ratelimit+0x10/0x10 [ 573.937935][T10459] ? __pfx_dump_stack_lvl+0x10/0x10 [ 573.937958][T10459] ? __pfx__printk+0x10/0x10 [ 573.937991][T10459] ? __pfx___might_resched+0x10/0x10 [ 573.938020][T10459] should_fail_ex+0x414/0x560 [ 573.938054][T10459] should_failslab+0xa8/0x100 [ 573.938087][T10459] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 573.938118][T10459] ? __alloc_skb+0x112/0x2d0 [ 573.938146][T10459] __alloc_skb+0x112/0x2d0 [ 573.938174][T10459] netlink_sendmsg+0x5c6/0xb30 [ 573.938210][T10459] ? __pfx_netlink_sendmsg+0x10/0x10 [ 573.938244][T10459] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 573.938273][T10459] ? __pfx_netlink_sendmsg+0x10/0x10 [ 573.938299][T10459] __sock_sendmsg+0x219/0x270 [ 573.938335][T10459] ____sys_sendmsg+0x505/0x830 [ 573.938367][T10459] ? __pfx_____sys_sendmsg+0x10/0x10 [ 573.938404][T10459] ? import_iovec+0x74/0xa0 [ 573.938432][T10459] ___sys_sendmsg+0x21f/0x2a0 [ 573.938461][T10459] ? __pfx____sys_sendmsg+0x10/0x10 [ 573.938529][T10459] ? __fget_files+0x2a/0x420 [ 573.938546][T10459] ? __fget_files+0x3a0/0x420 [ 573.938577][T10459] __x64_sys_sendmsg+0x19b/0x260 [ 573.938601][T10459] ? schedule+0x165/0x360 [ 573.938632][T10459] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 573.938680][T10459] ? do_syscall_64+0xbe/0x3b0 [ 573.938705][T10459] do_syscall_64+0xfa/0x3b0 [ 573.938726][T10459] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.938745][T10459] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 573.938765][T10459] ? clear_bhb_loop+0x60/0xb0 [ 573.938790][T10459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.938818][T10459] RIP: 0033:0x7fb49b58e929 [ 573.938836][T10459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.938854][T10459] RSP: 002b:00007fb49c45e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 573.938877][T10459] RAX: ffffffffffffffda RBX: 00007fb49b7b6160 RCX: 00007fb49b58e929 [ 573.938892][T10459] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 000000000000000b [ 573.938905][T10459] RBP: 00007fb49c45e090 R08: 0000000000000000 R09: 0000000000000000 [ 573.938918][T10459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 573.938930][T10459] R13: 0000000000000000 R14: 00007fb49b7b6160 R15: 00007fff84fb4998 [ 573.938962][T10459] [ 574.206036][ T3091] libceph: connect (1)[c::]:6789 error -101 [ 574.212336][ T3091] libceph: mon0 (1)[c::]:6789 connect error [ 576.105374][T10479] IPVS: set_ctl: invalid protocol: 169 100.1.1.2:20003 [ 576.735661][ T5846] usb 9-1: new full-speed USB device number 12 using dummy_hcd [ 577.164813][T10492] kvm: pic: non byte write [ 577.179996][ T5846] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 577.185596][T10497] overlayfs: failed to resolve './bus': -2 [ 577.216006][ T5846] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 577.264480][ T5846] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 577.287937][ T5846] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 577.313815][ T5846] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 577.335408][ T5846] usb 9-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 577.345508][ T5846] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 577.353946][ T5846] usb 9-1: Product: syz [ 577.358635][ T5846] usb 9-1: Manufacturer: syz [ 577.363581][ T5846] usb 9-1: SerialNumber: syz [ 577.377031][ T5846] usb 9-1: config 0 descriptor?? [ 577.589801][ T5846] radio-si470x 9-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 577.603062][ T5846] radio-si470x 9-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 577.629807][ T5920] usb 10-1: new high-speed USB device number 10 using dummy_hcd [ 577.790563][ T5920] usb 10-1: Using ep0 maxpacket: 32 [ 577.840899][ T5920] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 577.934313][ T5920] usb 10-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 578.488913][ T5920] usb 10-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=a7.c0 [ 578.494496][ T5846] radio-si470x 9-1:0.0: software version 0, hardware version 0 [ 578.499352][ T5920] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.515007][ T5920] usb 10-1: Product: syz [ 578.519651][ T5920] usb 10-1: Manufacturer: syz [ 578.527578][ T5920] usb 10-1: SerialNumber: syz [ 578.535435][ T5920] usb 10-1: config 0 descriptor?? [ 578.542922][ T5846] radio-si470x 9-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 578.554033][ T5920] qmi_wwan 10-1:0.0: bogus CDC Union: master=31, slave=0 [ 578.657004][ T5846] radio-si470x 9-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 578.813681][ T5846] radio-si470x 9-1:0.0: submitting int urb failed (-90) [ 579.064100][ T5920] qmi_wwan 10-1:0.0: probe with driver qmi_wwan failed with error -22 [ 579.083979][ T5920] usb 10-1: USB disconnect, device number 10 [ 579.273646][T10520] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1193'. [ 579.325366][T10520] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1193'. [ 579.753769][T10527] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1194'. [ 579.778347][T10527] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 579.787682][T10527] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 579.796750][T10527] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 579.806246][T10527] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 579.861432][T10527] netdevsim netdevsim7 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 579.870662][T10527] netdevsim netdevsim7 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 579.879761][T10527] netdevsim netdevsim7 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 579.888785][T10527] netdevsim netdevsim7 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 579.897879][ T5846] radio-si470x 9-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 579.912298][ T5846] radio-si470x 9-1:0.0: probe with driver radio-si470x failed with error -22 [ 579.946399][ T5846] usb 9-1: USB disconnect, device number 12 [ 580.489503][T10537] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048) [ 581.231290][ T5846] usb 9-1: new high-speed USB device number 13 using dummy_hcd [ 582.223506][ T5846] usb 9-1: Using ep0 maxpacket: 8 [ 582.232506][ T5846] usb 9-1: no configurations [ 582.239548][ T5846] usb 9-1: can't read configurations, error -22 [ 582.283665][ T5921] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 582.383771][ T5846] usb 9-1: new high-speed USB device number 14 using dummy_hcd [ 582.454321][ T5921] usb 3-1: Using ep0 maxpacket: 16 [ 582.487386][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 582.498608][ T9] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 582.525017][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 582.538392][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 582.588326][ T5921] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 582.601367][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.609159][ T5846] usb 9-1: Using ep0 maxpacket: 8 [ 582.621865][ T5921] usb 3-1: config 0 descriptor?? [ 582.630434][ T5846] usb 9-1: no configurations [ 582.642282][ T5846] usb 9-1: can't read configurations, error -22 [ 582.658581][ T5846] usb usb9-port1: attempt power cycle [ 582.698665][ T9] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 582.714533][ T9] usb 7-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 582.726281][ T9] usb 7-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 582.736124][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.035792][ T5846] usb 9-1: new high-speed USB device number 15 using dummy_hcd [ 583.070355][ T5921] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max [ 583.083617][ T5846] usb 9-1: Using ep0 maxpacket: 8 [ 583.100211][ T5921] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 583.164069][ T5921] microsoft 0003:045E:07DA.0008: no inputs found [ 583.174228][ T5921] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway [ 583.249737][ T5846] usb 9-1: device descriptor read/all, error -71 [ 584.387339][T10564] smc: net device bond0 applied user defined pnetid SYZ2 [ 584.537535][ T3091] usb 3-1: USB disconnect, device number 9 [ 585.591501][ T3091] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 585.698837][T10576] overlayfs: failed to clone upperpath [ 585.761893][ T3091] usb 3-1: Using ep0 maxpacket: 8 [ 585.812011][ T3091] usb 3-1: unable to get BOS descriptor or descriptor too short [ 585.850251][ T3091] usb 3-1: too many endpoints for config 4 interface 0 altsetting 102: 65, using maximum allowed: 30 [ 585.922131][ T3091] usb 3-1: config 4 interface 0 altsetting 102 has 0 endpoint descriptors, different from the interface descriptor's value: 65 [ 586.016566][ T3091] usb 3-1: config 4 interface 0 has no altsetting 0 [ 586.050082][ T3091] usb 3-1: string descriptor 0 read error: -22 [ 586.071833][T10581] netdevsim netdevsim7: Direct firmware load for  failed with error -2 [ 586.093767][ T3091] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 586.114929][T10581] netdevsim netdevsim7: Falling back to sysfs fallback for:  [ 586.115335][ T3091] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.066148][ T3091] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 587.131558][ T3091] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 587.148495][ T3091] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 587.164130][ T3091] usb 3-1: media controller created [ 587.587480][T10593] overlayfs: failed to resolve './bus': -2 [ 587.834243][ T9] aiptek 7-1:17.0: Aiptek using 400 ms programming speed [ 588.088461][ T9] input: Aiptek as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:17.0/input/input24 [ 590.364458][T10599] overlayfs: missing 'lowerdir' [ 590.484465][ T9] input: failed to attach handler kbd to device input24, error: -5 [ 590.648637][ T3091] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 590.724356][ T3091] zl10353_read_register: readreg error (reg=127, ret==0) [ 590.821495][ T5846] usb 7-1: USB disconnect, device number 10 [ 590.895179][ T3091] usb 3-1: USB disconnect, device number 10 [ 591.035935][T10611] FAULT_INJECTION: forcing a failure. [ 591.035935][T10611] name failslab, interval 1, probability 0, space 0, times 0 [ 591.078699][T10611] CPU: 1 UID: 0 PID: 10611 Comm: syz.6.1219 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 591.078730][T10611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 591.078744][T10611] Call Trace: [ 591.078753][T10611] [ 591.078762][T10611] dump_stack_lvl+0x189/0x250 [ 591.078797][T10611] ? __pfx____ratelimit+0x10/0x10 [ 591.078834][T10611] ? __pfx_dump_stack_lvl+0x10/0x10 [ 591.078858][T10611] ? __pfx__printk+0x10/0x10 [ 591.078891][T10611] ? __pfx___might_resched+0x10/0x10 [ 591.078920][T10611] should_fail_ex+0x414/0x560 [ 591.078956][T10611] should_failslab+0xa8/0x100 [ 591.078991][T10611] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 591.079027][T10611] ? __alloc_skb+0x112/0x2d0 [ 591.079056][T10611] __alloc_skb+0x112/0x2d0 [ 591.079095][T10611] netlink_sendmsg+0x5c6/0xb30 [ 591.079133][T10611] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.079167][T10611] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 591.079197][T10611] ? __pfx_netlink_sendmsg+0x10/0x10 [ 591.079223][T10611] __sock_sendmsg+0x219/0x270 [ 591.079260][T10611] ____sys_sendmsg+0x505/0x830 [ 591.079293][T10611] ? __pfx_____sys_sendmsg+0x10/0x10 [ 591.079335][T10611] ? import_iovec+0x74/0xa0 [ 591.079364][T10611] ___sys_sendmsg+0x21f/0x2a0 [ 591.079393][T10611] ? __pfx____sys_sendmsg+0x10/0x10 [ 591.079460][T10611] ? __fget_files+0x2a/0x420 [ 591.079478][T10611] ? __fget_files+0x3a0/0x420 [ 591.079509][T10611] __x64_sys_sendmsg+0x19b/0x260 [ 591.079539][T10611] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 591.079581][T10611] ? __pfx_ksys_write+0x10/0x10 [ 591.079607][T10611] ? rcu_is_watching+0x15/0xb0 [ 591.079636][T10611] ? do_syscall_64+0xbe/0x3b0 [ 591.079661][T10611] do_syscall_64+0xfa/0x3b0 [ 591.079679][T10611] ? lockdep_hardirqs_on+0x9c/0x150 [ 591.079710][T10611] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.079731][T10611] ? clear_bhb_loop+0x60/0xb0 [ 591.079756][T10611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.079776][T10611] RIP: 0033:0x7fb49b58e929 [ 591.079794][T10611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.079812][T10611] RSP: 002b:00007fb49c4a0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 591.079834][T10611] RAX: ffffffffffffffda RBX: 00007fb49b7b5fa0 RCX: 00007fb49b58e929 [ 591.079848][T10611] RDX: 0000000024000014 RSI: 0000200000000200 RDI: 0000000000000003 [ 591.079861][T10611] RBP: 00007fb49c4a0090 R08: 0000000000000000 R09: 0000000000000000 [ 591.079874][T10611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 591.079885][T10611] R13: 0000000000000000 R14: 00007fb49b7b5fa0 R15: 00007fff84fb4998 [ 591.079923][T10611] [ 591.782523][ T3091] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 592.016624][ T3091] usb 3-1: Using ep0 maxpacket: 32 [ 592.044593][ T3091] usb 3-1: config 0 has an invalid interface number: 231 but max is 0 [ 592.062767][ T3091] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 592.081780][ T3091] usb 3-1: config 0 has no interface number 0 [ 592.088397][ T3091] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 592.121084][ T3091] usb 3-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 592.139125][ T3091] usb 3-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 592.162591][ T3091] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.174782][ T3091] usb 3-1: Product: syz [ 592.348201][ T3091] usb 3-1: Manufacturer: syz [ 592.353138][ T3091] usb 3-1: SerialNumber: syz [ 592.365704][ T3091] usb 3-1: config 0 descriptor?? [ 592.371980][T10607] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 592.386243][ T3091] usb-storage 3-1:0.231: USB Mass Storage device detected [ 592.472695][T10631] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048) [ 593.250626][T10634] ipt_REJECT: TCP_RESET invalid for non-tcp [ 594.755568][T10638] overlayfs: missing 'lowerdir' [ 594.827164][ T3091] usb 3-1: USB disconnect, device number 11 [ 594.842865][ T30] kauditd_printk_skb: 51 callbacks suppressed [ 594.842886][ T30] audit: type=1800 audit(1753225005.419:380): pid=10647 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.9.1230" name="/" dev="9p" ino=2 res=0 errno=0 [ 599.517748][ T5842] Bluetooth: hci2: unexpected cc 0x2039 length: 9 > 1 [ 599.526175][ T5842] Bluetooth: hci2: unexpected event for opcode 0x2039 [ 600.315776][T10679] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048) [ 601.177876][T10685] input: syz1 as /devices/virtual/input/input26 [ 601.535993][T10692] overlayfs: failed to resolve './bus': -2 [ 603.649259][ T5842] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 603.658232][ T5842] Bluetooth: hci2: Injecting HCI hardware error event [ 603.667305][ T5842] Bluetooth: hci2: hardware error 0x00 [ 604.265291][ T9] libceph: connect (1)[c::]:6789 error -101 [ 604.292613][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 604.591722][ T5920] libceph: connect (1)[c::]:6789 error -101 [ 604.602536][ T5920] libceph: mon0 (1)[c::]:6789 connect error [ 604.634606][T10717] ceph: No mds server is up or the cluster is laggy [ 605.162034][T10729] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048) [ 605.865471][ T5842] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 606.020727][T10731] ip6gretap0: entered promiscuous mode [ 606.064934][T10731] macsec1: entered promiscuous mode [ 606.076258][T10731] macsec1: entered allmulticast mode [ 606.081844][T10731] ip6gretap0: entered allmulticast mode [ 606.093281][T10731] ip6gretap0: left allmulticast mode [ 606.113085][T10731] ip6gretap0: left promiscuous mode [ 606.138258][ T30] audit: type=1326 audit(1753225016.700:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10730 comm="syz.8.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa73758e929 code=0x7ffc0000 [ 606.286428][T10735] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1254'. [ 606.295963][ T30] audit: type=1326 audit(1753225016.730:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10730 comm="syz.8.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fa73758e929 code=0x7ffc0000 [ 606.319970][ T30] audit: type=1326 audit(1753225016.730:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10730 comm="syz.8.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa73758e929 code=0x7ffc0000 [ 606.354275][ T30] audit: type=1326 audit(1753225016.730:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10730 comm="syz.8.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fa73758e929 code=0x7ffc0000 [ 606.394065][ T30] audit: type=1326 audit(1753225016.730:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10730 comm="syz.8.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa73758e929 code=0x7ffc0000 [ 606.443767][ T30] audit: type=1326 audit(1753225016.860:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10730 comm="syz.8.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa73758e929 code=0x7ffc0000 [ 606.494918][T10733] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1254'. [ 606.519277][ T30] audit: type=1326 audit(1753225016.860:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10730 comm="syz.8.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa73758e929 code=0x7ffc0000 [ 606.550363][ T30] audit: type=1326 audit(1753225016.870:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10730 comm="syz.8.1253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa73758e929 code=0x7ffc0000 [ 606.699653][T10746] overlayfs: missing 'lowerdir' [ 606.704493][T10735] 8021q: adding VLAN 0 to HW filter on device bond1 [ 607.061259][T10740] 8021q: adding VLAN 0 to HW filter on device bond1 [ 607.085891][T10740] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 607.301164][T10740] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 607.410151][T10757] netlink: 'syz.8.1259': attribute type 3 has an invalid length. [ 607.418170][T10757] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1259'. [ 608.313783][T10741] macvlan2: entered promiscuous mode [ 608.347065][T10741] macvlan2: entered allmulticast mode [ 608.394087][T10741] bond1: (slave macvlan2): Error -98 calling set_mac_address [ 608.591346][T10763] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1263'. [ 608.611119][T10757] netdevsim netdevsim8: Direct firmware load for ./file0 failed with error -2 [ 608.621202][T10757] netdevsim netdevsim8: Falling back to sysfs fallback for: ./file0 [ 608.911235][T10763] 8021q: adding VLAN 0 to HW filter on device bond1 [ 609.014086][T10772] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 609.128456][T10767] 8021q: adding VLAN 0 to HW filter on device bond1 [ 609.136017][T10767] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 609.171929][T10767] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 609.210311][T10775] netlink: 'syz.8.1264': attribute type 3 has an invalid length. [ 609.218282][T10775] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1264'. [ 609.830703][T10768] macvlan2: entered promiscuous mode [ 609.836106][T10768] macvlan2: entered allmulticast mode [ 609.842356][T10768] bond1: (slave macvlan2): Error -98 calling set_mac_address [ 609.858203][ T5920] usb 10-1: new high-speed USB device number 11 using dummy_hcd [ 609.867589][T10775] netdevsim netdevsim8: Direct firmware load for ./file0 failed with error -2 [ 609.876541][T10775] netdevsim netdevsim8: Falling back to sysfs fallback for: ./file0 [ 610.412251][T10787] netlink: 149852 bytes leftover after parsing attributes in process `syz.8.1267'. [ 610.422867][T10787] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 610.447799][ T5920] usb 10-1: device descriptor read/64, error -71 [ 610.490175][T10789] overlayfs: failed to resolve './bus': -2 [ 610.848390][ T5920] usb 10-1: new high-speed USB device number 12 using dummy_hcd [ 611.110896][ T5920] usb 10-1: device descriptor read/64, error -71 [ 611.197435][T10798] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 611.246810][T10798] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 611.281049][ T5920] usb usb10-port1: attempt power cycle [ 611.409813][T10801] fuse: Invalid rootmode [ 611.425430][T10801] IPVS: set_ctl: invalid protocol: 8 127.0.0.1:20001 [ 611.440740][T10800] [U] ^C [ 611.618348][ T5920] usb 10-1: new high-speed USB device number 13 using dummy_hcd [ 611.708469][ T5920] usb 10-1: device descriptor read/8, error -71 [ 612.077861][T10818] netlink: 'syz.6.1274': attribute type 3 has an invalid length. [ 612.086311][T10818] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1274'. [ 612.109910][T10818] netdevsim netdevsim6: Direct firmware load for ./file0 failed with error -2 [ 612.119010][T10818] netdevsim netdevsim6: Falling back to sysfs fallback for: ./file0 [ 612.134065][ T5920] usb 10-1: new high-speed USB device number 14 using dummy_hcd [ 612.796565][ T5920] usb 10-1: device descriptor read/8, error -71 [ 612.879716][T10823] netlink: 'syz.7.1275': attribute type 3 has an invalid length. [ 612.949579][ T5920] usb usb10-port1: unable to enumerate USB device [ 612.959091][T10823] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1275'. [ 613.053296][T10823] netlink: 'syz.7.1275': attribute type 3 has an invalid length. [ 613.089382][T10823] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1275'. [ 613.943888][T10839] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 614.108815][T10839] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 614.254682][ T5920] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 614.392190][T10847] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1282'. [ 614.969448][ T5920] usb 3-1: Using ep0 maxpacket: 32 [ 614.996297][ T5920] usb 3-1: config 0 has an invalid descriptor of length 11, skipping remainder of the config [ 615.018048][ T5920] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 615.099628][ T5920] usb 3-1: config 0 interface 0 has no altsetting 0 [ 615.131815][ T5920] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00 [ 615.219458][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.285539][ T5920] usb 3-1: config 0 descriptor?? [ 616.992770][T10866] vxfs: WRONG superblock magic 00000000 at 1 [ 617.001540][T10866] vxfs: WRONG superblock magic 00000000 at 8 [ 617.007892][T10866] vxfs: can't find superblock. [ 618.060100][T10879] netlink: 'syz.7.1287': attribute type 3 has an invalid length. [ 618.068197][T10879] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1287'. [ 618.641189][ T5920] usbhid 3-1:0.0: can't add hid device: -71 [ 618.641324][ T5920] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 618.644163][ T5920] usb 3-1: USB disconnect, device number 12 [ 618.685770][T10879] netdevsim netdevsim7: Direct firmware load for ./file0 failed with error -2 [ 618.703600][T10879] netdevsim netdevsim7: Falling back to sysfs fallback for: ./file0 [ 619.858517][T10892] overlayfs: failed to resolve './bus': -2 [ 620.133394][T10899] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 620.170141][T10899] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 620.774275][T10907] overlayfs: missing 'lowerdir' [ 621.257134][T10917] netlink: 'syz.7.1299': attribute type 3 has an invalid length. [ 621.265229][T10917] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1299'. [ 621.282887][T10917] netdevsim netdevsim7: Direct firmware load for ./file0 failed with error -2 [ 621.291928][T10917] netdevsim netdevsim7: Falling back to sysfs fallback for: ./file0 [ 624.774379][T10930] overlayfs: failed to clone upperpath [ 625.619060][T10943] netlink: 20 bytes leftover after parsing attributes in process `syz.9.1306'. [ 630.263439][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.269967][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.893030][T10992] netlink: 44 bytes leftover after parsing attributes in process `syz.9.1322'. [ 631.117305][T10994] afs: Unknown parameter 'dynJfloGHh+sck' [ 631.677851][T11000] netlink: 24 bytes leftover after parsing attributes in process `syz.9.1325'. [ 631.698705][T11000] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1325'. [ 631.974891][T11003] overlayfs: failed to resolve './bus': -2 [ 636.205760][ T30] audit: type=1326 audit(1753225046.752:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11043 comm="syz.2.1336" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f01ea78e929 code=0x0 [ 636.949701][T11055] random: crng reseeded on system resumption [ 640.183501][T11079] binder: BINDER_SET_CONTEXT_MGR already set [ 640.190067][T11079] binder: 11073:11079 ioctl 4018620d 200000000040 returned -16 [ 641.004345][ T5846] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 641.063621][ T44] usb 9-1: new full-speed USB device number 17 using dummy_hcd [ 641.355334][ T5846] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 641.366609][ T5846] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 641.382290][ T5846] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 641.391843][ T5846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.417651][T11106] 9pnet_virtio: no channels available for device 127.0.0.1 [ 641.429044][ T5846] hub 3-1:4.0: USB hub found [ 641.435975][ T44] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 641.468483][ T44] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 641.514995][T11106] tipc: Started in network mode [ 641.520015][T11106] tipc: Node identity 6ec71e40667e, cluster identity 4711 [ 641.528103][ T44] usb 9-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 641.542614][T11106] tipc: Enabled bearer , priority 0 [ 641.551321][ T44] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 641.576535][T11110] sit0: entered promiscuous mode [ 641.582114][ T44] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 641.582789][T11110] sit0: entered allmulticast mode [ 641.590907][ T44] usb 9-1: SerialNumber: syz [ 641.605310][T11091] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 641.612941][T11091] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 641.614842][T11106] tipc: Resetting bearer [ 641.632735][ T5846] hub 3-1:4.0: 2 ports detected [ 641.637825][ T5846] usb 3-1: selecting invalid altsetting 1 [ 641.653428][ T5846] hub 3-1:4.0: Using single TT (err -22) [ 641.736172][T11105] tipc: Disabling bearer [ 641.831373][T11091] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 641.841055][ T5846] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 641.861530][T11091] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 641.869499][ T5846] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 641.930854][ T5846] usb 3-1: USB disconnect, device number 13 [ 642.100633][T11117] FAULT_INJECTION: forcing a failure. [ 642.100633][T11117] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 642.120886][T11117] CPU: 1 UID: 0 PID: 11117 Comm: syz.6.1356 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 642.120918][T11117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 642.120931][T11117] Call Trace: [ 642.120940][T11117] [ 642.120950][T11117] dump_stack_lvl+0x189/0x250 [ 642.120983][T11117] ? __pfx____ratelimit+0x10/0x10 [ 642.121017][T11117] ? __pfx_dump_stack_lvl+0x10/0x10 [ 642.121040][T11117] ? __pfx__printk+0x10/0x10 [ 642.121067][T11117] ? __might_fault+0xb0/0x130 [ 642.121110][T11117] should_fail_ex+0x414/0x560 [ 642.121146][T11117] _copy_to_iter+0x3f5/0x16f0 [ 642.121171][T11117] ? preempt_schedule_common+0x83/0xd0 [ 642.121208][T11117] ? __pfx__copy_to_iter+0x10/0x10 [ 642.121235][T11117] ? preempt_schedule_thunk+0x16/0x30 [ 642.121275][T11117] seq_read_iter+0xbeb/0xe10 [ 642.121326][T11117] seq_read+0x2e2/0x3d0 [ 642.121349][T11117] ? __lock_acquire+0xab9/0xd20 [ 642.121380][T11117] ? __pfx_seq_read+0x10/0x10 [ 642.121411][T11117] ? __import_iovec+0x40e/0x7f0 [ 642.121446][T11117] ? __pfx_seq_read+0x10/0x10 [ 642.121468][T11117] proc_reg_read+0x1e9/0x2e0 [ 642.121499][T11117] vfs_readv+0x5aa/0x850 [ 642.121521][T11117] ? __pfx_proc_reg_read+0x10/0x10 [ 642.121549][T11117] ? __pfx_vfs_readv+0x10/0x10 [ 642.121584][T11117] ? lockdep_hardirqs_on+0x9c/0x150 [ 642.121627][T11117] ? __x64_sys_preadv+0x141/0x2a0 [ 642.121666][T11117] __x64_sys_preadv+0x197/0x2a0 [ 642.121701][T11117] ? __pfx___x64_sys_preadv+0x10/0x10 [ 642.121728][T11117] ? rcu_is_watching+0x15/0xb0 [ 642.121770][T11117] ? do_syscall_64+0xbe/0x3b0 [ 642.121794][T11117] do_syscall_64+0xfa/0x3b0 [ 642.121812][T11117] ? lockdep_hardirqs_on+0x9c/0x150 [ 642.121843][T11117] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.121862][T11117] ? clear_bhb_loop+0x60/0xb0 [ 642.121888][T11117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.121908][T11117] RIP: 0033:0x7fb49b58e929 [ 642.121927][T11117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 642.121944][T11117] RSP: 002b:00007fb49c4a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 642.121966][T11117] RAX: ffffffffffffffda RBX: 00007fb49b7b5fa0 RCX: 00007fb49b58e929 [ 642.121981][T11117] RDX: 0000000000000002 RSI: 0000200000000180 RDI: 0000000000000005 [ 642.121994][T11117] RBP: 00007fb49c4a0090 R08: 0000000000002081 R09: 0000000000000000 [ 642.122007][T11117] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000001 [ 642.122019][T11117] R13: 0000000000000000 R14: 00007fb49b7b5fa0 R15: 00007fff84fb4998 [ 642.122052][T11117] [ 642.635978][ T44] cdc_ether 9-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.8-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 643.444893][T11132] FAULT_INJECTION: forcing a failure. [ 643.444893][T11132] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 643.474591][T11132] CPU: 0 UID: 0 PID: 11132 Comm: syz.2.1360 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 643.474624][T11132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 643.474637][T11132] Call Trace: [ 643.474653][T11132] [ 643.474663][T11132] dump_stack_lvl+0x189/0x250 [ 643.474693][T11132] ? __pfx____ratelimit+0x10/0x10 [ 643.474725][T11132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 643.474753][T11132] ? __pfx__printk+0x10/0x10 [ 643.474794][T11132] should_fail_ex+0x414/0x560 [ 643.474828][T11132] _copy_to_user+0x31/0xb0 [ 643.474855][T11132] simple_read_from_buffer+0xe1/0x170 [ 643.474892][T11132] proc_fail_nth_read+0x1df/0x250 [ 643.474916][T11132] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 643.474949][T11132] ? rw_verify_area+0x258/0x650 [ 643.474976][T11132] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 643.474998][T11132] vfs_read+0x200/0x980 [ 643.475032][T11132] ? __pfx___mutex_lock+0x10/0x10 [ 643.475052][T11132] ? __pfx_vfs_read+0x10/0x10 [ 643.475081][T11132] ? __fget_files+0x2a/0x420 [ 643.475105][T11132] ? __fget_files+0x3a0/0x420 [ 643.475122][T11132] ? __fget_files+0x2a/0x420 [ 643.475150][T11132] ksys_read+0x145/0x250 [ 643.475176][T11132] ? __fget_files+0x3a0/0x420 [ 643.475196][T11132] ? __pfx_ksys_read+0x10/0x10 [ 643.475229][T11132] ? do_syscall_64+0xbe/0x3b0 [ 643.475253][T11132] do_syscall_64+0xfa/0x3b0 [ 643.475271][T11132] ? lockdep_hardirqs_on+0x9c/0x150 [ 643.475301][T11132] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.475322][T11132] ? clear_bhb_loop+0x60/0xb0 [ 643.475348][T11132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.475367][T11132] RIP: 0033:0x7f01ea78d33c [ 643.475386][T11132] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 643.475403][T11132] RSP: 002b:00007f01eb6a6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 643.475424][T11132] RAX: ffffffffffffffda RBX: 00007f01ea9b5fa0 RCX: 00007f01ea78d33c [ 643.475439][T11132] RDX: 000000000000000f RSI: 00007f01eb6a60a0 RDI: 0000000000000004 [ 643.475450][T11132] RBP: 00007f01eb6a6090 R08: 0000000000000000 R09: 0000000000000000 [ 643.475462][T11132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 643.475474][T11132] R13: 0000000000000000 R14: 00007f01ea9b5fa0 R15: 00007ffd1d677ff8 [ 643.475507][T11132] [ 644.177058][ T5846] usb 9-1: USB disconnect, device number 17 [ 644.184628][ T5846] cdc_ether 9-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.8-1, CDC Ethernet Device [ 644.861390][T11145] 8021q: adding VLAN 0 to HW filter on device bond1 [ 644.875827][T11145] bond0: (slave bond1): Enslaving as an active interface with an up link [ 645.343737][ T5921] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 645.816722][ T5921] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 645.974001][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.005463][ T5921] usb 3-1: config 0 descriptor?? [ 646.019661][ T5921] cp210x 3-1:0.0: cp210x converter detected [ 646.335408][T11159] loop6: detected capacity change from 0 to 63 [ 646.426334][ T5921] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 646.432752][T11159] Buffer I/O error on dev loop6, logical block 0, async page read [ 646.442555][T11159] Buffer I/O error on dev loop6, logical block 1, async page read [ 646.463213][T11159] Buffer I/O error on dev loop6, logical block 2, async page read [ 646.510384][T11159] Buffer I/O error on dev loop6, logical block 3, async page read [ 646.561203][T11160] Buffer I/O error on dev loop6, logical block 0, async page read [ 646.626530][T11160] Buffer I/O error on dev loop6, logical block 1, async page read [ 646.655273][T11160] Buffer I/O error on dev loop6, logical block 2, async page read [ 646.673374][T11160] Buffer I/O error on dev loop6, logical block 3, async page read [ 646.701510][T11160] Buffer I/O error on dev loop6, logical block 0, async page read [ 646.720077][T11160] Buffer I/O error on dev loop6, logical block 1, async page read [ 647.060817][T11164] trusted_key: encrypted_key: insufficient parameters specified [ 647.318109][ T5920] usb 10-1: new high-speed USB device number 15 using dummy_hcd [ 647.496632][ T5920] usb 10-1: Using ep0 maxpacket: 16 [ 647.509186][ T5920] usb 10-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 647.526421][ T5920] usb 10-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 647.543056][ T5920] usb 10-1: config 0 interface 0 has no altsetting 0 [ 647.555033][ T5920] usb 10-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 647.564857][ T5920] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.573120][ T5920] usb 10-1: Product: syz [ 647.577789][ T5920] usb 10-1: Manufacturer: syz [ 647.582671][ T5920] usb 10-1: SerialNumber: syz [ 647.591900][ T5920] usb 10-1: config 0 descriptor?? [ 647.631767][ T5921] cp210x 3-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 647.640993][ T5921] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 647.651643][ T5921] usb 3-1: cp210x converter now attached to ttyUSB0 [ 647.671278][ T5921] usb 3-1: USB disconnect, device number 14 [ 647.690176][ T5921] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 647.704900][ T5921] cp210x 3-1:0.0: device disconnected [ 648.041585][ T5913] usb 10-1: USB disconnect, device number 15 [ 648.885707][T11193] FAULT_INJECTION: forcing a failure. [ 648.885707][T11193] name failslab, interval 1, probability 0, space 0, times 0 [ 648.899347][T11193] CPU: 1 UID: 0 PID: 11193 Comm: syz.6.1380 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 648.899387][T11193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 648.899400][T11193] Call Trace: [ 648.899411][T11193] [ 648.899421][T11193] dump_stack_lvl+0x189/0x250 [ 648.899449][T11193] ? __pfx____ratelimit+0x10/0x10 [ 648.899479][T11193] ? __pfx_dump_stack_lvl+0x10/0x10 [ 648.899500][T11193] ? __pfx__printk+0x10/0x10 [ 648.899531][T11193] ? __pfx___might_resched+0x10/0x10 [ 648.899557][T11193] should_fail_ex+0x414/0x560 [ 648.899588][T11193] should_failslab+0xa8/0x100 [ 648.899618][T11193] __kmalloc_noprof+0xcb/0x4f0 [ 648.899644][T11193] ? tracepoint_add_func+0x35e/0xa10 [ 648.899674][T11193] ? __pfx___bpf_trace_sys_exit+0x10/0x10 [ 648.899690][T11193] tracepoint_add_func+0x35e/0xa10 [ 648.899726][T11193] ? __pfx___bpf_trace_sys_exit+0x10/0x10 [ 648.899743][T11193] tracepoint_probe_register_prio_may_exist+0x5f/0xa0 [ 648.899769][T11193] ? __pfx___bpf_trace_sys_exit+0x10/0x10 [ 648.899789][T11193] bpf_raw_tp_link_attach+0x4ff/0x6b0 [ 648.899816][T11193] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 648.899848][T11193] ? __fget_files+0x2a/0x420 [ 648.899874][T11193] bpf_raw_tracepoint_open+0x19b/0x1f0 [ 648.899895][T11193] __sys_bpf+0x3cd/0x860 [ 648.899923][T11193] ? __pfx___sys_bpf+0x10/0x10 [ 648.899962][T11193] ? ksys_write+0x22a/0x250 [ 648.899990][T11193] ? __pfx_ksys_write+0x10/0x10 [ 648.900011][T11193] ? rcu_is_watching+0x15/0xb0 [ 648.900038][T11193] __x64_sys_bpf+0x7c/0x90 [ 648.900063][T11193] do_syscall_64+0xfa/0x3b0 [ 648.900081][T11193] ? lockdep_hardirqs_on+0x9c/0x150 [ 648.900107][T11193] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.900126][T11193] ? clear_bhb_loop+0x60/0xb0 [ 648.900149][T11193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.900166][T11193] RIP: 0033:0x7fb49b58e929 [ 648.900188][T11193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 648.900204][T11193] RSP: 002b:00007fb49c4a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 648.900224][T11193] RAX: ffffffffffffffda RBX: 00007fb49b7b5fa0 RCX: 00007fb49b58e929 [ 648.900237][T11193] RDX: 0000000000000010 RSI: 0000200000000500 RDI: 0000000000000011 [ 648.900249][T11193] RBP: 00007fb49c4a0090 R08: 0000000000000000 R09: 0000000000000000 [ 648.900260][T11193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 648.900271][T11193] R13: 0000000000000000 R14: 00007fb49b7b5fa0 R15: 00007fff84fb4998 [ 648.900301][T11193] [ 649.164007][ T5921] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 649.323868][ T5921] usb 3-1: Using ep0 maxpacket: 16 [ 649.331653][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 649.516574][T11200] overlayfs: failed to clone upperpath [ 650.156222][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 650.241124][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 650.256246][ T5921] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 650.323825][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.760625][ T5921] usb 3-1: config 0 descriptor?? [ 650.972607][ T5921] usbhid 3-1:0.0: can't add hid device: -71 [ 650.996332][ T5921] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 651.076216][ T5921] usb 3-1: USB disconnect, device number 15 [ 653.994605][T11237] dummy0 speed is unknown, defaulting to 1000 [ 654.465599][ T5913] usb 9-1: new full-speed USB device number 18 using dummy_hcd [ 654.674362][ T5913] usb 9-1: config 7 has an invalid interface number: 192 but max is 0 [ 654.692899][ T5913] usb 9-1: config 7 has no interface number 0 [ 654.699338][ T5913] usb 9-1: config 7 interface 192 has no altsetting 0 [ 654.994917][ T5913] usb 9-1: New USB device found, idVendor=09fb, idProduct=ebbe, bcdDevice=d4.8d [ 655.004470][ T5913] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 655.029367][ T5913] usb 9-1: Product: syz [ 655.033708][ T5913] usb 9-1: Manufacturer: syz [ 655.041201][ T5913] usb 9-1: SerialNumber: syz [ 655.284820][T11258] netlink: 'syz.6.1393': attribute type 4 has an invalid length. [ 655.298087][ T5913] usb 9-1: USB disconnect, device number 18 [ 655.316895][T11258] netlink: 'syz.6.1393': attribute type 5 has an invalid length. [ 655.324984][T11258] netlink: 3657 bytes leftover after parsing attributes in process `syz.6.1393'. [ 660.276697][T11308] netlink: 324 bytes leftover after parsing attributes in process `syz.7.1410'. [ 660.817642][ T5846] usb 9-1: new high-speed USB device number 19 using dummy_hcd [ 661.014463][ T5846] usb 9-1: Using ep0 maxpacket: 32 [ 661.029736][ T5846] usb 9-1: config index 0 descriptor too short (expected 156, got 27) [ 661.043878][ T5846] usb 9-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 661.071265][ T5846] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 661.100239][ T5846] usb 9-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 661.128635][ T5846] usb 9-1: config 0 interface 0 has no altsetting 0 [ 661.147545][ T5846] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 661.162422][ T5846] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 661.179771][ T5846] usb 9-1: Product: syz [ 661.192675][ T5846] usb 9-1: Manufacturer: syz [ 661.207070][ T5846] usb 9-1: SerialNumber: syz [ 661.235030][ T5846] usb 9-1: config 0 descriptor?? [ 661.258500][ T5846] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 661.376575][ T5846] ldusb 9-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 661.724431][ T5846] usb 10-1: new high-speed USB device number 16 using dummy_hcd [ 661.734621][ T9] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 661.916444][ T5846] usb 10-1: config 0 has an invalid interface number: 33 but max is 0 [ 661.944152][ T5846] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 661.989675][ T5846] usb 10-1: config 0 has no interface number 0 [ 661.996599][ T5846] usb 10-1: config 0 interface 33 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023 [ 662.024252][ T9] usb 7-1: Using ep0 maxpacket: 16 [ 662.199648][ T5846] usb 10-1: config 0 interface 33 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 662.464253][ T5846] usb 10-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=68.64 [ 662.473477][ T5846] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.489526][ T5846] usb 10-1: Product: syz [ 663.354865][ T5846] usb 10-1: Manufacturer: syz [ 663.359918][ T5846] usb 10-1: SerialNumber: syz [ 663.373565][ T5846] usb 10-1: config 0 descriptor?? [ 663.399016][T11326] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22 [ 663.609116][ T5846] hdpvr 10-1:0.33: Could not find bulk-in endpoint [ 663.770526][ T5846] hdpvr 10-1:0.33: probe with driver hdpvr failed with error -12 [ 664.047912][ T9] usb 7-1: device descriptor read/all, error -71 [ 664.166468][T11348] overlay: ./file0 is not a directory [ 664.246865][ T5846] usb 10-1: USB disconnect, device number 16 [ 664.336195][ T3091] usb 9-1: USB disconnect, device number 19 [ 664.345606][ T3091] ldusb 9-1:0.0: LD USB Device #0 now disconnected [ 665.800879][T11366] overlayfs: missing 'lowerdir' [ 666.275123][T11372] netlink: 'syz.9.1428': attribute type 1 has an invalid length. [ 666.702027][T11376] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1427'. [ 667.134649][ T5921] usb 10-1: new high-speed USB device number 17 using dummy_hcd [ 667.294639][ T5921] usb 10-1: Using ep0 maxpacket: 16 [ 667.318974][ T5921] usb 10-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 667.359346][ T5921] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 667.410192][ T5921] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 667.554571][T11381] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 668.154986][ T5921] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 668.164745][ T5921] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.172901][ T5921] usb 10-1: Product: syz [ 668.177370][ T5921] usb 10-1: Manufacturer: syz [ 668.182130][ T5921] usb 10-1: SerialNumber: syz [ 668.666453][ T5921] usb 10-1: 0:2 : does not exist [ 669.781482][ T5921] usb 10-1: 1:0: cannot get min/max values for control 4 (id 1) [ 669.815091][ T5921] usb 10-1: USB disconnect, device number 17 [ 670.794366][ T10] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 671.984635][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 672.201352][ T10] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 672.219372][ T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 672.258777][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 672.298630][ T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 672.318689][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 672.344826][ T10] usb 3-1: Product: syz [ 672.359458][ T10] usb 3-1: Manufacturer: syz [ 672.390114][ T10] usb 3-1: SerialNumber: syz [ 672.614280][ T3091] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 673.180544][ T10] usb 3-1: 0:2 : does not exist [ 673.274515][ T3091] usb 7-1: Using ep0 maxpacket: 32 [ 673.299732][ T3091] usb 7-1: config 7 has an invalid interface number: 194 but max is 2 [ 673.313028][ T3091] usb 7-1: config 7 has an invalid interface number: 72 but max is 2 [ 673.334301][ T3091] usb 7-1: config 7 has an invalid interface number: 220 but max is 2 [ 673.342767][ T3091] usb 7-1: config 7 contains an unexpected descriptor of type 0x2, skipping [ 673.433727][ T3091] usb 7-1: config 7 has an invalid interface number: 212 but max is 2 [ 673.497027][ T3091] usb 7-1: config 7 has 4 interfaces, different from the descriptor's value: 3 [ 673.524255][ T3091] usb 7-1: config 7 has no interface number 0 [ 673.555770][ T3091] usb 7-1: config 7 has no interface number 1 [ 673.582323][ T3091] usb 7-1: config 7 has no interface number 2 [ 673.615328][ T3091] usb 7-1: config 7 has no interface number 3 [ 673.647879][ T3091] usb 7-1: config 7 interface 194 altsetting 4 endpoint 0xF has invalid maxpacket 512, setting to 64 [ 673.777992][ T3091] usb 7-1: config 7 interface 194 altsetting 4 endpoint 0x89 has invalid maxpacket 1023, setting to 64 [ 673.803736][ T3091] usb 7-1: config 7 interface 194 altsetting 4 has 3 endpoint descriptors, different from the interface descriptor's value: 5 [ 673.817383][ T3091] usb 7-1: too many endpoints for config 7 interface 72 altsetting 253: 37, using maximum allowed: 30 [ 673.832794][ T3091] usb 7-1: config 7 interface 72 altsetting 253 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 673.847383][ T3091] usb 7-1: config 7 interface 72 altsetting 253 endpoint 0x5 has invalid wMaxPacketSize 0 [ 673.860720][ T3091] usb 7-1: config 7 interface 72 altsetting 253 has 2 endpoint descriptors, different from the interface descriptor's value: 37 [ 673.879051][ T3091] usb 7-1: config 7 interface 220 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 673.914264][ T3091] usb 7-1: config 7 interface 220 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 673.957251][ T3091] usb 7-1: config 7 interface 220 altsetting 2 endpoint 0x6 has an invalid bInterval 182, changing to 11 [ 673.997420][ T3091] usb 7-1: config 7 interface 220 altsetting 2 bulk endpoint 0xB has invalid maxpacket 8 [ 674.038248][ T3091] usb 7-1: config 7 interface 220 altsetting 2 has a duplicate endpoint with address 0xA, skipping [ 674.085846][ T3091] usb 7-1: config 7 interface 220 altsetting 2 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 674.119177][ T3091] usb 7-1: config 7 interface 220 altsetting 2 has a duplicate endpoint with address 0x6, skipping [ 674.162882][ T3091] usb 7-1: config 7 interface 220 altsetting 2 has a duplicate endpoint with address 0xC, skipping [ 674.193163][ T3091] usb 7-1: config 7 interface 220 altsetting 2 bulk endpoint 0x3 has invalid maxpacket 8 [ 674.223901][ T3091] usb 7-1: config 7 interface 220 altsetting 2 endpoint 0x4 has invalid maxpacket 959, setting to 64 [ 674.291609][ T3091] usb 7-1: config 7 interface 220 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 674.353967][ T3091] usb 7-1: config 7 interface 220 altsetting 2 has a duplicate endpoint with address 0x1, skipping [ 674.416715][ T3091] usb 7-1: config 7 interface 212 altsetting 1 has a duplicate endpoint with address 0xE, skipping [ 674.438238][ T3091] usb 7-1: config 7 interface 212 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 674.471644][ T3091] usb 7-1: config 7 interface 212 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 674.539377][ T3091] usb 7-1: config 7 interface 212 altsetting 1 has a duplicate endpoint with address 0xC, skipping [ 674.584265][ T3091] usb 7-1: config 7 interface 212 altsetting 1 has a duplicate endpoint with address 0x3, skipping [ 674.624241][ T3091] usb 7-1: config 7 interface 212 altsetting 1 has a duplicate endpoint with address 0x4, skipping [ 674.654833][ T3091] usb 7-1: config 7 interface 212 altsetting 1 has a duplicate endpoint with address 0xB, skipping [ 674.686265][ T3091] usb 7-1: config 7 interface 212 altsetting 1 has a duplicate endpoint with address 0xF, skipping [ 674.738205][ T3091] usb 7-1: config 7 interface 212 altsetting 1 has a duplicate endpoint with address 0xB, skipping [ 674.768714][ T3091] usb 7-1: config 7 interface 194 has no altsetting 0 [ 674.783128][ T10] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1) [ 674.813510][ T3091] usb 7-1: config 7 interface 72 has no altsetting 0 [ 674.839180][ T3091] usb 7-1: config 7 interface 220 has no altsetting 0 [ 674.871526][ T3091] usb 7-1: config 7 interface 212 has no altsetting 0 [ 674.883591][ T10] usb 3-1: USB disconnect, device number 16 [ 674.914288][ T3091] usb 7-1: New USB device found, idVendor=19d2, idProduct=1060, bcdDevice=db.63 [ 674.944620][ T3091] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.963006][ T3091] usb 7-1: Product: 쵕꧑♽箩삇攟஍탲뤟論Ꜹ꺎ឨ噫鉙ԏ|靀ӣ╂䕲츜ﲙ鞫셷䏋ぶ䓣汽滋짉ᩝᤉꬢŘ熨栧丒ቧ⮤鷽臾ృ밨㰓ꮑꍯ嚂와麷觫엫샏䷗긄츔䨦ꄅ⢳㵠뜕걥肢ꮴ쪹릞᠕⋣㡦镽︜뢭觜⇘䀔햅ꌃ떬ⱜ缻拧 [ 675.084239][ T3091] usb 7-1: Manufacturer: ʏ쉛⍋坰ᦠ൜퍨턵凍蘩⨜냗ﴲ祻ᥞ蕷좦䃈榮䡥者탴ᩚ䰊蚐 [ 675.143872][ T3091] usb 7-1: SerialNumber: э [ 675.952206][ T3091] option 7-1:7.194: GSM modem (1-port) converter detected [ 676.159319][ T3091] usb 7-1: USB disconnect, device number 13 [ 676.175825][ T3091] option 7-1:7.194: device disconnected [ 676.512016][T11450] No such timeout policy "syz0" [ 678.144592][ T3091] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 678.639845][ T3091] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 678.663424][ T3091] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 678.724726][ T3091] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 678.856989][ T3091] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 678.894735][ T3091] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.959588][ T3091] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 679.485864][ T3091] usb 7-1: invalid MIDI out EP 0 [ 680.021823][ T3091] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 680.782774][T11492] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 681.201500][ T5846] usb 7-1: USB disconnect, device number 14 [ 681.293657][T11500] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 681.322713][T11500] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 681.687189][T11509] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 682.997372][T11527] netlink: 'syz.6.1473': attribute type 13 has an invalid length. [ 683.115912][T11527] netlink: 'syz.6.1473': attribute type 27 has an invalid length. [ 684.465893][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 684.499243][T11546] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1480'. [ 684.639019][T11547] overlay: ./file0 is not a directory [ 685.712889][ T5913] usb 10-1: new high-speed USB device number 18 using dummy_hcd [ 685.756592][T11550] input: syz1 as /devices/virtual/input/input28 [ 685.884370][ T5913] usb 10-1: device descriptor read/64, error -71 [ 686.144468][ T5913] usb 10-1: new high-speed USB device number 19 using dummy_hcd [ 686.152434][ T10] usb 9-1: new high-speed USB device number 20 using dummy_hcd [ 686.306267][ T5913] usb 10-1: device descriptor read/64, error -71 [ 686.341602][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 686.367978][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 686.390645][ T10] usb 9-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 686.409784][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.431053][ T5913] usb usb10-port1: attempt power cycle [ 686.449085][ T10] usb 9-1: config 0 descriptor?? [ 686.774836][ T5913] usb 10-1: new high-speed USB device number 20 using dummy_hcd [ 686.815323][ T5913] usb 10-1: device descriptor read/8, error -71 [ 687.064393][ T5913] usb 10-1: new high-speed USB device number 21 using dummy_hcd [ 687.190973][ T30] audit: type=1326 audit(1753225097.721:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11578 comm="syz.2.1490" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f01ea78e929 code=0x0 [ 687.191695][ T5921] usb 7-1: new low-speed USB device number 15 using dummy_hcd [ 687.223831][ T10] usbhid 9-1:0.0: can't add hid device: -32 [ 687.229958][ T10] usbhid 9-1:0.0: probe with driver usbhid failed with error -32 [ 687.245104][ T5913] usb 10-1: device descriptor read/8, error -71 [ 687.361165][ T5913] usb usb10-port1: unable to enumerate USB device [ 687.545208][ T5921] usb 7-1: Invalid ep0 maxpacket: 64 [ 687.638138][T11583] nvme_fabrics: missing parameter 'transport=%s' [ 687.645289][T11583] nvme_fabrics: missing parameter 'nqn=%s' [ 687.694768][ T5921] usb 7-1: new low-speed USB device number 16 using dummy_hcd [ 687.844718][ T5921] usb 7-1: Invalid ep0 maxpacket: 64 [ 687.854053][ T5921] usb usb7-port1: attempt power cycle [ 688.194301][ T5921] usb 7-1: new low-speed USB device number 17 using dummy_hcd [ 688.225476][ T5921] usb 7-1: Invalid ep0 maxpacket: 64 [ 688.354305][ T5921] usb 7-1: new low-speed USB device number 18 using dummy_hcd [ 688.407525][ T5921] usb 7-1: Invalid ep0 maxpacket: 64 [ 688.416371][ T5921] usb usb7-port1: unable to enumerate USB device [ 688.809600][T11592] netlink: 188 bytes leftover after parsing attributes in process `syz.9.1492'. [ 688.889531][ T5913] usb 9-1: USB disconnect, device number 20 [ 690.577129][T11614] : renamed from bond_slave_0 (while UP) [ 691.201863][T11619] netlink: 16 bytes leftover after parsing attributes in process `syz.9.1499'. [ 691.674344][ T3091] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 691.703991][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.714403][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.887886][ T3091] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 691.919267][ T3091] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 692.315656][ T3091] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 692.344356][ T3091] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 692.372811][ T3091] usb 3-1: Product: syz [ 692.383571][ T3091] usb 3-1: Manufacturer: syz [ 692.393406][ T3091] usb 3-1: SerialNumber: syz [ 692.960610][T11640] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1503'. [ 693.146701][ T3091] usb 3-1: 0:2 : does not exist [ 693.196163][ T3091] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 693.278758][ T3091] usb 3-1: USB disconnect, device number 17 [ 694.637913][T11649] ieee802154 phy0 wpan0: encryption failed: -22 [ 694.868350][ T5913] Process accounting resumed [ 695.816850][T11658] IPv6: NLM_F_CREATE should be specified when creating new route [ 696.270020][T11673] netlink: 'syz.2.1510': attribute type 3 has an invalid length. [ 696.278271][T11673] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1510'. [ 696.308382][T11673] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 696.317837][T11673] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 697.388954][T11682] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1517'. [ 697.414732][ T5913] usb 10-1: new low-speed USB device number 22 using dummy_hcd [ 697.607421][ T5913] usb 10-1: config 128 has an invalid interface number: 91 but max is 1 [ 697.626347][ T5913] usb 10-1: config 128 has an invalid interface number: 74 but max is 1 [ 698.135213][ T5913] usb 10-1: config 128 has no interface number 0 [ 698.144874][ T5913] usb 10-1: config 128 has no interface number 1 [ 698.637292][ T5913] usb 10-1: config 128 interface 91 altsetting 14 endpoint 0xF has invalid maxpacket 1024, setting to 8 [ 698.654755][ T5913] usb 10-1: config 128 interface 91 altsetting 14 endpoint 0x1 has invalid maxpacket 64, setting to 8 [ 698.735163][ T5913] usb 10-1: config 128 interface 91 altsetting 14 endpoint 0xC is Bulk; changing to Interrupt [ 698.764346][ T5920] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 698.847124][ T5913] usb 10-1: config 128 interface 91 has no altsetting 0 [ 698.924645][ T5913] usb 10-1: config 128 interface 74 has no altsetting 0 [ 699.002641][ T5920] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 699.031880][T11696] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 699.038347][ T5920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 699.073934][T11696] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 699.104034][ T5920] usb 3-1: Product: syz [ 699.110080][ T5920] usb 3-1: Manufacturer: syz [ 699.120933][ T5920] usb 3-1: SerialNumber: syz [ 699.138004][ T5920] usb 3-1: config 0 descriptor?? [ 699.146628][ T5920] ch341 3-1:0.0: ch341-uart converter detected [ 699.198938][T11699] netlink: 'syz.8.1522': attribute type 1 has an invalid length. [ 699.217830][T11699] netlink: 'syz.8.1522': attribute type 1 has an invalid length. [ 699.347978][ T5920] usb 3-1: failed to receive control message: -121 [ 699.364502][ T5920] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -121 [ 699.554717][ T5920] usb 3-1: USB disconnect, device number 18 [ 699.562859][ T5920] ch341 3-1:0.0: device disconnected [ 699.680235][T11707] netlink: 'syz.6.1524': attribute type 32 has an invalid length. [ 699.714506][ T30] audit: type=1326 audit(1753225110.261:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11706 comm="syz.6.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49b58e929 code=0x7ffc0000 [ 699.736155][T11709] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 699.736218][T11709] F2FS-fs (loop15): Can't find valid F2FS filesystem in 1th superblock [ 699.736702][T11709] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 699.736725][T11709] F2FS-fs (loop15): Can't find valid F2FS filesystem in 2th superblock [ 699.765701][T11709] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 699.775932][ T30] audit: type=1326 audit(1753225110.261:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11706 comm="syz.6.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=453 compat=0 ip=0x7fb49b58e929 code=0x7ffc0000 [ 699.809620][ T30] audit: type=1326 audit(1753225110.261:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11706 comm="syz.6.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49b58e929 code=0x7ffc0000 [ 699.831324][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.831520][T11709] F2FS-fs (loop15): Can't find valid F2FS filesystem in 1th superblock [ 699.831664][T11709] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 699.831684][T11709] F2FS-fs (loop15): Can't find valid F2FS filesystem in 2th superblock [ 699.867382][ T30] audit: type=1326 audit(1753225110.261:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11706 comm="syz.6.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb49b58d290 code=0x7ffc0000 [ 699.890377][ T30] audit: type=1326 audit(1753225110.261:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11706 comm="syz.6.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49b58e929 code=0x7ffc0000 [ 699.912023][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.921842][ T30] audit: type=1326 audit(1753225110.261:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11706 comm="syz.6.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb49b58e929 code=0x7ffc0000 [ 700.011038][T11711] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1526'. [ 700.020253][T11711] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1526'. [ 700.050387][ T30] audit: type=1326 audit(1753225110.261:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11706 comm="syz.6.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49b58e929 code=0x7ffc0000 [ 700.052887][T11707] ptrace attach of "./syz-executor exec"[7967] was attempted by ""[11707] [ 700.152252][ T30] audit: type=1326 audit(1753225110.261:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11706 comm="syz.6.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb49b58e929 code=0x7ffc0000 [ 700.179158][ T30] audit: type=1326 audit(1753225110.261:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11706 comm="syz.6.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb49b58e929 code=0x7ffc0000 [ 700.210235][ T30] audit: type=1326 audit(1753225110.271:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11706 comm="syz.6.1524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb49b58e929 code=0x7ffc0000 [ 700.540821][ T5913] usb 10-1: New USB device found, idVendor=0733, idProduct=2221, bcdDevice=d9.a3 [ 700.552819][ T5913] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 700.576992][ T3091] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 700.584534][ T5913] usb 10-1: can't set config #128, error -71 [ 700.601604][ T5913] usb 10-1: USB disconnect, device number 22 [ 700.968446][ T3091] usb 7-1: config 255 has too many interfaces: 238, using maximum allowed: 32 [ 700.989994][ T3091] usb 7-1: config 255 has 1 interface, different from the descriptor's value: 238 [ 701.029955][ T3091] usb 7-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 701.060040][ T3091] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.644812][T11715] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1529'. [ 701.718743][ T3091] usb 7-1: string descriptor 0 read error: -71 [ 701.736667][T11733] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1532'. [ 701.755112][ T3091] gspca_main: spca508-2.14.0 probing 8086:0110 [ 701.781161][ T3091] gspca_spca508: reg_read err -71 [ 701.789117][T11724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1530'. [ 701.799953][T11724] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1530'. [ 701.839670][ T3091] gspca_spca508: reg_read err -71 [ 701.848615][ T3091] gspca_spca508: reg_read err -71 [ 701.864549][ T3091] gspca_spca508: reg_read err -71 [ 701.873696][ T3091] gspca_spca508: reg_read err -71 [ 701.893697][ T3091] gspca_spca508: reg write: error -71 [ 701.902665][ T3091] spca508 7-1:255.0: probe with driver spca508 failed with error -71 [ 702.174146][T11739] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1533'. [ 702.232702][ T3091] usb 7-1: USB disconnect, device number 19 [ 702.549915][T11733] could not allocate digest TFM handle xcbc(aes) [ 703.587316][ T5913] usb 7-1: new full-speed USB device number 20 using dummy_hcd [ 703.793061][ T5913] usb 7-1: unable to get BOS descriptor or descriptor too short [ 703.817250][ T5913] usb 7-1: not running at top speed; connect to a high speed hub [ 703.847859][ T5913] usb 7-1: config 4 has an invalid interface number: 147 but max is 0 [ 703.869905][ T5913] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 703.880643][ T5913] usb 7-1: config 4 has no interface number 0 [ 703.890846][ T5913] usb 7-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 703.900360][ T5913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 703.908866][ T5913] usb 7-1: Product: syz [ 703.913407][ T5913] usb 7-1: Manufacturer: syz [ 703.918616][ T5913] usb 7-1: SerialNumber: syz [ 704.134364][ T5846] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 704.224392][ T44] usb 10-1: new high-speed USB device number 23 using dummy_hcd [ 704.303131][ T5913] usb 7-1: USB disconnect, device number 20 [ 704.317279][ T5846] usb 3-1: config 54 has an invalid interface number: 154 but max is 0 [ 704.338455][ T5846] usb 3-1: config 54 has no interface number 0 [ 704.353392][ T5846] usb 3-1: config 54 interface 154 altsetting 0 endpoint 0x2 has invalid maxpacket 47325, setting to 64 [ 704.382747][ T5846] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice= 0.ec [ 704.403441][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 704.414375][ T44] usb 10-1: Using ep0 maxpacket: 16 [ 704.419677][ T5846] usb 3-1: Product: syz [ 704.425038][ T5846] usb 3-1: Manufacturer: syz [ 704.432761][ T5846] usb 3-1: SerialNumber: syz [ 704.439758][ T44] usb 10-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 704.453292][ T44] usb 10-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 704.465810][ T44] usb 10-1: config 0 interface 0 has no altsetting 0 [ 704.473999][ T44] usb 10-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00 [ 704.484415][ T44] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 704.499215][ T44] usb 10-1: config 0 descriptor?? [ 704.660962][T11767] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1541'. [ 704.682830][ T5846] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 704.699700][ T5846] usb 3-1: USB disconnect, device number 19 [ 704.707073][ T4099] usb 3-1: Failed to submit usb control message: -71 [ 704.723173][ T4099] usb 3-1: unable to send the bmi data to the device: -71 [ 704.852384][ T4099] usb 3-1: unable to get target info from device [ 704.859295][ T4099] usb 3-1: could not get target info (-71) [ 704.866565][ T4099] usb 3-1: could not probe fw (-71) [ 705.018435][T11762] xt_CT: No such helper "snmp" [ 708.579757][ T44] usbhid 10-1:0.0: can't add hid device: -71 [ 708.609032][ T44] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 708.639049][ T44] usb 10-1: USB disconnect, device number 23 [ 708.711769][T11798] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 708.887326][T11798] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 710.794158][T11814] openvswitch: netlink: Message has 16 unknown bytes. [ 712.384491][ T44] usb 9-1: new high-speed USB device number 21 using dummy_hcd [ 712.678122][ T44] usb 9-1: Using ep0 maxpacket: 32 [ 712.741182][ T44] usb 9-1: config 0 has an invalid interface number: 51 but max is 0 [ 712.754498][ T44] usb 9-1: config 0 has no interface number 0 [ 712.765772][ T44] usb 9-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 712.775375][ T44] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.786345][ T44] usb 9-1: Product: syz [ 712.790560][ T44] usb 9-1: Manufacturer: syz [ 712.843497][ T44] usb 9-1: SerialNumber: syz [ 712.914140][ T44] usb 9-1: config 0 descriptor?? [ 712.961491][ T44] quatech2 9-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 713.299941][ T44] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 713.330599][ T44] usb 9-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 713.500039][ T44] kernel read not supported for file /dsp (pid: 44 comm: kworker/1:1) [ 713.952151][T11824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 713.992466][T11824] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 715.454944][T11861] openvswitch: netlink: Message has 16 unknown bytes. [ 716.175684][ C1] usb 9-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 716.183797][ T3091] usb 9-1: USB disconnect, device number 21 [ 716.226932][ T3091] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 716.435057][ T3091] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 716.467311][ T3091] quatech2 9-1:0.51: device disconnected [ 716.543968][T11868] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1567'. [ 716.886811][T11873] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false [ 717.480475][T11871] could not allocate digest TFM handle xcbc(aes) [ 718.335240][T11883] overlayfs: failed to clone upperpath [ 719.306896][ T10] usb 9-1: new high-speed USB device number 22 using dummy_hcd [ 719.826637][T11895] /dev/sg0: Can't lookup blockdev [ 719.864895][ T10] usb 9-1: Using ep0 maxpacket: 16 [ 719.872793][ T10] usb 9-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 719.908010][ T10] usb 9-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 719.975101][ T10] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 719.997673][ T10] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 720.011809][ T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 720.036957][ T10] usb 9-1: Product: syz [ 720.056873][ T10] usb 9-1: Manufacturer: syz [ 720.085088][ T44] usb 7-1: new full-speed USB device number 21 using dummy_hcd [ 720.332003][ T44] usb 7-1: not running at top speed; connect to a high speed hub [ 720.415159][ T44] usb 7-1: config 2 has an invalid interface number: 138 but max is 1 [ 720.484112][ T44] usb 7-1: config 2 contains an unexpected descriptor of type 0x2, skipping [ 720.567150][ T44] usb 7-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 720.579076][T11904] netdevsim netdevsim2: Direct firmware load for .. failed with error -2 [ 720.645876][ T44] usb 7-1: config 2 contains an unexpected descriptor of type 0x1, skipping [ 720.668151][T11904] netdevsim netdevsim2: Falling back to sysfs fallback for: .. [ 720.732107][ T44] usb 7-1: config 2 has no interface number 1 [ 720.805119][ T44] usb 7-1: config 2 interface 138 altsetting 9 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 720.915475][ T44] usb 7-1: config 2 interface 138 altsetting 9 endpoint 0xB has invalid maxpacket 1023, setting to 64 [ 721.021650][ T44] usb 7-1: config 2 interface 138 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 721.101364][ T44] usb 7-1: config 2 interface 138 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 721.139927][ T10] usb 9-1: SerialNumber: syz [ 721.165355][ T44] usb 7-1: config 2 interface 138 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 721.197442][ T44] usb 7-1: config 2 interface 138 altsetting 9 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 721.439147][ T44] usb 7-1: config 2 interface 138 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 721.452713][ T44] usb 7-1: config 2 interface 0 altsetting 129 has an invalid descriptor for endpoint zero, skipping [ 721.464085][ T44] usb 7-1: config 2 interface 0 altsetting 129 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 721.475423][ T44] usb 7-1: config 2 interface 0 altsetting 129 endpoint 0x3 has an invalid bInterval 121, changing to 4 [ 721.494003][ T44] usb 7-1: config 2 interface 0 altsetting 129 has an invalid descriptor for endpoint zero, skipping [ 721.505923][ T44] usb 7-1: config 2 interface 0 altsetting 129 has a duplicate endpoint with address 0x3, skipping [ 721.620734][ T10] usb 9-1: 0:2 : does not exist [ 721.651443][ T44] usb 7-1: config 2 interface 0 altsetting 129 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 721.664656][T11915] overlayfs: failed to resolve './file0': -2 [ 721.756760][ T10] usb 9-1: USB disconnect, device number 22 [ 721.855340][T11917] syz_tun: entered allmulticast mode [ 721.968699][T11918] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1583'. [ 722.569551][T11913] syz_tun: left allmulticast mode [ 722.602466][ T44] usb 7-1: config 2 interface 138 has no altsetting 0 [ 722.620795][ T44] usb 7-1: config 2 interface 0 has no altsetting 0 [ 722.632863][ T44] usb 7-1: string descriptor 0 read error: -71 [ 722.643730][ T44] usb 7-1: Dual-Role OTG device on HNP port [ 722.654784][ T44] usb 7-1: can't set HNP mode: -71 [ 722.829922][T11921] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1584'. [ 723.370057][T11926] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 723.812973][T11926] dvmrp1: linktype set to 776 [ 723.866826][ T44] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 723.921443][ T44] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz1] on syz0 [ 724.026653][T11928] could not allocate digest TFM handle xcbc(aes) [ 726.161068][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 726.161087][ T30] audit: type=1326 audit(1753225136.711:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11956 comm="syz.2.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ea78e929 code=0x7ffc0000 [ 726.225771][ T44] IPVS: starting estimator thread 0... [ 726.385245][ T30] audit: type=1326 audit(1753225136.711:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11956 comm="syz.2.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f01ea78e929 code=0x7ffc0000 [ 726.407084][ C1] vkms_vblank_simulate: vblank timer overrun [ 726.535167][T11962] IPVS: using max 24 ests per chain, 57600 per kthread [ 726.581168][ T30] audit: type=1326 audit(1753225136.711:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11956 comm="syz.2.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ea78e929 code=0x7ffc0000 [ 726.606172][ T30] audit: type=1326 audit(1753225136.711:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11956 comm="syz.2.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ea78e929 code=0x7ffc0000 [ 726.627910][ C1] vkms_vblank_simulate: vblank timer overrun [ 727.423316][T11974] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1595'. [ 727.432882][T11974] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.668016][ T30] audit: type=1326 audit(1753225136.761:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11956 comm="syz.2.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f01ea78e929 code=0x7ffc0000 [ 727.897345][T11974] bridge0: port 2(bridge_slave_1) entered disabled state [ 728.084549][ T30] audit: type=1326 audit(1753225136.761:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11956 comm="syz.2.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ea78e929 code=0x7ffc0000 [ 728.273336][ T30] audit: type=1326 audit(1753225136.761:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11956 comm="syz.2.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f01ea78e929 code=0x7ffc0000 [ 728.364672][ T30] audit: type=1326 audit(1753225136.761:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11956 comm="syz.2.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ea78e929 code=0x7ffc0000 [ 728.503886][ T30] audit: type=1326 audit(1753225136.761:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11956 comm="syz.2.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f01ea78e929 code=0x7ffc0000 [ 728.525552][ C1] vkms_vblank_simulate: vblank timer overrun [ 728.624458][ T30] audit: type=1326 audit(1753225136.761:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11956 comm="syz.2.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f01ea78e929 code=0x7ffc0000 [ 728.673320][T11985] input: syz1 as /devices/virtual/input/input29 [ 731.243118][T12016] netlink: 'syz.2.1608': attribute type 3 has an invalid length. [ 731.251875][T12016] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1608'. [ 731.372326][T12016] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 731.383646][T12016] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 734.945994][T12039] lo: entered allmulticast mode [ 734.996748][T12037] lo: left allmulticast mode [ 735.078433][T12045] overlayfs: missing 'lowerdir' [ 737.888912][T12077] netlink: 'syz.6.1628': attribute type 1 has an invalid length. [ 737.911973][T12077] netlink: 'syz.6.1628': attribute type 2 has an invalid length. [ 737.960021][T12081] netlink: 'syz.6.1628': attribute type 1 has an invalid length. [ 737.982557][T12081] netlink: 'syz.6.1628': attribute type 2 has an invalid length. [ 738.066289][T12077] netlink: 'syz.6.1628': attribute type 1 has an invalid length. [ 738.102123][T12077] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1628'. [ 738.145938][T12077] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1628'. [ 739.609938][T12109] input: syz1 as /devices/virtual/input/input30 [ 739.736790][T12099] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1634'. [ 739.782072][T12099] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1634'. [ 740.660632][T12135] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 740.670052][T12135] bridge2: entered promiscuous mode [ 740.675633][T12135] bridge2: entered allmulticast mode [ 740.697237][T12137] netlink: 132 bytes leftover after parsing attributes in process `syz.7.1647'. [ 742.075635][T12147] overlayfs: failed to clone upperpath [ 742.153918][T12150] netlink: 'syz.7.1651': attribute type 15 has an invalid length. [ 742.691628][T12159] dvmrp8: entered allmulticast mode [ 743.066140][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 743.066160][ T30] audit: type=1326 audit(1753225153.621:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12162 comm="syz.7.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242e18e929 code=0x7ffc0000 [ 743.233956][ T30] audit: type=1326 audit(1753225153.621:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12162 comm="syz.7.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f242e18e929 code=0x7ffc0000 [ 743.344999][ T5920] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 743.355274][ T30] audit: type=1326 audit(1753225153.621:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12162 comm="syz.7.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242e18e929 code=0x7ffc0000 [ 743.363543][T12169] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1658'. [ 743.513669][ T30] audit: type=1326 audit(1753225153.621:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12162 comm="syz.7.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f242e18e929 code=0x7ffc0000 [ 743.975905][ T5920] usb 9-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 744.010491][ T5920] usb 9-1: config 0 interface 0 altsetting 64 endpoint 0x81 has invalid wMaxPacketSize 0 [ 744.034364][ T5920] usb 9-1: config 0 interface 0 has no altsetting 0 [ 744.041076][ T5920] usb 9-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00 [ 744.077968][ T5920] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 744.096062][ T5920] usb 9-1: config 0 descriptor?? [ 744.101667][ T30] audit: type=1326 audit(1753225153.621:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12162 comm="syz.7.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242e18e929 code=0x7ffc0000 [ 744.244637][ T30] audit: type=1326 audit(1753225153.621:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12162 comm="syz.7.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f242e18e929 code=0x7ffc0000 [ 744.300368][ T30] audit: type=1326 audit(1753225153.621:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12162 comm="syz.7.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242e18e929 code=0x7ffc0000 [ 744.397058][ T30] audit: type=1326 audit(1753225153.621:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12162 comm="syz.7.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f242e18e929 code=0x7ffc0000 [ 744.438895][T12178] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1660'. [ 744.450292][ T30] audit: type=1326 audit(1753225153.621:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12162 comm="syz.7.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f242e18e929 code=0x7ffc0000 [ 744.484630][ T30] audit: type=1326 audit(1753225153.621:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12162 comm="syz.7.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f242e18d290 code=0x7ffc0000 [ 744.520715][ T5920] cypress 0003:04B4:07B1.000A: unknown main item tag 0x0 [ 744.532647][ T5920] cypress 0003:04B4:07B1.000A: unknown main item tag 0x0 [ 744.540561][ T5920] cypress 0003:04B4:07B1.000A: unknown main item tag 0x0 [ 744.551994][ T5920] cypress 0003:04B4:07B1.000A: unknown main item tag 0x0 [ 744.570241][ T5920] cypress 0003:04B4:07B1.000A: item fetching failed at offset 4/5 [ 744.579272][ T5920] cypress 0003:04B4:07B1.000A: parse failed [ 744.585913][ T5920] cypress 0003:04B4:07B1.000A: probe with driver cypress failed with error -22 [ 744.664696][ T44] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 744.720795][ T5920] usb 9-1: USB disconnect, device number 23 [ 744.814327][ T44] usb 7-1: Using ep0 maxpacket: 32 [ 744.823444][ T44] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 744.847126][ T44] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 744.872000][ T44] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 744.888950][ T44] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 744.898561][ T44] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 744.907361][ T44] usb 7-1: Product: Ж [ 744.911668][ T44] usb 7-1: Manufacturer: 䋘큗瓁꣤훠敹˼穸稜馨潗鯳菤樳Ŗෟႁœ泚ƙ훠䥒撷 [ 744.923523][ T44] usb 7-1: SerialNumber: 㬫ꌀ翋ၱ퇆⧙渁ṻ䷹壐䚲䲟ꘗ箿뎤쁟ᧆ [ 745.751320][T12190] netlink: 'syz.9.1664': attribute type 3 has an invalid length. [ 745.759865][T12190] netlink: 20 bytes leftover after parsing attributes in process `syz.9.1664'. [ 745.774167][T12190] netdevsim netdevsim9: Direct firmware load for ./file0 failed with error -2 [ 745.783534][T12190] netdevsim netdevsim9: Falling back to sysfs fallback for: ./file0 [ 746.764580][ T44] cdc_ncm 7-1:1.0: bind() failure [ 746.806146][ T44] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found [ 746.843722][ T44] cdc_ncm 7-1:1.1: bind() failure [ 746.888255][T12209] ptrace attach of "./syz-executor exec"[7981] was attempted by "./syz-executor exec"[12209] [ 746.892101][ T44] usb 7-1: USB disconnect, device number 23 [ 746.942646][T12209] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 746.967030][T12209] overlayfs: failed to set xattr on upper [ 746.978948][T12209] overlayfs: ...falling back to redirect_dir=nofollow. [ 746.989854][T12209] overlayfs: ...falling back to index=off. [ 746.996701][T12209] overlayfs: ...falling back to uuid=null. [ 747.004621][T12209] overlayfs: maximum fs stacking depth exceeded [ 747.254951][ T5913] usb 9-1: new high-speed USB device number 24 using dummy_hcd [ 747.394398][ T5913] usb 9-1: device descriptor read/64, error -71 [ 747.634533][ T5913] usb 9-1: new high-speed USB device number 25 using dummy_hcd [ 748.268392][ T5913] usb 9-1: device descriptor read/64, error -71 [ 748.384828][ T5913] usb usb9-port1: attempt power cycle [ 749.174985][ T5913] usb 9-1: new high-speed USB device number 26 using dummy_hcd [ 749.217139][ T5913] usb 9-1: device descriptor read/8, error -71 [ 749.385114][ T9] usb 10-1: new high-speed USB device number 24 using dummy_hcd [ 749.505075][ T5913] usb 9-1: new high-speed USB device number 27 using dummy_hcd [ 749.598883][ T9] usb 10-1: Using ep0 maxpacket: 32 [ 749.616112][ T9] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11 [ 749.632620][ T5913] usb 9-1: device descriptor read/8, error -71 [ 749.650819][ T9] usb 10-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 749.661982][ T9] usb 10-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 749.675911][ T9] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 749.689207][ T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 749.702831][ T9] usb 10-1: Product: Ж [ 749.707204][ T9] usb 10-1: Manufacturer: 䋘큗瓁꣤훠敹˼穸稜馨潗鯳菤樳Ŗෟႁœ泚ƙ훠䥒撷 [ 749.720495][ T9] usb 10-1: SerialNumber: 㬫ꌀ翋ၱ퇆⧙渁ṻ䷹壐䚲䲟ꘗ箿뎤쁟ᧆ [ 749.754671][ T5913] usb usb9-port1: unable to enumerate USB device [ 750.008967][T12229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 750.036584][T12229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 750.284410][ T9] cdc_ncm 10-1:1.0: bind() failure [ 750.308935][ T9] cdc_ncm 10-1:1.1: CDC Union missing and no IAD found [ 750.324325][ T9] cdc_ncm 10-1:1.1: bind() failure [ 750.420576][ T9] usb 10-1: USB disconnect, device number 24 [ 750.476630][T12245] block nbd8: NBD_DISCONNECT [ 750.482292][T12245] block nbd8: Send disconnect failed -22 [ 750.489230][T12245] block nbd8: Disconnected due to user request. [ 750.524613][T12245] block nbd8: shutting down sockets [ 750.867774][T12253] netlink: 36 bytes leftover after parsing attributes in process `syz.8.1683'. [ 751.904502][ T3091] usb 10-1: new high-speed USB device number 25 using dummy_hcd [ 752.148836][ T3091] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 752.323702][ T3091] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 752.636436][ T3091] usb 10-1: New USB device found, idVendor=413c, idProduct=8186, bcdDevice=a0.a2 [ 752.654289][ T3091] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 752.674073][ T3091] usb 10-1: Product: syz [ 752.678535][ T3091] usb 10-1: Manufacturer: syz [ 752.683267][ T3091] usb 10-1: SerialNumber: syz [ 752.705913][ T3091] usb 10-1: config 0 descriptor?? [ 753.148604][ T5913] usb 10-1: USB disconnect, device number 25 [ 753.245064][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 753.253228][ T9] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 753.261815][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.494468][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 753.555047][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 753.591343][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 753.614320][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 753.645649][ T9] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 753.659788][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 753.682577][ T9] usb 3-1: config 0 descriptor?? [ 755.706445][ T9] usbhid 3-1:0.0: can't add hid device: -71 [ 755.713936][ T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 755.725003][ T9] usb 3-1: USB disconnect, device number 20 [ 755.765169][ T5913] usb 9-1: new high-speed USB device number 28 using dummy_hcd [ 756.394685][ T5913] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 756.428688][ T5913] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 756.440535][ T5913] usb 9-1: config 0 descriptor?? [ 756.460797][ T5913] cp210x 9-1:0.0: cp210x converter detected [ 756.514803][ T9] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 756.807746][ T3091] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 756.814527][ T9] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 756.943704][ T9] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 756.973606][ T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 757.043455][ T5913] cp210x 9-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 757.054290][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 757.065866][ T5913] cp210x 9-1:0.0: querying part number failed [ 757.072060][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 757.124366][ T3091] usb 3-1: Using ep0 maxpacket: 8 [ 757.155152][ T5913] usb 9-1: cp210x converter now attached to ttyUSB0 [ 757.170856][ T3091] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 757.171447][ T9] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 757.297536][ T5913] usb 9-1: USB disconnect, device number 28 [ 757.305423][ T9] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 757.318525][ T9] usb 7-1: Product: syz [ 757.322766][ T9] usb 7-1: Manufacturer: syz [ 757.328259][ T5913] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 757.341632][ T5913] cp210x 9-1:0.0: device disconnected [ 757.353405][ T9] cdc_wdm 7-1:1.0: skipping garbage [ 757.357516][ T3091] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 757.373007][ T3091] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 757.383981][ T9] cdc_wdm 7-1:1.0: skipping garbage [ 757.390172][ T3091] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 757.394462][ T9] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 757.400501][ T3091] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 757.426601][ T3091] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 757.444728][ T3091] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 757.447474][ T9] cdc_wdm 7-1:1.0: Unknown control protocol [ 757.835201][ T5913] usb 10-1: new high-speed USB device number 26 using dummy_hcd [ 757.906421][ T9] usb 3-1: USB disconnect, device number 21 [ 757.976425][ T5921] usb 9-1: new high-speed USB device number 29 using dummy_hcd [ 758.004857][ T5913] usb 10-1: Using ep0 maxpacket: 32 [ 758.031696][ T5913] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 758.047634][ T5913] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 758.060171][ T5913] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 758.073710][ T5913] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 758.120872][ T5913] usb 10-1: config 0 descriptor?? [ 758.144449][ T5921] usb 9-1: Using ep0 maxpacket: 32 [ 758.162387][ T5921] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 758.176271][ T5921] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 758.188384][ T5921] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 758.199900][ T5921] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 758.209416][ T5921] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 758.222762][ T5921] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 758.236772][ T5921] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 758.250789][ T5921] usb 9-1: config 0 descriptor?? [ 758.476911][ T5921] usb 9-1: USB disconnect, device number 29 [ 758.549015][ T5913] usbhid 10-1:0.0: can't add hid device: -71 [ 758.557828][ T5913] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 758.572631][ T5913] usb 10-1: USB disconnect, device number 26 [ 758.870771][ T10] usb 7-1: USB disconnect, device number 24 [ 759.114873][ T5921] usb 9-1: new high-speed USB device number 30 using dummy_hcd [ 759.139743][T12358] zonefs (nbd6) ERROR: Not a zoned block device [ 759.350570][ T5921] usb 9-1: Using ep0 maxpacket: 32 [ 759.485267][ T5921] usb 9-1: config index 0 descriptor too short (expected 29220, got 36) [ 759.504264][ T5921] usb 9-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 759.672229][ T5921] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 759.867928][ T5921] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 759.887344][ T5921] usb 9-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 759.939267][ T5921] usb 9-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 759.951273][ T5921] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 760.113181][ T5921] usb 9-1: config 0 descriptor?? [ 761.082367][ T10] usb 9-1: USB disconnect, device number 30 [ 761.094887][ T5899] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 761.115226][ T5921] usb 10-1: new high-speed USB device number 27 using dummy_hcd [ 761.284446][ T5921] usb 10-1: Using ep0 maxpacket: 16 [ 761.304424][ T5921] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 761.331069][ T5921] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 761.351681][ T5921] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 761.365538][ T5921] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 761.388062][ T5921] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.094840][ T5899] usb 3-1: Using ep0 maxpacket: 16 [ 762.327665][T12381] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1720'. [ 762.350482][ T5921] usb 10-1: config 0 descriptor?? [ 762.380001][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 762.395224][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 762.417639][ T5899] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 762.431695][ T5899] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 762.441012][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 763.088929][ T5899] usb 3-1: config 0 descriptor?? [ 763.095458][ T5899] usb 3-1: can't set config #0, error -71 [ 763.103037][ T5899] usb 3-1: USB disconnect, device number 22 [ 763.682261][T12407] netlink: 'syz.2.1724': attribute type 3 has an invalid length. [ 763.691158][T12407] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1724'. [ 763.944780][ T5921] usbhid 10-1:0.0: can't add hid device: -71 [ 764.321286][ T5921] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 764.333438][ T5921] usb 10-1: USB disconnect, device number 27 [ 768.955632][T12453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1739'. [ 768.967484][T12453] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1739'. [ 768.977447][T12453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1739'. [ 769.024616][T12454] netlink: 'syz.8.1740': attribute type 3 has an invalid length. [ 769.032568][T12454] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1740'. [ 770.797484][T12475] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1746'. [ 771.564490][ T5899] usb 9-1: new high-speed USB device number 31 using dummy_hcd [ 771.975993][ T5899] usb 9-1: config 0 has an invalid interface number: 255 but max is 0 [ 771.994320][ T5899] usb 9-1: config 0 has no interface number 0 [ 772.012679][ T5899] usb 9-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 772.253671][ T5899] usb 9-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 772.270870][ T5899] usb 9-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79 [ 772.290452][ T5899] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 772.310129][ T5899] usb 9-1: Product: syz [ 772.315415][ T5899] usb 9-1: Manufacturer: syz [ 772.320138][ T5899] usb 9-1: SerialNumber: syz [ 772.446825][ T10] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 773.178046][ T5899] usb 9-1: config 0 descriptor?? [ 773.447738][ T5899] vmk80xx 9-1:0.255: driver 'vmk80xx' failed to auto-configure device. [ 773.538687][ T5921] usb 10-1: new high-speed USB device number 28 using dummy_hcd [ 773.554102][ T10] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 773.563224][ T10] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 773.580583][T12485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 773.589771][ T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 773.614882][ T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 773.626092][ T5899] vmk80xx 9-1:0.255: probe with driver vmk80xx failed with error -22 [ 773.640147][ T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 773.650630][T12485] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 773.664719][ T10] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 773.674144][ T10] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 773.688208][ T10] usb 7-1: Product: syz [ 773.697351][ T10] usb 7-1: Manufacturer: syz [ 773.718463][ T10] cdc_wdm 7-1:1.0: skipping garbage [ 773.723745][ T10] cdc_wdm 7-1:1.0: skipping garbage [ 773.839908][ T5842] Bluetooth: hci4: unexpected event for opcode 0x2062 [ 773.851593][ T5920] usb 9-1: USB disconnect, device number 31 [ 773.884747][ T5921] usb 10-1: Using ep0 maxpacket: 16 [ 773.892017][ T5921] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 774.576227][ T10] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 774.582215][ T10] cdc_wdm 7-1:1.0: Unknown control protocol [ 774.680018][ T5921] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 774.721500][ T10] usb 7-1: USB disconnect, device number 25 [ 774.728099][ T5921] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 774.771790][ T5921] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 774.794339][ T5921] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 774.829461][ T5921] usb 10-1: config 0 descriptor?? [ 774.877853][T12512] input: syz1 as /devices/virtual/input/input33 [ 775.280714][T12518] comedi comedi1: dac02: I/O port conflict (0x2,8) [ 775.825433][ T10] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 776.214436][ T5921] usbhid 10-1:0.0: can't add hid device: -71 [ 776.220788][ T5921] usbhid 10-1:0.0: probe with driver usbhid failed with error -71 [ 776.437709][ T5921] usb 10-1: USB disconnect, device number 28 [ 776.593810][ T10] usb 3-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=44.85 [ 776.628274][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 776.805779][ T10] usb 3-1: Product: syz [ 776.834464][ T10] usb 3-1: Manufacturer: syz [ 776.839278][ T10] usb 3-1: SerialNumber: syz [ 776.855278][ T10] usb 3-1: config 0 descriptor?? [ 777.138172][ T10] usb 3-1: selecting invalid altsetting 1 [ 777.143985][ T10] technisat-usb2: could not set alternate setting to 0 [ 777.485519][ T10] technisat-usb2: firmware version: 0.0 [ 777.510881][ T10] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in warm state. [ 777.856691][ T5842] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 777.869354][ T5842] Bluetooth: hci4: Injecting HCI hardware error event [ 777.881402][ T5842] Bluetooth: hci4: hardware error 0x00 [ 778.193528][ T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 778.292349][ T10] dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) error while loading driver (-19) [ 778.353157][ T10] usb 3-1: USB disconnect, device number 23 [ 778.672387][T12559] x_tables: ip6_tables: tcp match: only valid for protocol 6 [ 780.165268][ T5842] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 784.826699][T12351] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 785.394466][ T10] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 785.419698][T12351] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 785.434288][T12351] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.452721][T12351] usb 3-1: Product: syz [ 785.464318][T12351] usb 3-1: Manufacturer: syz [ 785.469360][T12351] usb 3-1: SerialNumber: syz [ 785.495137][T12351] usb 3-1: config 0 descriptor?? [ 785.506374][T12351] ch341 3-1:0.0: ch341-uart converter detected [ 785.690601][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 785.702320][ T10] usb 7-1: config index 0 descriptor too short (expected 58404, got 36) [ 785.752461][T12351] usb 3-1: failed to receive control message: -121 [ 785.779095][ T10] usb 7-1: config 0 has an invalid descriptor of length 216, skipping remainder of the config [ 785.796316][T12351] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -121 [ 785.814498][ T10] usb 7-1: config 0 has no interfaces? [ 785.825576][T12646] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 785.862327][ T10] usb 7-1: New USB device found, idVendor=0458, idProduct=5017, bcdDevice= 0.00 [ 785.911196][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.954521][T12627] comedi comedi1: 8255: I/O port conflict (0xfffffffffffffffb,4) [ 785.970288][T12627] comedi comedi1: 8255: I/O port conflict (0x3,4) [ 785.992261][T12627] comedi comedi1: 8255: I/O port conflict (0x8f,4) [ 786.014370][ T10] usb 7-1: config 0 descriptor?? [ 786.027760][T12627] comedi comedi1: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 786.055003][T12627] comedi comedi1: 8255: I/O port conflict (0x20,4) [ 786.072852][T12627] comedi comedi1: 8255: I/O port conflict (0x8,4) [ 786.097421][ T5906] usb 3-1: USB disconnect, device number 24 [ 786.105002][ T5906] ch341 3-1:0.0: device disconnected [ 786.202599][T12489] IPVS: starting estimator thread 0... [ 786.388417][T12650] IPVS: using max 24 ests per chain, 57600 per kthread [ 786.794273][T12653] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 788.457916][ T5913] usb 7-1: USB disconnect, device number 26 [ 789.485260][ T5913] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 789.644364][ T5913] usb 7-1: Using ep0 maxpacket: 32 [ 789.723674][ T5913] usb 7-1: config 0 has an invalid interface number: 126 but max is 0 [ 789.737418][ T5913] usb 7-1: config 0 has no interface number 0 [ 789.743870][ T5913] usb 7-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 789.757888][ T5913] usb 7-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8 [ 789.791907][ T5913] usb 7-1: config 0 interface 126 has no altsetting 0 [ 789.832579][ T5913] usb 7-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 789.867363][ T5913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 789.892122][ T5913] usb 7-1: Product: syz [ 789.940030][ T5913] usb 7-1: Manufacturer: syz [ 789.961546][ T5913] usb 7-1: SerialNumber: syz [ 789.990536][ T5913] usb 7-1: config 0 descriptor?? [ 789.999917][T12670] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 790.013963][T12670] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 790.146532][T12687] netlink: 'syz.2.1804': attribute type 13 has an invalid length. [ 790.155014][T12687] netlink: 'syz.2.1804': attribute type 27 has an invalid length. [ 792.137852][ T5913] ir_usb 7-1:0.126: IR Dongle converter detected [ 792.152202][ T5913] usb 7-1: IRDA class descriptor not found, device not bound [ 792.690533][ T5913] usb 7-1: USB disconnect, device number 27 [ 795.898450][T12729] FAULT_INJECTION: forcing a failure. [ 795.898450][T12729] name failslab, interval 1, probability 0, space 0, times 0 [ 795.933818][T12729] CPU: 1 UID: 0 PID: 12729 Comm: syz.6.1809 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 795.933851][T12729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 795.933865][T12729] Call Trace: [ 795.933874][T12729] [ 795.933884][T12729] dump_stack_lvl+0x189/0x250 [ 795.933919][T12729] ? __pfx____ratelimit+0x10/0x10 [ 795.933952][T12729] ? __pfx_dump_stack_lvl+0x10/0x10 [ 795.933975][T12729] ? __pfx__printk+0x10/0x10 [ 795.934008][T12729] ? __pfx___might_resched+0x10/0x10 [ 795.934030][T12729] ? fs_reclaim_acquire+0x7d/0x100 [ 795.934056][T12729] should_fail_ex+0x414/0x560 [ 795.934091][T12729] should_failslab+0xa8/0x100 [ 795.934124][T12729] kmem_cache_alloc_noprof+0x73/0x3c0 [ 795.934151][T12729] ? security_inode_alloc+0x39/0x330 [ 795.934184][T12729] security_inode_alloc+0x39/0x330 [ 795.934210][T12729] inode_init_always_gfp+0x9ed/0xdc0 [ 795.934249][T12729] ? __pfx_ovl_alloc_inode+0x10/0x10 [ 795.934270][T12729] alloc_inode+0x82/0x1b0 [ 795.934298][T12729] ? __pfx_ovl_inode_test+0x10/0x10 [ 795.934320][T12729] ? __pfx_ovl_inode_set+0x10/0x10 [ 795.934342][T12729] iget5_locked+0x4a/0xa0 [ 795.934366][T12729] ovl_get_inode+0x6fc/0xfb0 [ 795.934409][T12729] ? __pfx_ovl_get_inode+0x10/0x10 [ 795.934434][T12729] ? do_raw_spin_unlock+0x122/0x240 [ 795.934474][T12729] ovl_lookup+0x1893/0x1bc0 [ 795.934536][T12729] ? __pfx_ovl_lookup+0x10/0x10 [ 795.934571][T12729] ? do_raw_spin_unlock+0x122/0x240 [ 795.934601][T12729] ? _raw_spin_unlock+0x28/0x50 [ 795.934628][T12729] ? d_alloc+0x144/0x190 [ 795.934653][T12729] lookup_one_qstr_excl_raw+0x115/0x280 [ 795.934681][T12729] do_renameat2+0x401/0xc50 [ 795.934734][T12729] ? __pfx_do_renameat2+0x10/0x10 [ 795.934776][T12729] ? strncpy_from_user+0x150/0x290 [ 795.934808][T12729] ? getname_flags+0x1e5/0x540 [ 795.934826][T12729] ? trace_sys_enter+0x25/0x120 [ 795.934848][T12729] __x64_sys_rename+0x82/0x90 [ 795.934879][T12729] do_syscall_64+0xfa/0x3b0 [ 795.934906][T12729] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.934925][T12729] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 795.934945][T12729] ? clear_bhb_loop+0x60/0xb0 [ 795.934970][T12729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.934989][T12729] RIP: 0033:0x7fb49b58e929 [ 795.935012][T12729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 795.935028][T12729] RSP: 002b:00007fb49c4a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 795.935051][T12729] RAX: ffffffffffffffda RBX: 00007fb49b7b5fa0 RCX: 00007fb49b58e929 [ 795.935065][T12729] RDX: 0000000000000000 RSI: 0000200000001900 RDI: 0000200000000140 [ 795.935078][T12729] RBP: 00007fb49c4a0090 R08: 0000000000000000 R09: 0000000000000000 [ 795.935090][T12729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 795.935103][T12729] R13: 0000000000000000 R14: 00007fb49b7b5fa0 R15: 00007fff84fb4998 [ 795.935136][T12729] [ 796.384092][T12729] overlayfs: failed to get inode (-12) [ 797.515303][T12738] syz.2.1817: attempt to access beyond end of device [ 797.515303][T12738] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 797.691340][T12738] gfs2: error -5 reading superblock [ 803.052884][T12775] netlink: 10 bytes leftover after parsing attributes in process `syz.7.1827'. [ 803.065538][T12769] delete_channel: no stack [ 803.099616][T12775] overlayfs: failed to clone upperpath [ 803.140277][T12775] netlink: 'syz.7.1827': attribute type 1 has an invalid length. [ 803.418828][T12767] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1824'. [ 803.484328][T12767] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1824'. [ 805.373339][T12796] netlink: 40 bytes leftover after parsing attributes in process `syz.9.1832'. [ 805.382641][T12796] bridge0: port 2(bridge_slave_1) entered disabled state [ 805.395051][T12796] bridge0: port 2(bridge_slave_1) entered disabled state [ 807.143167][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 807.143186][ T30] audit: type=1326 audit(1753225217.691:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12820 comm="syz.8.1840" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa73758e929 code=0x0 [ 810.342007][T12841] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1846'. [ 811.015455][T12846] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1845'. [ 812.564450][T12854] netlink: 372 bytes leftover after parsing attributes in process `syz.6.1848'. [ 812.579672][T12854] netlink: 65051 bytes leftover after parsing attributes in process `syz.6.1848'. [ 814.569190][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.697101][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 816.380770][T12862] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 817.030568][T12863] netlink: 'syz.6.1849': attribute type 2 has an invalid length. [ 817.121766][T12877] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 817.395538][T12879] netlink: 134820 bytes leftover after parsing attributes in process `syz.2.1855'. [ 817.480696][T12883] FAULT_INJECTION: forcing a failure. [ 817.480696][T12883] name failslab, interval 1, probability 0, space 0, times 0 [ 817.535969][T12883] CPU: 1 UID: 0 PID: 12883 Comm: syz.8.1857 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 817.536001][T12883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 817.536013][T12883] Call Trace: [ 817.536020][T12883] [ 817.536029][T12883] dump_stack_lvl+0x189/0x250 [ 817.536057][T12883] ? __pfx____ratelimit+0x10/0x10 [ 817.536090][T12883] ? __pfx_dump_stack_lvl+0x10/0x10 [ 817.536113][T12883] ? __pfx__printk+0x10/0x10 [ 817.536146][T12883] ? __pfx___might_resched+0x10/0x10 [ 817.536168][T12883] ? fs_reclaim_acquire+0x7d/0x100 [ 817.536194][T12883] should_fail_ex+0x414/0x560 [ 817.536230][T12883] should_failslab+0xa8/0x100 [ 817.536262][T12883] __kmalloc_noprof+0xcb/0x4f0 [ 817.536288][T12883] ? kfree+0x4d/0x440 [ 817.536311][T12883] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 817.536339][T12883] tomoyo_realpath_from_path+0xe3/0x5d0 [ 817.536364][T12883] ? tomoyo_domain+0xda/0x130 [ 817.536391][T12883] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 817.536418][T12883] tomoyo_path_number_perm+0x1e8/0x5a0 [ 817.536442][T12883] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 817.536476][T12883] ? __lock_acquire+0xab9/0xd20 [ 817.536507][T12883] ? __fget_files+0x2a/0x420 [ 817.536522][T12883] ? __fget_files+0x2a/0x420 [ 817.536534][T12883] ? __fget_files+0x3a0/0x420 [ 817.536546][T12883] ? __fget_files+0x2a/0x420 [ 817.536562][T12883] security_file_ioctl+0xcb/0x2d0 [ 817.536586][T12883] __se_sys_ioctl+0x47/0x170 [ 817.536608][T12883] do_syscall_64+0xfa/0x3b0 [ 817.536622][T12883] ? lockdep_hardirqs_on+0x9c/0x150 [ 817.536644][T12883] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.536658][T12883] ? clear_bhb_loop+0x60/0xb0 [ 817.536675][T12883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.536689][T12883] RIP: 0033:0x7fa73758e929 [ 817.536705][T12883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 817.536718][T12883] RSP: 002b:00007fa73838d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 817.536734][T12883] RAX: ffffffffffffffda RBX: 00007fa7377b5fa0 RCX: 00007fa73758e929 [ 817.536745][T12883] RDX: 0000200000000040 RSI: 0000000000004b67 RDI: 0000000000000003 [ 817.536755][T12883] RBP: 00007fa73838d090 R08: 0000000000000000 R09: 0000000000000000 [ 817.536764][T12883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 817.536773][T12883] R13: 0000000000000000 R14: 00007fa7377b5fa0 R15: 00007ffc66285568 [ 817.536797][T12883] [ 817.543260][T12883] ERROR: Out of memory at tomoyo_realpath_from_path. [ 819.549521][ T5846] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 819.704484][ T5846] usb 3-1: Using ep0 maxpacket: 8 [ 819.741117][ T5846] usb 3-1: unable to get BOS descriptor or descriptor too short [ 819.756117][ T5846] usb 3-1: config 0 has an invalid interface number: 88 but max is 0 [ 819.774257][ T5846] usb 3-1: config 0 has no interface number 0 [ 819.797099][ T5846] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 819.950223][T12902] netlink: 'syz.7.1864': attribute type 13 has an invalid length. [ 820.009982][T12902] netlink: 'syz.7.1864': attribute type 27 has an invalid length. [ 820.018638][ T5846] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 820.029296][ T5846] usb 3-1: config 0 interface 88 has no altsetting 0 [ 820.040874][ T5846] usb 3-1: language id specifier not provided by device, defaulting to English [ 820.055431][ T5846] usb 3-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 820.065452][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 820.073617][ T5846] usb 3-1: Product: syz [ 820.078330][ T5846] usb 3-1: SerialNumber: syz [ 820.085904][ T5846] usb 3-1: config 0 descriptor?? [ 820.167776][T12905] FAULT_INJECTION: forcing a failure. [ 820.167776][T12905] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 820.181238][T12905] CPU: 1 UID: 0 PID: 12905 Comm: syz.9.1862 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 820.181267][T12905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 820.181278][T12905] Call Trace: [ 820.181286][T12905] [ 820.181293][T12905] dump_stack_lvl+0x189/0x250 [ 820.181322][T12905] ? __pfx____ratelimit+0x10/0x10 [ 820.181354][T12905] ? __pfx_dump_stack_lvl+0x10/0x10 [ 820.181377][T12905] ? __pfx__printk+0x10/0x10 [ 820.181404][T12905] ? __might_fault+0xb0/0x130 [ 820.181446][T12905] should_fail_ex+0x414/0x560 [ 820.181481][T12905] _copy_from_iter+0x1db/0x16f0 [ 820.181513][T12905] ? lockdep_hardirqs_on+0x9c/0x150 [ 820.181545][T12905] ? __pfx__copy_from_iter+0x10/0x10 [ 820.181576][T12905] ? skb_put+0x11b/0x210 [ 820.181605][T12905] netlink_sendmsg+0x6b2/0xb30 [ 820.181638][T12905] ? lockdep_hardirqs_on+0x9c/0x150 [ 820.181677][T12905] ? __pfx_netlink_sendmsg+0x10/0x10 [ 820.181708][T12905] ? __sanitizer_cov_trace_pc+0x11/0x70 [ 820.181737][T12905] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 820.181770][T12905] ? __pfx_netlink_sendmsg+0x10/0x10 [ 820.181795][T12905] __sock_sendmsg+0x219/0x270 [ 820.181830][T12905] ____sys_sendmsg+0x505/0x830 [ 820.181863][T12905] ? __pfx_____sys_sendmsg+0x10/0x10 [ 820.181899][T12905] ? import_iovec+0x74/0xa0 [ 820.181927][T12905] ___sys_sendmsg+0x21f/0x2a0 [ 820.181957][T12905] ? __pfx____sys_sendmsg+0x10/0x10 [ 820.182023][T12905] ? __fget_files+0x2a/0x420 [ 820.182041][T12905] ? __fget_files+0x3a0/0x420 [ 820.182072][T12905] __x64_sys_sendmsg+0x19b/0x260 [ 820.182101][T12905] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 820.182126][T12905] ? __might_fault+0xb0/0x130 [ 820.182167][T12905] ? rcu_is_watching+0x15/0xb0 [ 820.182190][T12905] ? trace_sys_enter+0x25/0x120 [ 820.182215][T12905] do_syscall_64+0xfa/0x3b0 [ 820.182236][T12905] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.182256][T12905] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 820.182275][T12905] ? clear_bhb_loop+0x60/0xb0 [ 820.182300][T12905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.182320][T12905] RIP: 0033:0x7f787e98e929 [ 820.182338][T12905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 820.182354][T12905] RSP: 002b:00007f787f7fc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 820.182375][T12905] RAX: ffffffffffffffda RBX: 00007f787ebb6160 RCX: 00007f787e98e929 [ 820.182387][T12905] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008 [ 820.182398][T12905] RBP: 00007f787f7fc090 R08: 0000000000000000 R09: 0000000000000000 [ 820.182407][T12905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 820.182418][T12905] R13: 0000000000000000 R14: 00007f787ebb6160 R15: 00007fff0d6f2048 [ 820.182448][T12905] [ 820.458625][ C1] vkms_vblank_simulate: vblank timer overrun [ 820.521894][ T5846] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.88/input/input34 [ 820.538531][ T5846] usb 3-1: USB disconnect, device number 25 [ 820.793600][T12909] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1865'. [ 821.249027][T12916] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 825.795513][T12953] netlink: 'syz.9.1876': attribute type 13 has an invalid length. [ 825.803415][T12953] netlink: 'syz.9.1876': attribute type 27 has an invalid length. [ 827.524760][T12967] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 831.783191][T12998] overlayfs: failed to resolve './bus': -2 [ 833.904800][T13003] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1885'. [ 833.913968][T13003] bridge0: port 2(bridge_slave_1) entered disabled state [ 833.931241][T12993] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1886'. [ 833.944094][T13003] bridge0: port 2(bridge_slave_1) entered disabled state [ 834.699206][T13011] netlink: 'syz.7.1890': attribute type 13 has an invalid length. [ 834.711321][T13011] netlink: 'syz.7.1890': attribute type 27 has an invalid length. [ 835.373623][T13001] could not allocate digest TFM handle xcbc(aes) [ 835.429087][T13021] fuse: Bad value for 'user_id' [ 835.434272][T13021] fuse: Bad value for 'user_id' [ 837.299361][T13035] input: syz1 as /devices/virtual/input/input36 [ 837.897209][T13043] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1901'. [ 837.992461][T13050] usb usb8: usbfs: process 13050 (syz.8.1900) did not claim interface 0 before use [ 838.501276][T13036] netlink: 256 bytes leftover after parsing attributes in process `syz.9.1899'. [ 838.621261][T13061] netlink: 'syz.8.1905': attribute type 13 has an invalid length. [ 838.632850][T13061] netlink: 'syz.8.1905': attribute type 27 has an invalid length. [ 838.814386][T12351] usb 3-1: new low-speed USB device number 26 using dummy_hcd [ 839.484889][T12351] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 839.584543][T12351] usb 3-1: config 0 has an invalid descriptor of length 88, skipping remainder of the config [ 839.607628][T12351] usb 3-1: config 0 has no interface number 0 [ 839.626409][T12351] usb 3-1: config 0 interface 31 altsetting 0 endpoint 0x1 has an invalid bInterval 250, changing to 4 [ 839.680634][T12351] usb 3-1: config 0 interface 31 altsetting 0 endpoint 0x1 has invalid maxpacket 1023, setting to 0 [ 839.759439][T12351] usb 3-1: config 0 interface 31 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 841.717313][T12351] usb 3-1: New USB device found, idVendor=1b3d, idProduct=0114, bcdDevice=da.e5 [ 841.741803][T12351] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 841.755923][T13086] input: syz1 as /devices/virtual/input/input37 [ 841.816628][T12351] usb 3-1: config 0 descriptor?? [ 841.832978][T12351] usb 3-1: can't set config #0, error -71 [ 841.862543][T12351] usb 3-1: USB disconnect, device number 26 [ 843.488112][T13090] usb usb8: usbfs: process 13090 (syz.2.1914) did not claim interface 0 before use [ 844.127243][T13107] netlink: 'syz.2.1918': attribute type 13 has an invalid length. [ 844.234474][T13107] netlink: 'syz.2.1918': attribute type 27 has an invalid length. [ 844.694397][ T5920] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 844.825652][ T5920] usb 3-1: device descriptor read/64, error -71 [ 845.064654][ T5920] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 845.190850][T13125] ------------[ cut here ]------------ [ 845.196986][T13125] WARNING: CPU: 1 PID: 13125 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x2c8/0x370 [ 845.207420][T13125] Modules linked in: [ 845.211738][T13125] CPU: 1 UID: 0 PID: 13125 Comm: syz.9.1923 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 845.223968][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 845.234233][T13125] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 845.237866][ T5920] usb 3-1: device descriptor read/64, error -71 [ 845.240866][T13125] Code: 74 10 4c 89 e7 89 54 24 0c e8 14 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 4d 44 76 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 845.267287][T13125] RSP: 0018:ffffc900046779c0 EFLAGS: 00010246 [ 845.273602][T13125] RAX: ffffc90004677a00 RBX: 0000000000000024 RCX: 0000000000000000 [ 845.281697][T13125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90004677a28 [ 845.292138][T13125] RBP: ffffc90004677aa8 R08: ffffc90004677a27 R09: 0000000000000000 [ 845.300835][T13125] R10: ffffc90004677a00 R11: fffff520008cef45 R12: 0000000000000000 [ 845.309098][T13125] R13: 1ffff920008cef3c R14: 0000000000040d40 R15: dffffc0000000000 [ 845.317186][T13125] FS: 00007f787f83e6c0(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000 [ 845.326255][T13125] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 845.332899][T13125] CR2: 0000200000404030 CR3: 0000000034276000 CR4: 00000000003526f0 [ 845.341034][T13125] Call Trace: [ 845.344419][T13125] [ 845.347401][T13125] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 845.353890][T13125] ? v9fs_fid_xattr_get+0x237/0x2e0 [ 845.359231][T13125] __alloc_pages_noprof+0xa/0x30 [ 845.364282][T13125] ___kmalloc_large_node+0x85/0x210 [ 845.369564][T13125] __kmalloc_large_node_noprof+0x18/0x90 [ 845.375564][T13125] __kmalloc_noprof+0x36f/0x4f0 [ 845.380488][T13125] ? v9fs_fid_get_acl+0x4f/0x100 [ 845.385548][T13125] ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10 [ 845.385925][ T5920] usb usb3-port1: attempt power cycle [ 845.391922][T13125] v9fs_fid_get_acl+0x4f/0x100 [ 845.391965][T13125] v9fs_get_acl+0x11b/0x360 [ 845.406910][T13125] v9fs_inode_from_fid_dotl+0x221/0x2b0 [ 845.412553][T13125] v9fs_mount+0x6cb/0xa10 [ 845.417011][T13125] ? __pfx_v9fs_mount+0x10/0x10 [ 845.421931][T13125] ? rcu_is_watching+0x15/0xb0 [ 845.426830][T13125] ? cap_capable+0x11f/0x460 [ 845.431507][T13125] legacy_get_tree+0xfd/0x1a0 [ 845.436325][T13125] ? __pfx_v9fs_mount+0x10/0x10 [ 845.441211][T13125] vfs_get_tree+0x92/0x2b0 [ 845.445865][T13125] do_new_mount+0x24a/0xa40 [ 845.450421][T13125] __se_sys_mount+0x317/0x410 [ 845.455195][T13125] ? __pfx___se_sys_mount+0x10/0x10 [ 845.460427][T13125] ? rcu_is_watching+0x15/0xb0 [ 845.465441][T13125] ? trace_sys_enter+0x25/0x120 [ 845.470322][T13125] ? __x64_sys_mount+0x20/0xc0 [ 845.475351][T13125] do_syscall_64+0xfa/0x3b0 [ 845.479898][T13125] ? lockdep_hardirqs_on+0x9c/0x150 [ 845.485249][T13125] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.491501][T13125] ? clear_bhb_loop+0x60/0xb0 [ 845.496286][T13125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.502213][T13125] RIP: 0033:0x7f787e98e929 [ 845.506693][T13125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 845.526554][T13125] RSP: 002b:00007f787f83e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 845.535812][T13125] RAX: ffffffffffffffda RBX: 00007f787ebb5fa0 RCX: 00007f787e98e929 [ 845.543833][T13125] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 845.551938][T13125] RBP: 00007f787ea10b39 R08: 0000200000000580 R09: 0000000000000000 [ 845.559971][T13125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 845.568017][T13125] R13: 0000000000000000 R14: 00007f787ebb5fa0 R15: 00007fff0d6f2048 [ 845.576286][T13125] [ 845.579350][T13125] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 845.586752][T13125] CPU: 1 UID: 0 PID: 13125 Comm: syz.9.1923 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 845.598860][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 845.608942][T13125] Call Trace: [ 845.612250][T13125] [ 845.615249][T13125] dump_stack_lvl+0x99/0x250 [ 845.619867][T13125] ? __asan_memcpy+0x40/0x70 [ 845.624583][T13125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 845.629912][T13125] ? __pfx__printk+0x10/0x10 [ 845.634577][T13125] panic+0x2db/0x790 [ 845.638528][T13125] ? __pfx_panic+0x10/0x10 [ 845.642986][T13125] ? show_trace_log_lvl+0x4fb/0x550 [ 845.648236][T13125] __warn+0x31b/0x4b0 [ 845.652262][T13125] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 845.658298][T13125] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 845.664327][T13125] report_bug+0x2be/0x4f0 [ 845.668718][T13125] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 845.674773][T13125] ? __alloc_frozen_pages_noprof+0x2c8/0x370 [ 845.680790][T13125] ? __alloc_frozen_pages_noprof+0x2ca/0x370 [ 845.686810][T13125] handle_bug+0x84/0x160 [ 845.691085][T13125] exc_invalid_op+0x1a/0x50 [ 845.695619][T13125] asm_exc_invalid_op+0x1a/0x20 [ 845.700491][T13125] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370 [ 845.707104][T13125] Code: 74 10 4c 89 e7 89 54 24 0c e8 14 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 4d 44 76 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24 [ 845.726737][T13125] RSP: 0018:ffffc900046779c0 EFLAGS: 00010246 [ 845.732883][T13125] RAX: ffffc90004677a00 RBX: 0000000000000024 RCX: 0000000000000000 [ 845.740877][T13125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90004677a28 [ 845.748869][T13125] RBP: ffffc90004677aa8 R08: ffffc90004677a27 R09: 0000000000000000 [ 845.756868][T13125] R10: ffffc90004677a00 R11: fffff520008cef45 R12: 0000000000000000 [ 845.764871][T13125] R13: 1ffff920008cef3c R14: 0000000000040d40 R15: dffffc0000000000 [ 845.772889][T13125] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 845.779253][T13125] ? v9fs_fid_xattr_get+0x237/0x2e0 [ 845.784504][T13125] __alloc_pages_noprof+0xa/0x30 [ 845.789480][T13125] ___kmalloc_large_node+0x85/0x210 [ 845.794789][T13125] __kmalloc_large_node_noprof+0x18/0x90 [ 845.800455][T13125] __kmalloc_noprof+0x36f/0x4f0 [ 845.805337][T13125] ? v9fs_fid_get_acl+0x4f/0x100 [ 845.810299][T13125] ? __pfx_v9fs_cache_inode_get_cookie+0x10/0x10 [ 845.816663][T13125] v9fs_fid_get_acl+0x4f/0x100 [ 845.821460][T13125] v9fs_get_acl+0x11b/0x360 [ 845.826050][T13125] v9fs_inode_from_fid_dotl+0x221/0x2b0 [ 845.831635][T13125] v9fs_mount+0x6cb/0xa10 [ 845.835996][T13125] ? __pfx_v9fs_mount+0x10/0x10 [ 845.841138][T13125] ? rcu_is_watching+0x15/0xb0 [ 845.845919][T13125] ? cap_capable+0x11f/0x460 [ 845.850539][T13125] legacy_get_tree+0xfd/0x1a0 [ 845.855244][T13125] ? __pfx_v9fs_mount+0x10/0x10 [ 845.860114][T13125] vfs_get_tree+0x92/0x2b0 [ 845.864562][T13125] do_new_mount+0x24a/0xa40 [ 845.869096][T13125] __se_sys_mount+0x317/0x410 [ 845.873782][T13125] ? __pfx___se_sys_mount+0x10/0x10 [ 845.878999][T13125] ? rcu_is_watching+0x15/0xb0 [ 845.883788][T13125] ? trace_sys_enter+0x25/0x120 [ 845.888657][T13125] ? __x64_sys_mount+0x20/0xc0 [ 845.893630][T13125] do_syscall_64+0xfa/0x3b0 [ 845.898172][T13125] ? lockdep_hardirqs_on+0x9c/0x150 [ 845.904232][T13125] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.910342][T13125] ? clear_bhb_loop+0x60/0xb0 [ 845.915048][T13125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.920962][T13125] RIP: 0033:0x7f787e98e929 [ 845.925481][T13125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 845.945121][T13125] RSP: 002b:00007f787f83e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 845.953562][T13125] RAX: ffffffffffffffda RBX: 00007f787ebb5fa0 RCX: 00007f787e98e929 [ 845.961549][T13125] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000 [ 845.969533][T13125] RBP: 00007f787ea10b39 R08: 0000200000000580 R09: 0000000000000000 [ 845.977533][T13125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 845.985529][T13125] R13: 0000000000000000 R14: 00007f787ebb5fa0 R15: 00007fff0d6f2048 [ 845.993529][T13125] [ 845.996904][T13125] Kernel Offset: disabled [ 846.001251][T13125] Rebooting in 86400 seconds..