last executing test programs: 12.768576915s ago: executing program 2 (id=1728): syz_usb_connect(0x0, 0x2d, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000180)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f00000001c0)=[0x0, 0x3, 0xa9, 0x7, 0x6, 0xf5b, 0x0, 0x599]) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x458, 0x5011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x394}}}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) r3 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x20000) ioctl$HIDIOCGUSAGE(r3, 0xc018480b, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000a00)={0x84, &(0x7f00000005c0)={0x20, 0x15, 0x2, "10f4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020701200000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/kcm\x00') r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000240)={'ip6_vti0\x00', &(0x7f0000000380)={'syztnl0\x00', 0x0, 0x29, 0x1, 0x6, 0x10000, 0x40, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, 0x40, 0x8, 0x10, 0xa0}}) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x3d7a6ceb, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', r9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000080)={r10}, 0x20) sendmsg$netlink(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000003f00)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1400000013000100000000000000000006"], 0x14}], 0x1}, 0x0) preadv(r7, &(0x7f0000000080)=[{&(0x7f0000000100)=""/68, 0x44}], 0x1, 0x92, 0x0) 10.318466419s ago: executing program 1 (id=1736): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], 0x0, 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e8, 0x140, 0x12, 0x60d, 0x32, 0x202, 0x218, 0x2e8, 0x2e8, 0x218, 0x2c0, 0x4, 0x0, {[{{@ipv6={@local, @remote, [0xff, 0xffffffff], [0x0, 0x100000001], 'ip6gre0\x00', 'macsec0\x00', {}, {0xff}, 0x32}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@unspec=@connlabel={{0x28}, {0xffff, 0x6000}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x0, 0x4, 0x2}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x348) 9.179977781s ago: executing program 4 (id=1738): ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) chdir(&(0x7f0000000080)='./file1\x00') r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r4, 0x40049366, &(0x7f0000000180)) r5 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c) connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r5, &(0x7f00000092c0), 0x4ff, 0x8dff) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4) mount(&(0x7f0000000000)=@nullb, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='hfsplus\x00', 0x8002, 0x0) 7.91586807s ago: executing program 4 (id=1741): syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000566504204e080110f9330102030109021b000121000000090400"], 0x0) r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000440)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) r4 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000240), 0x4) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x92, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) read$FUSE(r5, 0x0, 0x0) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000600)={&(0x7f0000000d40)=ANY=[@ANYBLOB="5c8efed5", @ANYRES16=r6, @ANYBLOB="020025bd7000fbdbdf25150000009c0004805400078008000300faffffff08000300ffdfff7f0800020001010000080003005100000008000400020000000800040001000000080003000000ffff0800030005000000080004000180000008000400020000001300010062726f6164636173742d6c696e6b00001c00078008000400ff010000080001001400000008000400300000001300010062726f6164636173742d6c696e6b00004400058014000280080003000300000008000400080000002c00028008000400050000000800010016000000080001000700000008000400008000000800040000000000700001802c000280080001001c000000080004001b8400000800020006000000080004000100008008000400020000000800030001800000380004001400010002004e21ac1414360000000000000000200002000a004e2070008000fc010000000000000000000000000000060000008c0005801c00028008000400dd48000008000400feffffff080002009e0ee76508000100657468004c000280080001001f00000008000100070000000800030053000000080002000400000008000300ff7f000008000300993c00000800020000080000080001001d000000080001001b0000000800010075647000070001006962000008000100756470003400078008000100000001000c000400ff010000000000000c000300020000000000000008000200610000000800010000040000100006800400020008000100060000001400078008000200310900"], 0x248}, 0x1, 0x0, 0x0, 0x1}, 0x4001) syz_fuse_handle_req(r5, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x130}}) r7 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r7, 0x0, 0x0) syz_fuse_handle_req(r5, 0x0, 0x0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="b0000000000000000000000000000000040000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000722870680000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bde313082e4ab6", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000100"/39], 0x0, 0x0, 0x0}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b0000000000000000000000008000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000dcf5a945dbef911535289f264a4b15dbe78e4e7d20a6067721a1e076a21020db2ff8026fba4c0f3bdfffbf9da83db7649d2dda8ef5c13a7afa327e9c77d5382108d529d28a4c8208a6542f65f2c20d288885d09621448bc7ced903548fa1d23d0f5a41222403ee505bd9e462351f628381685d5d7f794b619499cc0cc1fbbfa35d322a36a068205f6ab35376a5354c5edbbb65cc8fe7e942a9bad8047e74b27a1156259c", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0xf, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800020850000007200000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70200"/32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r9, 0x0, 0x10, 0x38, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x1d, 0xa, 0x3, "3258ea1ea1006c5d354000ffff000c00d55cecafa1ffdb08f10000002000", 0x3432564e}) 7.508065314s ago: executing program 3 (id=1743): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x7, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}, 0xd8) sendto$inet(r1, 0x0, 0xffffffffffffff7c, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) r5 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r6, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r8) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000680)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEV(r7, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010028bd7000fbdbdf251a00000004002e8008000300", @ANYRES32=r10, @ANYBLOB], 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x20040) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) 7.35442427s ago: executing program 2 (id=1744): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r0, 0x2, &(0x7f0000000140)={0x7, 0x6e, 0x0, 0x80080, 0xffffffffffffffff}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000040)={0x5, r1}) ioctl$DMA_BUF_IOCTL_SYNC(r3, 0xc0086202, &(0x7f0000000100)=0x5) r4 = epoll_create(0x1fffffe) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r6 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r6, 0x0, 0x0, 0x1000}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r7, &(0x7f0000000080)={0x20002021}) epoll_pwait2(r4, &(0x7f0000000540)=[{}], 0xfffc, 0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={0xffffffffffffffff}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x2f, 0x3, 0x80, 0x101, 0x8, @local, @remote, 0x20, 0x8, 0x1, 0xfffff000}}) setsockopt$MRT6_DEL_MIF(r8, 0x29, 0xcb, &(0x7f0000000240)={0x1, 0x0, 0xe, r9, 0x8}, 0xc) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f0000002380)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b4090a79507df79f298129da487130d5f24b46001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad379e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4b9535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024a0041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4fdc4b4861004eefbc17f54f82a804d4a69bf9bc5fa77ee293fbd165a5a68488a010030166565a097b103b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f940b6f0e8c7db4bf23242a18159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c2d7962b0d22772c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac2bba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f407000000000000006d294d366501753a7ac7fedb8d34f5bc381604fcd46105c457e7dd13cab669ab377e4c2422a47e9ffe2d4a2d32f7528751313694bf57704400b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9585638c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670100be05e7de0940313c5870786554df26236ebced9390cb6940b8375d936a7d2120eca291963eb2d537d8ee4de5c183c160119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d30902208d300e4d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000001c8000000000000003a48cea769470424d28804c024ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef40662d7836d252c566f5ee934c679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c031578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6155e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2f085185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bcdb7c89739f5d81e750d50517a59a3ad09e8802e8f4f000000000facd5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f296115d4a31838eeb20c20bb82aa31771cd379ec83554cea5b473332f2011e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d3fcd116bce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755367fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc05000000000000006c25b96174327d82761c26e329555f9290af4100000000000000749e1338636555009edf66be445d6975d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab0043ebf7c79a953e023f74afad591821610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c1960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000000000027c9a4619a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd5c17d5486b0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dff7aa46e820a74f9530bdcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fdca4e9eda0072f6df342f3e7071e28ef6806b90cc39c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d3133319e069f9648a2ff93060ff073b3a113e47e447c030931651dd315003b7a6a47c912853826c4c65433a2bb560ae99ec4b227eda2e63a1cb1a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7194d1eb3de6a5f99f301f89c2ee627e949cdd22000026a9960503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640000cd9e5f2e236ef5f1e3a94b108eb9750b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a2050000c375c705c798e0e208e4a5259d0bda526b462af45a6e9a84aebe025c8a7f65819f397574db7ab01bd2b3e3cd28c5aec90f8edfe39a00bafd688a7eea04efdeed96f67012bc3f795edb68b5dec80ad31a858eb756c815e7695d00000000000000000000000000000000000000000000000000007ccf0ce549d97510f7f8765408bb702f0000006d4754c68b7064cf31a681421994e1f307f0ab4ff2e33d3c88fea5d218a276b77adfee7c8fb145783ee1f8adbd2c2604eab3a62a28611da1dae5ce60003111ce5c96a1d6e45ee144ffa3dcca32a33f8f0ce2995b7b7aa0bce228cbf37412cbbdebae06edb51a134301d2627d4927287daf9dcae6720334862d3a18094f1edd9e350337cbb804004d1755cfe7d7fa01872fb99815dcfbbc8141f6e1bbb0901ae91357677fd9d2bb00d4f17fb441c2dfa2b424bf46ae299d68ac27792cdac2b63a6038ab5546ba1e5ad6a329f2c627100e0442f865fc6c179ad3edcb6b000000000000000b0000000000000000ac192d48d76e2a8cae83ae850f73fdfbaca81b6b7b1a0d7b517f41fbd46aa24b0f4b8e0202e3a580947f1925ba4de097e8dcb6bd7f686322b45d4a544ca1e83b592d4a6d46d0a0dc39634550bc77d4cabba01b283082e66778de7c61a1a36838d36c2f8e58cef603770ee3d6a9625be0bc21d2be2da69ac9e9c5e88278d39239501b465102ad16d651ea8bb8cee35527c1ad42ac6a565e449929ccb4469bdd6824b64e13579b7188566e735200000000000000000094e05bcda1e96e4c33ccf6d74046e45bafe9d512c43a3e485dedad9a38b34f7fcd00fafcc25dc36716f0e21e0632425b7a1c1a6bc15c3fc07d914c88103411d8d2b77b72a796fd3aaa7ea493c7bc43e63b2b0d05ad5682121682096b224933fa20255d58a680cc2ec200"/3002], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r10, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 6.545536635s ago: executing program 3 (id=1746): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = fanotify_init(0x1, 0x101000) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x641, 0x1019, r1, 0x0) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r2, 0x0, 0x18) 6.42322362s ago: executing program 2 (id=1748): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) write$proc_mixer(0xffffffffffffffff, &(0x7f0000000200)=ANY=[], 0x74) r1 = socket$netlink(0x10, 0x3, 0x0) gettid() r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) timer_create(0x1, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001f80), r4) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000004c0)={'wpan1\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r4, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000002080)={&(0x7f0000002000)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000002e0000000c0005000000000000000000060006000000000008000200", @ANYRES32=r6, @ANYBLOB="05002b0000"], 0x38}}, 0x0) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="b8000000150001000000000000000000e000000200"/32], 0xb8}}, 0x20004080) clock_gettime(0x0, &(0x7f00000001c0)) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x77359400}}, &(0x7f0000000380)) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGKEYCODE(r8, 0x80084504, &(0x7f00000000c0)=""/184) write$sysctl(r7, &(0x7f0000000180)='6\x00', 0x2) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x20}}, 0x20004800) openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0), 0x400, 0x0) pipe(&(0x7f0000000040)) 6.30720763s ago: executing program 3 (id=1749): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) r5 = socket$kcm(0x29, 0x5, 0x0) r6 = openat$smackfs_cipso(0xffffffffffffff9c, &(0x7f0000005940)='/sys/fs/smackfs/cipso2\x00', 0x2, 0x0) write$smackfs_cipso(r6, &(0x7f0000005980)={'syz0\x00', 0x20, 0xc, 0x20, 0x1, 0x20, [{}]}, 0x46) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r5, 0x0, r7, 0x0, 0xf3e, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x50, r1, 0x1, 0x70bd29, 0x0, {{0x2}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0xb25, 0x11}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x17}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}]]}, 0x50}}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x5, 0x6, 0x1, 0x0, r8, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x3, 0x9, @void, @value, @void, @value}, 0x50) signalfd(0xffffffffffffffff, &(0x7f00000000c0)={[0xfffffffffffffffc]}, 0x8) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0xc2, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "42c59c23cba5509acc1fcb978db9c707"}]}}}}}}}, 0x0) r9 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r9, 0x81f8943c, &(0x7f00000004c0)) syz_emit_ethernet(0xf1, &(0x7f0000000380)={@local, @local, @void, {@ipv4={0x800, @udp={{0x21, 0x4, 0x1, 0x5, 0xe3, 0x64, 0x0, 0xd5, 0x11, 0x0, @local, @rand_addr=0x64010101, {[@rr={0x7, 0x27, 0xe1, [@dev={0xac, 0x14, 0x14, 0x15}, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @multicast1, @rand_addr=0x64010100, @multicast2, @multicast2, @private=0xa010101, @local]}, @timestamp={0x44, 0x20, 0x4a, 0x0, 0x7, [0x81, 0x10, 0x9, 0x0, 0x3, 0x7, 0xf26]}, @noop, @rr={0x7, 0x3, 0xcf}, @timestamp_addr={0x44, 0x14, 0x6, 0x1, 0x7, [{@private=0xa010102, 0x6}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}]}, @rr={0x7, 0xf, 0x92, [@dev={0xac, 0x14, 0x14, 0x18}, @multicast1, @broadcast]}]}}, {0x2, 0x4e23, 0x5f, 0x0, @opaque="4c8c0ab1450b5a3c78f7dae19aba761749ef475c796f7cc723421da3f377a095e06876d8cd3c584ec7da126385486d00476584c66423f125ec244bb9fe4b6f9b55553d63d06c6ec609a3f1ce90785bf1856726134541a7"}}}}}, 0x0) syz_open_dev$MSR(&(0x7f0000000140), 0x6, 0x0) 6.261708428s ago: executing program 2 (id=1750): io_uring_setup(0x51f1, 0x0) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x480080, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x3a) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r4, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@l2tp={0x2, 0x0, @broadcast, 0x3}, 0x80, 0x0}}, {{&(0x7f0000000700)=@in6={0xa, 0x4e20, 0x7, @dev={0xfe, 0x80, '\x00', 0x18}, 0x60}, 0x80, 0x0}}], 0x2, 0x8094) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xd) write$binfmt_aout(r6, &(0x7f0000000000)=ANY=[], 0xff2e) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0x2) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x101, 0x0) write$sequencer(r7, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000000000008108"], 0x10) write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a) sendfile(r4, r5, 0x0, 0xffffffff000) mmap(&(0x7f000062d000/0x1000)=nil, 0x7fffdf9d2000, 0x0, 0x28011, r3, 0x0) mmap$snddsp_control(&(0x7f0000445000/0x4000)=nil, 0x1000, 0x4000000, 0x50, r0, 0x83000000) 5.288408812s ago: executing program 0 (id=1752): syz_open_dev$usbfs(&(0x7f0000000280), 0x77, 0x101a01) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = accept4$packet(0xffffffffffffffff, &(0x7f0000002080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000020c0)=0x14, 0x800) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000002100)={0x0, 0x5}, 0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c000000090605000a00000000000000000000000900020073797a30000000000500010006000000040007"], 0x2c}}, 0x0) capset(&(0x7f0000000840)={0x20080522}, &(0x7f0000000880)={0x0, 0xdd1, 0xffffffb3, 0x0, 0x8fd, 0x10}) r2 = syz_open_dev$loop(&(0x7f0000000080), 0x2, 0xa000) ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet_smc(0x2b, 0x1, 0x0) ppoll(&(0x7f0000000180), 0x0, 0x0, 0x0, 0x0) listen(r5, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r8, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d55549b, 0x0, [0x0, 0x0, 0x1000, 0x1, 0x0, 0xe3, 0x400]}) syz_kvm_setup_cpu$x86(r7, r8, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x77, 0x0, 0x0) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, &(0x7f0000000380)}) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x4004, r9, 0x2}) mmap$dsp(&(0x7f0000fff000/0x1000)=nil, 0x1002, 0x0, 0x11, r10, 0x0) syz_open_procfs(r1, &(0x7f0000000180)='net/ip6_tables_names\x00') sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000002140)=ANY=[@ANYRESOCT, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a90000000000000000000000000000000000000000000000fdffffffffffffffffffffffffffffff010400000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000005000000c06b6e000001000000000000"], 0xb8}}, 0x0) 5.265253101s ago: executing program 1 (id=1753): syz_open_dev$video4linux(&(0x7f0000000740), 0x5, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001100)={{r0}, 0x0, &(0x7f00000010c0)='%pK \x00'}, 0x20) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = gettid() process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f0000000040)=""/262, 0x106}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000e87000/0x4000)=nil) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r5}, 0x10) truncate(0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) ptrace(0x10, 0x1) waitid(0x0, 0x0, 0x0, 0xc, &(0x7f0000000500)) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') pread64(r6, &(0x7f000001a240)=""/102400, 0x19000, 0x100008) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) 5.189670295s ago: executing program 3 (id=1754): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x141a81) r1 = gettid() close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f00000004c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x40, 0x0, 0x0) mq_timedreceive(r2, &(0x7f0000000000)=""/83, 0x9b0c4f391059f39b, 0x20000900, &(0x7f0000000100)={0x77359400}) r3 = socket(0x28, 0x2, 0x800000) getsockopt$nfc_llcp(r3, 0x114, 0x2714, 0x0, 0x20000008) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f00000002c0)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded01007eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_SUBMITURB(r0, 0xc0185500, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x400001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x1) r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0xc2) r5 = inotify_init1(0x0) socket$l2tp6(0xa, 0x2, 0x73) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000240)={'gre0\x00', &(0x7f00000000c0)=@ethtool_sfeatures={0x3b, 0x4, [{0x3, 0x8000000}, {0xf52b, 0x40}, {0x5, 0x10}, {0x4, 0x9}]}}) setpgid(r6, r6) setpgid(0x0, r6) ioctl(r5, 0xfff, &(0x7f0000000400)="150209086ae1776c0899e882c45d9ec96c30cc47f0e0e107df401b6f7ced3883601f71bddd471867c78bbda64bf6f46b43af69f1d806512cf1c6ea0815ce0c6d14dd44a0738e8345601ff6d7a4cc5e9d765fe9ee15eccef55287e6e09783f675101c7ee0e17bde4e") r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x1a1281) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r7, 0x80005520, 0x0) r8 = socket(0x2, 0x3, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r9) ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000080)) r10 = socket$inet6(0xa, 0x2, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r10, 0x0, 0xe, 0x0, &(0x7f0000000900)) statx(r4, &(0x7f0000000480)='./file0\x00', 0x100, 0x1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(r9, 0xffffffffffffffff, r11) 5.023725592s ago: executing program 2 (id=1755): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b000000000000000000000000030000000023b500000000000100000000000000fefffffffeffff0700000000000000000012c31aa8b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4ac99e8d000000006c6f0000000000000000000000000001000000000002000001000000100000fa6215e1c90fed90ac00000010a85f001a4b000000000000000580000000aaaaaabd0000020000000000007000000070000000a0000000415544495400"/285]}, 0x195) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100004b41460860163209ea80010203010902120001000000000904"], 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[], 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001800dd8d000000000000000002000000000000060000000006001500010000001800168014000100000000000000000000003000000011"], 0x3c}}, 0x0) r3 = socket$inet6(0xa, 0x5, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r5, &(0x7f0000000100)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf6, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180d], [0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xe], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0) readv(r5, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1) write$input_event(r5, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r3, &(0x7f0000000080)={0xa, 0x800, 0xfffffffd, @loopback={0x0, 0xa8aaaafffeaaaa22}}, 0x1c) flistxattr(r2, &(0x7f0000000700)=""/235, 0xeb) r6 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90124fc600c05000f90c60100053582c137153e370a48018004f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x5}, 0x0) ioperm(0x0, 0x12e, 0x8000000000008) unshare(0x2a020400) r7 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) signalfd(r7, &(0x7f0000002340), 0x8) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000280)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="00900d0000000ac2290600421e"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="000f510000005121d0b6f61b4434fc0239405ea93444220c00cf06d54bd2568fc27b7d73280c3ddbfc9fc15132ee2a56095c1defbbcd2dc457b46fac08948844f4557ade3318d4b01ad71a01f0dcbc031d99bbe1be84db"], 0x0, &(0x7f0000000080)=ANY=[], &(0x7f0000000180)={0x0, 0x21, 0x9, {0x9, 0x21, 0x400, 0x2, 0x1, {0x22, 0x170}}}}, &(0x7f00000004c0)={0x2c, &(0x7f0000000380)=ANY=[@ANYBLOB="200bb3000000345c430a6b03afec6c5c0da243ba3f467d33cf105e461e5eca393e60d860c91f65fa17ea743fa5c01fb30d3962a6eeed8b737ccab8c8027fe1362e0fc133168280efab0fe2383122a94dc78a717aefceecba9ccc256960db0c207a26c78925fab19c8180693d4f7c76cd515a2f1cac09a11d12e756a9b358b5ac78cfd7a486c7a9b67dccadc956ae987d5690f6610cca07aa95cceb7980c79a04eb430f3a4e438b1f96f3693becd6afc6c59a021d9f81a8d838db2b4b96de1f72cbb9c326c4"], &(0x7f0000000200)={0x0, 0xa, 0x1, 0xd8}, &(0x7f0000000240)={0x0, 0x8, 0x1, 0xff}, &(0x7f0000000580)=ANY=[@ANYBLOB="2001d1000000b2a48d89bdf62a8d6c6387f449e58ed9d721e233d44cd775b4a6391e9cdd433b24b089ddab0943f7949448c86fe8d6a3f6eb901f21c87ac7ae14886306d52255f36957524e41915e8e1a255c9c970c16301137fd83220b1138bffd62efb27bb7f74e59ec3d698b79c826c8e23a2c585f118da0fd653f39f3de15410e931cf5eac08014eae679fef6b6eeaadd50a5a22a276c2e24e38e2634a6be12dbec89a3a2703bb76acf9cf899ef9562d5ad3b43d19c2c7ad37f2a83fdee7a8541117282945f3d3b9da901f2ad0bbd5a78c48d98ce9e2fbf496e57ee025a6c25fbe4435d9f9d394b807194208ccb29be39e03c0db43e3ee8334c86b6f173650f5421040292dde3aed79b08e4644067784ec6a91a78007772ff3634600c55c7fa0e339dcba775e2789e7cbcd2f11110d554cced830c3b106e5608aac5f90aaed3253d0ceed0db5ddc3368484f80de3c2306215b10a5da13d98a3285d2e173ec3c46aafde8e9c1cf05f0a82f7458630ffa5cec98"], &(0x7f0000000480)={0x20, 0x3, 0x1, 0x7}}) 4.179215534s ago: executing program 4 (id=1756): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x7, 0x0, '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}, 0xd8) sendto$inet(r1, 0x0, 0xffffffffffffff7c, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) r5 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r6, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r8) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000680)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEV(r7, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010028bd7000fbdbdf251a00000004002e8008000300", @ANYRES32=r10, @ANYBLOB], 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x20040) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x80042, 0x0) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) 3.971968302s ago: executing program 0 (id=1757): r0 = syz_open_dev$usbfs(0x0, 0x20000007d, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000001fc0)=""/50) r1 = dup3(0xffffffffffffffff, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$alg(0x26, 0x5, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000003, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) bind$alg(r4, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x60010020, 0x0) sendmsg$kcm(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000940)="d744784ca67c0398246d848e6df22054de2bd8ca3da64dfdea7d8eb74ffe057d7469066c6ca034a2677ce0c1c25e2b2a825d677e0fbac312a7da165cd5db94fa38cdf3a3f3f93b912a7515e0b1e441a3be644a296bcc765e7adc9ddb4d14376a69cbfcd2ddd156ba432349e96debeda26ee8914c28f4", 0x7ffff000}, {&(0x7f00000009c0)="d86e5c29ab2c0dce2b79f95d543a0d6b45dec9dab7afbc0d6d678feb7a652e67638c3ee007937917fad76308e99818f8f112b73a3c3e3c5ed80c49fab6e0593e95008b4a47aebdde3e28cea1cec26385f3d03b872970dfb69a63a6384a9be5b9419ff8ea6d9c2a730307894adb589d11a1ec59255d10acb1fbef", 0x7a}], 0x2}, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x800}}, './file0\x00'}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000000)={'gretap0\x00', &(0x7f0000000180)={'gre0\x00', 0x0, 0x1, 0x700, 0x4, 0x5, {{0x5, 0x4, 0x3, 0x0, 0x14, 0x65, 0x0, 0x6, 0x2f, 0x0, @broadcast, @rand_addr=0x64010100}}}}) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000380)={0xfffffffffffffe29, 0x2, r6}) 3.095115218s ago: executing program 3 (id=1758): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x9) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@ccm_128={{0x303}, "f8e00311da4fa70a", "8c444834520a1a9b483a16297c4a14b8", "97a7038f", "6415b6cbb4564161"}, 0x28) writev(r0, &(0x7f0000002980)=[{&(0x7f0000000240)='9Sh', 0x3}], 0x1) 3.09440599s ago: executing program 4 (id=1759): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x10, 0xf3, 0x7fff0001}]}) sigaltstack(0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) ioctl$SG_IO(r2, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000240)="8f8d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_GET_VCPU_EVENTS(r1, 0x4048aecb, &(0x7f0000000080)) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x420280, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f0000004200)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000000240)={0x50, 0x0, r4}, 0x50) syz_fuse_handle_req(r3, &(0x7f0000002140)="2f6715f6821a80a83f3ceeb0feec0a92635f304278c89b38f1b160d5f31b3450aebcec488d2e3c978e554eb5fe50eb194144b6ba9300ac662701f32a090acec69b278488a5722dedfad92b2ce8f119219d57d54353b134c6fbbd86c3fdeb625d56b840fae71dbf3e705e35ba34f8d77dce758947c6c29da1b9dccc974458daf9903b06860fd9909737af142c59970520c585e352004f4bab346c5892d596baa76fce0eab5ac3f757412d8e1f05da5fe0e445cda87c528d3a1064f5df1aa8f79959dcb94a240a6ae4b44c30067d132a806e698d3efd729db37cbe826969d4f9a6bef7089edd63a6fe4f154490f09e655137ecb706eb80085d8f78e0ad4108f9fc95eccea1210f3eff473c9cd8486bd0d239b30d3f7aca81c4f589de27c1aab3ec937dd3d4f386c65407125d50057784d56fd047de8ca80a4366a50a0957e1186d0c8dd3ef9338b3b26de5fbc03b1e6ee301bd7b11ff98e4f96e0d56e8b560d0d01cf28da3d820220ec494e1c14eef06b5364afcd02ad61de6b126ca5ec94dcbf14bed197fffada25f0342affb1bbf724a63d949261e2ac2d0ca1b98fb1eecc002a8b9e612ab7ff7fedff026727bad05d02ed62a2c5c347a14fa793542d0ca448519ea96919e954f837b9403b8151a7fa0d1d5daf9f58a00b40b5c22c0e2752fa6840fd92a4028dc3bdc7413710f8dc10de9c50efa4945773c857199ad8373a5f007cc277b7e04166be95f3cb61eb54174ae93d05e01362d6012c1980971e5656dd66863360e8c36a65f90642248028aaa9d40afbf92d3348a106d5ad9e38113b06269bf4f0b42dc9b4c31552dd0de608c6b7bc23bb69a329ad0187292ba665a9d4b16b3fe2c7f4124365dbe55d5c0f233304c34066b735914c02469d5dd833fb57223938aff666dac3bffdcc8aeb4670c3502a8ac80ab14ca60f66db906e9850e72e861ee984c18bca9f64881ec370e5d5a7efd39c3e046f3bb65b4235ddd0b5c896ed011491b73eb7330346a3ba74812faa2325d543c360860482c4710f01310dbd85be9d3852237641f887c58e795f52c6762da7a8bd310a83507e808ca3531dbf87168be409db96913909f88e2538936d474a3ce0b3e26cfdf3f575e154e9a5168def5696c1ae1ad42c8151d9b66d4d764a761a9ab3fb364e1facef642a949a1a5df8d2238d283a054fd4b7848d34b9c1970abd014a06b132dde9636cadbf679391ce34af59979d76df1bbfd8a38935159562ec9ad4436ae14847fff88ad86b00321288c32c860261d746f4d6159af85ba021f320aaad451460833aac722739909f23be4335d81af5bb7a8d774cd86cbeefa61877c4586c9ffdffee1bc082b50e721d55ae6ef0b879d270313639341a7863ffae7670124113e8efdb7069993ff1321310af69b394b0f444707823a76e925fe79149555ed53fc1ba66918ea3eaf12790d5a718ab201cfa782960e9b63070624cd9d395497329e56616acc676d74cd6613391d8eb9bbd3975471deb5206f2b61d37f6920263ed002aa8b4c41eae3b08ee78986e71c277853095cb84f930fafa028d29a7457f4390181be1d39da18c494eeafe6808acb50e3fc4b783e8a8949981d197756ab3b6f7662a163f80ffcb49064ba0054a3c61236cc828a324ac660c3b3fcc1bcd8cd81f658f16012bc18450a0e610ea5f605a674d9120a548dee5c44a8d616ce2e9922ee720e3211189d7fec26e0c8a07ce38754b4bed4f0387785ed8d48b3faaf30f1720487521905653a103e6155133d23ee073db21f13cf96a7bfa2dd1ec0fc30b8c84a318c90ad5f4b1396c62c51ffe39c7e07de777544bdac4b3deea0654618b6f2045fa16a24d2d7176ee91024c8c767089209b2df620fa62aba506f25ee02e71ba74585ee91f8ca143459a2a18546c64c5b9220426d52458a09735d978f512f605bd491e92b8b80185f687053dd6b85d98a6412a770af8d6862faee0d50690aa842129a1390f2673e0189345903ee048494fd0737cf73a3163910fab3b985c1e12d0e2bd3d4f0a6ede6ebce445c2dcbcc6ea1c4acaed588f1da230279b924e43daaa3ed00cdc70a3f8f9e6f90a59b8bddebfc46c66271f3adb5d424ff4e906807543d6c5aa13c98ad7abf111321cca560c066e1029fc0685a42480b2964842c21b104d592add988e3a4d53a9f6f57e860a0befe135c9b59ac9b130bb21affc29a5fc4e7a3c52cde81a524ddabece33fba0668f2e312aa12d2ffd5eb3436065564c099a245de7531d734b1eba970fe462f222a7ffcd7b6f64428c9ae8ff582616cb5737c5ff17fcb53e57afd10995ef9b1f7696ff5f031b04eb598bd07867cc1e74356cb7f1b3d15a0a18089a8c823015f1920c8bb82bb533bbe6aaa5a97d3f1ae0fe03ef21b80028ba0c0f716db31d8ca3de65ebee28491cec081602639962f4c8a8cda9ec4736a77a0c1a38c450a07e18923e2788a175f285906f41bcc1412ed7e4ef556c217015868b628c8c661c73589de70b72101004ba93b7be9e1a2c3fd5121789d1ae5ca76bc50ee022e0bf80534bc586280091d31b9bba4693992465a6ed3cf17b1db87808d64b48896a254765933b51f1a4a196cca591f8cdbdd5644415982f8484dbb503354e92858240e9217dfac71dc8635d4b45372e7da29c79060afbb2d5b23ca8d0a541aae729100694b2de8c11c9dcb094185df44284f51fd1198d493c7c8481e37c6bd85cfed8554f0f5362d8fc167d0f011a578aab03ea9a49e0e59b34dd08894600c30a15e204c413023ac44610b0bfefd5887680a92349ececf8a4a639df03630d43e91bf6fb9b09d334a4e51dbcd728fcef3f64fb249f32436726af25661b18d60f809d099a6ea8686c4c9662e3b686269e14d8743f544b5b145a7c7efe7377880d817ac6e329e15cd2773a3d6a499becaa8261249a3a822bc262a8b49accf294b4905c46f3257b5993289a5893d54b2630318ffaaa8b4c58e565cb3f8942bdb6d4058803d16aa225b21b8b1a7fd993f7d4ead8546bf97ec72594a646ad9a9eff2e23fc389684e5ec318c8b4d065a0160735ad342c602e32d0aeedfb1e712e1f31cc27670a5766037be73eda9b48f422faf48c255246ed923b15a3c0999c82dcbb1676f0df60d3249ae610aa92f95243f001b202cbd5bfbd8f142c10b4f086fb0df1e661bb899d0ec4c0bbfab15389f4385bba53a6b2107c1c4e8863f27c4dfb379717f7afcb6abbdfb92ebe2d15cb5ce8f8cbfa7fa9872978a145ccf1cefc60784412255280dba27494c93895b068989fba6e47f9f9be79b4919add1a77663d4b0fb22df4d3c68b9a473e89b3a2b3c445185d17b1ee804c0b5b4a8afdf1f37d7a2a64e0343486247caf585dffa1d0a7c54ee31c7e8f3723c075068327634e8741ac59a68b7b7cf04ff362689523944d592c74851df83b1e7574f34f345dca549e9ed802ab8593e352ebf90767e8ca4dab0da97eac4bb1e8fcc434f92ace9cdd4b53199bb76a269a04179bd8944eeff4c4953f3e803f108f51f60ada379c4e6df16293b36b1603a87eacb1f819f676663f3640385ecc2172a28c880419e8194779074940a896a846aaac10ef34e38ef373e14755a0546a79159307fe46c275d88d8956eb46c0d9aad5bc0251d7efcb54e8e04ea559f14faa2cbef76729cce13dd63079de01aa96f1c402e376ab8c063531415f6477e7f7fdfd053994ea653014bc4ee8f6be9c740711d5c278c666535c5fc7b1a7d578e9386924774844371a507fdcfb524f1da4054a3319dd28c122193067bfa349349e3816797eac15654de0975ef1e3b874add451fe1a7d8d880f2d57b79d82aa604b223aaf9ff19b93c3388e048ee795566e0c09b575dbf7c40d1a2bf8d8605b4f5798f34f7c05b13e3ee1d60358c9a6cf9dd3a719aada40d8b355a39f97bf139a48d4566ba7d0694815a832679e4a90c5d09c59e066244c0d0b133b062c9b869529e45b4d6caa8bb6c0490aead126b674780560253d99f7990566d93f8c21c1067d69bf02ccb7425debd945cf420a2ef7ff136be8b8a8bab2c01998918420911126b3404d66d6f3f9883dcc48390e30e2a3d6b62bc367a9b6c2190c884968a046c5eca856a1b347c3c7cca172ed0428b01b5ecc335d0cf8accfb90aee24f44b0d975997e51134548eff6d28e295b37610bf38805503314fc92992f8f476a2d239c1b9309b89186e80068a58bc97d1b63184c7d2930c9e936c3a888672200d76cd792e8210389d3f454c4fc7859f63dbd73fa68b56b81129458c970e4a8976c1e2ed13479b69de370a2c52f47ba24344a77d9bc050730eb93496c1b5dce64a9641adcd608dda91f3e9eb566754a1e406ad2f2dfbf72601f87aab84de4a285266c604cafb6a0075364606f7c86cf3f838c5aefc1571fae6adb8c42b0f8607a1d74f69a19ff4ecd291d3f93a21e1d12cb73958d15f513c9bba81ecfc1e149eda629a5bb96abd290a2a1f8e4fa3637490287af19aa9aba879a31317afadf01747f5785b471cc49a86d9d9e9a6ea84cc259ee2ff5c5c7a5bbcc15bc331af88460c9b6e0ebc3eb9e9ee967fdde6e1e0eb343e4640d28ef314507ec2dd655209646d4aa069eeec49db51d6adbcba6582c4702a1bd2c4629bee605f615e7cb68629e8977910561f0902cd76772523f5ff2e41eb6fb73e126118f7674738840992fe4ca38fc9b84a5f420fa17c6c24c544c37ba0054db783d569d1550103174f3fb4fd345d45237d78fdd740375c81883713cf22049aabe4a544404de99ba997602b0692809a0568bd41642ec360f692aed19866a8ebc382051839df9ce735414e7d58c2e01db41fccfbc8527acaf6e6f03b554fdba0bcdea75721a33085688f2f853696a6e3b09d7662ead68eec5d7feffb453ff48bc630d56d543999f382376ea45e37c59640a9c3514fb549988f79e99777ef3f45c4e7012193a45899ea6e2a498b7a0433e82930a65b13468e7fd73f0e8c1d65fe36214956d3fea567c7a989760f7dc17469a973cf43ee5ece875e4b3aa0f956b290ab223b5196a0091e186ba1007bac28e8da9b7a86786ed19040a164b57d27579b4b56fed57bdc05f396e65139491a34cfc8bb72a817a250ca9deea390d47303d1793589271dcdce6acc12add5b10f17e1474e847b4a7a3c902539a370ad101b5a55dbcbfa98c48516d279f868da13764c505c970b22cbf34e89e3338305f10e19ac45cef443fdfea9410f43a11c53a69b26de1d8d67a9284ed48227bdfb44a2f921975c10a29ab9fce48790d395a9962bba1ca7ff2833d41463099b5b978f97f691e55e0bd0a245b7a418c3fa114bf8af82110c4bb333a73c4de2bb72056c9fdc94d1a94a6e2bf63c6fee87030579ad1bfabbd02fade84b514b76ae15f27d1ed1e4052f909eb28f7e0fa558d60e0713f0499510d2d17486ebff04a0e047bb7eb7dbeeecf84956d3239aa50fae55e61643e426a8d48337976b755a567b551bde966bb61cd10a761e0651c6d73a0ae4ca23db7c03009e43f1c36afb549944684e29435f45ecc382ff4522238646ff77c866ba97ea6d7705e94a5a96f5986e28cbf922ba2eec0c26e2438e3ee067e04b158b91a91d0f2ba07f86e054de65a5b6ff8a416a1f6b770353bfae0088b93e95490bb762fb8bd403914caab51ff67b816c1831d256879b0f681563e1625d3cb544b6c28caeb0859a992ca8df6d13d5b107d757d933af7b399b366bd3185118e91c3c52f6bb80d85b88752b6a34c6f8903fddf0671009c9a06a83c0f0d4e5db89bdc7943554e5d937420967a61c481553ccfaf26b29b52a6b5ff416488f1be57aa4a8e7824aff3fd7d5ab63a8322d13541d378d3bfaa67aeaff40f4ec6ad43dca85880a3af90b30d8fe7d528b66d191bc74754616ce9aa1a8610a2f0bfccf456d5029c5bde6be5a941240e786d8036e571214bdb86d654a7cf88031abd03eb3a2f893b59463468e5cf07f3131ceb4dbe41c8fc11bd13bdcf90a4b988e2a9075bd9846d8c5e669e6b39478f9517036ca59f09fe6835d9450591964c5a31ef90af2cdbd75c8de78528f5ef2f89665674f4acef0fc9181f1ae8344da3beb8189677b4d2db674679b59a38870b993901496bbe33ed3af065e1b92586dfcbc3dc96f8ebcfafa9767383c9eb5ce8d5b4c6c75727f4fadf34025881feee6212ba12e930e024e0cffb6dce9d2a7add7d1ba95878457387991ccb82b3513449aeaab37a6c16f17f35d6aa78ec63c4bb6a3015d525b9b698d39ca97bdbf560e22ab6274d8a4adbe0b57e8a00e2794600ecfec438ac4242b17b1b62f142eb7ace5f6352eea849af73a658df19de1e76edb8827255991396349d2666dbdad634246096cd998a607f70bc41b6f7ecebd7447ed286ef8c4e7dca61eb2a9ebe5f9b69b809870ad92c0aa37d0f0d49939a373fabb3c8c21d5ebef77a3b4ea9f35d2ec30d8fe46b365d65f9a1aa0ac912d0a252f1a51274067068e98d5e0df9eac633671414dceaae0c69aa1cf3ada61acde03231cb3b94adca6edcd501e0248a4b319afefb98821ba2941dc5ba4c6bf214b97c68f3e76e09ae55a283fae311684091380f023d37ea4c0a92e3511a414b3aa3fafceb1a4c8e59e5f7f04663448f849fc3b8b89dce61022309fe21fa4cf00c9beb53ff377c8a59fa029340c130b6d1caaa99dead2be2e6c0cae61b1f507e9d91a551723488308bc2832350b07db9c21dc5a465c64efde19439d43de9746bb2ab5ceacdafd950d1c4e0eda5ebc18e0d8ec8044bc6ddc49edac9a8cdc0d3efe26e13d748406c7c0a77d63a4363a5192bad51fcaf9ef2f1968a184daea434790b5041eff8dda2acff4977b6b557da69c79a3b359aac6e4d8aede547f3ec69332255c88e17817289a80ad1dfe638a337b11a4a64116bdac17991cb5abc97192a796acb0145609d2efab26d25d4c524a04fb87834719a6f22dc79cce8fda08d49ef5c3a61004ba8f61e2945935932c376c20a7fbed97213284e099f7e63ca3d2fec6d75887f7ff4e655fcf24e007a7c4bde6ebe9566e8685cbf3ab9fdf11f5e6b21af47b633371561567e59d7a1adc2b1b2e7305004fc90af21faf859ddd9ace18e8d87f5ba3afbf8b48a77d68db9b579dc94d613021b3a243cb27a5f77a6de4ac41e6bb6d8847310075055e50bcf13bf5aa0bd772a26f8b62b7e1e2f195d31c3900955d46ef5280697db273eb48a7f0aad2fb0d8ad8258032c7005c97dbd44b6311c090dcc8a38accb454fd07282aac8ce9c1dd205225aae845b77d0ed3fdc4d7ee0b5fe2ce3892980710bf6a9668a66594c784ae5a096ea94f45407309de7f54292ba1d46f590df8bc6071af6e79b538d46604f3dfaf9a56fc83639310f5d9156f43c3aea7e2fdd972ade915e98548861776c6110f18b978a73b2ac8a6c7c90f55ad7a27cc4e206b251ceb4e11277af0c69be49f37b11516bf961baf1f2f90d55ade42b6a417afa9529fb3ecd226931814236409378abfe2bce88a9d0daa9c205b7e8c54a7e95841e4f55bb10a86db0056ea84a64046759e0d23670f46c3db1510ff23fbbb2677478aea17eef871703e155adcbaaadf319aad1bf551828e621b60a0a7e8886e339c80d5dabb54f3b5234f92054d49a4ec78784ee1da146628d26d263561271ae55165a85cb349248f7fac0dd559d1fe52fb398bebaaaeddf85b69b2c7128985d96241cbb096f0af7bf9f8dd844b9b5431bbd711dfb07501acda955c487d0b07491b031981c71e4470eaba1685da6c53f996f52758b3867c2cdf32c78a1d1be208649e7a98771bf0cbc496d8f593cdbf7ce807f4abc556e6c570b36cabe959c613f8aa18cbaedb569cb17d56cbd9d8d79c90424986f090a5245aef6caa5b0886f01eb2e0c89245d168820b44d4fada2db44ced84d46da7f139f6f5d24eb718965cdd84ab9d81ec71de0989150073c5c51897f71088f489c789581795b57f696a6b7a412b83d1edd92b2c68c1d1c99b2bb2fec325cc552838a0f60a0b008d947ba5617dd79f9dcb505cd3de4598d8d0b27c9d33489af287655e8f150a54c5ab5167cfadad7633519f88cb57773d9f3709b7a1629d628c6a3b138cba88b94cee2620e60fd51808da228e959c727d9aa3b5f08ed2802755c4e31b5ff51af85312feeb01a7b592ee1c2de1c0a7b776e527898c58a9deeda2569b45f5f037ac64eddbb8394879a31a3e0c1e9ad6b8608b98f41c0f7b0eacdca4b46c0cf4410572bbd5b10e3d2c5f7075d82b3bd0b57dba74c1fe9759dda96f590ee1bd30866ca149fb99da68d8d2e69422e1ff91d97285692eac1c739f5abdb17c4739e8cbcca58a756e6b36abfd5a1a1cdf9e7c7b9eed0a284c2762cbc9917b8af986abf51679b2f36c97f41fd7d7db0339f7e18fb240d30a19b284e4e7e660a6656cd3024154fe47fa07884a379364f8a374eaf1c4fea5ddec15eaa3fff9c2b4bae86cff5fc60e6ba638773d58b67f205f621fbfd602f1db9e9834f1af2d6f03f5fcbcd1d3a4b4880656372f34707a5462c86dcb73c95264fa258c935f40cc15894b736ec9ff6a00eccd235a74dd51d1943dd2758347b81f968f4a272a191ceae6b3f71f356b93e20f1f28fdd5cb20149e27227a1b72c6b56ca73596dfe5eca2b75e025bd2989d7d269c11f254c46025d37795251a3961c6e3a0ce149d29cc5a93946c3dc3cb4c7c2657343e4e36134d2dc490b3a5a47d2605b0b5bd9b8dff3f76ce0a27d6a674fa46ff072b5e0e63e30c05ca7ff0f1a66640591bc98c7fc814f92eca3047cad630e79d5e2266d3573fb0ee81d375071917def118103fc05aed50ba0aa0702e6910582e416e75edd2ede022aa3dc8faf1c16a6a5e439281ee20166a6e1f4c6a7e963c1b70d48e7a7dcbd6d34254aaa4573126399fd221bcd6d8e378d3c1911f1bba33a8d203c6b1e054e0e0c2b00e010822a14f6b85e6df19645e4ec68bc1726ed805a664632f053bab80822574b9d8208371e2a050529aae3c7394411ace2d71b1b6145cc885fc12ce625f157940f92229d5d07bff94ab5fa51ac3af4289071419ff2c1a722fdc35eaf46a4dccc85cc0688ba266e11af2ea805922059626617a2e3442dc142d11652b7a468388e14b687391a0dcb09ab71c44a13d8b362139ec3f41a831eeaf21a2aa138b083cb6b0f8834c5a3db8e017509f7998ba4e79007c8783159d156a5adc398ccd36a88e7b56b638bbf90afff077cb738b17c0b67aee5e585e89361b6d842817f8fa216020749749c10057baef21e238a9d683a8a9ec5139ae84d66585b47a4ccd6998c036fd07cf1e4bd2fc88659a3d4ce022761c6cae5a188cc33b66ff79c77d0d9c8db34d0c713a9714909e0830a73c54f9196e6127daa911d5c1cdee1104e05fb4e420916bd743a7bc0951119c19d5cddf78abfa0ef7f92af0dde67cf4e3ec38338a4126aba94a53448b4bc71c9eeb8982385b3ed088b49f3bac3b0689a77c9d2008ed16e7d56ad9bcfa1ab31d897da256217fc88f0fa3923175faddefbc3662a57082ffd0e00fbccf177c7b363e80c8cc07022d1fdb81998beff4657e640a4c5ff2f626823838d238a26a99530896f40d4f02759db53fe6571863d484d13e0b08b25ce12eb7732716b6e4827e56e12841eb37505b35a7e4672a122fd1d1ba7d4c8bc2c1ca4351bec396bf730535566edac629475535108cc0bfcf7645bde789a81c68ddd618b95c1f442a8616e3369d5a070c498a28e10e258f0d6ade04ea91ff9d71a08861797b329198a5d289d8a2f1d400dac513a9476e6de9a6f27cdc86dbe081cd9c5e627e11d0f64adb43aa78faa6f81a2c510ead8349c7f6489fc360435b59deb0b22905f2d65b777a1ee8976b4e7a9ecdfb32325eb80de8167c9ff6e25044a89d5f8ba326dcd59ff8b26c78ebac859cfffdfa81ebac4d6670a08b4c9028c86bb9c14162b47dd974bfa06aa173c06d245bc5154c004a079614998c1fd558b875073d91f0800f34a775c15c752c419f9c22d6e961d638598e960a5f1ddef2e4bb9cb57360c47f7bb1a8698b08f64c074a44e0e066291d73f9ffd26bfffc551cdf7f102f1a8cb1369bead1d5a83f230bc63634a2ef788dc9529e0ede57fe7a7ba4924c2939c815b0f0a288db6e3aa989c2d936e54fe0b84512f2a0f3706228d108aae35f7c44f6d383e33e5cfefdf84d3028b5eb25ba78d0701258504706adf4058c67e8223d2251f89e84f4bd7ab2bd80b859c4fec7bfc46d7c5b7d9d7b8ce0e57511a3ee3cb0caa902ec497e6f8e4a539f968a7b800d59c983e5eb9f032dd3304549513f0d377369055c2a0e85eb6798f36e617d0fef84631c3b3e8ba960d754fac69ed1471afe251f923ce24154204785abd0c2667aed2364ac2301e6af41707c3293b97952b38fcc16d22b25e11f04961d4efe4fb9e4f916b3b6ebfbec7389837db3190894b7c60196c6784ffecbba94bff78733ef86bb6c28dcdd5b9c05397ea95cb9a55c0f48a980371f4335cad7d93a319064db4481c25c0627f9fc6a54062bf5a8e6a02b4b47490ecd368b6f273ebb70203b146d1840cbc8051b65d62349e1120a6ae5fee65349f6ab4e12f77e2d6e750eb14b8c30fd8815f35aeb5245e132d4f78f5f6596f754fd6f727c66a5f91f59115c2556bc25de72255ff05ce6b101159b4c7657340c2d5de546fb47008253f6d488d42ebb09c8bc6d6adeca174b1c7353536a66ff8104d2a9d924fea5502cf8fc8a540314a2be891e3285fdbea7114ef79e3b1ae5d6d0250eae6b4b406d77b37f65c7b9232f58636254ee4cd8c5d87f027c292da49a805429ab6811ce4e98cab463102acb608db59cd00874d2f726af77976797fc7cc89e091efa392810670b32f1feeaa652099e161128f0668c4c9bf60fdf8cedeb4e64fc740046af34e7911fc659992a1db2490a22536bef386ed6fcd272af57ea15740829262b0c58ebd18a9833389df532a1f425cab689cb56a73e23613c2eb9d8f64f9ce4ae2c7cc681b5afd5725737eac4609743841189589b9e072fa939fa82dc6f1dac20849c9c27d0131ce66a8d5d7463933a00d3676b7634f6dacccd40fd853720275f83710f1a3b1318d8e25affa24e35b90974b7f31b35ac54fd0500ec3df8ad7dd89d55318dce04f7049dcbc170283b829c918abeb6c1b7d930be7f5a67e84ebc863f4626558ef2008c49dfd80bfe8983bd0b94ed6a11ce62364a5e9c6ff7f1f14ffa7ec7e815f1858bfba8a0ca84b9606ab55aa4218585a58eb7bc2435c4f7312c8783db4beaaff3d8a3a0a2395fe9e78ac92ce8009ab37e1f9ac1e42a9809ed0d00ae2ff609ec582e1b80c6f2cfa52e5fa9b5b4a577e6a87ce11d2d51e52aefa190c4fce70b1968e3ff8bbf00f04c0738b457716f6755da21b9a045b7faec066bc2ccf978d7b27448ea05c387f7d4f3d06966aea791b512033ab48308c2758ab92e41dc7a2780830bc95656f0e023726d40b54606aa9a78afcf36586e14ca9c5f02941104785a021022e473119ce809648a9f6bcdd9455c2b11ca28a7b62383821fe480933f95e59539873cc8d2c719d4d25cba7aa9f958ff0e", 0x2000, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x90, 0xfffffffffffffffe, 0x3, {0x1, 0x1, 0x23, 0x3, 0x1, 0x0, {0x0, 0x0, 0x6d, 0x60a7, 0x100000000006, 0x48, 0x0, 0x10001, 0x9, 0xc000, 0x0, r5, r6, 0x9, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0xd, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa108000000000047010000f6ffffffb702000008000000b703000000000000850000000500000095"], &(0x7f0000000740)='syzkaller\x00', 0x1, 0x14, &(0x7f0000000780)=""/20, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x745, @void, @value}, 0x94) r7 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) socket$inet(0x2, 0xc, 0x0) write(r0, &(0x7f0000000800)="240000001a00000214f9f407000904001f000000fffffffffffffffd0800040001000000", 0x24) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0xfffc, 0x0, @loopback}], 0x1c) r9 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0xfffc, @dev}], 0x10) r10 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r10, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r10, 0x7a0, &(0x7f0000000140)={@local}) ppoll(&(0x7f00000000c0)=[{r10}], 0x1, 0x0, 0x0, 0x0) getsockopt$MRT6(r7, 0x29, 0xcf, &(0x7f0000000200), &(0x7f00000007c0)=0x4) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r10, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local}, {@local}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000000000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b8defe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff}) socket$inet6_sctp(0xa, 0x1, 0x84) 2.823645225s ago: executing program 1 (id=1760): mknod$loop(&(0x7f00000002c0)='./file0\x00', 0x2, 0x1) mount(0x0, 0x0, 0x0, 0x1018000, &(0x7f00000003c0)='b\xb1Fs\t\xb5\xda\xec,\xdb\xe0\xb0\xe0\xe8*\xd4\x00\x00\x00\x00\x00\x00\x00\x00F*\x0f\xdd\xe3\rb\xf9,\x196\xb2\x92\x9d\x94\xd4\x96\xbc9))\xef\xdeW\x86\xf4\xd8(\x13\x81') ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r0, &(0x7f0000000700)={0xffffffffffffff8c, 0x7d, 0x0, {{0x500, 0xfd, 0x0, 0x3, {0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x61, '\xf8\xf6i\xfbqm\xcf1^\xca\xb3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xd5\x8cc\xd6C\x05\xc4\xd4\xf1\xf1\xc4\xae\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23e) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000240)={'veth0_vlan\x00', 0x600}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) clock_gettime(0xd112a9f7bf8269d7, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d0000", 0x2b}], 0x1) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010000000004"], 0x57) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r5}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000180)='O', 0x1}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) ioctl$AUTOFS_IOC_PROTOVER(r4, 0x80049363, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) statx(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x7000, 0x0, 0x0) 2.696097725s ago: executing program 0 (id=1761): socket$can_j1939(0x1d, 0x2, 0x7) socket$inet6_udp(0xa, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726c6f746d6f64653d30303030303030301c38353ac247a18d303031303030302c757365725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x2a442, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000600)={0xa}) syz_fuse_handle_req(r0, 0x0, 0x0, 0x0) r2 = socket(0x1, 0x803, 0x0) pipe(&(0x7f0000000100)) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88ac5fb5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x4c}}, 0x0) 2.684740104s ago: executing program 3 (id=1762): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) creat(&(0x7f0000000100)='./file0\x00', 0x27a) epoll_create1(0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r2], 0x24}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) r5 = socket$kcm(0x10, 0x3, 0x10) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x20, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x20}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000100)) syz_usb_connect(0x2, 0x51, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000099473089911016859980000000109023f0001000020000904030005375dd200090506034015070e0509050700000004020309050800000404fe0709050400ff0303020409050a1cff0301ac08"], 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x9006000, &(0x7f00000030c0)=[{&(0x7f0000000180)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0) timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x3, 0x2}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r3, 0x800442d4, &(0x7f0000000040)=0xb) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioprio_get$pid(0x2, 0x0) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15) 2.674109894s ago: executing program 1 (id=1763): mknod$loop(&(0x7f00000002c0)='./file0\x00', 0x2, 0x1) mount(0x0, 0x0, 0x0, 0x1018000, &(0x7f00000003c0)='b\xb1Fs\t\xb5\xda\xec,\xdb\xe0\xb0\xe0\xe8*\xd4\x00\x00\x00\x00\x00\x00\x00\x00F*\x0f\xdd\xe3\rb\xf9,\x196\xb2\x92\x9d\x94\xd4\x96\xbc9))\xef\xdeW\x86\xf4\xd8(\x13\x81') ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r0, &(0x7f0000000700)={0xffffffffffffff8c, 0x7d, 0x0, {{0x500, 0xfd, 0x0, 0x3, {0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0x0, 0x1f, ' nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x61, '\xf8\xf6i\xfbqm\xcf1^\xca\xb3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xd5\x8cc\xd6C\x05\xc4\xd4\xf1\xf1\xc4\xae\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23e) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000240)={'veth0_vlan\x00', 0x600}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000006"], 0x48) clock_gettime(0xd112a9f7bf8269d7, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d0000", 0x2b}], 0x1) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010000000004"], 0x57) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r5}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000180)='O', 0x1}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) ioctl$AUTOFS_IOC_PROTOVER(r4, 0x80049363, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) statx(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x7000, 0x0, 0x0) 2.499957277s ago: executing program 0 (id=1764): syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0xfffd, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0xe, 0x9}}}}}}, 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socket(0x40000000015, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x80000000006, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000040)={0x1, @pix={0x0, 0x0, 0x32314742}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000000000)=@can_newroute={0x28, 0x18, 0x1, 0x70bd29, 0x25dfdbfe, {0x1d, 0x1, 0x4}, [@CGW_FILTER={0xc, 0xb, {{0x0, 0x1}, {0x3, 0x0, 0x1, 0x1}}}, @CGW_SRC_IF={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4084}, 0xc884) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0xfe}, 0x9c) bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r6, 0x84, 0x13, &(0x7f0000000000)=0x8, 0x4) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_REPLY={0x4, 0xf}]}, 0x68}}, 0x200008c0) sendto$inet6(r6, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 2.471249135s ago: executing program 1 (id=1765): io_uring_setup(0x51f1, 0x0) move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x480080, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x3a) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendmmsg$sock(r4, &(0x7f0000000cc0)=[{{&(0x7f0000000240)=@l2tp={0x2, 0x0, @broadcast, 0x3}, 0x80, 0x0}}, {{&(0x7f0000000700)=@in6={0xa, 0x4e20, 0x7, @dev={0xfe, 0x80, '\x00', 0x18}, 0x60}, 0x80, 0x0}}], 0x2, 0x8094) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0xd) write$binfmt_aout(r6, &(0x7f0000000000)=ANY=[], 0xff2e) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0x2) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x101, 0x0) write$sequencer(r7, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000000000008108"], 0x10) write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a) sendfile(r4, r5, 0x0, 0xffffffff000) mmap(&(0x7f000062d000/0x1000)=nil, 0x7fffdf9d2000, 0x0, 0x28011, r3, 0x0) mmap$snddsp_control(&(0x7f0000445000/0x4000)=nil, 0x1000, 0x4000000, 0x50, r0, 0x83000000) 1.51985128s ago: executing program 4 (id=1766): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000540)={0x604c}, 0x0) 1.379989314s ago: executing program 0 (id=1767): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x20002, @void, @value}, 0x94) socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0x3a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0xfffd, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0xe, 0x9}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) socket(0x40000000015, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32, 0x0, 0xfe}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000000)=0x8, 0x4) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x1020000, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.32397371s ago: executing program 4 (id=1768): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000100)=0x2, 0x4) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000003c0)={0x0, 0xf4, "9dc08ba210ed000506a5f9463fc844905aee8341b7760474a0513f309346f8790915f75c4d4bacd4b3c5a1330844593c4b30f306999e5ffcdc261eb053c427841e2083791f6268c4a5890976d94f9fcb80670d1406f68fbd814e5957b4bd8c5cb05ddc13837db4ac2b22612c610eead9b2f783bc86ce3bb4eac6fff8d88e53ce911b21939784f3b13b0786da5dcaec9a3d7e9c285788176af1e2e3e8fcc626417490ba2563cdc72fc2dc696c88d49d29923505be9af38a8070326c0caf9d13c73cf1036c891a211c986b9ba976a267925891f7318fa6bfbdc3862fcd58d9315897973a01626fd2156f962fe0ba8e76b9966114dd"}, &(0x7f00000004c0)=0xfc) sendmmsg$inet_sctp(r2, &(0x7f0000001640)=[{&(0x7f0000000180)=@in={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000200)="d640cbde89eb80ae2552d8046c307be83dbed0cd46477452d71e5a1064e180a6fda626a57e96c6974f2c9d42fae5caef810f455aaa6df9e6e197646eb79adbc31dad60f6d068c6e0e08a61541d15b1ff21aa8c1b55a8b2383bd6139c3c6c0231a023558d8a90b2bbacdf281c9dee603ebf51e65eb6e4a91d59e9fac4ee3c9a5637fd7b49c2666f1923695609abfd0eff1310ffa2a68028ee0b15f74bec3adac20650", 0xa2}, {&(0x7f00000002c0)="fd21a25fa52217bf0b592de13394346d0a037d9cdbd2dc30b209b11bb0f7d82c694f51bc85b88d778d485a7f11811202fa42eab2af3f1b9ce6b7f761d1b6651e74a39c49813bb5", 0x47}], 0x2, &(0x7f0000000580)=[@sndinfo={0x20, 0x84, 0x2, {0x5, 0x6, 0x5, 0xd, r3}}, @sndrcv={0x30, 0x84, 0x1, {0xed27, 0xf62c, 0x8, 0x2, 0x0, 0x0, 0x5, 0x101}}, @authinfo={0x18, 0x84, 0x6, {0xb}}, @sndrcv={0x30, 0x84, 0x1, {0x0, 0x3, 0x5, 0x9, 0x4, 0x101, 0x10, 0x6}}, @dstaddrv4={0x18, 0x84, 0x7, @empty}], 0xb0, 0x20000084}, {&(0x7f0000000640)=@in6={0xa, 0x4e23, 0x1, @mcast1, 0x2}, 0x1c, &(0x7f0000000840)=[{&(0x7f0000000680)="7aea9f5af7ac6cf77b7295a4a8a64f5e117e1a63221eae8d78c11289e2be97ed8172a015d2f006c93298db26d2066ad1e7ef126b9c2a", 0x36}, {&(0x7f00000006c0)}, {&(0x7f0000000700)="81b75ede45ccd1f496f6a6c70b84516fb87f536f57a2932f44a3674adda1325d56694995c7141e8e1197b377017945b9432444d4d4b9bc872f1b3a504ba5ee50d65910c51518c41034d04c5042d0c52da384f02a8ee3a34d0f40d42e337b9553673979911b47c544fc905374b5800f1bbd2f06fd7a5a893db06a58a4205cdd0b0b6db3c0142c61ec626127de8b3210460d42c8e95f2600", 0x97}, {&(0x7f00000007c0)="3d06a3307966e77df33f960791f1afda3fbfa808979f6c7ff27f3b702cfddf9f58c2ca6c818a013d37d4a6285135fb7cd408d6068988b2642166438ff195e9b52dbb51d32753300556ad3a25029717ce49d0efa5232173bb708f703ef86e5086daccc92b706a79a09785f27b86965e4d6528451a488e831c", 0x78}], 0x4, &(0x7f0000000880)=[@dstaddrv6={0x20, 0x84, 0x8, @mcast1}, @init={0x18, 0x84, 0x0, {0x4, 0x3, 0x5, 0x40}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0x1000}}], 0x50, 0x40004}, {&(0x7f0000000900)=@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10, &(0x7f0000000a80)=[{&(0x7f0000000940)="47a86ad0f194d3800f299e5ffb1c87659046131f25b06b5e133624ca21cfdba6f83dadff9b6563691d07aea8048b3271a60a92f6eeb30351867f87dcb4e6e5cd2dff5f824d8683001c8c14fb82a7e62524a04766468639e409a2629c4d201bdf2151e9216805b38e0fcad449d4b965fc5a1a9bdc097abdd46acbfaa002c6c225a58bae56330ebfda53cf3bf6ac3f05afd04af5329e192ca172c32a3d5aa401f1e027082411d51f604ab865c7c203da22cfbe9beaec3295fa8f042a83", 0xbc}, {&(0x7f0000000a00)="b7c50d3fc5dd1af6d87e2ce12f835270c71ac81b0679f864fb40982abde558056344df287fa601de06c6d30dc6926d7df13c9b81021e5b3a7ebf33fae837dc4825eaacde00c9", 0x46}], 0x2, &(0x7f0000000ac0)=[@dstaddrv4={0x18, 0x84, 0x7, @loopback}], 0x18}, {&(0x7f0000000fc0)=@in={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000001100)=[{&(0x7f0000001000)="6b732af8bf8ab7876f8e0d91718d8d13b797f0c5874e44b21266ddaed64ad2ecd960eb2e2d39ae303ffea93fd656e0ec79fcfe913e3330ce9ec954c54a2f99ebad36cac971b0873a74b9b57a5c0a9b16de3b62a5654d7a75dcba349d2b88034fd233c08598ca0634ae9b1ab275d66854c3daee8791ed107d1299f1eb9adc7dbe959f2cafd40a6d6fa5bc5d1bd8aba8319a3b0983d2d7e364d17e27f8ea25e5b9413f4b4ecd9e3b42affc027c190667bb026a6f", 0xb3}, {&(0x7f00000010c0)="bb99e6f0fc6206df", 0x8}], 0x2, &(0x7f0000001140)=[@authinfo={0x18, 0x84, 0x6, {0x708b}}, @dstaddrv4={0x18, 0x84, 0x7, @broadcast}, @dstaddrv6={0x20, 0x84, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @prinfo={0x18, 0x84, 0x5, {0x20, 0x7}}, @sndrcv={0x30, 0x84, 0x1, {0x1, 0x3, 0x205, 0x762c, 0x1, 0x4, 0x0, 0x3}}, @dstaddrv6={0x20, 0x84, 0x8, @mcast2}, @authinfo={0x18, 0x84, 0x6, {0x9}}], 0xd0, 0x1}, {&(0x7f0000001240)=@in={0x2, 0x4e21, @remote}, 0x10, &(0x7f00000015c0)=[{&(0x7f0000001280)="4c98f6740690a4553223b2a12d04d68562d62bf3c5d08ebf928e3543a7fc0e25c4a21ed97d64a92ab57312c610dd91d538a5d3cdeb9e272b6bf18434a05265e9e0d946d73b4bd38d8f8144daca188eb8b938ff229939528b4e3a9008eee7133b960112b67dff955f25a5bbc4cdf63a50f4a88ac5ff7d75f8c84c7a5d5a6cf33fe8175f8df2cc33f99e1e3d9a65e9aaa7b6008466cd76ba082e7d280ffab7523cc959c044cc9dfd8b855699664aaee250e960d5bcfb4dd123d4158573526e0008cde8d73a3c8fae0acc1143ae7a8595d93a72e6b46b19adda5fc77494d0ea47e8", 0xe0}, {&(0x7f0000001380)="cd3abb6c930caebadc2daceec038adfaa42c03a6fb3317fad9cf59d95dfffbd1e9ac445efd7a07848fb921d9be3c8717b6a80079db317a489d4d0c05a08f5567db806219a50689fcc47ee55d85de64faf0585f825c95289d0b869b941944c7b2643e792b3be202e24abbef9718fb47b6f5ae861ec066ef6c720704c6bff8b8e13ff9f0193f044a3822472117e2da5f55d700ad98810c5b6f85367d7e74c5ad5e04220a198bd704af1fc2a8e7691ca34cfdb97acf82ccd2dec3322ff0de56521a36dca4de0ecb096cafa1", 0xca}, {&(0x7f0000001480)="4e634babdea81bbc212482483b541b51f6a6bdf095a6f503bd101e0845295264da4c10cf256274674c0c5c917b18c1d888377462ce718168ddc9367d8fd9a6e1cf37592dd41901bd7da2ae738cdf7d21f583e51d38f533ba8fc54160b5c651a3d4f07ffbd0f40d951f59c36e3aa529b6aa61ed06df559cf998003df31e58386c92de624019901b5898c9ee8eacc625a78441f8d3d96d3a93f42a18ce643d9ab1e468a0eafda986b5cd352081215bcfe4b1f2bbbc8552dc50e318909a77de89289524aba61088afacce3a8edf1e5546dc", 0xd0}, {&(0x7f0000001580)="d33baad74df41e227f63c852b71a997a49a34a35847d5c394f722891c742627a87498d075e0410aca9dbc0e8a9175674b4702f2f2d485c11", 0x38}], 0x4, &(0x7f0000001600)=[@authinfo={0x18, 0x84, 0x6, {0x2}}], 0x18, 0x2004c804}], 0x5, 0x400000c) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @mcast2, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x50}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r4 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg(r4, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) timer_gettime(0x0, &(0x7f0000000080)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) 1.083720739s ago: executing program 1 (id=1769): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_KEY(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x2c, r2, 0x9476faf4e11b2c25, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20040080}, 0x810) r5 = socket$inet6(0xa, 0x3, 0x6) close(r0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@cgroup=r8, r7, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20) syz_genetlink_get_family_id$tipc(&(0x7f00000023c0), r8) recvmsg(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)=""/217, 0xd9}, {&(0x7f0000000140)=""/40, 0x28}], 0x2, &(0x7f0000000280)=""/4096, 0x1000}, 0x40002023) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000000c00)=ANY=[@ANYBLOB="850000002f000000350000000000000085000000070000009500000000000000f4670880271e3503200ffa95b2c8c037c5a142c9a8d76287066c51adde96fcc309926fa397fabd5f9810e81ae03737136ea6f7be39cd34d5ae35de38dd5a1163a35c79949c00a7c09cc28d7673294f42a5f0a8321313822c45c0f8612c10b100000000b0d3712c7e93363af3c075ff1e23166a32d95433bb755a2dd576090c4877a7b6393e366c6386d5ec7209d031f40f3012e9176e51a7f578602f5807785b92a544fc46c744ae6af3e4195cc037102124d85cec074c6949e1298901ebb395000000000000977e82f5fe47fe5f17f9ab800f4104dbffff0000000000005c6d5d224b64be6c4d0400ef21eb7e46f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab94de930a060000846be6277c04b4c50000000000000063ffffdc8dcba00bfbffffffc45b0c01887b5efabf84960ba0e3c4c00356ffebfb19a34268335648e1f822de328c10752a42dca52fb98c1452b6518a6ef7297f7b2744706d27ed0b05b1b9555f419a2f238f173d0cc56dafc7ac5500f53e7309ec91d83cf408000000000000001a4d8c60ff000000b78863e629b3b200000000000000000000000000008b00000000449c810d3174c87ee545867a3126af7a8b20744ea9875b9cba935b9594aa904e5ac04bb2c3dfa8ea63e3e7000860000000004a2147c1128c697d9966b3c9f0e9e203911a3fac929a4fc6e625247510bc24e20ad88d4fe6a3ae6c4aae83352106057ab9cd4b3442a5d10451b95e22f30a85f5681ca3000000000000e1e682ec6c5f73983a000000000396e7b6e1aa007018f6d93e79fce95d405b809238cca421c800800000fa978bee51f581d124216e8bd9b1855f77138e438bdc037865f0db98c068be4c6155ec27365410866019475714844a3ea4cbe37e0000000000ef6dc4bd63bb928ff58b3bd2a646a89d172a884dcdb8b9f905e72ce1a66f08d9b385a8cfb52cbe2c0b160159202d4f37c496a8d2dab79d4242a353917ebdf2dc7926d80260898d4e1cd57f7b913a31a36f5d2a666537f920a9588a712be006c85db574e951fb65c103024d3c169e3b791e12b3c9905e0810f7ce80fa133c8af5ea4edbcd54e5a01b74f9dc015f5b7811cd7627993dd965e56b2d666f722bc26e3f62b2163756d68ef7318d3a1b910000bd9145909eaf13492dcb2867a2979efe0b61627dd96f8e0400000000000000fb9b190c3cf040549a1bbe7ca6adce2dec7c40c628e90b30cc8d8c0b3c6c95e21c7ff037166302e6984285eabb1ae5f553e3b54e804b9d8107c026d6f0817f5f65acd608191c2abce2f1ca3869757201b3f7e8d0b5b9697aac79cd2fb8dea8c761fab4871cea4bccdb2416cd6c3e41d14d0ecfa8ec47e7153d3cd682d99fb255fb9ed12bf785612c2049a4d2116da6f3d3d90376cdc4128fcf5b2a7e3e57e6d8a8ebe5b35352ab25b20ccda777a024f7e80e82dd691d4b75f55fd529ff5a31fcee1fa7b1fa997815238deb2d5a9517b8fee39152fb7ec435353163664162a460a51857acbf5a5db47a1e220bcf356450d1ab3dd99ddf39bf7db13752b391969d9c1097379f6ca23c4ceb47e0f2e4c688777f44d065e3ea83152af906f5c2f7092889e82ffce9fa63b14a111c3428d604909205156f9a287d0c12b92bf02282595dc4ade9f4ddf36e3edb89be6b518487fcc33e4f9de4fc7d59055eea7036643d13319056fc5b1cdd1f3b8998d41ff3efe0c3f379179a75b7b98ef0cc21f7f17e0c1bb68e6272a4be2a4cad44f8574836621f44153de289d13c104516da2360d08c350ed8033ab8105146c0fba19b4a47d5100fddc39325fb77f915e24274e1319027007fc5673db0064387b638"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffec3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000010000000000000000000000711213000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff}) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r12 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r10, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000ac0)={0x1c, r11, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r13}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x404c095}, 0x800) getsockopt$sock_buf(r9, 0x1, 0x1c, 0xffffffffffffffff, &(0x7f00000003c0)) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) listen(r6, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r5, 0xc0c89425, &(0x7f00000012c0)={"93b1b51ea036568f32f8444e866c2878", 0x0, 0x0, {0xfffffffc00000000, 0xc99}, {0x4a}, 0x6, [0x7, 0x9b6, 0x0, 0x8000, 0x0, 0x1, 0xa, 0x2b, 0xf8b, 0x51fa, 0x6, 0x7, 0x8, 0x1ff, 0x5, 0x9ca]}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r5, 0x5000943f, &(0x7f00000013c0)={{r5}, r14, 0x18, @unused=[0x4, 0x7, 0x401, 0x8], @name="9b4983e32bcee6d9c01fd36e7ad67b14083f3ce266cd7ac9ea43a05fd7b821879db7d4dda2c9eccbb9f414e6dffb2c34b9bca3b15c034931de0f2d0933deeb4f4284a0a31a57fb4d128d0c1673dc6ef7c356a45adb9e0cd534b68431264f25e74994ba2f802c0bf5263553baebde0ed441b62450ddeb2b41580f60d7dd81847330a46b9f923c4250e8186161e7b6830c7b6d94d012f2123d91586fbcf48e1ad9f31bd565d3ec3219e9fc7c67baab200c9cffc793d312a0c94a697ac8d8fd4b06c9e202ef01d29741ab2b6092b4384762f5c2fdd82a6939acc001a45494457f68fa83e1c2566f453116e585500ad14e6ac9abf9eb0521ba017a58d949e41c942a6b583f6d15d97e235c9c96a2b4578d72fda9d567923757a6a974445c4212d412ccab51bb794db567e7d7a0d638573360868aa37d50a7a89f54ba8d3b38027723b3008e4005ef0f3ada652d65e2d3ca13129101a34c2b85662381653ccf1d482cfca856d3ce42b7e2b624be699b8039a7e02752916270ac32e09ee20a3fe27570b756ef81b989eb5aaec53e363dbc05377875249c4426eef86f894eb7f019aec85b02d9bc492a1ca28fe5680d9826508941bb552a2144bf053bbb9095b1cfd8a82a3a90f898707fbeaf47b1863ac1f65bca3a53b94e64316de26688fda836f51207b5e82957f4ddeca355273107eca002fdc65ecd851d32dc759e0df6e59267320741d66f8e406d304266fb42e0268308715bb15ef6d40940c49c596bc636266c0979f9c69b58edcb1c9e09062e66730b703cb255cc508d93aa59c0a6524e3ad99831b1ccf9b47aa5a0df67640dd1c0e7efb6647926fa1d5a232f557021ec3b665d96752d7233044586f6f0e0124b31516b398abca0490ba12657849622bc07d65eb504f55a4e3b6526f584c1056b162f2c5b084b8503bbca69dccf7115290b48bc18183ff3407300857ca0c2945f11721e005cb55b5500505814178e5cbe0e991dfbead6572c39e53a8f767c73c0a31a5f4f8a6de4c3b1d8cd101e8e07be3527ff35d9e5f691b41a8643c86fb32c42717f9c86fa1c69326e4412111cbf21c6941ed32b32bab7371bd8f106c8a1069e0431ced5aa812e0ab799bd2fd43f2b2c4ceb734bb3308e16b56c242f0ea30d991b2e0752232fd504adcdc0f39e4badce6d8f51ff09c41181a37930a9cb78a0b80485921db6eeb3b5f4fd79284b81a1fc2b3f2f237a53a41d79f7b9d209c7ae5f380f33fd0764cad9adbaca5332f2e75dfdfcbdf5040955b1f279c72dbced551d8e610232559c02ee9020b430bdc47c8fca2fba9c0e3b953d952f9742b145e03c1ed9bdbc656a78a69782ebb86fdfdd8c0e1b74d32af71238b675167db20e9665eec1708c4d46045f1a841d99b65fe9305a704fd144f7cf1e609e0c465c4a0df6ae9c24d21e0be58924a3d4fbb98962f49e735958cf25380bc154ad1faa4210ab074f74fd4d767abc73d76986b8977aaec83ec1c76e1b01ecb9fe4a4369963686f6873e2d991762fbf81cf422d8449820a1d11731a9180dc1a703f5f2fa8aecb0cc34ee1f8427f6eef64287268f5de0d2c0455c01abf75be3f85bf9bb097204aa6d87f18d1a4e5ce5e21651259840ed1a68b208f9995f5295f64cc3d0819866f2ce3aaf12c15497e95b4b396e800b272fb5c012cf2b0a16a78e6f88183d8f84637f819334c20859ef61c58507639e81469ab44eea2e986ebe2d8e73cbcbba112ef747a531747403b45f0dfaad9f6f166dc4a3c565e69c816a850f09de9e2276185cb6799a5647b299873c6d7e5c855555b3c7b563c65f7fe60ea043978f189ad5139ed00fb425258964d56b3c7c6850aac903394a5579b060f7034ee6fa783a940e17c82fab32ccdab9c91dd84b28cb5d862c6124232acc7c823ce464d504870aa03d57124d124a7b06ba1411b21c5180cf9f5f20d93c5f12c7e8494fc895fce4048e1b0683da01127cb68acdfb359e5196e0d2a4bea864125107465fc9a6da094970042c296e640063b73f611c2f67d4821f3ab8d7d3d63b628cf505e620c32bb547ddc9bddebf0ba50798d499df8bafa3aea40d876726d3e71b978ece11fdba56cdb2564ff8721c78f8e1a6beb2180f2ab53da93aca25f62d273bb79af58ca4cec6d51b02e98a128a3a3fc6a21bb14148175287d6eb8547c91e7e1fc33cc2732f70841bce3f061768f958b3766ca5a8f08772fb07c75edbff7b531e4a13cd3e6b398f879159d8cae4149c0445e3a995055de80c267b502d78c6107923581f7afaaaff7f3008b4f01f56389ded38f8267dfa962737861e0bcfb3d9bf53c2c759d0439dad9653f9d2ea306f01e74344c423c656892185c6bb11c7f9f46331bb95d8d40d6cbc20a45c2e46291ea462c67bda60a1ae4436300b0358a93aec09e03408703fbfdfcec1cd7de9b28462c7f38371114988c018c2b8679ec3a1469d8af837953cbf5ce44c09ea38402fcfbc2c666c5ec74bb6a28e69693bc9633f24a5e649d9c7fefed1b381426695bbc2c2244264e19600251891198112527d56277f31c2dc4b15902fdbe60d4e26e2bd45835c277e5bb2b43cfd33a5dcc5246e879b9cf096b9e66f0a7bbee9f928f28d608091e1319f762313c35ed9eef33b26bcfc064c7ff83f54d814d769e6446cff78add241af0ec6deb0eec39063eec7b6870d0bc44e094b4d5d0f82e13aef5627a36c905c0a8ef32647b3f1d638176a7a22d752dcebf501bbee5f80842fa0451d2f8f42c239f93197899c269912aaff222b6c66b93172efc08eb136c618695b563d8aafd4689018fb3ee088b6c7397b195eacf8128c18cc62c22b3f6ef26bbed6e5ee20d9093afa67c0f69e10309809d5a9c575d6718bf0ba1ba2f120a99de593a7f8270684929ed1d50d150d386b7cdc86eed98a41ab53dfe52436201ae6ec5de1d723df67ead27cb703c302a5ddf4f4baffd929dad4abab2658762b868283d68697c5522d40f3b09501a8e524b0c3e81a054f58b74ca260ad254e9819b59657d8fd441d9e07cf2bda20def6e80508a9c1ecdc43c5cadc05e4c757bde91664345b30fe9337491012ac380ffe34583a69f5e1d7caec91204dff119806733c5d4e23b7ddb0c5f81b7d0b1bd84695a9c49d3da989edc2b82a3a4b79bc7dd1b098371b51ea604f59aa75df9a81eaa0d7bc1d1d965af37215276cf511cab926c820be5d23cfbe68163a51297d3d0668e7cef0927ac7f5e775f71b0b1d24e53a4e3c6c9c25a0d5781fcf27ea27a54ac9e389ef74db01974543716c92a28bffc0bcce43d00a5febd3ca6c6ca19e8cd5e4bb2d8ae7da0eb91b2646b7c9c0edfb42d4acb120206b38f1258b4d3a8fc2b1f4eac1a87b6ce19f192b3fc56316430f7adf72850c5c6931eeb872baf1c6a761eb970bbdd709c02069b397ff06c12d2c1ccac24d2d1e145b9e787e1903176c33820e84eccff820944c1db91b8e6a22082727e69bea86c3096a62b433115eeb86f9ae62194a29045ca9044df491e285be8b02a83c4b0feb39fb8897da290e0a1f6b99671f452716386a9ba60785627cbbdaf6fe5f8aaef36582653c6e20e6e703d190434396b000bbb46ad129b1aa016ca7ad04fd7fd53d00ee180c80b731b6378f397168d802dfd24867e05ed821edbeb32439c77a23af69275d3fb04d1b5952393cd62df0c81cec03a02d2e97e00c7e40a292127807b317f3168d06ad67d11d934caa567796f7ddc3e1e0a6ef2bb06b4eda7e68a0a3736531b8fd14d279247b7bf7bcf973e6e6abdc429757df28e7c148d7f4ec94fbe9270a3c304f02c9c3d20a10bf7d4c0648ee2f4a24a5727943f3b605e40b83954a4ed440ce4e1c375046b9ea0f00a039df7a550cc3625860f7053b8f063b178e47a264793028146fd86dc393ab6a292853b103d88e7ca281ccf435d0cec35043ba4d827aad52409460b1141460f3416279dff6a2b23c80b8ec5a3f2ede66fa7461c5b3d0e7dc4489f197156b4b42a709c2ffb9185358f973ae88e727718db9c3632f2bf3ddbff9590c8d956f42575ed517227f4fca34c218d57f1b5afa3450bf8785023ef256abd5e775650f93258d40fc9a8dea319823d14c0b6ccfb8467c176c70fd9308cbcd9575794ed8c9f244a23ab8a9a32590b75d79e4384a3a8c03d3d2ba7548ae39f66bfdcb7d7662dbc7a3b4054d50f3f90fefc506a7b6c1e09eb83f3914bb975e35342b37dd78ad60786535647a130531656047ca262c6f1c5d0a6bce33c8c7b42900c1e39c474dde44d7afb156fc7836e9429cf53886e0d8893e83f12982f191940fb54e02babc9ebb71d8076b3b953cbc629c87d8fab04a7a056be342aad5c49a6b3fe609a2472890ffd10bca01c479bfca477c99bda896519242be8851f37c6704931a214f47b7b4d0fbcecad2fa62217515e68394cfcc06513a9987bbbdea1baa1ba60f5e9d91e5517a3cf0d367a301ad418e226a0d13faca40eab39a6ae9cada09dc45de3791495beab4d7ddf2e1ecba53299e879f4415f40b6216e85472ab10b0b2210f772a5420bfd65aa277461902e93d6e1088dae27abba81bda57a060e00d5953510d38769696031bf4628789e59f7a125ce14e03ebca671c7728d8ab89dcc2c1e225e20343b54710ca20a6dd10c10abb9033e2d92dfebaed864b7b00ad15a605f8042ddfd12cb33b4e28640ad7026b54e7c5403306bfad47398ab2730da95571e8fb51845a80c0f0050d2e2491717b7610dd5fb7d8a13585fa29d9e998380b104528d2bfa443469616cd96fd33f9c8eaf01298fb6f1e7e4878243bf6812629fbe388112f7f30303b3af73da308045ad4eec5980547162e0cd8b0ac2cf24456fa6dacb41cbdcafa0306f2645d7962f004b76bf154ad8a15a8b49ceb3bf848e899e0defe192d168ab1e01d168a808fcb0d1c43c8eadca6c2144cf9231b01774f4d0235151bde1548934d737b72adec7a280c988950e206939623bf2f1cff5fed52dc4e25f13ea3730a4107df36246e140cfc6f29b5d5fd2a90bf041612dadc3e801d6bfb858d324c0ae17f5a6bc6b3bc5dc7d8a2e51f0b416ed3ac5e98350ee0e302473da5696b39c04d6bef12bad7d081e005585bef28b389b7ba362ee5750dc2c3ee22366689f831fd31131b858d7192f01eb11042966dc888a861a5b282fb82a78ece09d37689badeb4e19e9309ff24ab2e03179a6373db10fe91a9e2ee0efd1c175597d652e12fd0517076746fde14a304fe465f7b534bf7825969f09384404c6e20c2507b54e7a316bd6150dfcb7d69ade54f53c69e466fcb39c0a5279f29aaad2819641896967ceffad05d909aba5a1530e05cc9c9e2fe373e557b8a3158609de1e43a97dd708805acea6f29fd74f220641afca0ba5c5fb4b2f0e7d78f248427c34975ab58cd07051d18fc184b4e08f84e7641364e266281e03b791f070e6a004e397b222635d15a364437af213cc5514b2870d088b1e9261679ee7d99b3a7c3099b1137397ea95e9847eff0309ef6a6c7503420777e7c7932c0302c9369961efd833cf5d2bbf1edb238a71ed6e347e7c2d5c880bec3449028ee48e87ae81ffcb25d975b5379e83f23231b5e641edb7bce2e390cd7dc59a93a08ae807f233d75c3a38aa51269198d808d62b97d7452e4698fe1cec3cc0cde0d3f877adaaf057adc64808401d93dad6e41c500fb8dee42b3703093246e46281ced15b38a"}) syz_emit_ethernet(0x96, &(0x7f00000001c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x60, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x18, 0xc2, 0x0, 0x0, 0x40, {[@mptcp=@ack={0x1e, 0xc, 0x40, 0x1, "88150b0caa790855"}, @sack={0x5, 0x12, [0x0, 0x0, 0x0, 0x0]}, @exp_fastopen={0xfe, 0xd, 0xf989, "eeb3fef90baf70793c"}, @md5sig={0x13, 0x12, "7224407c80fe8a3616b4bf3400006cc8"}, @mptcp=@ack={0x1e, 0x8, 0x0, 0x4, "5882a080"}, @exp_fastopen={0xfe, 0x4}]}}}}}}}}, 0x0) 54.343637ms ago: executing program 2 (id=1770): pread64(0xffffffffffffffff, &(0x7f0000001600)=""/4081, 0x7, 0x12) openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) socket$inet_udp(0x2, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r4, &(0x7f0000000580)="09000000010001", 0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f0000000740)=@ethtool_link_settings={0x4d, 0x400, 0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x8000]}}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) 0s ago: executing program 0 (id=1771): r0 = syz_open_dev$usbfs(0x0, 0x20000007d, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000001fc0)=""/50) r1 = dup3(0xffffffffffffffff, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$alg(0x26, 0x5, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000003, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) bind$alg(r4, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-avx\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x60010020, 0x0) sendmsg$kcm(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000940)="d744784ca67c0398246d848e6df22054de2bd8ca3da64dfdea7d8eb74ffe057d7469066c6ca034a2677ce0c1c25e2b2a825d677e0fbac312a7da165cd5db94fa38cdf3a3f3f93b912a7515e0b1e441a3be644a296bcc765e7adc9ddb4d14376a69cbfcd2ddd156ba432349e96debeda26ee8914c28f4", 0x7ffff000}, {&(0x7f00000009c0)="d86e5c29ab2c0dce2b79f95d543a0d6b45dec9dab7afbc0d6d678feb7a652e67638c3ee007937917fad76308e99818f8f112b73a3c3e3c5ed80c49fab6e0593e95008b4a47aebdde3e28cea1cec26385f3d03b872970dfb69a63a6384a9be5b9419ff8ea6d9c2a730307894adb589d11a1ec59255d10acb1fbef", 0x7a}], 0x2}, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x26e1, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x800}}, './file0\x00'}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000000)={'gretap0\x00', &(0x7f0000000180)={'gre0\x00', 0x0, 0x1, 0x700, 0x4, 0x5, {{0x5, 0x4, 0x3, 0x0, 0x14, 0x65, 0x0, 0x6, 0x2f, 0x0, @broadcast, @rand_addr=0x64010100}}}}) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000380)={0xfffffffffffffe29, 0x2, r6}) kernel console output (not intermixed with test programs): : fail, usb_ep_enable returned -22 [ 445.203700][ T5899] usb 5-1: Using ep0 maxpacket: 16 [ 445.215679][ T5899] usb 5-1: unable to get BOS descriptor or descriptor too short [ 445.228861][ T5899] usb 5-1: config 0 has an invalid interface number: 119 but max is 0 [ 445.241335][ T5899] usb 5-1: config 0 has no interface number 0 [ 445.247656][ T5899] usb 5-1: config 0 interface 119 has no altsetting 0 [ 445.263188][ T5899] usb 5-1: New USB device found, idVendor=0a5c, idProduct=2033, bcdDevice=64.3a [ 445.279536][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.289208][ T5899] usb 5-1: Product: 檚摸⬙è½áӬ⥡㕮顽íœá•¸â¤©á²™é£ ïº‚갭넌ë¦ê¬¥î…儺ëžâ¶…ᡈ [ 445.302261][ T5899] usb 5-1: Manufacturer: 秒ゖ땼뮒Ḕ훘触놺é“࿂䥃ꕻ驣뵉緬簙㴽Ϸ㑮䆟鋨ퟻ⨈솰굱洡늪䩚寃챀炾ⱱ잮㌜☱æ•î•äŠ´ì¡‘ᤜ雹⮻窑陔ⱫꊖÝì¸é¯·é¨³ë¢šî´²ïˆ»ã’ºë¤å© î¶Ÿé€Ÿ [ 445.322774][ T5899] usb 5-1: SerialNumber: îŽáºŠì³£á‘€á¤“꧰뚀瓥瞴⇅疂뵻蠔铻㒮ꗼ랚嘺ﵛ龉뷴瑙漮캆â¥â»†ïƒ‡è©–㞈἞ᄲ웑웫늇᭻燰鶌噗햛ㆼ挦ྒྷ㬱蛀˧ïŒèŒƒäª­ì¯á‘¯î»šë£Ÿè–šë¥œç«–ç£ç£îšç¶€çŠ§àµ›ä© ë°‹ë¨œì¥¾ä‡¶îžç·¿æˆ¤ä¥ä¥¨â‘‚幮玳ⵦᡃï°ë¢šà¤žì§‡ [ 445.351620][ T5899] usb 5-1: config 0 descriptor?? [ 445.395159][ T5900] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -12 [ 445.409019][ T5900] usb 3-1: USB disconnect, device number 72 [ 445.787871][ T25] usb 4-1: USB disconnect, device number 34 [ 446.402186][T10382] syz.2.1250[10382] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 446.405936][T10382] syz.2.1250[10382] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 446.421537][T10382] syz.2.1250[10382] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 447.663668][T10395] vivid-001: ================= START STATUS ================= [ 447.699816][T10395] vivid-001: Radio HW Seek Mode: Bounded [ 447.705546][T10395] vivid-001: Radio Programmable HW Seek: false [ 447.721464][T10395] vivid-001: RDS Rx I/O Mode: Block I/O [ 447.727087][T10395] vivid-001: Generate RBDS Instead of RDS: false [ 447.750044][T10395] vivid-001: RDS Reception: true [ 447.755156][T10395] vivid-001: RDS Program Type: 0 inactive [ 447.769825][T10395] vivid-001: RDS PS Name: inactive [ 447.785017][ T5899] usb 5-1: USB disconnect, device number 47 [ 447.785863][T10395] vivid-001: RDS Radio Text: inactive [ 447.815634][T10395] vivid-001: RDS Traffic Announcement: false inactive [ 447.839834][T10395] vivid-001: RDS Traffic Program: false inactive [ 447.866848][T10395] vivid-001: RDS Music: false inactive [ 447.877160][T10395] vivid-001: ================== END STATUS ================== [ 449.370385][ T25] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 449.538221][ T25] usb 2-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 449.554216][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.588024][ T25] usb 2-1: Product: syz [ 449.595018][ T25] usb 2-1: Manufacturer: syz [ 449.605433][ T25] usb 2-1: SerialNumber: syz [ 449.621889][ T25] usb 2-1: config 0 descriptor?? [ 450.705817][T10426] sp0: Synchronizing with TNC [ 450.908556][ T25] mos7840 2-1:0.0: required endpoints missing [ 450.917215][ T25] usb 2-1: USB disconnect, device number 50 [ 451.000890][ T5900] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 451.084612][T10434] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1263'. [ 451.194150][ T5900] usb 3-1: config index 0 descriptor too short (expected 244, got 18) [ 451.315918][T10437] vivid-002: ================= START STATUS ================= [ 451.345276][T10437] vivid-002: Radio HW Seek Mode: Bounded [ 451.376490][T10437] vivid-002: Radio Programmable HW Seek: false [ 451.433116][T10437] vivid-002: RDS Rx I/O Mode: Block I/O [ 451.461250][T10437] vivid-002: Generate RBDS Instead of RDS: false [ 451.556431][T10437] vivid-002: RDS Reception: true [ 451.608406][T10437] vivid-002: RDS Program Type: 0 inactive [ 451.614881][T10437] vivid-002: RDS PS Name: inactive [ 451.625222][ T5900] usb 3-1: New USB device found, idVendor=0f11, idProduct=2000, bcdDevice=61.d7 [ 451.630319][T10437] vivid-002: RDS Radio Text: [ 451.634364][ T5900] usb 3-1: New USB device strings: Mfr=28, Product=2, SerialNumber=3 [ 451.639537][T10437] [ 451.653774][ T5900] usb 3-1: Product: syz [ 451.659884][T10437] inactive [ 451.660390][ T5900] usb 3-1: Manufacturer: syz [ 451.663421][T10437] vivid-002: RDS Traffic Announcement: [ 451.668004][ T5900] usb 3-1: SerialNumber: syz [ 451.680897][ T5900] usb 3-1: config 0 descriptor?? [ 451.700093][ T5900] ldusb 3-1:0.0: Interrupt in endpoint not found [ 451.703206][T10437] false inactive [ 451.732995][T10437] vivid-002: RDS Traffic Program: false inactive [ 451.770061][T10437] vivid-002: RDS Music: false inactive [ 451.775706][T10437] vivid-002: ================== END STATUS ================== [ 451.895489][T10426] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1261'. [ 451.960901][T10426] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1261'. [ 451.995255][ T3076] usb 3-1: USB disconnect, device number 73 [ 452.283791][T10463] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1272'. [ 453.808568][T10483] vivid-000: ================= START STATUS ================= [ 453.826892][T10482] netlink: 'syz.3.1279': attribute type 1 has an invalid length. [ 453.836900][T10483] vivid-000: Radio HW Seek Mode: Bounded [ 453.868824][T10482] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1279'. [ 453.889236][T10483] vivid-000: Radio Programmable HW Seek: false [ 453.948479][T10483] vivid-000: RDS Rx I/O Mode: Block I/O [ 453.978801][T10483] vivid-000: Generate RBDS Instead of RDS: false [ 454.013041][T10483] vivid-000: RDS Reception: true [ 454.048163][T10483] vivid-000: RDS Program Type: 0 inactive [ 454.099291][T10483] vivid-000: RDS PS Name: inactive [ 454.181460][T10483] vivid-000: RDS Radio Text: inactive [ 454.246572][T10483] vivid-000: RDS Traffic Announcement: false inactive [ 454.377674][ T5900] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 454.393079][T10483] vivid-000: RDS Traffic Program: false inactive [ 454.441776][T10483] vivid-000: RDS Music: false inactive [ 454.448413][T10483] vivid-000: ================== END STATUS ================== [ 454.743701][ T5900] usb 4-1: config 1 interface 0 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 64 [ 454.755321][ T5900] usb 4-1: config 1 interface 0 altsetting 4 bulk endpoint 0x3 has invalid maxpacket 64 [ 454.767047][ T5900] usb 4-1: config 1 interface 0 has no altsetting 0 [ 454.799557][ T5900] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 454.809498][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.817842][ T5900] usb 4-1: Product: syz [ 454.829563][T10500] mkiss: ax0: crc mode is auto. [ 454.835065][ T5900] usb 4-1: Manufacturer: syz [ 454.840023][ T5900] usb 4-1: SerialNumber: syz [ 454.850295][T10484] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 454.858043][T10484] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 454.948024][ T8] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 455.033184][T10504] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1284'. [ 455.670392][ T5900] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 455.682532][ T5900] usb 4-1: USB disconnect, device number 35 [ 455.809845][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 455.816556][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 455.831748][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 455.851167][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 455.864218][ T8] usb 2-1: New USB device found, idVendor=056a, idProduct=04b5, bcdDevice= 0.00 [ 455.873410][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.907353][ T8] usb 2-1: config 0 descriptor?? [ 455.990592][T10510] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1286'. [ 456.159262][T10514] FAULT_INJECTION: forcing a failure. [ 456.159262][T10514] name failslab, interval 1, probability 0, space 0, times 0 [ 456.172221][T10514] CPU: 1 UID: 0 PID: 10514 Comm: syz.2.1285 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 456.183014][T10514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 456.193090][T10514] Call Trace: [ 456.196387][T10514] [ 456.199334][T10514] dump_stack_lvl+0x241/0x360 [ 456.204042][T10514] ? __pfx_dump_stack_lvl+0x10/0x10 [ 456.209261][T10514] ? __pfx__printk+0x10/0x10 [ 456.213880][T10514] should_fail_ex+0x3b0/0x4e0 [ 456.218578][T10514] should_failslab+0xac/0x100 [ 456.223281][T10514] kmem_cache_alloc_node_noprof+0x77/0x380 [ 456.229107][T10514] ? __alloc_skb+0x1c3/0x440 [ 456.233715][T10514] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 456.239113][T10514] __alloc_skb+0x1c3/0x440 [ 456.243551][T10514] ? __build_skb_around+0x245/0x3d0 [ 456.248770][T10514] ? __pfx___alloc_skb+0x10/0x10 [ 456.253741][T10514] ? __alloc_skb+0x28f/0x440 [ 456.258346][T10514] ? __wait_for_common+0x640/0x6e0 [ 456.263486][T10514] ? __pfx___alloc_skb+0x10/0x10 [ 456.268439][T10514] create_monitor_ctrl_event+0x35/0x4d0 [ 456.274003][T10514] ? skb_put+0x114/0x1f0 [ 456.278268][T10514] mgmt_cmd_status+0x1d4/0x4d0 [ 456.283060][T10514] add_adv_patterns_monitor+0x222/0x340 [ 456.288635][T10514] hci_mgmt_cmd+0xc47/0x11d0 [ 456.293259][T10514] hci_sock_sendmsg+0x7b8/0x11c0 [ 456.298221][T10514] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 456.305017][T10514] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 456.310414][T10514] ? sock_write_iter+0xf1/0x3f0 [ 456.315295][T10514] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 456.320684][T10514] __sock_sendmsg+0x221/0x270 [ 456.325393][T10514] sock_write_iter+0x2d7/0x3f0 [ 456.330181][T10514] ? __pfx_sock_write_iter+0x10/0x10 [ 456.335506][T10514] ? bpf_lsm_file_permission+0x9/0x10 [ 456.340898][T10514] ? security_file_permission+0x74/0x280 [ 456.346557][T10514] vfs_write+0xaeb/0xd30 [ 456.350836][T10514] ? __pfx_sock_write_iter+0x10/0x10 [ 456.356146][T10514] ? __pfx_vfs_write+0x10/0x10 [ 456.360936][T10514] ? __fget_files+0x2a/0x410 [ 456.365546][T10514] ? __fget_files+0x2a/0x410 [ 456.370161][T10514] ksys_write+0x18f/0x2b0 [ 456.374518][T10514] ? __pfx_ksys_write+0x10/0x10 [ 456.379389][T10514] ? do_syscall_64+0x100/0x230 [ 456.384182][T10514] ? do_syscall_64+0xb6/0x230 [ 456.388896][T10514] do_syscall_64+0xf3/0x230 [ 456.393518][T10514] ? clear_bhb_loop+0x35/0x90 [ 456.398223][T10514] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 456.404143][T10514] RIP: 0033:0x7f0e5b385d29 [ 456.408609][T10514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 456.428259][T10514] RSP: 002b:00007f0e5c1b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 456.436710][T10514] RAX: ffffffffffffffda RBX: 00007f0e5b576160 RCX: 00007f0e5b385d29 [ 456.444702][T10514] RDX: 0000000000000008 RSI: 0000000020000580 RDI: 000000000000000a [ 456.452691][T10514] RBP: 00007f0e5c1b2090 R08: 0000000000000000 R09: 0000000000000000 [ 456.460684][T10514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 456.468669][T10514] R13: 0000000000000000 R14: 00007f0e5b576160 R15: 00007ffc040f0818 [ 456.476678][T10514] [ 457.429933][T10492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 457.665519][ T5865] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 457.722267][T10492] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 457.890210][ T25] usb 3-1: new full-speed USB device number 74 using dummy_hcd [ 457.950502][ T5865] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 457.961014][ T5865] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.979173][ T5865] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 458.162283][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 458.180943][ T5865] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 458.190213][ T5865] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.198709][ T5865] usb 4-1: Product: syz [ 458.203035][ T5865] usb 4-1: Manufacturer: syz [ 458.205317][ T8] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 458.207630][ T5865] usb 4-1: SerialNumber: syz [ 458.232203][ T5865] cdc_ncm 4-1:1.0: skipping garbage [ 458.246610][ T8] usb 2-1: USB disconnect, device number 51 [ 458.888441][ T5865] cdc_ncm 4-1:1.0: NCM or ECM functional descriptors missing [ 458.896153][ T5865] cdc_ncm 4-1:1.0: bind() failure [ 458.902924][ T5865] usbtest 4-1:1.0: couldn't get endpoints, -22 [ 458.910400][ T5865] usbtest 4-1:1.0: probe with driver usbtest failed with error -22 [ 458.960971][ T5865] usbtest 4-1:1.1: couldn't get endpoints, -22 [ 458.967239][ T5865] usbtest 4-1:1.1: probe with driver usbtest failed with error -22 [ 458.994507][ T5865] usb 4-1: USB disconnect, device number 36 [ 459.120180][ T25] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 459.129448][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.357175][ T25] usb 3-1: config 0 descriptor?? [ 459.627401][T10528] ceph: missing cluster fsid [ 459.645991][T10556] FAULT_INJECTION: forcing a failure. [ 459.645991][T10556] name failslab, interval 1, probability 0, space 0, times 0 [ 459.646426][T10528] ceph: separator ':' missing in source [ 459.659569][T10556] CPU: 0 UID: 0 PID: 10556 Comm: syz.1.1296 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 459.675766][T10556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 459.685855][T10556] Call Trace: [ 459.689158][T10556] [ 459.692116][T10556] dump_stack_lvl+0x241/0x360 [ 459.696832][T10556] ? __pfx_dump_stack_lvl+0x10/0x10 [ 459.702064][T10556] ? __pfx__printk+0x10/0x10 [ 459.706683][T10556] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 459.712079][T10556] ? __pfx___might_resched+0x10/0x10 [ 459.717398][T10556] ? rcu_is_watching+0x15/0xb0 [ 459.722202][T10556] should_fail_ex+0x3b0/0x4e0 [ 459.726916][T10556] should_failslab+0xac/0x100 [ 459.731619][T10556] __kmalloc_node_noprof+0xe1/0x4d0 [ 459.736837][T10556] ? seq_lseek+0x52/0x240 [ 459.741179][T10556] ? __kvmalloc_node_noprof+0x72/0x190 [ 459.746671][T10556] __kvmalloc_node_noprof+0x72/0x190 [ 459.751996][T10556] traverse+0xd6/0x550 [ 459.756113][T10556] seq_lseek+0x126/0x240 [ 459.760393][T10556] proc_reg_llseek+0x1c6/0x2a0 [ 459.765206][T10556] __x64_sys_lseek+0x14c/0x1e0 [ 459.770008][T10556] do_syscall_64+0xf3/0x230 [ 459.774543][T10556] ? clear_bhb_loop+0x35/0x90 [ 459.779241][T10556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.785160][T10556] RIP: 0033:0x7fe42cd85d29 [ 459.789629][T10556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.809262][T10556] RSP: 002b:00007fe42dc7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000008 [ 459.817720][T10556] RAX: ffffffffffffffda RBX: 00007fe42cf75fa0 RCX: 00007fe42cd85d29 [ 459.825727][T10556] RDX: 0000000000000001 RSI: 00000000000000ff RDI: 0000000000000003 [ 459.833730][T10556] RBP: 00007fe42dc7d090 R08: 0000000000000000 R09: 0000000000000000 [ 459.841735][T10556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 459.849735][T10556] R13: 0000000000000000 R14: 00007fe42cf75fa0 R15: 00007ffe96116988 [ 459.857758][T10556] [ 460.624420][T10582] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.635392][ T5868] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 460.765292][T10582] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.800432][ T5868] usb 5-1: Using ep0 maxpacket: 8 [ 460.807546][ T25] [drm:udl_init] *ERROR* Selecting channel failed [ 460.821632][ T25] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 460.828379][ T25] [drm] Initialized udl on minor 2 [ 460.842460][ T25] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 460.850736][ T25] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 460.867679][ T5865] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 460.878804][ T5865] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 460.887248][ T5865] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 460.897025][ T25] usb 3-1: USB disconnect, device number 74 [ 460.934877][T10582] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.959263][ T5868] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 460.969554][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.982167][ T5868] usb 5-1: Product: syz [ 460.986373][ T5868] usb 5-1: Manufacturer: syz [ 460.993107][ T5868] usb 5-1: SerialNumber: syz [ 461.000392][ T5868] usb 5-1: config 0 descriptor?? [ 461.008546][ T5868] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 461.029170][ T5868] usb 5-1: setting power ON [ 461.040642][ T5868] dvb-usb: bulk message failed: -22 (2/0) [ 461.048340][ T5868] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 461.068340][ T5868] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 461.089391][ T5868] usb 5-1: media controller created [ 461.281705][ T5868] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 461.306827][T10582] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.411842][T10580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 461.443884][ T5868] usb 5-1: selecting invalid altsetting 6 [ 462.081341][ T5868] usb 5-1: digital interface selection failed (-22) [ 462.085966][T10580] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 462.088285][ T5868] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 462.150032][ T5868] usb 5-1: setting power OFF [ 462.156088][T10580] input: syz0 as /devices/virtual/input/input34 [ 462.164171][ T5868] dvb-usb: bulk message failed: -22 (2/0) [ 462.170089][ T5868] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 462.179624][ T5868] (NULL device *): no alternate interface [ 462.206118][ T5868] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 462.280130][T10582] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.298681][T10582] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.320134][T10582] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.343337][T10582] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.359336][T10580] netlink: 'syz.4.1302': attribute type 1 has an invalid length. [ 462.407485][T10580] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.1302'. [ 462.461870][T10596] 9pnet_fd: Insufficient options for proto=fd [ 462.469803][ T5868] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 462.478464][T10598] FAULT_INJECTION: forcing a failure. [ 462.478464][T10598] name failslab, interval 1, probability 0, space 0, times 0 [ 462.522914][T10598] CPU: 0 UID: 0 PID: 10598 Comm: syz.0.1309 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 462.533724][T10598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 462.543781][T10598] Call Trace: [ 462.547052][T10598] [ 462.549978][T10598] dump_stack_lvl+0x241/0x360 [ 462.554664][T10598] ? __pfx_dump_stack_lvl+0x10/0x10 [ 462.559896][T10598] ? __pfx__printk+0x10/0x10 [ 462.564508][T10598] ? __kmalloc_cache_noprof+0x48/0x390 [ 462.569975][T10598] ? __pfx___might_resched+0x10/0x10 [ 462.575267][T10598] should_fail_ex+0x3b0/0x4e0 [ 462.579940][T10598] should_failslab+0xac/0x100 [ 462.584718][T10598] __kmalloc_cache_noprof+0x70/0x390 [ 462.589993][T10598] ? alloc_pipe_info+0xeb/0x4d0 [ 462.594842][T10598] alloc_pipe_info+0xeb/0x4d0 [ 462.599536][T10598] fifo_open+0x112/0xa50 [ 462.603771][T10598] ? __pfx_fifo_open+0x10/0x10 [ 462.608522][T10598] do_dentry_open+0xbe1/0x1b70 [ 462.613418][T10598] vfs_open+0x3e/0x330 [ 462.617485][T10598] path_openat+0x2c84/0x3590 [ 462.622098][T10598] ? __pfx_path_openat+0x10/0x10 [ 462.627033][T10598] do_filp_open+0x27f/0x4e0 [ 462.629799][ T5868] usb 4-1: Using ep0 maxpacket: 8 [ 462.631524][T10598] ? __pfx_do_filp_open+0x10/0x10 [ 462.641669][T10598] ? do_raw_spin_lock+0x14f/0x370 [ 462.646716][T10598] do_sys_openat2+0x13e/0x1d0 [ 462.651386][T10598] ? __pfx_do_sys_openat2+0x10/0x10 [ 462.656573][T10598] ? __fget_files+0x2a/0x410 [ 462.661156][T10598] ? __might_fault+0xc6/0x120 [ 462.665826][T10598] __se_sys_openat2+0x256/0x2f0 [ 462.670673][T10598] ? __pfx___se_sys_openat2+0x10/0x10 [ 462.676034][T10598] ? do_syscall_64+0x100/0x230 [ 462.680836][T10598] ? do_syscall_64+0xb6/0x230 [ 462.685513][T10598] do_syscall_64+0xf3/0x230 [ 462.690015][T10598] ? clear_bhb_loop+0x35/0x90 [ 462.694689][T10598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.700603][T10598] RIP: 0033:0x7fdeb7985d29 [ 462.705016][T10598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.724620][T10598] RSP: 002b:00007fdeb87cb038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5 [ 462.733040][T10598] RAX: ffffffffffffffda RBX: 00007fdeb7b75fa0 RCX: 00007fdeb7985d29 [ 462.741020][T10598] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: ffffffffffffff9c [ 462.748981][T10598] RBP: 00007fdeb87cb090 R08: 0000000000000000 R09: 0000000000000000 [ 462.756939][T10598] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001 [ 462.764900][T10598] R13: 0000000000000000 R14: 00007fdeb7b75fa0 R15: 00007ffefb73ddb8 [ 462.772870][T10598] [ 462.781916][ T5868] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 462.802937][ T5868] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 462.838280][ T5868] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 462.875635][ T5868] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 462.905869][ T5868] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 462.951785][ T5868] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 462.979453][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.009295][ T5899] usb 5-1: USB disconnect, device number 48 [ 463.236367][ T5868] usb 4-1: usb_control_msg returned -32 [ 463.242199][ T5868] usbtmc 4-1:16.0: can't read capabilities [ 463.611657][T10616] FAULT_INJECTION: forcing a failure. [ 463.611657][T10616] name failslab, interval 1, probability 0, space 0, times 0 [ 463.625017][T10616] CPU: 1 UID: 0 PID: 10616 Comm: syz.4.1315 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 463.635827][T10616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 463.645915][T10616] Call Trace: [ 463.649219][T10616] [ 463.652176][T10616] dump_stack_lvl+0x241/0x360 [ 463.656891][T10616] ? __pfx_dump_stack_lvl+0x10/0x10 [ 463.662125][T10616] ? __pfx__printk+0x10/0x10 [ 463.666763][T10616] should_fail_ex+0x3b0/0x4e0 [ 463.671478][T10616] should_failslab+0xac/0x100 [ 463.676205][T10616] __kmalloc_cache_noprof+0x70/0x390 [ 463.681528][T10616] ? __hw_addr_add_ex+0x1a8/0x610 [ 463.686584][T10616] __hw_addr_add_ex+0x1a8/0x610 [ 463.691468][T10616] dev_addr_init+0x143/0x230 [ 463.696102][T10616] ? __pfx_dev_addr_init+0x10/0x10 [ 463.701248][T10616] ? read_word_at_a_time+0xe/0x20 [ 463.706309][T10616] alloc_netdev_mqs+0x2ae/0x1080 [ 463.711278][T10616] ? __pfx_ip6_tnl_dev_setup+0x10/0x10 [ 463.716773][T10616] ? __pfx_snprintf+0x10/0x10 [ 463.721490][T10616] rtnl_create_link+0x2f9/0xc20 [ 463.726390][T10616] rtnl_newlink_create+0x210/0xa40 [ 463.731551][T10616] ? __pfx___mutex_lock+0x10/0x10 [ 463.736592][T10616] ? cap_capable+0x1b4/0x250 [ 463.741183][T10616] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 463.746826][T10616] ? ns_capable+0x8a/0xf0 [ 463.751158][T10616] rtnl_newlink+0x1c7e/0x2210 [ 463.755848][T10616] ? __pfx_rtnl_newlink+0x10/0x10 [ 463.760882][T10616] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 463.766866][T10616] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 463.773195][T10616] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 463.779088][T10616] ? lockdep_hardirqs_on+0x99/0x150 [ 463.784291][T10616] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 463.790186][T10616] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 463.796523][T10616] ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70 [ 463.803122][T10616] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 463.810062][T10616] ? rcu_is_watching+0x15/0xb0 [ 463.814828][T10616] ? rcu_read_unlock_special+0x497/0x570 [ 463.820463][T10616] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 463.826448][T10616] ? __pfx_rtnl_newlink+0x10/0x10 [ 463.831484][T10616] ? __rcu_read_unlock+0xa1/0x110 [ 463.836511][T10616] ? __pfx_rtnl_newlink+0x10/0x10 [ 463.841537][T10616] rtnetlink_rcv_msg+0x791/0xcf0 [ 463.846508][T10616] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 463.851628][T10616] ? rcu_preempt_deferred_qs_irqrestore+0x87b/0xc70 [ 463.858215][T10616] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 463.863692][T10616] netlink_rcv_skb+0x1e3/0x430 [ 463.868459][T10616] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 463.873926][T10616] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 463.879225][T10616] ? __rcu_read_unlock+0xa1/0x110 [ 463.884251][T10616] netlink_unicast+0x7f6/0x990 [ 463.889027][T10616] ? __pfx_netlink_unicast+0x10/0x10 [ 463.894316][T10616] ? security_netlink_send+0x13/0x280 [ 463.899692][T10616] ? __pfx_bpf_lsm_netlink_send+0x10/0x10 [ 463.905416][T10616] netlink_sendmsg+0x8e4/0xcb0 [ 463.910188][T10616] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.915481][T10616] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.920770][T10616] __sock_sendmsg+0x221/0x270 [ 463.925451][T10616] ____sys_sendmsg+0x52a/0x7e0 [ 463.930226][T10616] ? __pfx_____sys_sendmsg+0x10/0x10 [ 463.935512][T10616] ? __fget_files+0x2a/0x410 [ 463.940100][T10616] ? __fget_files+0x2a/0x410 [ 463.944701][T10616] __sys_sendmsg+0x269/0x350 [ 463.949293][T10616] ? __pfx_lock_release+0x10/0x10 [ 463.954315][T10616] ? __pfx___sys_sendmsg+0x10/0x10 [ 463.959433][T10616] ? __pfx_vfs_write+0x10/0x10 [ 463.964216][T10616] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 463.970543][T10616] ? do_syscall_64+0x100/0x230 [ 463.975317][T10616] ? do_syscall_64+0xb6/0x230 [ 463.979998][T10616] do_syscall_64+0xf3/0x230 [ 463.984507][T10616] ? clear_bhb_loop+0x35/0x90 [ 463.989181][T10616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.995077][T10616] RIP: 0033:0x7f893d385d29 [ 463.999496][T10616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.019106][T10616] RSP: 002b:00007f893e205038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 464.027526][T10616] RAX: ffffffffffffffda RBX: 00007f893d575fa0 RCX: 00007f893d385d29 [ 464.035498][T10616] RDX: 0000000000004000 RSI: 0000000020000140 RDI: 0000000000000004 [ 464.043467][T10616] RBP: 00007f893e205090 R08: 0000000000000000 R09: 0000000000000000 [ 464.051440][T10616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 464.059411][T10616] R13: 0000000000000000 R14: 00007f893d575fa0 R15: 00007ffd23304d48 [ 464.067392][T10616] [ 464.110751][T10617] netlink: 248 bytes leftover after parsing attributes in process `syz.3.1306'. [ 464.204509][ T29] kauditd_printk_skb: 19 callbacks suppressed [ 464.204531][ T29] audit: type=1326 audit(1734834325.636:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10618 comm="syz.1.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe42cd85d29 code=0x7ffc0000 [ 464.315717][ T29] audit: type=1326 audit(1734834325.636:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10618 comm="syz.1.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe42cd85d29 code=0x7ffc0000 [ 464.358069][ T29] audit: type=1326 audit(1734834325.686:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10618 comm="syz.1.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fe42cd85d29 code=0x7ffc0000 [ 464.426728][ T29] audit: type=1326 audit(1734834325.686:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10618 comm="syz.1.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe42cd85d29 code=0x7ffc0000 [ 464.488038][ T29] audit: type=1326 audit(1734834325.686:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10618 comm="syz.1.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe42cd85d29 code=0x7ffc0000 [ 464.596939][ T29] audit: type=1326 audit(1734834325.686:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10618 comm="syz.1.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fe42cd85d29 code=0x7ffc0000 [ 464.813248][ T29] audit: type=1326 audit(1734834325.686:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10618 comm="syz.1.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe42cd85d29 code=0x7ffc0000 [ 465.315004][ T29] audit: type=1326 audit(1734834325.686:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10618 comm="syz.1.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7fe42cd85d29 code=0x7ffc0000 [ 465.417359][ T29] audit: type=1326 audit(1734834325.686:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10618 comm="syz.1.1316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe42cd85d29 code=0x7ffc0000 [ 465.424020][ T5865] usb 4-1: USB disconnect, device number 37 [ 465.919945][ T5899] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 466.090500][ T5899] usb 1-1: Using ep0 maxpacket: 8 [ 466.104238][ T5899] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 466.120269][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.149860][ T5899] usb 1-1: Product: syz [ 466.155332][T10655] Malformed UNC in devname [ 466.155332][T10655] [ 466.159796][ T5899] usb 1-1: Manufacturer: syz [ 466.169853][ T5899] usb 1-1: SerialNumber: syz [ 466.186093][ T5899] usb 1-1: config 0 descriptor?? [ 466.186418][T10655] CIFS: VFS: Malformed UNC in devname [ 466.206783][ T5899] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 466.219722][ T5899] usb 1-1: setting power ON [ 466.414666][ T5899] dvb-usb: bulk message failed: -22 (2/0) [ 466.423956][T10638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 466.433276][T10638] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 466.442142][ T5899] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 466.452623][ T5899] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 466.461198][ T5899] usb 1-1: media controller created [ 466.480000][ T5899] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 466.558896][T10638] input: syz0 as /devices/virtual/input/input35 [ 467.199420][T10638] netlink: 'syz.0.1323': attribute type 1 has an invalid length. [ 467.227116][T10638] netlink: 83992 bytes leftover after parsing attributes in process `syz.0.1323'. [ 467.275705][ T5899] usb 1-1: selecting invalid altsetting 6 [ 467.284132][ T5899] usb 1-1: digital interface selection failed (-22) [ 467.293204][ T5899] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 467.302873][ T5899] usb 1-1: setting power OFF [ 467.307827][ T5899] dvb-usb: bulk message failed: -22 (2/0) [ 467.314443][ T5899] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 467.324054][ T5899] (NULL device *): no alternate interface [ 467.348794][ T5899] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 468.041304][ T25] usb 1-1: USB disconnect, device number 42 [ 468.394116][T10691] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 468.760659][T10695] FAULT_INJECTION: forcing a failure. [ 468.760659][T10695] name failslab, interval 1, probability 0, space 0, times 0 [ 468.773670][T10695] CPU: 1 UID: 0 PID: 10695 Comm: syz.1.1340 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 468.784478][T10695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 468.794540][T10695] Call Trace: [ 468.797823][T10695] [ 468.800752][T10695] dump_stack_lvl+0x241/0x360 [ 468.805527][T10695] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.810730][T10695] ? __pfx__printk+0x10/0x10 [ 468.815324][T10695] ? __pfx_lock_acquire+0x10/0x10 [ 468.820348][T10695] ? nf_ct_pernet+0x45/0x270 [ 468.824941][T10695] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 468.830927][T10695] should_fail_ex+0x3b0/0x4e0 [ 468.835607][T10695] should_failslab+0xac/0x100 [ 468.840291][T10695] ? __nf_conntrack_alloc+0x8f/0x380 [ 468.845581][T10695] kmem_cache_alloc_noprof+0x70/0x380 [ 468.850961][T10695] __nf_conntrack_alloc+0x8f/0x380 [ 468.856079][T10695] init_conntrack+0x3c3/0x1310 [ 468.860849][T10695] ? __pfx_init_conntrack+0x10/0x10 [ 468.866059][T10695] nf_conntrack_in+0xd5c/0x1890 [ 468.870930][T10695] ? __pfx_nf_conntrack_in+0x10/0x10 [ 468.876218][T10695] ? ipt_do_table+0x312/0x1860 [ 468.880984][T10695] ? __pfx_ipt_do_table+0x10/0x10 [ 468.886020][T10695] ? ipv4_conntrack_defrag+0x2a2/0x5a0 [ 468.891495][T10695] ? ipv4_conntrack_local+0x120/0x200 [ 468.896871][T10695] ? __pfx_ipv4_conntrack_local+0x10/0x10 [ 468.902593][T10695] nf_hook_slow+0xc3/0x220 [ 468.907011][T10695] ? __pfx_dst_output+0x10/0x10 [ 468.911865][T10695] nf_hook+0x2c4/0x450 [ 468.915938][T10695] ? nf_hook+0x9e/0x450 [ 468.920097][T10695] ? __pfx_nf_hook+0x10/0x10 [ 468.924694][T10695] ? __pfx_dst_output+0x10/0x10 [ 468.929545][T10695] ? ip_setup_cork+0x4e0/0x9c0 [ 468.934310][T10695] ? ip_fast_csum+0x1f4/0x2b0 [ 468.938994][T10695] __ip_local_out+0x3d9/0x4e0 [ 468.943675][T10695] ? __pfx_dst_output+0x10/0x10 [ 468.948535][T10695] ip_send_skb+0x4a/0x100 [ 468.952870][T10695] udp_send_skb+0xab6/0x1630 [ 468.957470][T10695] udp_sendmsg+0x1c09/0x2a50 [ 468.962131][T10695] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 468.967680][T10695] ? __pfx_udp_sendmsg+0x10/0x10 [ 468.972619][T10695] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 468.978604][T10695] ? smack_socket_sendmsg+0x178/0x540 [ 468.983983][T10695] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 468.989706][T10695] ? tomoyo_socket_sendmsg_permission+0x288/0x420 [ 468.996137][T10695] ? inet_sendmsg+0x2ba/0x390 [ 469.000816][T10695] __sock_sendmsg+0x1a6/0x270 [ 469.005501][T10695] ____sys_sendmsg+0x52a/0x7e0 [ 469.010272][T10695] ? __pfx_____sys_sendmsg+0x10/0x10 [ 469.015556][T10695] ? __fget_files+0x2a/0x410 [ 469.020150][T10695] ? __fget_files+0x2a/0x410 [ 469.024744][T10695] __sys_sendmmsg+0x36a/0x720 [ 469.029430][T10695] ? __pfx___sys_sendmmsg+0x10/0x10 [ 469.034652][T10695] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 469.040639][T10695] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 469.046979][T10695] ? do_raw_spin_unlock+0x13c/0x8b0 [ 469.052184][T10695] ? finish_task_switch+0x1e5/0x870 [ 469.057383][T10695] ? lockdep_hardirqs_on+0x99/0x150 [ 469.062586][T10695] ? finish_task_switch+0x1e5/0x870 [ 469.067792][T10695] ? __schedule+0x1803/0x4be0 [ 469.072473][T10695] ? __mutex_unlock_slowpath+0x21e/0x790 [ 469.078127][T10695] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 469.084115][T10695] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 469.090443][T10695] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 469.096770][T10695] __x64_sys_sendmmsg+0xa0/0xb0 [ 469.101627][T10695] do_syscall_64+0xf3/0x230 [ 469.106134][T10695] ? clear_bhb_loop+0x35/0x90 [ 469.110807][T10695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.116702][T10695] RIP: 0033:0x7fe42cd85d29 [ 469.121119][T10695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.140727][T10695] RSP: 002b:00007fe42dc5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 469.149146][T10695] RAX: ffffffffffffffda RBX: 00007fe42cf76080 RCX: 00007fe42cd85d29 [ 469.157119][T10695] RDX: 000000000800001d RSI: 0000000020007fc0 RDI: 0000000000000005 [ 469.165089][T10695] RBP: 00007fe42dc5c090 R08: 0000000000000000 R09: 0000000000000000 [ 469.173063][T10695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 469.181034][T10695] R13: 0000000000000000 R14: 00007fe42cf76080 R15: 00007ffe96116988 [ 469.189024][T10695] [ 469.378168][ T5133] block nbd3: Receive control failed (result -32) [ 469.397529][T10690] block nbd3: shutting down sockets [ 470.185409][T10711] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1346'. [ 471.280017][ T5868] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 471.736505][T10731] netlink: 1280 bytes leftover after parsing attributes in process `syz.4.1351'. [ 472.551722][ T5899] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 472.650660][ T5868] usb 2-1: Using ep0 maxpacket: 8 [ 472.659251][ T5868] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 472.672639][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.680900][ T5868] usb 2-1: Product: syz [ 472.685109][ T5868] usb 2-1: Manufacturer: syz [ 472.689980][ T5868] usb 2-1: SerialNumber: syz [ 472.792500][ T5868] usb 2-1: config 0 descriptor?? [ 472.800422][ T5868] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 472.808484][ T5868] usb 2-1: setting power ON [ 472.820804][ T5899] usb 4-1: unable to get BOS descriptor or descriptor too short [ 472.841270][ T5899] usb 4-1: config 13 has an invalid interface number: 50 but max is 3 [ 472.878755][ T5899] usb 4-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config [ 472.909246][ T5868] dvb-usb: bulk message failed: -22 (2/0) [ 472.916717][ T5868] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 472.926936][ T5868] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 472.935745][ T5868] usb 2-1: media controller created [ 472.945307][ T5899] usb 4-1: config 13 has 1 interface, different from the descriptor's value: 4 [ 472.952847][ T5868] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 472.964773][ T5899] usb 4-1: config 13 has no interface number 0 [ 472.969449][ T5868] usb 2-1: selecting invalid altsetting 6 [ 472.976853][ T5868] usb 2-1: digital interface selection failed (-22) [ 472.983603][ T5868] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 472.987976][ T5899] usb 4-1: config 13 interface 50 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 9 [ 473.014116][ T5899] usb 4-1: config 13 interface 50 has no altsetting 0 [ 473.022925][ T5868] usb 2-1: setting power OFF [ 473.027574][ T5868] dvb-usb: bulk message failed: -22 (2/0) [ 473.033518][ T5899] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=a9.e8 [ 473.033551][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.033574][ T5899] usb 4-1: Product: syz [ 473.033590][ T5899] usb 4-1: Manufacturer: syz [ 473.033606][ T5899] usb 4-1: SerialNumber: syz [ 473.065076][ T5868] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 473.074696][ T5868] (NULL device *): no alternate interface [ 473.076700][T10729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 473.103097][T10729] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 473.241270][ T5868] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 473.266755][T10729] input: syz0 as /devices/virtual/input/input37 [ 473.872053][T10729] netlink: 'syz.1.1350': attribute type 1 has an invalid length. [ 473.888448][T10729] netlink: 83992 bytes leftover after parsing attributes in process `syz.1.1350'. [ 473.915098][ T5899] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 473.927259][ T5899] usb 4-1: USB disconnect, device number 38 [ 474.388799][T10771] syz.4.1359: attempt to access beyond end of device [ 474.388799][T10771] loop4: rw=0, sector=2, nr_sectors = 1 limit=0 [ 474.402281][T10771] hfs: can't find a HFS filesystem on dev loop4 [ 474.630261][ T5868] usb 2-1: USB disconnect, device number 52 [ 474.662005][T10778] netlink: 'syz.3.1361': attribute type 1 has an invalid length. [ 478.319328][T10818] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1373'. [ 478.328570][T10818] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1373'. [ 478.813117][T10839] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1379'. [ 479.417437][ T5865] libceph: connect (1)[c::]:6789 error -101 [ 479.425563][ T5865] libceph: mon0 (1)[c::]:6789 connect error [ 479.551879][T10853] Process accounting resumed [ 479.738062][T10842] ceph: No mds server is up or the cluster is laggy [ 480.096352][ T5865] libceph: connect (1)[c::]:6789 error -101 [ 480.102594][ T5865] libceph: mon0 (1)[c::]:6789 connect error [ 480.620226][T10864] syz.4.1383 (10864): drop_caches: 2 [ 480.628742][T10864] syz.4.1383 (10864): drop_caches: 2 [ 481.404145][T10869] pim6reg: entered allmulticast mode [ 481.426053][T10869] pim6reg: left allmulticast mode [ 481.538404][T10873] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1387'. [ 481.551611][T10873] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1387'. [ 483.326080][T10895] ALSA: mixer_oss: invalid OSS volume '00000000000000000000' [ 483.338546][T10895] ALSA: mixer_oss: invalid OSS volume 'OGAINWÁ”1õ›' [ 483.449929][ T5868] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 483.609881][ T5868] usb 5-1: Using ep0 maxpacket: 16 [ 483.619398][ T5868] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 483.640588][ T5868] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 483.657877][ T5868] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 483.669265][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.701196][ T5868] usb 5-1: config 0 descriptor?? [ 485.142319][ T5868] letsketch 0003:6161:4D15.000A: Device info: à š [ 486.689819][ T5899] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 486.736911][ T5868] usb 5-1: Max retries (5) exceeded reading string descriptor 201 [ 486.745218][ T5868] letsketch 0003:6161:4D15.000A: probe with driver letsketch failed with error -71 [ 486.769486][ T5868] usb 5-1: USB disconnect, device number 49 [ 486.890026][T10926] FAULT_INJECTION: forcing a failure. [ 486.890026][T10926] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 486.910719][T10926] CPU: 0 UID: 0 PID: 10926 Comm: syz.0.1402 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 486.921551][T10926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 486.931639][T10926] Call Trace: [ 486.934937][T10926] [ 486.937864][T10926] dump_stack_lvl+0x241/0x360 [ 486.942580][T10926] ? __pfx_dump_stack_lvl+0x10/0x10 [ 486.947824][T10926] ? __pfx__printk+0x10/0x10 [ 486.952427][T10926] ? __pfx_lock_release+0x10/0x10 [ 486.957471][T10926] should_fail_ex+0x3b0/0x4e0 [ 486.962153][T10926] _copy_from_user+0x2f/0xc0 [ 486.966749][T10926] do_ipv6_setsockopt+0x2f5/0x3640 [ 486.971869][T10926] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 486.977413][T10926] ? __pfx_validate_chain+0x10/0x10 [ 486.982630][T10926] ? __pfx_lock_acquire+0x10/0x10 [ 486.987793][T10926] ? get_pid_task+0x23/0x1f0 [ 486.992410][T10926] ? __pfx_lock_release+0x10/0x10 [ 486.997453][T10926] ? kstrtouint_from_user+0x128/0x190 [ 487.002844][T10926] ? mark_lock+0x9a/0x360 [ 487.007180][T10926] ? __lock_acquire+0x1397/0x2100 [ 487.012218][T10926] ipv6_setsockopt+0x5d/0x170 [ 487.016903][T10926] dccp_setsockopt+0x17c/0x12c0 [ 487.021761][T10926] ? __pfx_dccp_setsockopt+0x10/0x10 [ 487.027049][T10926] ? __pfx_lock_acquire+0x10/0x10 [ 487.032073][T10926] ? sock_common_setsockopt+0x37/0xc0 [ 487.037572][T10926] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 487.043498][T10926] do_sock_setsockopt+0x3af/0x720 [ 487.048549][T10926] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 487.054101][T10926] ? __fget_files+0x395/0x410 [ 487.058781][T10926] ? __fget_files+0x2a/0x410 [ 487.063373][T10926] __x64_sys_setsockopt+0x1ee/0x280 [ 487.068582][T10926] do_syscall_64+0xf3/0x230 [ 487.073090][T10926] ? clear_bhb_loop+0x35/0x90 [ 487.077768][T10926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.083666][T10926] RIP: 0033:0x7fdeb7985d29 [ 487.088083][T10926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.107700][T10926] RSP: 002b:00007fdeb87cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 487.116118][T10926] RAX: ffffffffffffffda RBX: 00007fdeb7b75fa0 RCX: 00007fdeb7985d29 [ 487.124090][T10926] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 000000000000000e [ 487.132065][T10926] RBP: 00007fdeb87cb090 R08: 0000000000000450 R09: 0000000000000000 [ 487.140034][T10926] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 487.148002][T10926] R13: 0000000000000000 R14: 00007fdeb7b75fa0 R15: 00007ffefb73ddb8 [ 487.155983][T10926] [ 487.165389][T10937] xt_recent: Unsupported userspace flags (00000042) [ 487.220106][T10939] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1404'. [ 487.220579][T10926] usb usb7: usbfs: process 10926 (syz.0.1402) did not claim interface 0 before use [ 487.248718][ T5899] usb 3-1: unable to get BOS descriptor or descriptor too short [ 487.257098][T10943] usb usb7: usbfs: process 10943 (syz.4.1405) did not claim interface 0 before use [ 487.257725][ T5899] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 487.279649][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 487.318545][ T5899] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 487.338643][ T5899] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 487.380331][ T5899] usb 3-1: string descriptor 0 read error: -71 [ 487.386841][ T5899] usb 3-1: New USB device found, idVendor=04e6, idProduct=5591, bcdDevice=94.39 [ 487.427774][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.458470][ T5899] usb 3-1: config 0 descriptor?? [ 487.470148][ T5899] usb 3-1: can't set config #0, error -71 [ 487.659802][ T5899] usb 3-1: USB disconnect, device number 75 [ 488.868479][T10951] Process accounting resumed [ 488.932279][T10973] netlink: 'syz.2.1412': attribute type 1 has an invalid length. [ 492.865801][T11012] netlink: 'syz.3.1423': attribute type 4 has an invalid length. [ 493.910553][T11026] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1426'. [ 493.971759][T11031] fuse: Unknown parameter 'rlotmode' [ 494.011386][T11031] vlan2: entered promiscuous mode [ 494.016484][T11031] bridge0: entered promiscuous mode [ 494.060368][T11031] vlan2: entered allmulticast mode [ 494.075945][T11031] bridge0: entered allmulticast mode [ 494.117375][T11031] bridge0: port 4(vlan2) entered blocking state [ 494.138527][T11031] bridge0: port 4(vlan2) entered disabled state [ 494.173156][T11031] bridge0: left allmulticast mode [ 494.178432][T11031] bridge0: left promiscuous mode [ 494.183960][ T5900] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 494.908202][T11035] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 494.917276][T11035] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 494.925771][T11035] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 494.934103][T11035] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 495.051352][ T5900] usb 1-1: Using ep0 maxpacket: 32 [ 495.058147][ T5900] usb 1-1: config 2 has an invalid interface number: 126 but max is 0 [ 495.066489][ T5900] usb 1-1: config 2 has no interface number 0 [ 495.073096][ T5900] usb 1-1: config 2 interface 126 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 495.083516][ T5900] usb 1-1: config 2 interface 126 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 495.098655][ T5900] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=ea.37 [ 495.119018][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.127843][ T5900] usb 1-1: Product: syz [ 495.138566][ T5900] usb 1-1: Manufacturer: syz [ 495.147890][ T5900] usb 1-1: SerialNumber: syz [ 495.221680][T11041] FAULT_INJECTION: forcing a failure. [ 495.221680][T11041] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 495.239208][T11028] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 495.261216][T11028] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 495.271386][T11041] CPU: 0 UID: 0 PID: 11041 Comm: syz.3.1431 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 495.282190][T11041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 495.292268][T11041] Call Trace: [ 495.295563][T11041] [ 495.298505][T11041] dump_stack_lvl+0x241/0x360 [ 495.303212][T11041] ? __pfx_dump_stack_lvl+0x10/0x10 [ 495.308432][T11041] ? __pfx__printk+0x10/0x10 [ 495.313045][T11041] ? snprintf+0xda/0x120 [ 495.317311][T11041] should_fail_ex+0x3b0/0x4e0 [ 495.322013][T11041] _copy_to_user+0x31/0xb0 [ 495.326462][T11041] simple_read_from_buffer+0xca/0x150 [ 495.331869][T11041] proc_fail_nth_read+0x1e9/0x250 [ 495.336924][T11041] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 495.342498][T11041] ? rw_verify_area+0x568/0x6f0 [ 495.347373][T11041] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 495.352943][T11041] vfs_read+0x1fc/0xb70 [ 495.357123][T11041] ? __pfx___mutex_lock+0x10/0x10 [ 495.362173][T11041] ? __pfx_vfs_read+0x10/0x10 [ 495.366873][T11041] ? __fget_files+0x2a/0x410 [ 495.371480][T11041] ? __fget_files+0x395/0x410 [ 495.376167][T11041] ? __fget_files+0x2a/0x410 [ 495.380786][T11041] ksys_read+0x18f/0x2b0 [ 495.385055][T11041] ? __pfx_ksys_read+0x10/0x10 [ 495.389838][T11041] ? trace_sys_enter+0x74/0x120 [ 495.394709][T11041] ? rcu_is_watching+0x15/0xb0 [ 495.399492][T11041] ? trace_sys_enter+0x25/0x120 [ 495.404376][T11041] do_syscall_64+0xf3/0x230 [ 495.408903][T11041] ? clear_bhb_loop+0x35/0x90 [ 495.413608][T11041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.419534][T11041] RIP: 0033:0x7f19a398473c [ 495.423975][T11041] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 495.443617][T11041] RSP: 002b:00007f19a481b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 495.452068][T11041] RAX: ffffffffffffffda RBX: 00007f19a3b75fa0 RCX: 00007f19a398473c [ 495.460068][T11041] RDX: 000000000000000f RSI: 00007f19a481b0a0 RDI: 0000000000000006 [ 495.468061][T11041] RBP: 00007f19a481b090 R08: 0000000000000000 R09: 0000000000000000 [ 495.476063][T11041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 495.482787][T11043] ALSA: mixer_oss: invalid OSS volume '00000000000000000000' [ 495.484037][T11041] R13: 0000000000000000 R14: 00007f19a3b75fa0 R15: 00007fffa6047008 [ 495.491558][T11043] ALSA: mixer_oss: invalid OSS volume 'OGAINWÁ”1õ›' [ 495.499378][T11041] [ 495.518600][ T5900] kvaser_usb 1-1:2.126: error -ENODEV: Cannot get usb endpoint(s) [ 495.716565][ T5900] usb 1-1: USB disconnect, device number 43 [ 496.360090][ T974] usb 2-1: new full-speed USB device number 53 using dummy_hcd [ 496.511788][ T974] usb 2-1: device descriptor read/64, error -71 [ 496.611634][T10980] syz.4.1414 (10980): drop_caches: 1 [ 496.773562][ T974] usb 2-1: new full-speed USB device number 54 using dummy_hcd [ 496.786009][T11058] netlink: 'syz.2.1436': attribute type 4 has an invalid length. [ 496.829268][T11064] tmpfs: Bad value for 'mpol' [ 497.819804][ T974] usb 2-1: device descriptor read/64, error -71 [ 497.940060][ T974] usb usb2-port1: attempt power cycle [ 498.090006][ T8] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 499.081655][T11084] ALSA: mixer_oss: invalid OSS volume '00000000000000000000' [ 499.090928][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 499.125543][T11084] ALSA: mixer_oss: invalid OSS volume 'OGAINWÁ”1õ›' [ 499.209952][ T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 499.220405][ T8] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 499.755249][ T8] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 499.769358][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 499.777711][ T8] usb 5-1: SerialNumber: syz [ 499.787267][ T8] usb 5-1: bad CDC descriptors [ 500.051143][ T974] usb 5-1: USB disconnect, device number 50 [ 500.184398][T11099] netlink: 'syz.1.1450': attribute type 4 has an invalid length. [ 500.606612][ T29] audit: type=1326 audit(1734834362.046:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11116 comm="syz.2.1454" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0e5b385d29 code=0x0 [ 501.796007][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.869326][T11150] ALSA: mixer_oss: invalid OSS volume '00000000000000000000' [ 502.902569][T11150] ALSA: mixer_oss: invalid OSS volume 'OGAINWÁ”1õ›' [ 502.919096][T11152] netlink: 'syz.3.1463': attribute type 4 has an invalid length. [ 503.796633][T11168] tipc: Failed to obtain node identity [ 503.802290][T11168] tipc: Enabling of bearer rejected, failed to enable media [ 504.560407][T11172] FAULT_INJECTION: forcing a failure. [ 504.560407][T11172] name failslab, interval 1, probability 0, space 0, times 0 [ 504.560443][T11172] CPU: 1 UID: 0 PID: 11172 Comm: syz.2.1469 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 504.560468][T11172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 504.560480][T11172] Call Trace: [ 504.560487][T11172] [ 504.560495][T11172] dump_stack_lvl+0x241/0x360 [ 504.560520][T11172] ? __pfx_dump_stack_lvl+0x10/0x10 [ 504.560543][T11172] ? __pfx__printk+0x10/0x10 [ 504.560566][T11172] ? __kmalloc_cache_noprof+0x48/0x390 [ 504.560588][T11172] ? __pfx___might_resched+0x10/0x10 [ 504.560620][T11172] should_fail_ex+0x3b0/0x4e0 [ 504.560646][T11172] should_failslab+0xac/0x100 [ 504.560674][T11172] __kmalloc_cache_noprof+0x70/0x390 [ 504.560700][T11172] ? con_set_unimap+0x434/0xdc0 [ 504.560726][T11172] con_set_unimap+0x434/0xdc0 [ 504.560762][T11172] vt_ioctl+0x13f5/0x2090 [ 504.560787][T11172] ? vt_ioctl+0x91/0x2090 [ 504.560812][T11172] ? __pfx_vt_ioctl+0x10/0x10 [ 504.560833][T11172] ? __asan_memset+0x23/0x50 [ 504.560854][T11172] ? smack_file_ioctl+0x29e/0x3a0 [ 504.560873][T11172] ? __pfx_smack_file_ioctl+0x10/0x10 [ 504.560897][T11172] ? tty_jobctrl_ioctl+0x36e/0xba0 [ 504.560920][T11172] ? __fget_files+0x2a/0x410 [ 504.560941][T11172] tty_ioctl+0x90f/0xdc0 [ 504.560967][T11172] ? __pfx_tty_ioctl+0x10/0x10 [ 504.560993][T11172] __se_sys_ioctl+0xf5/0x170 [ 504.561017][T11172] do_syscall_64+0xf3/0x230 [ 504.561047][T11172] ? clear_bhb_loop+0x35/0x90 [ 504.561069][T11172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.561094][T11172] RIP: 0033:0x7f0e5b385d29 [ 504.561112][T11172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 504.561128][T11172] RSP: 002b:00007f0e5c1f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 504.561152][T11172] RAX: ffffffffffffffda RBX: 00007f0e5b575fa0 RCX: 00007f0e5b385d29 [ 504.561168][T11172] RDX: 0000000020000000 RSI: 0000000000004b67 RDI: 0000000000000004 [ 504.561182][T11172] RBP: 00007f0e5c1f4090 R08: 0000000000000000 R09: 0000000000000000 [ 504.561195][T11172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 504.561209][T11172] R13: 0000000000000000 R14: 00007f0e5b575fa0 R15: 00007ffc040f0818 [ 504.561239][T11172] [ 504.980438][ T25] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 505.130402][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 505.151174][ T25] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 505.159318][ T25] usb 2-1: config 0 has no interface number 0 [ 505.179846][ T25] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 505.199100][ T25] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 505.209151][ T25] usb 2-1: config 0 interface 41 has no altsetting 0 [ 505.262353][ T25] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 505.271820][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.280005][ T25] usb 2-1: Product: syz [ 505.284202][ T25] usb 2-1: Manufacturer: syz [ 505.288939][ T25] usb 2-1: SerialNumber: syz [ 505.296183][ T25] usb 2-1: config 0 descriptor?? [ 505.304766][T11168] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 505.312702][T11168] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 505.462152][T11188] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1473'. [ 505.484179][T11186] netlink: 'syz.4.1475': attribute type 4 has an invalid length. [ 505.575075][T11169] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 505.589661][T11169] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 506.470350][T11201] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1477'. [ 506.618620][ T25] CoreChips 2-1:0.41: probe with driver CoreChips failed with error -71 [ 506.654709][ T25] usb 2-1: USB disconnect, device number 56 [ 507.715966][T11211] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 507.730256][T11211] Error validating options; rc = [-22] [ 508.760176][ T974] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 508.943244][ T974] usb 5-1: Using ep0 maxpacket: 16 [ 508.959289][ T29] audit: type=1326 audit(1734834370.396:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11216 comm="syz.0.1483" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdeb7985d29 code=0x0 [ 509.022722][ T974] usb 5-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 509.046765][ T974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.079717][ T974] usb 5-1: Product: syz [ 509.120194][ T974] usb 5-1: Manufacturer: syz [ 509.140401][ T974] usb 5-1: SerialNumber: syz [ 509.266216][ T974] usb 5-1: config 0 descriptor?? [ 509.410511][ T974] ums-onetouch 5-1:0.0: USB Mass Storage device detected [ 509.731826][T11234] FAULT_INJECTION: forcing a failure. [ 509.731826][T11234] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 509.769777][T11234] CPU: 0 UID: 0 PID: 11234 Comm: syz.1.1487 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 509.780608][T11234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 509.790692][T11234] Call Trace: [ 509.793986][T11234] [ 509.796936][T11234] dump_stack_lvl+0x241/0x360 [ 509.801650][T11234] ? __pfx_dump_stack_lvl+0x10/0x10 [ 509.806878][T11234] ? __pfx__printk+0x10/0x10 [ 509.811501][T11234] should_fail_ex+0x3b0/0x4e0 [ 509.816210][T11234] _copy_to_user+0x31/0xb0 [ 509.820664][T11234] bpf_verifier_vlog+0x46d/0x860 [ 509.825645][T11234] __btf_verifier_log+0xd5/0x120 [ 509.830617][T11234] ? bpf_verifier_vlog+0x47a/0x860 [ 509.835754][T11234] ? __pfx___btf_verifier_log+0x10/0x10 [ 509.841356][T11234] ? btf_parse_hdr+0x1e3/0x710 [ 509.846145][T11234] btf_parse_hdr+0x2ce/0x710 [ 509.850757][T11234] btf_new_fd+0x391/0xd30 [ 509.855211][T11234] ? __pfx_btf_new_fd+0x10/0x10 [ 509.860085][T11234] ? bpf_btf_load+0xcf/0x1a0 [ 509.864696][T11234] __sys_bpf+0x6ef/0x810 [ 509.868965][T11234] ? __pfx___sys_bpf+0x10/0x10 [ 509.873775][T11234] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 509.879786][T11234] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 509.886146][T11234] ? do_syscall_64+0x100/0x230 [ 509.890958][T11234] __x64_sys_bpf+0x7c/0x90 [ 509.895426][T11234] do_syscall_64+0xf3/0x230 [ 509.899949][T11234] ? clear_bhb_loop+0x35/0x90 [ 509.904631][T11234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.910530][T11234] RIP: 0033:0x7fe42cd85d29 [ 509.914945][T11234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 509.934563][T11234] RSP: 002b:00007fe42dc7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 509.942982][T11234] RAX: ffffffffffffffda RBX: 00007fe42cf75fa0 RCX: 00007fe42cd85d29 [ 509.950976][T11234] RDX: 0000000000000028 RSI: 0000000020000100 RDI: 0000000000000012 [ 509.958945][T11234] RBP: 00007fe42dc7d090 R08: 0000000000000000 R09: 0000000000000000 [ 509.966917][T11234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 509.974894][T11234] R13: 0000000000000000 R14: 00007fe42cf75fa0 R15: 00007ffe96116988 [ 509.982880][T11234] [ 510.039829][ T974] usb 5-1: USB disconnect, device number 51 [ 510.171670][T11242] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1488'. [ 511.405310][T11252] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1489'. [ 512.286135][T11268] FAULT_INJECTION: forcing a failure. [ 512.286135][T11268] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 512.342097][T11268] CPU: 1 UID: 0 PID: 11268 Comm: syz.3.1494 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 512.352930][T11268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 512.363015][T11268] Call Trace: [ 512.366307][T11268] [ 512.369256][T11268] dump_stack_lvl+0x241/0x360 [ 512.373973][T11268] ? __pfx_dump_stack_lvl+0x10/0x10 [ 512.379193][T11268] ? __pfx__printk+0x10/0x10 [ 512.383821][T11268] ? snprintf+0xda/0x120 [ 512.388087][T11268] should_fail_ex+0x3b0/0x4e0 [ 512.392788][T11268] _copy_to_user+0x31/0xb0 [ 512.397232][T11268] simple_read_from_buffer+0xca/0x150 [ 512.402647][T11268] proc_fail_nth_read+0x1e9/0x250 [ 512.407721][T11268] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 512.413299][T11268] ? rw_verify_area+0x568/0x6f0 [ 512.418172][T11268] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 512.423757][T11268] vfs_read+0x1fc/0xb70 [ 512.427952][T11268] ? __pfx___mutex_lock+0x10/0x10 [ 512.433010][T11268] ? __pfx_vfs_read+0x10/0x10 [ 512.437723][T11268] ? __fget_files+0x2a/0x410 [ 512.442335][T11268] ? __fget_files+0x395/0x410 [ 512.447032][T11268] ? __fget_files+0x2a/0x410 [ 512.451650][T11268] ksys_read+0x18f/0x2b0 [ 512.455918][T11268] ? __pfx_ksys_read+0x10/0x10 [ 512.460712][T11268] ? do_syscall_64+0x100/0x230 [ 512.465508][T11268] ? do_syscall_64+0xb6/0x230 [ 512.470217][T11268] do_syscall_64+0xf3/0x230 [ 512.474747][T11268] ? clear_bhb_loop+0x35/0x90 [ 512.479440][T11268] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.485353][T11268] RIP: 0033:0x7f19a398473c [ 512.489788][T11268] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 512.509420][T11268] RSP: 002b:00007f19a47fa030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 512.517866][T11268] RAX: ffffffffffffffda RBX: 00007f19a3b76080 RCX: 00007f19a398473c [ 512.525856][T11268] RDX: 000000000000000f RSI: 00007f19a47fa0a0 RDI: 0000000000000004 [ 512.533845][T11268] RBP: 00007f19a47fa090 R08: 0000000000000000 R09: 0000000000000000 [ 512.541836][T11268] R10: 00000000200021c0 R11: 0000000000000246 R12: 0000000000000001 [ 512.549823][T11268] R13: 0000000000000001 R14: 00007f19a3b76080 R15: 00007fffa6047008 [ 512.557825][T11268] [ 515.877616][T11302] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1501'. [ 517.495704][ T29] audit: type=1326 audit(1734834378.936:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11324 comm="syz.2.1511" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0e5b385d29 code=0x0 [ 517.529125][T11330] FAULT_INJECTION: forcing a failure. [ 517.529125][T11330] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 517.554206][T11330] CPU: 1 UID: 0 PID: 11330 Comm: syz.0.1510 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 517.565046][T11330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 517.575126][T11330] Call Trace: [ 517.578417][T11330] [ 517.581348][T11330] dump_stack_lvl+0x241/0x360 [ 517.586064][T11330] ? __pfx_dump_stack_lvl+0x10/0x10 [ 517.591280][T11330] ? __pfx__printk+0x10/0x10 [ 517.595904][T11330] ? __pfx_lock_release+0x10/0x10 [ 517.600955][T11330] should_fail_ex+0x3b0/0x4e0 [ 517.605644][T11330] _copy_from_user+0x2f/0xc0 [ 517.610258][T11330] video_usercopy+0x378/0x1180 [ 517.615051][T11330] ? __pfx___video_do_ioctl+0x10/0x10 [ 517.620426][T11330] ? __pfx_video_usercopy+0x10/0x10 [ 517.625626][T11330] ? smack_file_ioctl+0x2f7/0x3a0 [ 517.630654][T11330] ? __fget_files+0x2a/0x410 [ 517.635267][T11330] ? __fget_files+0x2a/0x410 [ 517.639867][T11330] v4l2_ioctl+0x189/0x1e0 [ 517.644230][T11330] ? __pfx_v4l2_ioctl+0x10/0x10 [ 517.649101][T11330] __se_sys_ioctl+0xf5/0x170 [ 517.653715][T11330] do_syscall_64+0xf3/0x230 [ 517.658233][T11330] ? clear_bhb_loop+0x35/0x90 [ 517.662912][T11330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.668813][T11330] RIP: 0033:0x7fdeb7985d29 [ 517.673239][T11330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 517.692844][T11330] RSP: 002b:00007fdeb87aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 517.701267][T11330] RAX: ffffffffffffffda RBX: 00007fdeb7b76080 RCX: 00007fdeb7985d29 [ 517.709242][T11330] RDX: 0000000020000140 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 517.717211][T11330] RBP: 00007fdeb87aa090 R08: 0000000000000000 R09: 0000000000000000 [ 517.725182][T11330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 517.733156][T11330] R13: 0000000000000000 R14: 00007fdeb7b76080 R15: 00007ffefb73ddb8 [ 517.741157][T11330] [ 518.643318][T11340] erofs (device erofs): cannot find valid erofs superblock [ 520.071656][T11328] syz.0.1510 (11328) used greatest stack depth: 17648 bytes left [ 520.447583][T11362] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1516'. [ 521.674285][T11377] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[11377] [ 521.931781][T11368] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1519'. [ 523.182249][T11391] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 524.895501][ T29] audit: type=1326 audit(1734834386.336:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11400 comm="syz.3.1527" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f19a3985d29 code=0x0 [ 524.964996][T11408] netlink: 'syz.2.1531': attribute type 4 has an invalid length. [ 525.034861][T11410] fuse: Unknown parameter 'rlotmode' [ 526.546521][T11428] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[11428] [ 527.483769][T11435] FAULT_INJECTION: forcing a failure. [ 527.483769][T11435] name failslab, interval 1, probability 0, space 0, times 0 [ 527.552559][T11437] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 527.561064][T11437] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 527.569338][T11437] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 527.577858][T11437] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 527.579938][T11435] CPU: 0 UID: 0 PID: 11435 Comm: syz.4.1537 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 527.596829][T11435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 527.606921][T11435] Call Trace: [ 527.610228][T11435] [ 527.613190][T11435] dump_stack_lvl+0x241/0x360 [ 527.617909][T11435] ? __pfx_dump_stack_lvl+0x10/0x10 [ 527.623141][T11435] ? __pfx__printk+0x10/0x10 [ 527.627767][T11435] ? fs_reclaim_acquire+0x93/0x130 [ 527.632911][T11435] ? __pfx___might_resched+0x10/0x10 [ 527.638239][T11435] should_fail_ex+0x3b0/0x4e0 [ 527.642951][T11435] should_failslab+0xac/0x100 [ 527.647644][T11435] __kmalloc_noprof+0xdd/0x4c0 [ 527.652413][T11435] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 527.658142][T11435] tomoyo_realpath_from_path+0xcf/0x5e0 [ 527.663705][T11435] tomoyo_mount_permission+0x3bf/0xb80 [ 527.669168][T11435] ? stack_depot_save_flags+0x37/0x940 [ 527.674635][T11435] ? tomoyo_mount_permission+0x298/0xb80 [ 527.680276][T11435] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 527.686289][T11435] ? hook_sb_mount+0x10b/0x420 [ 527.691057][T11435] ? security_sb_mount+0x22/0x2f0 [ 527.696105][T11435] security_sb_mount+0xe0/0x2f0 [ 527.700994][T11435] path_mount+0xb9/0xfa0 [ 527.705266][T11435] ? kmem_cache_free+0x195/0x410 [ 527.710217][T11435] ? user_path_at+0x44/0x60 [ 527.714734][T11435] __se_sys_mount+0x2d6/0x3c0 [ 527.719416][T11435] ? __pfx___se_sys_mount+0x10/0x10 [ 527.724617][T11435] ? do_syscall_64+0x100/0x230 [ 527.729390][T11435] ? __x64_sys_mount+0x20/0xc0 [ 527.734155][T11435] do_syscall_64+0xf3/0x230 [ 527.738664][T11435] ? clear_bhb_loop+0x35/0x90 [ 527.743342][T11435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.749241][T11435] RIP: 0033:0x7f893d385d29 [ 527.753656][T11435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 527.773269][T11435] RSP: 002b:00007f893e205038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 527.781688][T11435] RAX: ffffffffffffffda RBX: 00007f893d575fa0 RCX: 00007f893d385d29 [ 527.789663][T11435] RDX: 0000000020000340 RSI: 0000000020000180 RDI: 0000000000000000 [ 527.797642][T11435] RBP: 00007f893e205090 R08: 0000000020000380 R09: 0000000000000000 [ 527.805613][T11435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 527.813590][T11435] R13: 0000000000000000 R14: 00007f893d575fa0 R15: 00007ffd23304d48 [ 527.821580][T11435] [ 527.837154][T11435] ERROR: Out of memory at tomoyo_realpath_from_path. [ 527.937622][T11445] netlink: 'syz.4.1543': attribute type 4 has an invalid length. [ 529.162031][T11469] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[11469] [ 529.606949][T11452] ALSA: mixer_oss: invalid OSS volume '00000000000000000000' [ 529.615092][T11452] ALSA: mixer_oss: invalid OSS volume 'OGAINWÁ”1õ›' [ 529.809943][ T5900] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 529.982361][ T5900] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 529.999782][ T5900] usb 3-1: config 1 has no interface number 0 [ 530.009089][ T5900] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.059846][ T5900] usb 3-1: too many endpoints for config 1 interface 1 altsetting 177: 105, using maximum allowed: 30 [ 530.081338][ T5900] usb 3-1: config 1 interface 1 altsetting 177 has 0 endpoint descriptors, different from the interface descriptor's value: 105 [ 530.109743][ T5900] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 139 [ 530.139744][ T5900] usb 3-1: config 1 interface 1 has no altsetting 2 [ 530.152376][ T5900] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 530.162241][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.179720][ T5900] usb 3-1: Product: syz [ 530.189739][ T5900] usb 3-1: Manufacturer: syz [ 530.199857][ T5900] usb 3-1: SerialNumber: syz [ 530.219956][ T5868] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 530.381763][ T5868] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.432252][ T5868] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 530.485625][ T5868] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 530.536678][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.601037][ T5868] usb 1-1: config 0 descriptor?? [ 530.763116][T11480] tipc: Started in network mode [ 530.776109][T11480] tipc: Node identity -, cluster identity 4711 [ 530.784771][T11480] FAULT_INJECTION: forcing a failure. [ 530.784771][T11480] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 530.833829][T11480] CPU: 1 UID: 0 PID: 11480 Comm: syz.3.1553 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 530.844669][T11480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 530.854756][T11480] Call Trace: [ 530.858058][T11480] [ 530.861009][T11480] dump_stack_lvl+0x241/0x360 [ 530.865721][T11480] ? __pfx_dump_stack_lvl+0x10/0x10 [ 530.870960][T11480] ? __pfx__printk+0x10/0x10 [ 530.875589][T11480] ? snprintf+0xda/0x120 [ 530.879859][T11480] should_fail_ex+0x3b0/0x4e0 [ 530.884573][T11480] _copy_to_user+0x31/0xb0 [ 530.889033][T11480] simple_read_from_buffer+0xca/0x150 [ 530.894444][T11480] proc_fail_nth_read+0x1e9/0x250 [ 530.899504][T11480] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 530.905117][T11480] ? rw_verify_area+0x568/0x6f0 [ 530.909997][T11480] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 530.915612][T11480] vfs_read+0x1fc/0xb70 [ 530.919804][T11480] ? __pfx___mutex_lock+0x10/0x10 [ 530.924951][T11480] ? __pfx_vfs_read+0x10/0x10 [ 530.929661][T11480] ? __fget_files+0x2a/0x410 [ 530.934278][T11480] ? __fget_files+0x395/0x410 [ 530.938989][T11480] ? __fget_files+0x2a/0x410 [ 530.943624][T11480] ksys_read+0x18f/0x2b0 [ 530.947904][T11480] ? __pfx_ksys_read+0x10/0x10 [ 530.952699][T11480] ? do_syscall_64+0x100/0x230 [ 530.957505][T11480] ? do_syscall_64+0xb6/0x230 [ 530.962222][T11480] do_syscall_64+0xf3/0x230 [ 530.963812][T11472] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 530.966843][T11480] ? clear_bhb_loop+0x35/0x90 [ 530.978649][T11480] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.984580][T11480] RIP: 0033:0x7f19a398473c [ 530.989024][T11480] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 531.008667][T11480] RSP: 002b:00007f19a481b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 531.017134][T11480] RAX: ffffffffffffffda RBX: 00007f19a3b75fa0 RCX: 00007f19a398473c [ 531.025145][T11480] RDX: 000000000000000f RSI: 00007f19a481b0a0 RDI: 0000000000000004 [ 531.033148][T11480] RBP: 00007f19a481b090 R08: 0000000000000000 R09: 0000000000000000 [ 531.041157][T11480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 531.049165][T11480] R13: 0000000000000000 R14: 00007f19a3b75fa0 R15: 00007fffa6047008 [ 531.057192][T11480] [ 531.064958][ T5868] hid-led 0003:0FC5:B080.000B: unknown main item tag 0x0 [ 531.107156][T11484] netlink: 'syz.4.1555': attribute type 4 has an invalid length. [ 531.275857][ T5900] cdc_ncm 3-1:1.1: failed GET_NTB_PARAMETERS [ 531.288582][ T5900] cdc_ncm 3-1:1.1: bind() failure [ 531.525058][T11476] netlink: 'syz.0.1552': attribute type 10 has an invalid length. [ 531.533420][T11476] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1552'. [ 531.545514][T11476] bridge0: port 3(macvlan1) entered blocking state [ 531.552803][T11476] bridge0: port 3(macvlan1) entered disabled state [ 531.560665][T11476] macvlan1: entered allmulticast mode [ 531.566254][T11476] veth1_vlan: entered allmulticast mode [ 532.475538][T11476] macvlan1: entered promiscuous mode [ 532.476506][T11476] bridge0: port 3(macvlan1) entered blocking state [ 532.476617][T11476] bridge0: port 3(macvlan1) entered forwarding state [ 532.504142][T11497] binder: 11485:11497 ioctl c0306201 200002c0 returned -22 [ 532.622997][ T5900] usb 3-1: USB disconnect, device number 76 [ 532.649017][T11500] FAULT_INJECTION: forcing a failure. [ 532.649017][T11500] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 532.680177][T11500] CPU: 0 UID: 0 PID: 11500 Comm: syz.4.1558 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 532.691019][T11500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 532.701115][T11500] Call Trace: [ 532.704415][T11500] [ 532.707364][T11500] dump_stack_lvl+0x241/0x360 [ 532.712083][T11500] ? __pfx_dump_stack_lvl+0x10/0x10 [ 532.717320][T11500] ? __pfx__printk+0x10/0x10 [ 532.721952][T11500] ? __pfx_lock_release+0x10/0x10 [ 532.727018][T11500] should_fail_ex+0x3b0/0x4e0 [ 532.731731][T11500] _copy_from_iter+0x1e9/0x1c20 [ 532.736605][T11500] ? __virt_addr_valid+0x183/0x530 [ 532.741732][T11500] ? __alloc_skb+0x28f/0x440 [ 532.746323][T11500] ? __pfx__copy_from_iter+0x10/0x10 [ 532.751614][T11500] ? __virt_addr_valid+0x183/0x530 [ 532.756727][T11500] ? __virt_addr_valid+0x183/0x530 [ 532.761853][T11500] ? __virt_addr_valid+0x45f/0x530 [ 532.766970][T11500] ? __phys_addr_symbol+0x2f/0x70 [ 532.772088][T11500] ? __check_object_size+0x47a/0x730 [ 532.777385][T11500] netlink_sendmsg+0x73d/0xcb0 [ 532.782172][T11500] ? __pfx_netlink_sendmsg+0x10/0x10 [ 532.787471][T11500] ? __pfx_netlink_sendmsg+0x10/0x10 [ 532.792759][T11500] __sock_sendmsg+0x221/0x270 [ 532.797452][T11500] ____sys_sendmsg+0x52a/0x7e0 [ 532.802228][T11500] ? __pfx_____sys_sendmsg+0x10/0x10 [ 532.807516][T11500] ? __fget_files+0x2a/0x410 [ 532.812113][T11500] ? __fget_files+0x2a/0x410 [ 532.816716][T11500] __sys_sendmsg+0x269/0x350 [ 532.821311][T11500] ? __pfx_lock_release+0x10/0x10 [ 532.826348][T11500] ? __pfx___sys_sendmsg+0x10/0x10 [ 532.831471][T11500] ? __pfx_vfs_write+0x10/0x10 [ 532.836262][T11500] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 532.842596][T11500] ? do_syscall_64+0x100/0x230 [ 532.847370][T11500] ? do_syscall_64+0xb6/0x230 [ 532.852056][T11500] do_syscall_64+0xf3/0x230 [ 532.856565][T11500] ? clear_bhb_loop+0x35/0x90 [ 532.861247][T11500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.867178][T11500] RIP: 0033:0x7f893d385d29 [ 532.871599][T11500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 532.891218][T11500] RSP: 002b:00007f893e205038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 532.899644][T11500] RAX: ffffffffffffffda RBX: 00007f893d575fa0 RCX: 00007f893d385d29 [ 532.907630][T11500] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 [ 532.915617][T11500] RBP: 00007f893e205090 R08: 0000000000000000 R09: 0000000000000000 [ 532.923599][T11500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 532.931570][T11500] R13: 0000000000000000 R14: 00007f893d575fa0 R15: 00007ffd23304d48 [ 532.939558][T11500] [ 532.961547][T11476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 532.980196][T11476] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 533.904103][ T5868] usb 4-1: new full-speed USB device number 39 using dummy_hcd [ 533.925268][ T5900] usb 1-1: USB disconnect, device number 44 [ 533.956099][T11519] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[11519] [ 534.079887][ T5868] usb 4-1: device descriptor read/64, error -71 [ 534.200832][T11523] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1563'. [ 534.439881][ T5868] usb 4-1: new full-speed USB device number 40 using dummy_hcd [ 534.581387][ T5868] usb 4-1: device descriptor read/64, error -71 [ 534.690139][ T5868] usb usb4-port1: attempt power cycle [ 534.775388][T11532] vxlan1: entered promiscuous mode [ 534.784809][T11536] netlink: 'syz.1.1567': attribute type 4 has an invalid length. [ 534.798393][T11532] vxlan1: entered allmulticast mode [ 535.029825][ T5868] usb 4-1: new full-speed USB device number 41 using dummy_hcd [ 535.060634][ T5868] usb 4-1: device descriptor read/8, error -71 [ 535.269761][ T29] audit: type=1326 audit(1734834396.576:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.2.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e5b385d29 code=0x7ffc0000 [ 535.291336][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.310344][ T5868] usb 4-1: new full-speed USB device number 42 using dummy_hcd [ 536.392297][ T5868] usb 4-1: device not accepting address 42, error -71 [ 536.439512][ T29] audit: type=1326 audit(1734834396.576:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.2.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=264 compat=0 ip=0x7f0e5b385d29 code=0x7ffc0000 [ 536.539053][ T29] audit: type=1326 audit(1734834396.586:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.2.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e5b385d29 code=0x7ffc0000 [ 536.570850][ T5868] usb usb4-port1: unable to enumerate USB device [ 536.609789][ T29] audit: type=1326 audit(1734834396.586:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.2.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0e5b385d29 code=0x7ffc0000 [ 536.705690][ T29] audit: type=1326 audit(1734834396.586:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.2.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e5b385d29 code=0x7ffc0000 [ 536.762849][ T29] audit: type=1326 audit(1734834396.586:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.2.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f0e5b385d29 code=0x7ffc0000 [ 536.859860][ T29] audit: type=1326 audit(1734834396.586:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.2.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e5b385d29 code=0x7ffc0000 [ 536.929856][ T29] audit: type=1326 audit(1734834396.586:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11540 comm="syz.2.1570" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e5b385d29 code=0x7ffc0000 [ 536.966566][T11558] 9pnet_fd: Insufficient options for proto=fd [ 537.171447][T11567] FAULT_INJECTION: forcing a failure. [ 537.171447][T11567] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 537.244739][T11567] CPU: 0 UID: 0 PID: 11567 Comm: syz.3.1577 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 537.255569][T11567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 537.265662][T11567] Call Trace: [ 537.268973][T11567] [ 537.270097][T11568] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 537.271909][T11567] dump_stack_lvl+0x241/0x360 [ 537.271946][T11567] ? __pfx_dump_stack_lvl+0x10/0x10 [ 537.271969][T11567] ? __pfx__printk+0x10/0x10 [ 537.293222][T11567] ? __pfx_lock_release+0x10/0x10 [ 537.298290][T11567] should_fail_ex+0x3b0/0x4e0 [ 537.303004][T11567] _copy_from_user+0x2f/0xc0 [ 537.307625][T11567] copy_msghdr_from_user+0xae/0x680 [ 537.312859][T11567] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 537.318699][T11567] ? __fget_files+0x2a/0x410 [ 537.323325][T11567] ? __fget_files+0x2a/0x410 [ 537.327944][T11567] __sys_sendmmsg+0x32b/0x720 [ 537.332650][T11567] ? __pfx___sys_sendmmsg+0x10/0x10 [ 537.337888][T11567] ? __pfx_lock_release+0x10/0x10 [ 537.342947][T11567] ? kstrtouint_from_user+0x128/0x190 [ 537.348372][T11567] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 537.354300][T11567] ? ksys_write+0x22a/0x2b0 [ 537.358839][T11567] ? __pfx_lock_release+0x10/0x10 [ 537.363901][T11567] ? vfs_write+0x730/0xd30 [ 537.368349][T11567] ? __mutex_unlock_slowpath+0x21e/0x790 [ 537.374033][T11567] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 537.380051][T11567] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 537.386404][T11567] ? do_syscall_64+0x100/0x230 [ 537.391212][T11567] __x64_sys_sendmmsg+0xa0/0xb0 [ 537.396095][T11567] do_syscall_64+0xf3/0x230 [ 537.400629][T11567] ? clear_bhb_loop+0x35/0x90 [ 537.405327][T11567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.411249][T11567] RIP: 0033:0x7f19a3985d29 [ 537.415683][T11567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 537.435329][T11567] RSP: 002b:00007f19a47d9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 537.443785][T11567] RAX: ffffffffffffffda RBX: 00007f19a3b76160 RCX: 00007f19a3985d29 [ 537.451791][T11567] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000003 [ 537.459795][T11567] RBP: 00007f19a47d9090 R08: 0000000000000000 R09: 0000000000000000 [ 537.467792][T11567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 537.475793][T11567] R13: 0000000000000000 R14: 00007f19a3b76160 R15: 00007fffa6047008 [ 537.483812][T11567] [ 537.793268][T11571] netlink: 'syz.1.1579': attribute type 4 has an invalid length. [ 538.517988][T11580] FAULT_INJECTION: forcing a failure. [ 538.517988][T11580] name failslab, interval 1, probability 0, space 0, times 0 [ 538.531319][T11580] CPU: 0 UID: 0 PID: 11580 Comm: syz.1.1582 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 538.542129][T11580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 538.552224][T11580] Call Trace: [ 538.555526][T11580] [ 538.558479][T11580] dump_stack_lvl+0x241/0x360 [ 538.563199][T11580] ? __pfx_dump_stack_lvl+0x10/0x10 [ 538.568424][T11580] ? __pfx__printk+0x10/0x10 [ 538.573042][T11580] ? fs_reclaim_acquire+0x93/0x130 [ 538.578200][T11580] ? __pfx___might_resched+0x10/0x10 [ 538.583532][T11580] should_fail_ex+0x3b0/0x4e0 [ 538.588243][T11580] should_failslab+0xac/0x100 [ 538.592979][T11580] __kmalloc_noprof+0xdd/0x4c0 [ 538.597771][T11580] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 538.603526][T11580] tomoyo_realpath_from_path+0xcf/0x5e0 [ 538.609122][T11580] tomoyo_mount_permission+0x3bf/0xb80 [ 538.614621][T11580] ? stack_depot_save_flags+0x37/0x940 [ 538.620112][T11580] ? tomoyo_mount_permission+0x298/0xb80 [ 538.625776][T11580] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 538.631832][T11580] ? hook_sb_mount+0x10b/0x420 [ 538.636627][T11580] ? security_sb_mount+0x22/0x2f0 [ 538.641691][T11580] security_sb_mount+0xe0/0x2f0 [ 538.646584][T11580] path_mount+0xb9/0xfa0 [ 538.650864][T11580] ? kmem_cache_free+0x195/0x410 [ 538.655838][T11580] ? user_path_at+0x44/0x60 [ 538.660383][T11580] __se_sys_mount+0x2d6/0x3c0 [ 538.665098][T11580] ? __pfx___se_sys_mount+0x10/0x10 [ 538.670321][T11580] ? do_syscall_64+0x100/0x230 [ 538.675122][T11580] ? __x64_sys_mount+0x20/0xc0 [ 538.679912][T11580] do_syscall_64+0xf3/0x230 [ 538.684446][T11580] ? clear_bhb_loop+0x35/0x90 [ 538.689144][T11580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.695065][T11580] RIP: 0033:0x7fe42cd85d29 [ 538.699510][T11580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 538.719155][T11580] RSP: 002b:00007fe42dc7d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 538.727614][T11580] RAX: ffffffffffffffda RBX: 00007fe42cf75fa0 RCX: 00007fe42cd85d29 [ 538.735625][T11580] RDX: 00000000200000c0 RSI: 00000000200006c0 RDI: 0000000000000000 [ 538.743633][T11580] RBP: 00007fe42dc7d090 R08: 0000000020000000 R09: 0000000000000000 [ 538.751635][T11580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 538.759634][T11580] R13: 0000000000000000 R14: 00007fe42cf75fa0 R15: 00007ffe96116988 [ 538.767670][T11580] [ 538.771305][T11580] ERROR: Out of memory at tomoyo_realpath_from_path. [ 539.479963][ T8] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 539.629413][ T8] usb 2-1: device descriptor read/64, error -71 [ 539.869835][ T8] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 540.010193][ T8] usb 2-1: device descriptor read/64, error -71 [ 540.147357][ T8] usb usb2-port1: attempt power cycle [ 540.327364][T11598] overlayfs: conflicting options: verity=on,redirect_dir=follow [ 540.490151][ T8] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 540.511300][ T8] usb 2-1: device descriptor read/8, error -71 [ 540.749934][ T8] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 540.771897][ T8] usb 2-1: device descriptor read/8, error -71 [ 540.976994][ T8] usb usb2-port1: unable to enumerate USB device [ 541.506920][T11619] netlink: 'syz.2.1592': attribute type 4 has an invalid length. [ 542.501721][T11637] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[11637] [ 543.548019][T11668] netlink: 'syz.3.1606': attribute type 4 has an invalid length. [ 544.020545][ T25] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 544.034799][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 544.170678][ T25] usb 4-1: device descriptor read/64, error -32 [ 544.409899][ T25] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 544.432886][T11676] overlayfs: conflicting options: verity=on,redirect_dir=follow [ 544.637219][ T25] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 544.649277][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.667391][ T25] usb 4-1: config 0 descriptor?? [ 544.685513][ T25] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 544.939862][ T5868] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 544.939880][ T8] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 545.100120][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 545.107288][ T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 545.120579][ T8] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 545.136190][T11700] binder: 11694:11700 unknown command 0 [ 545.141925][T11700] binder: 11694:11700 ioctl c0306201 20000080 returned -22 [ 545.153245][T11700] binder: BINDER_SET_CONTEXT_MGR already set [ 545.159270][T11700] binder: 11694:11700 ioctl 4018620d 20000040 returned -16 [ 545.167245][T11700] binder: 11694:11700 ioctl c0306201 20000940 returned -14 [ 545.237233][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.257415][ T8] usb 1-1: Product: syz [ 545.264405][ T8] usb 1-1: Manufacturer: syz [ 545.269293][ T8] usb 1-1: SerialNumber: syz [ 545.305490][ T8] usb 1-1: config 0 descriptor?? [ 545.325010][T11683] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 545.345949][ T8] hub 1-1:0.0: bad descriptor, ignoring hub [ 545.366174][ T8] hub 1-1:0.0: probe with driver hub failed with error -5 [ 545.399624][ T8] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input39 [ 545.525757][ T25] usb 4-1: USB disconnect, device number 44 [ 545.533255][ T5868] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 545.543550][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 545.560261][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 545.570157][ T5868] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 545.585753][ T5868] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00 [ 545.585786][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.587733][ T5868] usb 2-1: config 0 descriptor?? [ 545.615235][ T5895] usb 1-1: USB disconnect, device number 45 [ 545.615363][ C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 545.959936][ T25] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 545.989589][T11709] netlink: 'syz.4.1618': attribute type 4 has an invalid length. [ 546.030975][ T5868] corsair-psu 0003:1B1C:1C0D.000C: unknown main item tag 0x0 [ 546.038504][ T5868] corsair-psu 0003:1B1C:1C0D.000C: unknown main item tag 0x0 [ 546.049781][T11707] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 546.049781][T11707] The task syz.2.1617 (11707) triggered the difference, watch for misbehavior. [ 546.073649][ T5868] corsair-psu 0003:1B1C:1C0D.000C: unknown main item tag 0x0 [ 546.081383][ T5868] corsair-psu 0003:1B1C:1C0D.000C: unknown main item tag 0x0 [ 546.088844][ T5868] corsair-psu 0003:1B1C:1C0D.000C: unknown main item tag 0x0 [ 546.106095][ T5868] corsair-psu 0003:1B1C:1C0D.000C: hidraw0: USB HID v0.00 Device [HID 1b1c:1c0d] on usb-dummy_hcd.1-1/input0 [ 546.129840][ T25] usb 4-1: Using ep0 maxpacket: 32 [ 546.159144][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 546.170491][ T5868] corsair-psu 0003:1B1C:1C0D.000C: unable to initialize device (-38) [ 546.181603][ T5868] corsair-psu 0003:1B1C:1C0D.000C: probe with driver corsair-psu failed with error -38 [ 546.198288][ T25] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 546.209343][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.228993][ T25] usb 4-1: config 0 descriptor?? [ 546.238489][ T25] hub 4-1:0.0: bad descriptor, ignoring hub [ 546.252228][ T25] hub 4-1:0.0: probe with driver hub failed with error -5 [ 546.268645][ T25] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 546.305764][ T5868] usb 2-1: USB disconnect, device number 61 [ 546.816570][T11719] FAULT_INJECTION: forcing a failure. [ 546.816570][T11719] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 546.924121][T11719] CPU: 0 UID: 0 PID: 11719 Comm: syz.0.1621 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 546.934954][T11719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 546.945036][T11719] Call Trace: [ 546.948342][T11719] [ 546.951290][T11719] dump_stack_lvl+0x241/0x360 [ 546.956040][T11719] ? __pfx_dump_stack_lvl+0x10/0x10 [ 546.961268][T11719] ? __pfx__printk+0x10/0x10 [ 546.965887][T11719] ? __pfx_lock_release+0x10/0x10 [ 546.970941][T11719] should_fail_ex+0x3b0/0x4e0 [ 546.975651][T11719] _copy_from_user+0x2f/0xc0 [ 546.980281][T11719] memdup_user+0x64/0xc0 [ 546.984564][T11719] strndup_user+0x68/0xc0 [ 546.988924][T11719] __se_sys_add_key+0x1b0/0x490 [ 546.993805][T11719] ? __pfx___se_sys_add_key+0x10/0x10 [ 546.999217][T11719] ? do_syscall_64+0x100/0x230 [ 547.004020][T11719] ? __x64_sys_add_key+0x20/0xc0 [ 547.008993][T11719] do_syscall_64+0xf3/0x230 [ 547.013538][T11719] ? clear_bhb_loop+0x35/0x90 [ 547.018249][T11719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.024188][T11719] RIP: 0033:0x7fdeb7985d29 [ 547.028631][T11719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.048274][T11719] RSP: 002b:00007fdeb87cb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 547.056735][T11719] RAX: ffffffffffffffda RBX: 00007fdeb7b75fa0 RCX: 00007fdeb7985d29 [ 547.064735][T11719] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000020000140 [ 547.072735][T11719] RBP: 00007fdeb87cb090 R08: 000000001ec4012e R09: 0000000000000000 [ 547.080740][T11719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 547.088744][T11719] R13: 0000000000000000 R14: 00007fdeb7b75fa0 R15: 00007ffefb73ddb8 [ 547.096764][T11719] [ 547.623887][ T974] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 547.940810][ T974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 8192, setting to 1024 [ 548.067130][ T974] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 1024 [ 548.078203][ T974] usb 2-1: New USB device found, idVendor=0499, idProduct=1035, bcdDevice=56.12 [ 548.088758][ T974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.166048][ T974] usb 2-1: config 0 descriptor?? [ 548.285356][ T974] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 548.388183][T11741] FAULT_INJECTION: forcing a failure. [ 548.388183][T11741] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 548.403186][T11741] CPU: 0 UID: 0 PID: 11741 Comm: syz.0.1628 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 548.413985][T11741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 548.424042][T11741] Call Trace: [ 548.427323][T11741] [ 548.430254][T11741] dump_stack_lvl+0x241/0x360 [ 548.434942][T11741] ? __pfx_dump_stack_lvl+0x10/0x10 [ 548.440144][T11741] ? __pfx__printk+0x10/0x10 [ 548.444747][T11741] ? __pfx_lock_release+0x10/0x10 [ 548.449776][T11741] should_fail_ex+0x3b0/0x4e0 [ 548.454457][T11741] _copy_from_user+0x2f/0xc0 [ 548.459049][T11741] memdup_user+0x64/0xc0 [ 548.463295][T11741] strndup_user+0x68/0xc0 [ 548.467628][T11741] __se_sys_mount+0x9f/0x3c0 [ 548.472223][T11741] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 548.478204][T11741] ? __pfx___se_sys_mount+0x10/0x10 [ 548.483415][T11741] ? do_syscall_64+0x100/0x230 [ 548.488190][T11741] ? __x64_sys_mount+0x20/0xc0 [ 548.492953][T11741] do_syscall_64+0xf3/0x230 [ 548.497460][T11741] ? clear_bhb_loop+0x35/0x90 [ 548.502139][T11741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.508039][T11741] RIP: 0033:0x7fdeb7985d29 [ 548.512461][T11741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.532091][T11741] RSP: 002b:00007fdeb87cb038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 548.540614][T11741] RAX: ffffffffffffffda RBX: 00007fdeb7b75fa0 RCX: 00007fdeb7985d29 [ 548.548593][T11741] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 0000000020000100 [ 548.556590][T11741] RBP: 00007fdeb87cb090 R08: 0000000020000340 R09: 0000000000000000 [ 548.564584][T11741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.572563][T11741] R13: 0000000000000000 R14: 00007fdeb7b75fa0 R15: 00007ffefb73ddb8 [ 548.580549][T11741] [ 548.656723][T11743] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 548.675673][ T5895] usb 2-1: USB disconnect, device number 62 [ 548.740153][ T25] usb 4-1: USB disconnect, device number 45 [ 553.099535][ T5899] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 553.308749][ T5899] usb 2-1: config 0 interface 0 has no altsetting 0 [ 553.315679][ T5899] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 553.332981][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.359228][ T5899] usb 2-1: config 0 descriptor?? [ 554.772702][ T5899] video4linux radio48: keene_cmd_set failed (-71) [ 554.779902][ T5899] radio-keene 2-1:0.0: V4L2 device registered as radio48 [ 554.788299][ T5899] usb 2-1: USB disconnect, device number 63 [ 555.240198][ T25] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 555.253427][T11830] syz.4.1652 (11830): drop_caches: 1 [ 555.402403][ T25] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 555.431170][ T25] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 555.445947][ T25] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 555.455209][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.220148][T11846] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 556.533252][ T25] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 556.715360][T11873] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 556.865376][T11876] xt_cgroup: xt_cgroup: no path or classid specified [ 556.980446][T11877] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 558.631954][ T25] usb 1-1: USB disconnect, device number 46 [ 558.926450][T11884] syz.1.1662 (11884): drop_caches: 2 [ 558.934575][T11884] syz.1.1662 (11884): drop_caches: 2 [ 559.170884][T11894] loop6: detected capacity change from 0 to 524287999 [ 559.329433][ C0] blk_print_req_error: 161 callbacks suppressed [ 559.329456][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 559.345067][ C0] buffer_io_error: 122 callbacks suppressed [ 559.345078][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 559.401394][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 559.410615][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 559.674744][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 559.684022][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 559.732901][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 559.742168][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 559.777993][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 559.787232][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 559.840139][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 559.849394][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 559.896815][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 559.906092][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 559.967050][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 559.976312][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 560.100803][T11894] ldm_validate_partition_table(): Disk read failed. [ 560.220250][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 560.229498][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 560.253918][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 560.263215][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 560.287934][T11894] Dev loop6: unable to read RDB block 0 [ 560.295086][T11894] loop6: unable to read partition table [ 560.308855][T11894] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 563.398128][T11960] Bluetooth: hci5: Frame reassembly failed (-84) [ 563.641189][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.354186][T11966] x_tables: duplicate underflow at hook 1 [ 565.719769][ T5823] Bluetooth: hci5: command 0x1003 tx timeout [ 565.726760][ T5133] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 566.281517][T12043] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 566.306917][T12048] overlayfs: unescaped trailing colons in lowerdir mount option. [ 566.314981][T12043] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 566.342037][T12043] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 567.380966][T12051] xt_CT: You must specify a L4 protocol and not use inversions on it [ 567.904718][T12071] ptrace attach of "./syz-executor exec"[5820] was attempted by "./syz-executor exec"[12071] [ 569.580311][T12079] 9pnet_fd: Insufficient options for proto=fd [ 570.098731][T12087] FAULT_INJECTION: forcing a failure. [ 570.098731][T12087] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 570.148363][T12087] CPU: 1 UID: 0 PID: 12087 Comm: syz.2.1701 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 570.159206][T12087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 570.169295][T12087] Call Trace: [ 570.172606][T12087] [ 570.175566][T12087] dump_stack_lvl+0x241/0x360 [ 570.180289][T12087] ? __pfx_dump_stack_lvl+0x10/0x10 [ 570.185538][T12087] ? __pfx__printk+0x10/0x10 [ 570.190165][T12087] ? __pfx_lock_release+0x10/0x10 [ 570.195226][T12087] ? rcu_is_watching+0x15/0xb0 [ 570.200034][T12087] should_fail_ex+0x3b0/0x4e0 [ 570.204756][T12087] _copy_from_iter+0x1e9/0x1c20 [ 570.209651][T12087] ? alloc_pages_mpol_noprof+0x417/0x680 [ 570.215333][T12087] ? __pfx__copy_from_iter+0x10/0x10 [ 570.220659][T12087] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 570.226683][T12087] ? alloc_pages_noprof+0xef/0x170 [ 570.231831][T12087] ? page_copy_sane+0x46/0x260 [ 570.236640][T12087] copy_page_from_iter+0x7a/0x100 [ 570.241702][T12087] tun_get_user+0x2035/0x48a0 [ 570.246426][T12087] ? tun_get_user+0x875/0x48a0 [ 570.251248][T12087] ? __pfx_tun_get_user+0x10/0x10 [ 570.256332][T12087] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 570.261827][T12087] ? tun_get+0x1e/0x2f0 [ 570.266023][T12087] ? __pfx_lock_release+0x10/0x10 [ 570.271095][T12087] ? tun_get+0x1e/0x2f0 [ 570.275286][T12087] ? tun_get+0x27d/0x2f0 [ 570.279572][T12087] tun_chr_write_iter+0x10d/0x1f0 [ 570.284631][T12087] vfs_write+0xaeb/0xd30 [ 570.288902][T12087] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 570.294487][T12087] ? __pfx_vfs_write+0x10/0x10 [ 570.299289][T12087] ? __fget_files+0x2a/0x410 [ 570.303913][T12087] ? __fget_files+0x2a/0x410 [ 570.308547][T12087] ksys_write+0x18f/0x2b0 [ 570.312912][T12087] ? __pfx_ksys_write+0x10/0x10 [ 570.317810][T12087] ? do_syscall_64+0x100/0x230 [ 570.322619][T12087] ? do_syscall_64+0xb6/0x230 [ 570.327339][T12087] do_syscall_64+0xf3/0x230 [ 570.331897][T12087] ? clear_bhb_loop+0x35/0x90 [ 570.336620][T12087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.342548][T12087] RIP: 0033:0x7f0e5b3847df [ 570.346978][T12087] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 570.366606][T12087] RSP: 002b:00007f0e5c1f4000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 570.375037][T12087] RAX: ffffffffffffffda RBX: 00007f0e5b575fa0 RCX: 00007f0e5b3847df [ 570.383017][T12087] RDX: 0000000000000046 RSI: 00000000200005c0 RDI: 00000000000000c8 [ 570.390994][T12087] RBP: 00007f0e5c1f4090 R08: 0000000000000000 R09: 0000000000000000 [ 570.398978][T12087] R10: 0000000000000046 R11: 0000000000000293 R12: 0000000000000001 [ 570.406959][T12087] R13: 0000000000000000 R14: 00007f0e5b575fa0 R15: 00007ffc040f0818 [ 570.414957][T12087] [ 572.364080][T12111] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 572.760674][T12116] fuse: Unknown parameter 'rlotmode' [ 572.772961][T12115] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 572.799989][T12115] Error validating options; rc = [-22] [ 573.142801][T12129] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1711'. [ 573.221546][ T25] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 573.380084][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 573.401883][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 573.603624][ T25] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 573.731647][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.822919][ T25] usb 1-1: config 0 descriptor?? [ 574.041276][T12144] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1713'. [ 574.345691][ T25] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0 [ 574.383515][ T25] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0 [ 574.506936][ T25] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0 [ 574.582239][ T25] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0 [ 574.640023][ T25] mcp2221 0003:04D8:00DD.000D: unknown main item tag 0x0 [ 574.651758][ T25] mcp2221 0003:04D8:00DD.000D: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 574.666606][T12149] ptrace attach of "./syz-executor exec"[5820] was attempted by "./syz-executor exec"[12149] [ 574.870082][ T25] usb 1-1: USB disconnect, device number 47 [ 574.943849][T12156] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[12156] [ 575.373428][T12159] fuse: Unknown parameter 'rlotmode' [ 576.412688][T12165] FAULT_INJECTION: forcing a failure. [ 576.412688][T12165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 576.439782][T12165] CPU: 1 UID: 0 PID: 12165 Comm: syz.1.1721 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 576.450619][T12165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 576.460719][T12165] Call Trace: [ 576.464024][T12165] [ 576.466977][T12165] dump_stack_lvl+0x241/0x360 [ 576.471700][T12165] ? __pfx_dump_stack_lvl+0x10/0x10 [ 576.476933][T12165] ? __pfx__printk+0x10/0x10 [ 576.481572][T12165] ? __pfx_lock_release+0x10/0x10 [ 576.486790][T12165] ? snd_pcm_oss_read2+0x1df/0x440 [ 576.491947][T12165] should_fail_ex+0x3b0/0x4e0 [ 576.496683][T12165] _copy_to_user+0x31/0xb0 [ 576.501145][T12165] snd_pcm_oss_read+0x5aa/0x940 [ 576.506099][T12165] loop_rw_iter+0x359/0x5a0 [ 576.510640][T12165] __io_read+0x10e9/0x12c0 [ 576.515091][T12165] ? __pfx___io_read+0x10/0x10 [ 576.519868][T12165] ? __fget_files+0x395/0x410 [ 576.524556][T12165] ? __fget_files+0x2a/0x410 [ 576.529157][T12165] ? rcu_is_watching+0x15/0xb0 [ 576.533940][T12165] io_read+0x1e/0x60 [ 576.537841][T12165] io_issue_sqe+0x37d/0x13d0 [ 576.542461][T12165] ? __pfx_io_issue_sqe+0x10/0x10 [ 576.547501][T12165] ? trace_contention_end+0x3c/0x120 [ 576.552803][T12165] io_submit_sqes+0xa75/0x1d60 [ 576.557604][T12165] __se_sys_io_uring_enter+0x2c8/0x33b0 [ 576.563162][T12165] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 576.569062][T12165] ? ksys_write+0x22a/0x2b0 [ 576.573568][T12165] ? __pfx_lock_release+0x10/0x10 [ 576.578611][T12165] ? vfs_write+0x730/0xd30 [ 576.583033][T12165] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 576.589039][T12165] ? __mutex_unlock_slowpath+0x21e/0x790 [ 576.594704][T12165] ? __pfx_vfs_write+0x10/0x10 [ 576.599486][T12165] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 576.605483][T12165] ? __fget_files+0x2a/0x410 [ 576.610083][T12165] ? __fget_files+0x2a/0x410 [ 576.614680][T12165] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 576.620667][T12165] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 576.626997][T12165] ? do_syscall_64+0x100/0x230 [ 576.631770][T12165] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 576.637323][T12165] do_syscall_64+0xf3/0x230 [ 576.641835][T12165] ? clear_bhb_loop+0x35/0x90 [ 576.646515][T12165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.652454][T12165] RIP: 0033:0x7fe42cd85d29 [ 576.656881][T12165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 576.676501][T12165] RSP: 002b:00007fe42dc7d038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 576.684923][T12165] RAX: ffffffffffffffda RBX: 00007fe42cf75fa0 RCX: 00007fe42cd85d29 [ 576.692898][T12165] RDX: 0000000000000000 RSI: 0000000000000567 RDI: 0000000000000007 [ 576.700872][T12165] RBP: 00007fe42dc7d090 R08: 0000000000000000 R09: 0000000000000059 [ 576.708846][T12165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 576.716819][T12165] R13: 0000000000000000 R14: 00007fe42cf75fa0 R15: 00007ffe96116988 [ 576.724803][T12165] [ 576.764025][T12173] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1725'. [ 577.338931][T12180] FAULT_INJECTION: forcing a failure. [ 577.338931][T12180] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 577.352179][T12180] CPU: 0 UID: 0 PID: 12180 Comm: syz.3.1723 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 577.362959][T12180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 577.373027][T12180] Call Trace: [ 577.376317][T12180] [ 577.379250][T12180] dump_stack_lvl+0x241/0x360 [ 577.383941][T12180] ? __pfx_dump_stack_lvl+0x10/0x10 [ 577.389150][T12180] ? __pfx__printk+0x10/0x10 [ 577.393747][T12180] ? __pfx_lock_release+0x10/0x10 [ 577.398776][T12180] ? __fget_files+0x2a/0x410 [ 577.403369][T12180] should_fail_ex+0x3b0/0x4e0 [ 577.408050][T12180] _copy_from_user+0x2f/0xc0 [ 577.412650][T12180] __x64_sys_epoll_ctl+0x124/0x1a0 [ 577.417774][T12180] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 577.423412][T12180] ? do_syscall_64+0x100/0x230 [ 577.428181][T12180] ? do_syscall_64+0xb6/0x230 [ 577.432864][T12180] do_syscall_64+0xf3/0x230 [ 577.437426][T12180] ? clear_bhb_loop+0x35/0x90 [ 577.442127][T12180] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.448037][T12180] RIP: 0033:0x7f19a3985d29 [ 577.452455][T12180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 577.472155][T12180] RSP: 002b:00007f19a47d9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 577.480576][T12180] RAX: ffffffffffffffda RBX: 00007f19a3b76160 RCX: 00007f19a3985d29 [ 577.488575][T12180] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 577.496657][T12180] RBP: 00007f19a47d9090 R08: 0000000000000000 R09: 0000000000000000 [ 577.504670][T12180] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000001 [ 577.512648][T12180] R13: 0000000000000000 R14: 00007f19a3b76160 R15: 00007fffa6047008 [ 577.520635][T12180] [ 578.154151][T12191] ptrace attach of "./syz-executor exec"[5816] was attempted by "./syz-executor exec"[12191] [ 579.290216][T12195] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1729'. [ 579.517173][T12204] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1731'. [ 579.722035][ T8] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 579.869955][ T5899] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 579.889909][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 579.977190][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 580.096760][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 580.117462][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 580.180762][ T5899] usb 4-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 580.285320][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 580.328961][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.360021][T12214] fuse: Unknown parameter 'rlotmode' [ 580.380911][ T5899] usb 4-1: config 0 descriptor?? [ 580.394653][ T8] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 580.433455][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.501525][ T8] usb 3-1: config 0 descriptor?? [ 580.631788][T12207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 580.662897][T12207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 581.495856][ T8] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.000E/input/input40 [ 581.512574][ T5899] usbhid 4-1:0.0: can't add hid device: -71 [ 581.518606][ T5899] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 581.533796][ T5899] usb 4-1: USB disconnect, device number 46 [ 581.606393][ T8] input: HID 0458:5011 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0458:5011.000E/input/input41 [ 581.730206][ T8] kye 0003:0458:5011.000E: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.2-1/input0 [ 581.848557][T12230] FAULT_INJECTION: forcing a failure. [ 581.848557][T12230] name failslab, interval 1, probability 0, space 0, times 0 [ 581.861977][T12230] CPU: 1 UID: 0 PID: 12230 Comm: syz.3.1739 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 581.872776][T12230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 581.882899][T12230] Call Trace: [ 581.886195][T12230] [ 581.889141][T12230] dump_stack_lvl+0x241/0x360 [ 581.893873][T12230] ? __pfx_dump_stack_lvl+0x10/0x10 [ 581.899114][T12230] ? __pfx__printk+0x10/0x10 [ 581.903744][T12230] ? fs_reclaim_acquire+0x93/0x130 [ 581.908882][T12230] ? __pfx___might_resched+0x10/0x10 [ 581.914200][T12230] should_fail_ex+0x3b0/0x4e0 [ 581.918903][T12230] should_failslab+0xac/0x100 [ 581.923623][T12230] __kmalloc_noprof+0xdd/0x4c0 [ 581.928426][T12230] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 581.934354][T12230] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 581.940109][T12230] tomoyo_realpath_from_path+0xcf/0x5e0 [ 581.945698][T12230] tomoyo_check_open_permission+0x258/0x4f0 [ 581.951617][T12230] ? tomoyo_check_open_permission+0x207/0x4f0 [ 581.957706][T12230] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 581.964179][T12230] ? tomoyo_file_open+0x165/0x220 [ 581.969232][T12230] security_file_open+0xac/0x250 [ 581.974192][T12230] do_dentry_open+0x328/0x1b70 [ 581.979000][T12230] vfs_open+0x3e/0x330 [ 581.983097][T12230] dentry_open+0x61/0xa0 [ 581.987365][T12230] ovl_dir_read+0x26/0x570 [ 581.991802][T12230] ? ovl_path_next+0x3b9/0x470 [ 581.996598][T12230] ovl_dir_read_merged+0x313/0x5e0 [ 582.001737][T12230] ? __pfx_ovl_dir_read_merged+0x10/0x10 [ 582.007395][T12230] ? __pfx_ovl_fill_merge+0x10/0x10 [ 582.012637][T12230] ? __kmalloc_cache_noprof+0x243/0x390 [ 582.018209][T12230] ? ovl_iterate+0x10d4/0x21c0 [ 582.023000][T12230] ovl_iterate+0x1194/0x21c0 [ 582.027642][T12230] ? __lock_acquire+0x1397/0x2100 [ 582.032718][T12230] ? __pfx_ovl_iterate+0x10/0x10 [ 582.037706][T12230] ? __pfx_lock_acquire+0x10/0x10 [ 582.042756][T12230] ? __pfx___might_resched+0x10/0x10 [ 582.048082][T12230] ? __pfx_lock_acquire+0x10/0x10 [ 582.053138][T12230] ? down_write+0x18c/0x220 [ 582.057661][T12230] ? __pfx_down_write+0x10/0x10 [ 582.062530][T12230] ? vfs_write+0x730/0xd30 [ 582.066972][T12230] ? __pfx_ovl_iterate+0x10/0x10 [ 582.071929][T12230] wrap_directory_iterator+0x91/0xd0 [ 582.077270][T12230] iterate_dir+0x571/0x800 [ 582.081717][T12230] __se_sys_getdents+0x1fd/0x4e0 [ 582.086687][T12230] ? __pfx___se_sys_getdents+0x10/0x10 [ 582.092167][T12230] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 582.098165][T12230] ? __pfx_filldir+0x10/0x10 [ 582.102778][T12230] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 582.109125][T12230] ? do_syscall_64+0x100/0x230 [ 582.113920][T12230] ? do_syscall_64+0xb6/0x230 [ 582.118624][T12230] do_syscall_64+0xf3/0x230 [ 582.123151][T12230] ? clear_bhb_loop+0x35/0x90 [ 582.127849][T12230] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.133766][T12230] RIP: 0033:0x7f19a3985d29 [ 582.138197][T12230] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 582.157832][T12230] RSP: 002b:00007f19a481b038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 582.166286][T12230] RAX: ffffffffffffffda RBX: 00007f19a3b75fa0 RCX: 00007f19a3985d29 [ 582.174268][T12230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 582.182245][T12230] RBP: 00007f19a481b090 R08: 0000000000000000 R09: 0000000000000000 [ 582.190216][T12230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 582.198189][T12230] R13: 0000000000000000 R14: 00007f19a3b75fa0 R15: 00007fffa6047008 [ 582.206176][T12230] [ 582.625207][T12230] ERROR: Out of memory at tomoyo_realpath_from_path. [ 582.715195][T12237] Unknown options in mask 6000 [ 583.060427][T12245] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[12245] [ 583.439847][ T8] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 583.579951][T12251] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1743'. [ 583.619975][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 583.645334][ T8] usb 5-1: config 33 has an invalid descriptor of length 0, skipping remainder of the config [ 583.986992][ T5868] usb 3-1: USB disconnect, device number 77 [ 584.134432][ T8] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9 [ 584.143700][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.151863][ T8] usb 5-1: Product: syz [ 584.156166][ T8] usb 5-1: Manufacturer: syz [ 584.161162][ T8] usb 5-1: SerialNumber: syz [ 584.427723][T12260] fuse: Unknown parameter 'rlotmode' [ 584.489951][T12262] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1748'. [ 585.747794][T12287] usb usb8: check_ctrlrecip: process 12287 (syz.3.1754) requesting ep 01 but needs 81 [ 586.605650][T12286] ptrace attach of "./syz-executor exec"[5820] was attempted by "./syz-executor exec"[12286] [ 586.670084][ T25] usb 5-1: USB disconnect, device number 52 [ 586.816225][ T5895] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 586.962642][T12304] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1756'. [ 587.791707][ T5895] usb 3-1: Using ep0 maxpacket: 8 [ 588.014429][ T5895] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 588.025191][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.033643][ T5895] usb 3-1: Product: syz [ 588.037982][ T5895] usb 3-1: Manufacturer: syz [ 588.045523][ T5895] usb 3-1: SerialNumber: syz [ 588.055774][ T5895] usb 3-1: config 0 descriptor?? [ 588.063764][T12322] netlink: 'syz.1.1760': attribute type 4 has an invalid length. [ 588.074564][ T5895] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 588.089650][ T5895] usb 3-1: setting power ON [ 588.099188][ T5895] dvb-usb: bulk message failed: -22 (2/0) [ 588.114585][ T5895] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 588.135758][ T5895] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 588.164401][ T5895] usb 3-1: media controller created [ 588.186478][T12325] fuse: Unknown parameter 'rlotmode' [ 588.212711][ T5895] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 588.218335][T12328] netlink: 'syz.1.1763': attribute type 4 has an invalid length. [ 588.251872][ T5895] usb 3-1: selecting invalid altsetting 6 [ 588.257761][ T5895] usb 3-1: digital interface selection failed (-22) [ 588.265543][ T5895] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 588.275056][ T5895] usb 3-1: setting power OFF [ 588.282343][ T5895] dvb-usb: bulk message failed: -22 (2/0) [ 588.293940][T12296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 588.303072][ T5895] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 588.316075][T12296] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 588.324427][ T5895] (NULL device *): no alternate interface [ 588.349006][T12296] input: syz0 as /devices/virtual/input/input42 [ 588.373332][ T5895] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 588.545078][T12296] netlink: 'syz.2.1755': attribute type 1 has an invalid length. [ 588.553095][ T5868] usb 4-1: new full-speed USB device number 47 using dummy_hcd [ 588.575180][T12296] netlink: 83992 bytes leftover after parsing attributes in process `syz.2.1755'. [ 589.461637][ T5868] usb 4-1: config 0 has an invalid interface number: 3 but max is 0 [ 589.469803][ T5868] usb 4-1: config 0 has no interface number 0 [ 589.476017][ T5868] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x6 has invalid maxpacket 5440, setting to 64 [ 589.502747][ T5868] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 589.513040][ T5868] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 589.524169][ T5868] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 589.535160][ T5868] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 589.552945][ T5868] usb 4-1: New USB device found, idVendor=1199, idProduct=6801, bcdDevice=98.59 [ 589.562134][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.580560][ T5868] usb 4-1: config 0 descriptor?? [ 589.589551][T12330] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 589.598984][ T5868] hub 4-1:0.3: bad descriptor, ignoring hub [ 589.605371][ T5868] hub 4-1:0.3: probe with driver hub failed with error -5 [ 590.723192][ T8] usb 3-1: USB disconnect, device number 78 [ 590.818446][T12356] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 695.829705][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 695.829738][ C0] rcu: 1-...!: (1 ticks this GP) idle=b254/1/0x4000000000000000 softirq=45899/45899 fqs=5 [ 695.830616][ C0] rcu: (detected by 0, t=10503 jiffies, g=44833, q=160 ncpus=2) [ 695.830652][ C0] Sending NMI from CPU 0 to CPUs 1: [ 695.830687][ C1] NMI backtrace for cpu 1 [ 695.830703][ C1] CPU: 1 UID: 0 PID: 12356 Comm: syz.1.1769 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 695.830744][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 695.830765][ C1] RIP: 0010:lock_acquire+0x9e/0x550 [ 695.830793][ C1] Code: ec 03 48 b8 f1 f1 f1 f1 00 f2 f2 f2 4b 89 04 2c 43 c7 44 2c 09 f2 f2 f2 00 43 c7 44 2c 11 f3 f3 f3 f3 66 43 c7 44 2c 15 f3 f3 <43> c6 44 2c 17 f3 0f 1f 44 00 00 65 8b 05 ec 25 89 7e 83 f8 08 0f [ 695.830807][ C1] RSP: 0018:ffffc90000a18a20 EFLAGS: 00000802 [ 695.830824][ C1] RAX: f2f2f200f1f1f1f1 RBX: 1ffff92000143174 RCX: 0000000000000000 [ 695.830837][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9a571200 [ 695.830849][ C1] RBP: ffffc90000a18b68 R08: 0000000000000001 R09: 0000000000000000 [ 695.830867][ C1] R10: ffffc90000a18c60 R11: fffff5200014318e R12: 1ffff9200014314c [ 695.830880][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: dffffc0000000000 [ 695.830893][ C1] FS: 00007fe42dc7d6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 695.830909][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 695.830921][ C1] CR2: 000000110c36893d CR3: 0000000031c24000 CR4: 00000000003526f0 [ 695.830937][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 695.830948][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 695.830960][ C1] Call Trace: [ 695.830966][ C1] [ 695.830975][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 695.830998][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 695.831017][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 695.831036][ C1] ? nmi_handle+0x2a/0x5a0 [ 695.831061][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 695.831085][ C1] ? nmi_handle+0x14f/0x5a0 [ 695.831103][ C1] ? nmi_handle+0x2a/0x5a0 [ 695.831122][ C1] ? lock_acquire+0x9e/0x550 [ 695.831138][ C1] ? default_do_nmi+0x63/0x160 [ 695.831157][ C1] ? exc_nmi+0x123/0x1f0 [ 695.831174][ C1] ? end_repeat_nmi+0xf/0x53 [ 695.831196][ C1] ? lock_acquire+0x9e/0x550 [ 695.831213][ C1] ? lock_acquire+0x9e/0x550 [ 695.831231][ C1] ? lock_acquire+0x9e/0x550 [ 695.831248][ C1] [ 695.831254][ C1] [ 695.831263][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 695.831284][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 695.831311][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 695.831334][ C1] _raw_spin_lock_irqsave+0xd5/0x120 [ 695.831353][ C1] ? debug_object_deactivate+0x158/0x390 [ 695.831379][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 695.831404][ C1] debug_object_deactivate+0x158/0x390 [ 695.831430][ C1] ? __pfx_debug_object_deactivate+0x10/0x10 [ 695.831456][ C1] ? timerqueue_add+0x260/0x290 [ 695.831474][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 695.831497][ C1] debug_deactivate+0x1b/0x220 [ 695.831521][ C1] __hrtimer_run_queues+0x305/0xd30 [ 695.831550][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 695.831571][ C1] ? sched_clock+0x4a/0x70 [ 695.831593][ C1] ? read_tsc+0x9/0x20 [ 695.831614][ C1] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 695.831636][ C1] hrtimer_interrupt+0x403/0xa40 [ 695.831667][ C1] __sysvec_apic_timer_interrupt+0x110/0x420 [ 695.831688][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 695.831710][ C1] [ 695.831716][ C1] [ 695.831722][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 695.831747][ C1] RIP: 0010:console_flush_all+0x996/0xeb0 [ 695.831772][ C1] Code: 48 21 c3 0f 85 16 02 00 00 e8 f6 ad 20 00 4c 8b 7c 24 10 4d 85 f6 75 07 e8 e7 ad 20 00 eb 06 e8 e0 ad 20 00 fb 48 8b 5c 24 18 <48> 8b 44 24 30 42 80 3c 28 00 74 08 48 89 df e8 96 83 84 00 4c 8b [ 695.831786][ C1] RSP: 0018:ffffc9000c74e660 EFLAGS: 00000287 [ 695.831801][ C1] RAX: ffffffff817ec5c0 RBX: ffffffff8f162c98 RCX: 0000000000080000 [ 695.831814][ C1] RDX: ffffc9000bc91000 RSI: 0000000000003cf4 RDI: 0000000000003cf5 [ 695.831826][ C1] RBP: ffffc9000c74e810 R08: ffffffff817ec597 R09: 1ffffffff284e110 [ 695.831839][ C1] R10: dffffc0000000000 R11: fffffbfff284e111 R12: ffffffff8f162c40 [ 695.831857][ C1] R13: dffffc0000000000 R14: 0000000000000200 R15: ffffc9000c74e860 [ 695.831873][ C1] ? console_flush_all+0x967/0xeb0 [ 695.831896][ C1] ? console_flush_all+0x990/0xeb0 [ 695.831925][ C1] ? console_flush_all+0x1a3/0xeb0 [ 695.831951][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 695.831977][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 695.831998][ C1] ? this_cpu_in_panic+0x4f/0x80 [ 695.832018][ C1] ? is_printk_legacy_deferred+0x43/0x50 [ 695.832036][ C1] ? printk_get_console_flush_type+0x1fe/0x4f0 [ 695.832061][ C1] console_unlock+0x14f/0x3b0 [ 695.832083][ C1] ? __pfx_console_unlock+0x10/0x10 [ 695.832106][ C1] ? this_cpu_in_panic+0x4f/0x80 [ 695.832126][ C1] ? is_printk_legacy_deferred+0x43/0x50 [ 695.832217][ C1] ? printk_get_console_flush_type+0x1fe/0x4f0 [ 695.832242][ C1] vprintk_emit+0x730/0xa10 [ 695.832264][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 695.832285][ C1] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 695.832320][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 695.832342][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 695.832363][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 695.832384][ C1] ? __pfx_validate_chain+0x10/0x10 [ 695.832409][ C1] _printk+0xd5/0x120 [ 695.832431][ C1] ? __pfx__printk+0x10/0x10 [ 695.832449][ C1] ? smack_log+0x123/0x540 [ 695.832474][ C1] ? __pfx_smack_log+0x10/0x10 [ 695.832498][ C1] tcp_syn_flood_action+0x26e/0x320 [ 695.832521][ C1] tcp_conn_request+0x627/0x34c0 [ 695.832542][ C1] ? __lock_acquire+0x1397/0x2100 [ 695.832568][ C1] ? __pfx_tcp_conn_request+0x10/0x10 [ 695.832600][ C1] ? subflow_v6_conn_request+0x271/0x3a0 [ 695.832624][ C1] ? tcp_rcv_state_process+0x1fc/0x44e0 [ 695.832643][ C1] tcp_rcv_state_process+0x187e/0x44e0 [ 695.832662][ C1] ? __pfx_lock_release+0x10/0x10 [ 695.832678][ C1] ? __inet6_lookup_established+0xd28/0xdc0 [ 695.832708][ C1] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 695.832727][ C1] ? sk_filter_trim_cap+0x1b3/0xa80 [ 695.832745][ C1] ? sk_filter_trim_cap+0x5bf/0xa80 [ 695.832764][ C1] ? __pfx_tcp_inbound_hash+0x10/0x10 [ 695.832787][ C1] ? inet6_lookup_listener+0x113/0x2d0 [ 695.832811][ C1] tcp_v6_do_rcv+0x8f0/0x13e0 [ 695.832835][ C1] ? tcp_v6_fill_cb+0x1e2/0x470 [ 695.832862][ C1] tcp_v6_rcv+0x220a/0x2fb0 [ 695.832901][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 695.832923][ C1] ? csum_partial+0x22f/0x2b0 [ 695.832944][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 695.832965][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 695.832985][ C1] ip6_protocol_deliver_rcu+0xc79/0x1580 [ 695.833018][ C1] ? ip6_input_finish+0xdc/0x2d0 [ 695.833037][ C1] ip6_input_finish+0x187/0x2d0 [ 695.833058][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 695.833078][ C1] NF_HOOK+0x3a4/0x450 [ 695.833099][ C1] ? NF_HOOK+0x9a/0x450 [ 695.833117][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 695.833137][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 695.833162][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 695.833180][ C1] NF_HOOK+0x3a4/0x450 [ 695.833198][ C1] ? skb_orphan+0x4b/0xd0 [ 695.833219][ C1] ? NF_HOOK+0x9a/0x450 [ 695.833237][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 695.833257][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 695.833280][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 695.833299][ C1] __netif_receive_skb+0x1ea/0x650 [ 695.833323][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 695.833339][ C1] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 695.833363][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 695.833384][ C1] ? build_skb+0x52/0x2a0 [ 695.833400][ C1] ? tun_get_user+0x2173/0x48a0 [ 695.833422][ C1] ? tun_chr_write_iter+0x10d/0x1f0 [ 695.833443][ C1] ? do_syscall_64+0xf3/0x230 [ 695.833465][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.833487][ C1] ? tun_rx_batched+0x160/0x8f0 [ 695.833509][ C1] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 695.833528][ C1] ? read_tsc+0x9/0x20 [ 695.833549][ C1] ? netif_receive_skb+0x131/0x890 [ 695.833569][ C1] ? netif_receive_skb+0x131/0x890 [ 695.833590][ C1] netif_receive_skb+0x1e8/0x890 [ 695.833610][ C1] ? tun_rx_batched+0x160/0x8f0 [ 695.833632][ C1] ? __pfx_netif_receive_skb+0x10/0x10 [ 695.833658][ C1] ? tun_rx_batched+0x160/0x8f0 [ 695.833679][ C1] tun_rx_batched+0x1b7/0x8f0 [ 695.833702][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 695.833721][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 695.833738][ C1] ? __pfx_tun_rx_batched+0x10/0x10 [ 695.833769][ C1] tun_get_user+0x30cc/0x48a0 [ 695.833791][ C1] ? tun_get_user+0x2bba/0x48a0 [ 695.833811][ C1] ? tun_get_user+0x875/0x48a0 [ 695.833841][ C1] ? __pfx_tun_get_user+0x10/0x10 [ 695.833876][ C1] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 695.833894][ C1] ? tun_get+0x1e/0x2f0 [ 695.833914][ C1] ? __pfx_lock_release+0x10/0x10 [ 695.833938][ C1] ? tun_get+0x1e/0x2f0 [ 695.833958][ C1] ? tun_get+0x27d/0x2f0 [ 695.833979][ C1] tun_chr_write_iter+0x10d/0x1f0 [ 695.834002][ C1] vfs_write+0xaeb/0xd30 [ 695.834025][ C1] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 695.834047][ C1] ? __pfx_vfs_write+0x10/0x10 [ 695.834068][ C1] ? __fget_files+0x2a/0x410 [ 695.834085][ C1] ? __fget_files+0x2a/0x410 [ 695.834105][ C1] ksys_write+0x18f/0x2b0 [ 695.834126][ C1] ? __pfx_ksys_write+0x10/0x10 [ 695.834145][ C1] ? do_syscall_64+0x100/0x230 [ 695.834169][ C1] ? do_syscall_64+0xb6/0x230 [ 695.834193][ C1] do_syscall_64+0xf3/0x230 [ 695.834216][ C1] ? clear_bhb_loop+0x35/0x90 [ 695.834233][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.834255][ C1] RIP: 0033:0x7fe42cd847df [ 695.834272][ C1] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 695.834286][ C1] RSP: 002b:00007fe42dc7d000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 695.834303][ C1] RAX: ffffffffffffffda RBX: 00007fe42cf75fa0 RCX: 00007fe42cd847df [ 695.834316][ C1] RDX: 0000000000000096 RSI: 00000000200001c0 RDI: 00000000000000c8 [ 695.834327][ C1] RBP: 00007fe42ce01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 695.834338][ C1] R10: 0000000000000096 R11: 0000000000000293 R12: 0000000000000000 [ 695.834349][ C1] R13: 0000000000000000 R14: 00007fe42cf75fa0 R15: 00007ffe96116988 [ 695.834369][ C1] [ 695.834681][ C0] rcu: rcu_preempt kthread starved for 10465 jiffies! g44833 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 695.834707][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 695.834719][ C0] rcu: RCU grace-period kthread stack dump: [ 695.834729][ C0] task:rcu_preempt state:R running task stack:25880 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 695.834788][ C0] Call Trace: [ 695.834796][ C0] [ 695.834809][ C0] __schedule+0x17fb/0x4be0 [ 695.834858][ C0] ? __pfx___schedule+0x10/0x10 [ 695.834887][ C0] ? __pfx_lock_release+0x10/0x10 [ 695.834918][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 695.834944][ C0] ? schedule+0x90/0x320 [ 695.834968][ C0] schedule+0x14b/0x320 [ 695.834995][ C0] schedule_timeout+0x15a/0x290 [ 695.835018][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 695.835043][ C0] ? __pfx_process_timeout+0x10/0x10 [ 695.835076][ C0] ? prepare_to_swait_event+0x330/0x350 [ 695.835104][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 695.835127][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 695.835164][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 695.835190][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 695.835212][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 695.835243][ C0] ? finish_swait+0xd4/0x1e0 [ 695.835267][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 695.835293][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 695.835315][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 695.835344][ C0] ? __kthread_parkme+0x169/0x1d0 [ 695.835369][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 695.835392][ C0] kthread+0x2f0/0x390 [ 695.835415][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 695.835438][ C0] ? __pfx_kthread+0x10/0x10 [ 695.835462][ C0] ret_from_fork+0x4b/0x80 [ 695.835481][ C0] ? __pfx_kthread+0x10/0x10 [ 695.835503][ C0] ret_from_fork_asm+0x1a/0x30 [ 695.835545][ C0] [ 695.835554][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 695.835564][ C0] CPU: 0 UID: 0 PID: 12330 Comm: syz.3.1762 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 695.835587][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 695.835600][ C0] RIP: 0010:smp_call_function_many_cond+0x19f3/0x2c60 [ 695.835634][ C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 56 e9 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 01 e5 0b 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 e5 e4 [ 695.835651][ C0] RSP: 0018:ffffc9001bbe7460 EFLAGS: 00000293 [ 695.835670][ C0] RAX: ffffffff81938ebb RBX: 1ffff110170e88b9 RCX: ffff8880260b0000 [ 695.835687][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 695.835700][ C0] RBP: ffffc9001bbe7660 R08: ffffffff81938e8a R09: 1ffffffff284e110 [ 695.835716][ C0] R10: dffffc0000000000 R11: fffffbfff284e111 R12: dffffc0000000000 [ 695.835732][ C0] R13: ffff8880b87445c8 R14: ffff8880b863f940 R15: 0000000000000001 [ 695.835747][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 695.835765][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 695.835781][ C0] CR2: 0000000020032000 CR3: 000000000e736000 CR4: 00000000003526f0 [ 695.835798][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 695.835811][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 695.835825][ C0] Call Trace: [ 695.835833][ C0] [ 695.835843][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 695.835874][ C0] ? print_other_cpu_stall+0x1481/0x15c0 [ 695.835911][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 695.835937][ C0] ? cgroup_rstat_updated+0x13b/0xc30 [ 695.835973][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 695.836004][ C0] ? rcu_sched_clock_irq+0xa26/0x10e0 [ 695.836036][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 695.836071][ C0] ? update_process_times+0x242/0x2f0 [ 695.836095][ C0] ? tick_nohz_handler+0x37c/0x500 [ 695.836127][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 695.836157][ C0] ? __hrtimer_run_queues+0x551/0xd30 [ 695.836200][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 695.836225][ C0] ? sched_clock+0x4a/0x70 [ 695.836252][ C0] ? read_tsc+0x9/0x20 [ 695.836277][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 695.836305][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 695.836353][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 695.836379][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 695.836404][ C0] [ 695.836413][ C0] [ 695.836422][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 695.836457][ C0] ? smp_call_function_many_cond+0x19da/0x2c60 [ 695.836482][ C0] ? smp_call_function_many_cond+0x1a0b/0x2c60 [ 695.836511][ C0] ? smp_call_function_many_cond+0x19f3/0x2c60 [ 695.836550][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 695.836584][ C0] ? __pfx___text_poke+0x10/0x10 [ 695.836619][ C0] ? __pfx___might_resched+0x10/0x10 [ 695.836648][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 695.836675][ C0] ? __pfx___might_resched+0x10/0x10 [ 695.836710][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 695.836738][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 695.836766][ C0] text_poke_bp_batch+0x352/0xb30 [ 695.836792][ C0] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 695.836827][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 695.836854][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 695.836885][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 695.836915][ C0] ? __jump_label_update+0x379/0x3a0 [ 695.836947][ C0] text_poke_finish+0x30/0x50 [ 695.836971][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 695.836999][ C0] static_key_disable_cpuslocked+0xd2/0x1c0 [ 695.837028][ C0] static_key_disable+0x1a/0x20 [ 695.837053][ C0] tracepoint_probe_unregister+0x83c/0xa10 [ 695.837084][ C0] bpf_raw_tp_link_release+0x45/0x70 [ 695.837111][ C0] bpf_link_free+0xfd/0x3a0 [ 695.837142][ C0] bpf_link_release+0x78/0x90 [ 695.837169][ C0] ? __pfx_bpf_link_release+0x10/0x10 [ 695.837198][ C0] __fput+0x23c/0xa50 [ 695.837230][ C0] task_work_run+0x24f/0x310 [ 695.837261][ C0] ? __pfx_task_work_run+0x10/0x10 [ 695.837290][ C0] ? switch_task_namespaces+0xe4/0x110 [ 695.837321][ C0] do_exit+0xa2a/0x28e0 [ 695.837352][ C0] ? __pfx_do_exit+0x10/0x10 [ 695.837374][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 695.837426][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 695.837451][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 695.837471][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 695.837500][ C0] do_group_exit+0x207/0x2c0 [ 695.837521][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 695.837545][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 695.837574][ C0] get_signal+0x16b2/0x1750 [ 695.837620][ C0] ? __pfx_get_signal+0x10/0x10 [ 695.837656][ C0] arch_do_signal_or_restart+0x96/0x860 [ 695.837687][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 695.837714][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 695.837748][ C0] ? syscall_exit_to_user_mode+0xa3/0x340 [ 695.837779][ C0] syscall_exit_to_user_mode+0xce/0x340 [ 695.837809][ C0] do_syscall_64+0x100/0x230 [ 695.837837][ C0] ? clear_bhb_loop+0x35/0x90 [ 695.837858][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.837886][ C0] RIP: 0033:0x7f19a3985d29 [ 695.837903][ C0] Code: Unable to access opcode bytes at 0x7f19a3985cff. [ 695.837914][ C0] RSP: 002b:00007f19a47fa0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 695.837936][ C0] RAX: fffffffffffffe00 RBX: 00007f19a3b76088 RCX: 00007f19a3985d29 [ 695.837952][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f19a3b76088 [ 695.837967][ C0] RBP: 00007f19a3b76080 R08: 0000000000000000 R09: 0000000000000000 [ 695.837981][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f19a3b7608c [ 695.837996][ C0] R13: 0000000000000000 R14: 00007fffa6046f20 R15: 00007fffa6047008 [ 695.838026][ C0] [ 838.638435][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 246s! [syz.3.1762:12330] [ 838.638469][ C0] Modules linked in: [ 838.638485][ C0] irq event stamp: 249278 [ 838.638494][ C0] hardirqs last enabled at (249277): [] irqentry_exit+0x63/0x90 [ 838.638534][ C0] hardirqs last disabled at (249278): [] sysvec_apic_timer_interrupt+0xe/0xc0 [ 838.638564][ C0] softirqs last enabled at (249276): [] __irq_exit_rcu+0xf7/0x220 [ 838.638596][ C0] softirqs last disabled at (249249): [] __irq_exit_rcu+0xf7/0x220 [ 838.638630][ C0] CPU: 0 UID: 0 PID: 12330 Comm: syz.3.1762 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 838.638654][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 838.638674][ C0] RIP: 0010:smp_call_function_many_cond+0x19f8/0x2c60 [ 838.638704][ C0] Code: 89 e6 83 e6 01 31 ff e8 56 e9 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 01 e5 0b 00 eb 38 f3 90 42 0f b6 04 23 <84> c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 e5 e4 0b 00 eb e4 44 [ 838.638721][ C0] RSP: 0018:ffffc9001bbe7460 EFLAGS: 00000293 [ 838.638741][ C0] RAX: 0000000000000000 RBX: 1ffff110170e88b9 RCX: ffff8880260b0000 [ 838.638757][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 838.638771][ C0] RBP: ffffc9001bbe7660 R08: ffffffff81938e8a R09: 1ffffffff284e110 [ 838.638788][ C0] R10: dffffc0000000000 R11: fffffbfff284e111 R12: dffffc0000000000 [ 838.638804][ C0] R13: ffff8880b87445c8 R14: ffff8880b863f940 R15: 0000000000000001 [ 838.638820][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 838.638843][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 838.638859][ C0] CR2: 0000000020032000 CR3: 000000000e736000 CR4: 00000000003526f0 [ 838.638878][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 838.638891][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 838.638906][ C0] Call Trace: [ 838.638916][ C0] [ 838.638929][ C0] ? watchdog_timer_fn+0x75b/0x960 [ 838.638958][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 838.638983][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 838.639009][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 838.639042][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 838.639066][ C0] ? __hrtimer_run_queues+0x551/0xd30 [ 838.639110][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 838.639135][ C0] ? handle_softirqs+0x7e0/0x9b0 [ 838.639164][ C0] ? read_tsc+0x9/0x20 [ 838.639189][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 838.639218][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 838.639266][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 838.639292][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 838.639317][ C0] [ 838.639325][ C0] [ 838.639335][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 838.639370][ C0] ? smp_call_function_many_cond+0x19da/0x2c60 [ 838.639400][ C0] ? smp_call_function_many_cond+0x19f8/0x2c60 [ 838.639429][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 838.639453][ C0] ? __pfx___text_poke+0x10/0x10 [ 838.639475][ C0] ? __pfx___might_resched+0x10/0x10 [ 838.639505][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 838.639532][ C0] ? __pfx___might_resched+0x10/0x10 [ 838.639568][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 838.639594][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 838.639623][ C0] text_poke_bp_batch+0x352/0xb30 [ 838.639650][ C0] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 838.639692][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 838.639721][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 838.639752][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 838.639782][ C0] ? __jump_label_update+0x379/0x3a0 [ 838.639814][ C0] text_poke_finish+0x30/0x50 [ 838.639839][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 838.639867][ C0] static_key_disable_cpuslocked+0xd2/0x1c0 [ 838.639895][ C0] static_key_disable+0x1a/0x20 [ 838.639920][ C0] tracepoint_probe_unregister+0x83c/0xa10 [ 838.639952][ C0] bpf_raw_tp_link_release+0x45/0x70 [ 838.639978][ C0] bpf_link_free+0xfd/0x3a0 [ 838.640010][ C0] bpf_link_release+0x78/0x90 [ 838.640038][ C0] ? __pfx_bpf_link_release+0x10/0x10 [ 838.640067][ C0] __fput+0x23c/0xa50 [ 838.640100][ C0] task_work_run+0x24f/0x310 [ 838.640130][ C0] ? __pfx_task_work_run+0x10/0x10 [ 838.640159][ C0] ? switch_task_namespaces+0xe4/0x110 [ 838.640190][ C0] do_exit+0xa2a/0x28e0 [ 838.640221][ C0] ? __pfx_do_exit+0x10/0x10 [ 838.640242][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 838.640275][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 838.640300][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 838.640320][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 838.640350][ C0] do_group_exit+0x207/0x2c0 [ 838.640370][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 838.640393][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 838.640422][ C0] get_signal+0x16b2/0x1750 [ 838.640462][ C0] ? __pfx_get_signal+0x10/0x10 [ 838.640498][ C0] arch_do_signal_or_restart+0x96/0x860 [ 838.640530][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 838.640556][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 838.640590][ C0] ? syscall_exit_to_user_mode+0xa3/0x340 [ 838.640621][ C0] syscall_exit_to_user_mode+0xce/0x340 [ 838.640651][ C0] do_syscall_64+0x100/0x230 [ 838.640686][ C0] ? clear_bhb_loop+0x35/0x90 [ 838.640708][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.640736][ C0] RIP: 0033:0x7f19a3985d29 [ 838.640754][ C0] Code: Unable to access opcode bytes at 0x7f19a3985cff. [ 838.640766][ C0] RSP: 002b:00007f19a47fa0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 838.640788][ C0] RAX: fffffffffffffe00 RBX: 00007f19a3b76088 RCX: 00007f19a3985d29 [ 838.640804][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f19a3b76088 [ 838.640819][ C0] RBP: 00007f19a3b76080 R08: 0000000000000000 R09: 0000000000000000 [ 838.640833][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f19a3b7608c [ 838.640847][ C0] R13: 0000000000000000 R14: 00007fffa6046f20 R15: 00007fffa6047008 [ 838.640877][ C0] [ 838.640888][ C0] Sending NMI from CPU 0 to CPUs 1: [ 838.640928][ C1] NMI backtrace for cpu 1 [ 838.640938][ C1] CPU: 1 UID: 0 PID: 12356 Comm: syz.1.1769 Not tainted 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 838.640957][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 838.640967][ C1] RIP: 0010:validate_chain+0x5d7/0x5920 [ 838.640990][ C1] Code: 01 00 00 00 48 c7 84 24 00 01 00 00 0e 36 e0 45 49 c7 04 0c 00 00 00 00 49 c7 44 0c 09 00 00 00 00 49 c7 44 0c 11 00 00 00 00 <49> c7 44 0c 1f 00 00 00 00 49 c7 44 0c 2b 00 00 00 00 41 c6 44 0c [ 838.641005][ C1] RSP: 0018:ffffc90000a18700 EFLAGS: 00000002 [ 838.641019][ C1] RAX: 0000000000000001 RBX: 00000000000a4021 RCX: 1ffff92000143100 [ 838.641031][ C1] RDX: 0000000000000001 RSI: ffff88802835a9d0 RDI: ffff888028359e00 [ 838.641042][ C1] RBP: ffffc90000a18a00 R08: ffffffff94270887 R09: 1ffffffff284e110 [ 838.641056][ C1] R10: dffffc0000000000 R11: fffffbfff284e111 R12: dffffc0000000000 [ 838.641069][ C1] R13: ffff88802835a9f0 R14: 58cce5e7c8d5ebdc R15: 0000000000000001 [ 838.641082][ C1] FS: 00007fe42dc7d6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 838.641097][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 838.641109][ C1] CR2: 000000110c36893d CR3: 0000000031c24000 CR4: 00000000003526f0 [ 838.641124][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 838.641134][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 838.641146][ C1] Call Trace: [ 838.641152][ C1] [ 838.641160][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 838.641199][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 838.641238][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 838.641278][ C1] ? __pfx_lock_release+0x10/0x10 [ 838.641303][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 838.641326][ C1] ? nmi_handle+0x14f/0x5a0 [ 838.641343][ C1] ? nmi_handle+0x2a/0x5a0 [ 838.641362][ C1] ? validate_chain+0x5d7/0x5920 [ 838.641381][ C1] ? lock_acquire+0x9e/0x550 [ 838.641397][ C1] ? default_do_nmi+0x63/0x160 [ 838.641421][ C1] ? exc_nmi+0x123/0x1f0 [ 838.641439][ C1] ? end_repeat_nmi+0xf/0x53 [ 838.641458][ C1] ? validate_chain+0x5d7/0x5920 [ 838.641478][ C1] ? validate_chain+0x5d7/0x5920 [ 838.641500][ C1] ? validate_chain+0x5d7/0x5920 [ 838.641520][ C1] [ 838.641526][ C1] [ 838.641532][ C1] ? mark_lock+0x9a/0x360 [ 838.641550][ C1] ? __pfx_validate_chain+0x10/0x10 [ 838.641570][ C1] ? validate_chain+0x11e/0x5920 [ 838.641593][ C1] ? __lock_acquire+0x1397/0x2100 [ 838.641612][ C1] ? __pfx_validate_chain+0x10/0x10 [ 838.641633][ C1] ? __pfx_validate_chain+0x10/0x10 [ 838.641655][ C1] ? mark_lock+0x9a/0x360 [ 838.641674][ C1] ? mark_lock+0x9a/0x360 [ 838.641694][ C1] ? __lock_acquire+0x1397/0x2100 [ 838.641715][ C1] ? mark_lock+0x9a/0x360 [ 838.641734][ C1] __lock_acquire+0x1397/0x2100 [ 838.641758][ C1] lock_acquire+0x1ed/0x550 [ 838.641774][ C1] ? advance_sched+0xa02/0xca0 [ 838.641797][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 838.641814][ C1] ? advance_sched+0x9b4/0xca0 [ 838.641831][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 838.641853][ C1] ? __pfx_lock_release+0x10/0x10 [ 838.641873][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 838.641895][ C1] ? taprio_set_budgets+0x333/0x370 [ 838.641915][ C1] ? advance_sched+0xa02/0xca0 [ 838.641934][ C1] advance_sched+0xa1e/0xca0 [ 838.641952][ C1] ? advance_sched+0xa02/0xca0 [ 838.641971][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 838.641992][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 838.642015][ C1] ? __pfx_advance_sched+0x10/0x10 [ 838.642034][ C1] __hrtimer_run_queues+0x59b/0xd30 [ 838.642062][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 838.642083][ C1] ? sched_clock+0x4a/0x70 [ 838.642104][ C1] ? read_tsc+0x9/0x20 [ 838.642125][ C1] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 838.642145][ C1] hrtimer_interrupt+0x403/0xa40 [ 838.642175][ C1] __sysvec_apic_timer_interrupt+0x110/0x420 [ 838.642194][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 838.642217][ C1] [ 838.642223][ C1] [ 838.642230][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 838.642254][ C1] RIP: 0010:console_flush_all+0x996/0xeb0 [ 838.642278][ C1] Code: 48 21 c3 0f 85 16 02 00 00 e8 f6 ad 20 00 4c 8b 7c 24 10 4d 85 f6 75 07 e8 e7 ad 20 00 eb 06 e8 e0 ad 20 00 fb 48 8b 5c 24 18 <48> 8b 44 24 30 42 80 3c 28 00 74 08 48 89 df e8 96 83 84 00 4c 8b [ 838.642292][ C1] RSP: 0018:ffffc9000c74e660 EFLAGS: 00000287 [ 838.642306][ C1] RAX: ffffffff817ec5c0 RBX: ffffffff8f162c98 RCX: 0000000000080000 [ 838.642319][ C1] RDX: ffffc9000bc91000 RSI: 0000000000003cf4 RDI: 0000000000003cf5 [ 838.642331][ C1] RBP: ffffc9000c74e810 R08: ffffffff817ec597 R09: 1ffffffff284e110 [ 838.642343][ C1] R10: dffffc0000000000 R11: fffffbfff284e111 R12: ffffffff8f162c40 [ 838.642356][ C1] R13: dffffc0000000000 R14: 0000000000000200 R15: ffffc9000c74e860 [ 838.642371][ C1] ? console_flush_all+0x967/0xeb0 [ 838.642394][ C1] ? console_flush_all+0x990/0xeb0 [ 838.642426][ C1] ? console_flush_all+0x1a3/0xeb0 [ 838.642452][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 838.642476][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 838.642496][ C1] ? this_cpu_in_panic+0x4f/0x80 [ 838.642516][ C1] ? is_printk_legacy_deferred+0x43/0x50 [ 838.642534][ C1] ? printk_get_console_flush_type+0x1fe/0x4f0 [ 838.642557][ C1] console_unlock+0x14f/0x3b0 [ 838.642579][ C1] ? __pfx_console_unlock+0x10/0x10 [ 838.642602][ C1] ? this_cpu_in_panic+0x4f/0x80 [ 838.642621][ C1] ? is_printk_legacy_deferred+0x43/0x50 [ 838.642638][ C1] ? printk_get_console_flush_type+0x1fe/0x4f0 [ 838.642662][ C1] vprintk_emit+0x730/0xa10 [ 838.642684][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 838.642705][ C1] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 838.642725][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 838.642747][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 838.642767][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 838.642788][ C1] ? __pfx_validate_chain+0x10/0x10 [ 838.642811][ C1] _printk+0xd5/0x120 [ 838.642831][ C1] ? __pfx__printk+0x10/0x10 [ 838.642849][ C1] ? smack_log+0x123/0x540 [ 838.642873][ C1] ? __pfx_smack_log+0x10/0x10 [ 838.642896][ C1] tcp_syn_flood_action+0x26e/0x320 [ 838.642918][ C1] tcp_conn_request+0x627/0x34c0 [ 838.642937][ C1] ? __lock_acquire+0x1397/0x2100 [ 838.642962][ C1] ? __pfx_tcp_conn_request+0x10/0x10 [ 838.642990][ C1] ? subflow_v6_conn_request+0x271/0x3a0 [ 838.643014][ C1] ? tcp_rcv_state_process+0x1fc/0x44e0 [ 838.643033][ C1] tcp_rcv_state_process+0x187e/0x44e0 [ 838.643052][ C1] ? __pfx_lock_release+0x10/0x10 [ 838.643069][ C1] ? __inet6_lookup_established+0xd28/0xdc0 [ 838.643097][ C1] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 838.643115][ C1] ? sk_filter_trim_cap+0x1b3/0xa80 [ 838.643133][ C1] ? sk_filter_trim_cap+0x5bf/0xa80 [ 838.643151][ C1] ? __pfx_tcp_inbound_hash+0x10/0x10 [ 838.643174][ C1] ? inet6_lookup_listener+0x113/0x2d0 [ 838.643198][ C1] tcp_v6_do_rcv+0x8f0/0x13e0 [ 838.643221][ C1] ? tcp_v6_fill_cb+0x1e2/0x470 [ 838.643243][ C1] tcp_v6_rcv+0x220a/0x2fb0 [ 838.643299][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 838.643321][ C1] ? csum_partial+0x22f/0x2b0 [ 838.643342][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 838.643362][ C1] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 838.643381][ C1] ip6_protocol_deliver_rcu+0xc79/0x1580 [ 838.643416][ C1] ? ip6_input_finish+0xdc/0x2d0 [ 838.643435][ C1] ip6_input_finish+0x187/0x2d0 [ 838.643456][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 838.643476][ C1] NF_HOOK+0x3a4/0x450 [ 838.643496][ C1] ? NF_HOOK+0x9a/0x450 [ 838.643514][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 838.643538][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 838.643562][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 838.643582][ C1] NF_HOOK+0x3a4/0x450 [ 838.643600][ C1] ? skb_orphan+0x4b/0xd0 [ 838.643620][ C1] ? NF_HOOK+0x9a/0x450 [ 838.643638][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 838.643657][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 838.643679][ C1] ? __pfx_ipv6_rcv+0x10/0x10 [ 838.643698][ C1] __netif_receive_skb+0x1ea/0x650 [ 838.643721][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 838.643738][ C1] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 838.643763][ C1] ? __pfx___netif_receive_skb+0x10/0x10 [ 838.643783][ C1] ? build_skb+0x52/0x2a0 [ 838.643799][ C1] ? tun_get_user+0x2173/0x48a0 [ 838.643820][ C1] ? tun_chr_write_iter+0x10d/0x1f0 [ 838.643841][ C1] ? do_syscall_64+0xf3/0x230 [ 838.643863][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.643886][ C1] ? tun_rx_batched+0x160/0x8f0 [ 838.643907][ C1] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 838.643926][ C1] ? read_tsc+0x9/0x20 [ 838.643947][ C1] ? netif_receive_skb+0x131/0x890 [ 838.643968][ C1] ? netif_receive_skb+0x131/0x890 [ 838.643989][ C1] netif_receive_skb+0x1e8/0x890 [ 838.644009][ C1] ? tun_rx_batched+0x160/0x8f0 [ 838.644031][ C1] ? __pfx_netif_receive_skb+0x10/0x10 [ 838.644056][ C1] ? tun_rx_batched+0x160/0x8f0 [ 838.644077][ C1] tun_rx_batched+0x1b7/0x8f0 [ 838.644099][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 838.644118][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 838.644135][ C1] ? __pfx_tun_rx_batched+0x10/0x10 [ 838.644164][ C1] tun_get_user+0x30cc/0x48a0 [ 838.644190][ C1] ? tun_get_user+0x2bba/0x48a0 [ 838.644211][ C1] ? tun_get_user+0x875/0x48a0 [ 838.644238][ C1] ? __pfx_tun_get_user+0x10/0x10 [ 838.644266][ C1] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 838.644285][ C1] ? tun_get+0x1e/0x2f0 [ 838.644305][ C1] ? __pfx_lock_release+0x10/0x10 [ 838.644327][ C1] ? tun_get+0x1e/0x2f0 [ 838.644347][ C1] ? tun_get+0x27d/0x2f0 [ 838.644368][ C1] tun_chr_write_iter+0x10d/0x1f0 [ 838.644391][ C1] vfs_write+0xaeb/0xd30 [ 838.644416][ C1] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 838.644438][ C1] ? __pfx_vfs_write+0x10/0x10 [ 838.644459][ C1] ? __fget_files+0x2a/0x410 [ 838.644476][ C1] ? __fget_files+0x2a/0x410 [ 838.644495][ C1] ksys_write+0x18f/0x2b0 [ 838.644515][ C1] ? __pfx_ksys_write+0x10/0x10 [ 838.644534][ C1] ? do_syscall_64+0x100/0x230 [ 838.644558][ C1] ? do_syscall_64+0xb6/0x230 [ 838.644581][ C1] do_syscall_64+0xf3/0x230 [ 838.644604][ C1] ? clear_bhb_loop+0x35/0x90 [ 838.644620][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.644643][ C1] RIP: 0033:0x7fe42cd847df [ 838.644659][ C1] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 838.644673][ C1] RSP: 002b:00007fe42dc7d000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 838.644690][ C1] RAX: ffffffffffffffda RBX: 00007fe42cf75fa0 RCX: 00007fe42cd847df [ 838.644708][ C1] RDX: 0000000000000096 RSI: 00000000200001c0 RDI: 00000000000000c8 [ 838.644720][ C1] RBP: 00007fe42ce01aa8 R08: 0000000000000000 R09: 0000000000000000 [ 838.644731][ C1] R10: 0000000000000096 R11: 0000000000000293 R12: 0000000000000000 [ 838.644742][ C1] R13: 0000000000000000 R14: 00007fe42cf75fa0 R15: 00007ffe96116988 [ 838.644760][ C1] [ 838.644935][ C0] Kernel panic - not syncing: softlockup: hung tasks [ 838.644951][ C0] CPU: 0 UID: 0 PID: 12330 Comm: syz.3.1762 Tainted: G L 6.13.0-rc3-syzkaller-00224-gbaa172c77ac5 #0 [ 838.644978][ C0] Tainted: [L]=SOFTLOCKUP [ 838.644987][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 838.644999][ C0] Call Trace: [ 838.645007][ C0] [ 838.645016][ C0] dump_stack_lvl+0x241/0x360 [ 838.645045][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 838.645071][ C0] ? __pfx__printk+0x10/0x10 [ 838.645101][ C0] ? vscnprintf+0x5d/0x90 [ 838.645126][ C0] panic+0x349/0x880 [ 838.645151][ C0] ? watchdog_timer_fn+0x914/0x960 [ 838.645175][ C0] ? __pfx_panic+0x10/0x10 [ 838.645195][ C0] ? tick_nohz_tick_stopped+0x82/0xb0 [ 838.645223][ C0] ? __irq_work_queue_local+0x137/0x410 [ 838.645246][ C0] ? irq_work_queue+0xca/0x150 [ 838.645267][ C0] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 838.645295][ C0] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 838.645328][ C0] watchdog_timer_fn+0x957/0x960 [ 838.645354][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 838.645379][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 838.645404][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 838.645435][ C0] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 838.645459][ C0] __hrtimer_run_queues+0x551/0xd30 [ 838.645501][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 838.645525][ C0] ? handle_softirqs+0x7e0/0x9b0 [ 838.645553][ C0] ? read_tsc+0x9/0x20 [ 838.645578][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 838.645605][ C0] hrtimer_interrupt+0x403/0xa40 [ 838.645652][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 838.645683][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 838.645708][ C0] [ 838.645716][ C0] [ 838.645725][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 838.645754][ C0] RIP: 0010:smp_call_function_many_cond+0x19f8/0x2c60 [ 838.645781][ C0] Code: 89 e6 83 e6 01 31 ff e8 56 e9 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 01 e5 0b 00 eb 38 f3 90 42 0f b6 04 23 <84> c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 e5 e4 0b 00 eb e4 44 [ 838.645798][ C0] RSP: 0018:ffffc9001bbe7460 EFLAGS: 00000293 [ 838.645816][ C0] RAX: 0000000000000000 RBX: 1ffff110170e88b9 RCX: ffff8880260b0000 [ 838.645831][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 838.645844][ C0] RBP: ffffc9001bbe7660 R08: ffffffff81938e8a R09: 1ffffffff284e110 [ 838.645860][ C0] R10: dffffc0000000000 R11: fffffbfff284e111 R12: dffffc0000000000 [ 838.645875][ C0] R13: ffff8880b87445c8 R14: ffff8880b863f940 R15: 0000000000000001 [ 838.645896][ C0] ? smp_call_function_many_cond+0x19da/0x2c60 [ 838.645939][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 838.645972][ C0] ? __pfx___text_poke+0x10/0x10 [ 838.646000][ C0] ? __pfx___might_resched+0x10/0x10 [ 838.646029][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 838.646056][ C0] ? __pfx___might_resched+0x10/0x10 [ 838.646090][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 838.646117][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 838.646144][ C0] text_poke_bp_batch+0x352/0xb30 [ 838.646170][ C0] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 838.646204][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 838.646232][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 838.646263][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 838.646292][ C0] ? __jump_label_update+0x379/0x3a0 [ 838.646323][ C0] text_poke_finish+0x30/0x50 [ 838.646347][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 838.646374][ C0] static_key_disable_cpuslocked+0xd2/0x1c0 [ 838.646402][ C0] static_key_disable+0x1a/0x20 [ 838.646426][ C0] tracepoint_probe_unregister+0x83c/0xa10 [ 838.646457][ C0] bpf_raw_tp_link_release+0x45/0x70 [ 838.646482][ C0] bpf_link_free+0xfd/0x3a0 [ 838.646513][ C0] bpf_link_release+0x78/0x90 [ 838.646539][ C0] ? __pfx_bpf_link_release+0x10/0x10 [ 838.646568][ C0] __fput+0x23c/0xa50 [ 838.646600][ C0] task_work_run+0x24f/0x310 [ 838.646629][ C0] ? __pfx_task_work_run+0x10/0x10 [ 838.646663][ C0] ? switch_task_namespaces+0xe4/0x110 [ 838.646693][ C0] do_exit+0xa2a/0x28e0 [ 838.646722][ C0] ? __pfx_do_exit+0x10/0x10 [ 838.646744][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 838.646775][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 838.646799][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 838.646820][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 838.646848][ C0] do_group_exit+0x207/0x2c0 [ 838.646868][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 838.646891][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 838.646920][ C0] get_signal+0x16b2/0x1750 [ 838.646959][ C0] ? __pfx_get_signal+0x10/0x10 [ 838.646994][ C0] arch_do_signal_or_restart+0x96/0x860 [ 838.647025][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 838.647051][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 838.647084][ C0] ? syscall_exit_to_user_mode+0xa3/0x340 [ 838.647114][ C0] syscall_exit_to_user_mode+0xce/0x340 [ 838.647143][ C0] do_syscall_64+0x100/0x230 [ 838.647171][ C0] ? clear_bhb_loop+0x35/0x90 [ 838.647192][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 838.647219][ C0] RIP: 0033:0x7f19a3985d29 [ 838.647235][ C0] Code: Unable to access opcode bytes at 0x7f19a3985cff. [ 838.647246][ C0] RSP: 002b:00007f19a47fa0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 838.647266][ C0] RAX: fffffffffffffe00 RBX: 00007f19a3b76088 RCX: 00007f19a3985d29 [ 838.647282][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f19a3b76088 [ 838.647296][ C0] RBP: 00007f19a3b76080 R08: 0000000000000000 R09: 0000000000000000 [ 838.647309][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f19a3b7608c [ 838.647323][ C0] R13: 0000000000000000 R14: 00007fffa6046f20 R15: 00007fffa6047008 [ 838.647352][ C0] [ 839.776498][ C0] Shutting down cpus with NMI [ 839.776809][ C0] Kernel Offset: disabled