last executing test programs: 16m36.702321748s ago: executing program 3 (id=699): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f00000001c0), 0x10) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4) recvmmsg(r0, &(0x7f0000001e40)=[{{0x0, 0x0, 0x0}, 0x1db}, {{0x0, 0x0, 0x0}, 0x4}], 0x2, 0x10000, 0x0) sendmsg$can_raw(r0, &(0x7f0000000440)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "0000000000000003"}, 0x10}, 0x1, 0x0, 0x0, 0x10}, 0x4004000) 16m36.459866286s ago: executing program 3 (id=704): rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) epoll_create(0xeb5) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 16m36.240461533s ago: executing program 3 (id=707): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x500, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000000)) 16m33.750350116s ago: executing program 3 (id=713): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000080)='./file0\x00') open(&(0x7f0000000080)='./bus\x00', 0x4000, 0x0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) 16m31.920336823s ago: executing program 3 (id=718): fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000002980), 0x2, 0x0) read$dsp(r0, &(0x7f0000002a00)=""/163, 0xa3) read$FUSE(r0, &(0x7f00000044c0)={0x2020}, 0x2020) 16m26.840276161s ago: executing program 3 (id=734): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000000c0)=0x100004, 0x4) connect$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x1, 0x8, 0x40, 0x0, 0xf9, @local}, 0x10) 16m23.754213863s ago: executing program 32 (id=734): setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000000c0)=0x100004, 0x4) connect$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x1, 0x8, 0x40, 0x0, 0xf9, @local}, 0x10) 14m52.230651831s ago: executing program 2 (id=1010): add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8) r4 = accept4(r3, 0x0, 0x0, 0x80000) r5 = dup(r4) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg$unix(r6, &(0x7f0000000080)=[{{0x0, 0x8d, &(0x7f00000009c0)=[{&(0x7f0000000480)='Y', 0x1}, {&(0x7f0000000100)="d5", 0xf4240}], 0x2}}], 0x1, 0x0) 14m50.822420742s ago: executing program 2 (id=1016): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x1f, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffff000000e8ff000003424203"], 0x0) lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000002440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) getxattr(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=@known='system.posix_acl_access\x00', &(0x7f00000001c0)=""/198, 0xc6) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x600, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x2000000) socket$igmp6(0xa, 0x3, 0x2) 14m48.386287117s ago: executing program 2 (id=1020): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x4d, 0x0, 0x8) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003100), 0x35, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x4, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, @void, @value}, 0x94) fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) socket$kcm(0x29, 0xa, 0x0) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f0000000140)='./file0\x00') r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)={0x4c, r5, 0x1, 0x70bd2b, 0x4000, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0xfffffffa}, {0x6}}]}, 0x4c}}, 0x4040000) 14m47.035224501s ago: executing program 2 (id=1023): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd74) r2 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x4, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 14m44.994267191s ago: executing program 2 (id=1031): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="10"], 0x10) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',privport,access=', @ANYRESDEC=r1]) open(&(0x7f0000000200)='./file0/file0\x00', 0x0, 0x2e4) 14m44.809337619s ago: executing program 2 (id=1035): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000740)=@raw={'raw\x00', 0x4001, 0x8000000, 0x240, 0x0, 0x720d, 0x148, 0x0, 0x148, 0x1a8, 0x240, 0x240, 0x1a8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x20000011) setsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000000000)={@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}, 0xc) sched_setscheduler(0x0, 0x2, 0x0) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x400000, 0x9a) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) write$cgroup_pid(r1, &(0x7f0000000040)=r2, 0x12) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet(0xa, 0x801, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002c00)={&(0x7f0000002c40)=ANY=[@ANYBLOB="9feb01001800000000000000180000"], 0x0, 0x3c, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x7, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) sendto$inet6(r4, &(0x7f0000847fff), 0x0, 0x0, 0x0, 0x0) 14m29.253582942s ago: executing program 33 (id=1035): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000740)=@raw={'raw\x00', 0x4001, 0x8000000, 0x240, 0x0, 0x720d, 0x148, 0x0, 0x148, 0x1a8, 0x240, 0x240, 0x1a8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @empty, 0x0, 0x0, 'wlan1\x00', 'ip6erspan0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2a0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x20000011) setsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000000000)={@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}, 0xc) sched_setscheduler(0x0, 0x2, 0x0) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x400000, 0x9a) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) write$cgroup_pid(r1, &(0x7f0000000040)=r2, 0x12) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet(0xa, 0x801, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002c00)={&(0x7f0000002c40)=ANY=[@ANYBLOB="9feb01001800000000000000180000"], 0x0, 0x3c, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, 0x0, 0x0) syz_open_dev$usbmon(0x0, 0x7, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) sendto$inet6(r4, &(0x7f0000847fff), 0x0, 0x0, 0x0, 0x0) 1m36.926611299s ago: executing program 6 (id=3132): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fffff000060005400000000008000640"], 0x6c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x3, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x3}}, 0x14}}, 0x854) 1m34.789526565s ago: executing program 6 (id=3139): ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x141000, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xb0, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x88, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x50, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_DATA={0x1c, 0x7, 0x0, 0x1, [@NFTA_DATA_VALUE={0x15, 0x1, "ce6a743e21f04a4a63b96d68c90bace01a"}]}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x124}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001ec0), r2) r4 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000001f00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000002040)={0x0, 0x0, &(0x7f0000002000)={&(0x7f0000000140)={0x2c, r3, 0xc01, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x6e}]]}, 0x2c}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000100)={0x5, 0x2}) socket(0x23, 0x5, 0xfffffffd) 1m34.385225885s ago: executing program 6 (id=3141): r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x0, 0xffffffff, 0x400}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_OPENAT={0x12, 0x12, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0\x00', 0x44, 0x842, 0x23456}) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) readv(r4, &(0x7f0000000340)=[{&(0x7f0000000100)=""/64, 0x20}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x11, r3, 0xd2e8d000) io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0) r5 = gettid() signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x0) readv(r0, &(0x7f0000002940), 0x10000000000002f1) tkill(r5, 0x7) socket$alg(0x26, 0x5, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="0100000000000000003039b74d2bcf70000c000000"], 0x14}}, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f000049c000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000540)={[0x88ab8, 0x7, 0x9, 0xd646, 0x7, 0xa90, 0x8001, 0x1ff, 0x3, 0x8000000000000000, 0x8000000000000001, 0x2, 0xffff, 0x101, 0x5, 0x1], 0x8000000, 0x141200}) ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, &(0x7f0000000640)=0x4) ioctl$KVM_RUN(r8, 0xae80, 0x0) 1m33.973991725s ago: executing program 6 (id=3143): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb34902, 0x1000006, 0x28011, r1, 0x0) dup(0xffffffffffffffff) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x38011, r3, 0x0) r4 = getpid() sched_setscheduler(r4, 0x0, &(0x7f0000000740)=0x3) r5 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) close(r5) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r5, &(0x7f000000c400)={0x2020, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r6, &(0x7f0000000200)={0x50, 0x0, r7, {0x7, 0x1f, 0xffffffff, 0x28a, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x50) syz_fuse_handle_req(r5, &(0x7f000000a3c0)="61ddaf21c1282a5a6352f350c2f614ede5b0c406f5488574ed6fcb609ce20f648ee274c8dfeaa625b1fd332f70f776ae0b6e3f959c24f3876756c20e05c82079387520764f2446820d53242898a90e51c5b68297e39b7fcf558b450e9608326c3dc6704a054216a8c6f0d689e5eb6b8564854376910eff147682d2378b9c5b95a626493ce628b1bb6b524ed7e90ebe6eb0246399eac6d624dcf4e824be2de9c1d5d06eab13f2770577304eb676106fd9868a030192067ac009482e03a817f1abd909a94702479fe30b2594ca60b4acc37148cf04e8c0e76dd69e29d243596f8174129ac6ab9dbb79ace8f0fae14234845725102a027d4163f97f3971d207500defeaa2c7318f7e82e591701f9d3f78592ea7ec28806a53278a35a20251eeb2735fa9f37bf0045b5e6faf5f751c7ad31d8426be7b09027b2092f49247159a33b580d2691ebf00797962168bdc368f57282ce5b8526eacb80952ffba771626c0016b8a010546f0b4daf470814cee0ea418b76331c34616cea0459dbd1f196364c99e4a47bcdd64b518ef51833e6f8041fbbbe86e808bdbade7009985f2c4d7ffd76a0e7dc7d542bdee1d136d2096dfa997f98ac83c6341b306a3a8cf81642566d7777480d4dc61b0182f0d418ce95d74c9aadb182326d6671412a1f0c62c93a0ba873ff5daa4ece4b2fc73ed5b02b60890374acc0cd25cbf1707016a542fafd6af098f9737304c726712c8243dcd5eb15c0996e9e03dd741d519cb3e86ea214e20408c2cc5ea607585f1bfd268ba3084ffa69425512571d263fd1ae49b488b2964bd3e78943122006489cc22191dec2900a7fdf798c9f683461f2a7b940f4112b805dc077a7b99071b5b454f7c6d2b13a6b23091f74ecc65a24ac0d11e2ffd7332fb2b2b11aeec3c809d78cc2e168f126f38dddfe3e1d0ec1c6fb25f880690f97a70dc5fbea5d25dba3b24c01d9bd228c58deca660625511127a62220429c94be65d6ad4ce7e79e97af67931b46ccfabca5dbaea11e2dc76279b0244cc2845f31beff418fe4bd892d3676079d9d4eb0251dfead9e0a07a11c0a7e597ac89ec77de60a5f6e0ff4a62374856b8e1659e885d3a0d90293daa0c7bb041cbcd54bf098b66b2ddec28dcba4cfbad969e3b97e4bf680f901485d1cd4b231a9115c22ab2f911415ad0efe0eb7f4bee15c6de7d0f818acd687a117286f9e3c33df5206df918ea4ac52927487968d88f4a18d4889a4060f20487e4cec19250fe48a16b1f9f7250a6ab81fbaa2ad451a936ee98021bf859b9a635132a0dcf7530c0e2c84a459241a1fc9fe45b4a4f32fa8e95185db92660292ece6b5ddbb0b9f69bd7435cd4944f8ff2ed51172f0683fbae1013cde202498f2e1be54d1a2e17b3984b17d1994915a477c87697f465781e41b44c6a40ae035e75a4d9f9c0926bec533db0d4c26d605cb1ae225e692ed315062e8c3283716929e25a22b25105e018d81c07cb7600d1bae16d8beec33c88f1cdb52ac988b4677ed604c28ff1cdeeeb74c332dc526cff5ee935016984cabf117694cccabae944de4d2d2daff8f281b6434475b52c1910210598c684da99c108000a53d2ca03afd42b0200691d92341616353a22a8dacd8cb7eee85953b251236603d2ef1e450675f8d0f3cd0e28ef36457f79c267d836d14ed758148e979b9749ddcef14aec903939c69567a1697aae8f9ed72a16be0267a3a967727937f609720802570287c4e08641b9b7b979c6541add0e8600dd2d75a1dc0822ceb7a7e4e1afda2940d127f488589963b46417d7a7474545e5b08a621c1a7637b3fcb62b0aee10d999505907bd14033370e391f6192ff7d718e1db3ef861d30b2d477f11cd45ecb296d4babcccc34901165e3fcdbef6fa1ee478a97f7d21dc5562582d67c448ae352d3157d83e8ab0122a2bb056bdff8043a91b8f3abe4d788fe741483997a8e3fe126626a14b4243d3ff8ada8dd555c95d5e30b68cc053dfbbb61940cbb552cc1fe211ea5ea13cbfb6a577cde339282d84e92f866145e7b1de4d5a1705fc24fc8843f1a69f4c604adf0d715ad88c6a4ac80a35375662610e0ed07af9c4c76326716a77b106ef87782804ca353eaade28a1ca522d706282ebe48c0b23fd42b2e0297f5997d3aab40615f143e868c6aaf920bc827224946db3e3b3e65ea66dbfa5fe6c45dab930877852e86df251024e4ae46ee8e04cf40f2b3239f4df40062cfddada61700959deaeed3a44fb185ce51685fcab793184435b3e668e7d80820a613acde8d61e24571b9de7ce4581a4751d70a28e8d098660e81941fe40b6844a3204b512457194e100c995c75921569f735afee321080ed6310610887ca842001f5112c5af8c9083e3d088a404b48ee82e1e8be16fd493a2a643816488447706f3e86d2d0ed48f7397aad0cf105a4a71d928a15413ab3813e42478cf7a5be2e03d15ccb90a625863cb2ca1059110f90186cf4c370469f4d7e1ccda56ed9c427cce46e7d1c82641554ffa0c7c42697cbc754702b62be5ab03c995ac8cda3145959c440c4d6ead7d6398faf189de77645a05a54d6c33c9678daec6e5ac0048f91e15b2fdb808d712e662007da5e228ddc7370f575723a0018a1da70fa27e6624c8c75047eb584bf3399a8fce999df94f6fb54fb6c1fc954b1d899459fcd2f459e57c214ae590513ed268ed2d1114d8276642510a2eb99feecb58d8476550553a9f3d1f04c9bb442dae6dd84628b60cc9fd3c1e5c4fe3b9ad5f43b5d06e31ba4644f7499c03fd68cd2207027eeb1908a8022d70eb8fc8f55fee7be7e3af525d4fb1ab3e9b458246cbb5371e8145e1d04762c62068e03795a5a6b48d8643a83927c47000b7766e320e0ef2339d5423813e8d7845b939a9567745f6e2d6070764669c905ea77943a31f0df838a5d046f25d516bb654336f759c05dcc0febbbf1d214382a76fa09aa32be9799252f1d0fd8bacfe3f32574fdc82c6ed77f1c08d4aef88c157cbdac947346e3e015af60125d3e36ec6bd8dc5127c7ab1ed773c8beffc9dba99bd9fa1498a5a49bcce4ddb13fb85e256fcac569aab1c815527710d2c350c7cc84db5a7eb243227973fd5e2d1d8450077ececa0d96884c90ac0146d37b13f1aacc1eaddec3f0d475df6ceafe73f9076fcfeaf496efcae22d09745453a5e4776876ecfb1d004361f82f76b2bfba050d0fd5060f50fd74f9908a62649955e2f90e4ac4a4f0b29484cf80eebcbecb12db8586ee58443c181a59c046c657ecbb067a1e70d4c548e8b291a5aa681624747d9a52a6184a5fc82d824d9ab6156ec5fd73a038b38d86974e7a89b55a95b609e12c98f4168c0e48139749fce33397948224641e9823588858f82247d9abf8f84250564189676325e43944e888cef6918cd2b842b3a42751475a37656b3f04a02430705f16908d638212f69cf96d5311038e00e048468810d1cfefb0a9aeaf46d1bd31f7156a97542d9373abd3c069aa096486244389312031398a35e0ebca6668ed06dbe80290ac9a2a15ac9c208cdbcb2c1e18f008741649b4fe2ac1e6ca0a19980b6276fa09c5c0e67e748c1669add6fd4c70ba522be4428df305c3313929a4eec348f03fc6a6dfd1d6740a61230a977555b6b4d5165c98323871d750e80f9205231af03ab430a720dcaad03d113f38574ebada74f5b34a05a6abb7ba9b8b280401a3a21dd7e1e026deb438ed020d09fc93ffd7376ced7b5d6c9c35072c7f28ddb7fea3ffa7b7e6766892be2015c20e2cc7fa8bcb5832b97e964947ae940d5ce215ff3a0d74851d5735f3573d533cca9b3a89f9494f150cb732139cc2282304f6a375ee1062f6f850ebf89548973b6c5e7aee8b98b18b443332d3be20fea086653d52756b40ec4f08ad52f4d0a5a61004c700f070b83548670ef36dcbd8daf13ae6d382aaba3c3bac3c1efd953781d69e7365e1393d2c3f34d3dc91999ab9a545bc167e50ea6874fe8f49e93e452ad4710d7127c430ab2caf3ec1627e6a2a6a57604a5da490087991b68cd58d456f6818f22e38007e1628c6a78f6a8a321e3f0d5d5e1bc7f9ef53c4780b451dad949962c8a6a464b25cb161159b72f40fed8280daec34135f77373b9432f411b232e9374e9cb3fcd85a599c20d0b8e294835c60c2e034eb8385c507095c6eb6748180fd1ad97cb0a4b2ffa70c90891d373459538f4106078162bc46b425572466aa4769153b994698bbff1a98b5948e40d98bb2900445eebe95c4892bcb92b4c28b734ea7e106accc9836767e0881f970c9d69063dd918de44a484ef3f860b0dcec58f22b3f1a0abb9c0c2b6cd5bdacdc194f188588c0888d6abfa2d0b79d0b33a41e3b6a0f9fbf811ba20f346025b3a4be17eb5ce583b860cad5424bcaf1ef4a255678706052c1cae9cd77cc78639f975f07737b791831c64f0c974b23a5c428091b8b8e17a037ac3c6d56da4b4c7e4752736cbbc8d67b1b823e87d51ffc95fe9752e8479fc15a6fe7b96fbd7b93dc2144381c424ec7782d7f8b2637010dca11ccdaab1bad652a9ecd8b6ba2c116fa419c8582a0ccf754a294d9de5b457d9b1a4120fd53667862e50cb028e2f92c73a38f77ff57c93b410e7f3257bd56e5aa504f0643bd2bcfae2168046ad2737a36b21f6d993de1fe7b31e9ef7c79d545e5364b65011a6d26e0a2f1018a5280ca88d3d1e30c68195f8cf1a3ece813f22e44d83867c9f711218203d1adf2869ed89babca094b8def7ae0abd0245f522930db59c4b2eeec4d564bfdb931d435a986daba4b604d5bf30b1cfdf6960986ba0dab216dfd7ad95ca2555e0573d073dccd407ddd5ed7920c788aa0213aec90b38981a91bc370ede38d171648316d59478e66c068eec33295345162e9896ffc82f8d94b995d3a3a7a4f459e564632b5918b4fd850da380937655f19e2820376e7deb48edb0f5e295521a9a153f5ef69de397d88acc20be99779d7ea2c38445bd70aeeb68cc6c68c1bc603ab580b632866497a3dbcbfd933e2074323f66f1db73129eec8331c8872aa92a33e2180fc0cf2e28d198faef4421064b8435f37b5bfb9b531332b3b0838015fe848f0ce859db8706f2e53fb07ce4d0fd017d85ac9ce2943ab172f08b13c948c3778d2469257d412b1a5305526cc8dcb4a8645f825cca66a63b7134d8b7c760db6a8fa21f2df3456e9b460867303a9d53fb01db8548800d800e49c08c8d731bbf9a642206f4cc6673e4fc0f7106661abfde1eb8a8d384b26d88c16d15f238556ff4b205145d860228038430cd8a342bc15849afd81666b55b358e3ec584fa96f119b77495c4ec36616070237bb170fc04d3befebdaff66643814eb8519abaaf1e9bf939bf5bfefa33c32fe9909055393e383268e426436305b370867db76991ca600bf6211dece3b6b7b4dc5cd4569ff4538080fec318a9e0cce4a8cf26aca8359b503781aaedc2d58b0bb1a82c163425e678b488bdc7362d0be24a7a8238deb31482c332d4d385005ca84c836933b0fce21685ec067adb9490d1a416f83e36e6e3b87d05ab6973f4e359a1fb5a4dbf2ff6a85d235e50d893f222c2a7d84252be9015e104ee3609c83cafdd796a8422257c9ca9172888d91c0f2f2afe36dccada9a713cfc026cf25e113fc543d522e9254f5e129d7ffd61b43ee25bdd63545a81a2b086b616e23abd380a7bb8e54b8341f42c663da1fc8451f21da7315aea416e6856d4d45128dcd34a0f3aeb7aed00c54c348f38888b8c8fec59028d38344a92249c95943d3ff8608bc11406102ebe8269892b2e909bd82ba467aabef127713a0993df779ba7b0816a990566699e4926d75fd47c3f1b9cae3e58771a6ae8776fdb672ee70f215fd908d6dfddb8a2ad10f27b749fa6e67171848d70d3ae135ee3defb2546bb35a3ad2d8ac0e838ff8abb1cd733d80047bc8626960a257b704b43bf0390b7fee656ca7831d23e8ba940533c16c17de68270bb3b2d3bf142b34899b3a106cf9569b4f46f148297c61390733ff9f399c669122dd045187d0a35fe54b4f17e4090c56cfcfa47498b1701a855827d35cf3624624906f997092b010b1da616325a090770694d028fae9874a91f8d21fea85804956594b8252c24d05df5775148ecbf8ab38f131c268cc263f6a2dcd375acfbf39a2defc9869801a720d83add1ff01ac7fc389bc7e35c2eee2b44f808508e6e02ea31cf23ea9f2118bce520101e307b394e5fdd28e90870a327b0a1444b552b7227134a8e5397474a6c0e1ce89d918c899d292660ea44294e07b1645ff9e85f65156f92d55ae795e134250b5359dec6c31d4892d83f363cb09632bb738c4e7f351361adc3ab54776a5c55d6ff4895516c82cc6387b1a424f3af2bb0398d0d4a71fe44c5132b7ad5fdfa732bbcff9f02395df587714072caca65f5fc1215dc9068585e1fbcee22cd69c0386a6482230540ec9ff8e373018e4e2788b9502e5be3e3247f997800c68a634e4490c91d01144a63a7a55afbfa4f0ef5ad538aeec8ea203ef2716ff989e11ce4985263898b8e36b0d3386b816ce484e81404a01ac0ed9f18ef5643f93d46705c949acddca2b74ad53441090f658d22dd081aaf49a7bb07c93ab8dfb5213cba354b4d37d9899423d3b3d45e9463c506ccd69747162d2d64b54291d11fdc6c9b89114543d6948f10e68008973cc485df080b84e0d098f962715ba009f2aa1fb41f7199ea5b9b70df0e1c378da164f7257b4ed04a9fee7cc2de065ad35a60b882d78e26d5804942ed1f2bcf85fc63795fb9164a5f94ffe6bfbf838c9197bce2160d24f88dca14c3e733d18ff1fb7acb0ebdfc4e2ce268a676fb27cc34d4b6b5d7e8db29c020c4c498d793931b0fc7d91ad68d3d8463e36a267833edbdd7062f4d62aa9fd1cb7f8e561d3939bbfa118b897167168832c0aff17fb6cdcf75ad6ef0a18e2b37fb24c85d0866f2e5f191b2ef8fe9b5997635a74cb06aec67363435eb175559629c09316f96dc56de6c7785335d121fc2e4d47c2f50c37c5bf7950ae5de07b3b73830f4299d5009742d4eca98df821a95d244967a42b5a4f3375edc41c5281ca3104bd247c14e838912634d4764c1b6e440860d98f258aa8a24e8af643497366edc2b781aec0567451884aec0343ced1fbddfae585db1012a6d9245ad85c56aa33d5bc30307515bccc8d36d7848c99884db4a49d748e1953b4673e4286393fc97c233d529435faf7ed9f9aa64029814b7cd6a36c3dd9ca7be95e5c4d48e024a3d23651cc81c00a52e2fa2d094435ebdb4ae5be8e6b53cf628ddc87a4bc2dccc98ac38019c91789a40d103fb95785bde5992de08ecdca1dff2ab7cf5013420b3d29b8a7f0af455c4e86285422b986bdf482b87297061084b50684e936acbb075a84e720a2d03892efec7dc1af2fae2a7ce7725cf0d19f39403b273be262c7a4ff638898f6caf84bfb358c580ba4adfd8664bcc539b82792e39ab4f1d8393b1f98f6dd5aae14bc6b73feeeaef7c3accde4d9b098f2d5c7ed68621851f37d27980c4b44df095d865493eeef2724db90aa53a3c37bd345ea75b4e76e8878deae1b4f3204c2957f3806e36a03e995f7633de9b863ff6b3309d330ade917c82f3286d9500105755efac22a4220f457debd861df3c0925dc4ba8913cea12b8deb93cec87c972421bb8442ef2a2a9d638471108ae0152aefdc45eac6ff786dae370a21bfe1e5777df8070bcefba8596cb8f71a516b505b1f83de1129cee91d3a4d6383daac7b9de46a99bc34661f3d805d2e138a769fd6489e4d058a3ab35ccbc81251aa2f23f83d7740bd8869465634e10e114c62bdfd640d69cebf6e78eb0970fa442746f7c3bea77d8589ab131827a95b274dd63ea04fba4c822aed4f8d0cd83ed83177d90332c7e66f103d4eb1dffb9ec0f52094bc7324a7c59819dca343776d6adb6850e7e7e83e2316db1c32feb4ea1c6f47a2ee41bb09d0a931f4fa3cdf7ada2bac7fe5ae2b997e24b8f8c52b0bee1482b74af68b407f0d78f3767bdcb42557c9f3aff0c2c2ea7745a0f588b00a751c1c8d2124a8bfd4d7f756587d239cc43a8cae1d67cf15c73dc8569a1ebdd7b8559e969541a547c272e52d57e5924ced9afc87cd2cdcdf8e30f423ebe26170393ecec06afa093839fc3a10fdc3f9ae19e79e4df6a9af6027e1129a7a6cb4517607eac80fa2b5f7853fe84028a66976ec4b4af50abe9ca959b844d7b2ab94903efec6dfc99ed9df2c329c0e8449b4d2a0a5bc2506d170884d2c6ea8aefebcaaf2abbfa3c4d9e4d201369a47792124a7909e247dc98b777b60a30b1461d857f164e3df983d9a900f8b11bddbdcf47c29d483033c9250f30e268ddf97e0ecbdd99d6fb3dc4562bb75f8f1e03d1aec424293fa5fc786444411a512fc582a9b577d5e88fb9d6f7346bd489f6eb4296e576e25c45e114fb6a3d0b6b831fb4ffe7486daadf2f0ad78aad8f8f7eba17e524de06e81a5af9c1aa09019fcc51611afc45fd30b8ecd2a2ae19758a1ffa55f79cdf53ef1bb55e49cb58d8b291664be61586ace94c7b378d685e54aeee09af828a3ce7335f9d03f8daabcf3543b8099956f60913db6ab401a427aca83772df4fce9081409ab426dae09739b50a8ab4c04a6d2e63b2c4c0b5f7fbd9dc76722057ab6cefc9ccae3abf251259f999fe09dbe1232b8ecf0e26b3d88d13a1001840f6b5942359c3ac75bfc321d9504bcc0e3f4add741125941ece20b4f90416b1f14edb4ecb1ced79cef883aa1d5193f3efeeae7e103891ae4840978fbe74d2cc90b7e02b4d839f15c75576b74e05f7a8af71823317a851bf0ff9171bdb16ffa36f57ccdef61065a62d64ba434571db0d476995e2bf4f148f0a6276b2fad82f03b91fe53f9a7acff3ecdfcedcc1eae42e52e1f7443114b8edc8a9d5c8a55727f7ee1d20e1ca55b42e51b47fc4d2313458ab9a5f05c1411dc8f11e4c57d3fe87183763bd24cfb8dc583c82ce9c0abbeb76310666d2236e2ca164c66e6336fd571967f35b2b0ba847922f5aabf97aea061d19eb9cc3cd6e764da9651f9e66577d9c8870734fe8e03d20ba107e6e2997ef7c42f940b88410c6bf46635cb5e402113411a98c75e8cfd3760235d7a486bfeea1a1dc188b7886172ac66d45a4bd87f60b8502382888f3806e47ffb74d9aef2519e91536f7798b7c22ee70566e686ae2b577f6341f7c47dc1ae41f2af983b80f7db23a3466b4f14e2afd591b19d36375acbc0c8ebf21654c8cf44ea49103299eb1ac6e96bb282a33a6ea204aa266b7d627c53757daa176f6cde932e7e0342977dbf7d5668e8ba984bf05dc610e5450eb4c3dcf7965eedc9b168a9c274ef6a050e93234a9bb5488a5aefaea9c442729b5416dcee6bac23f238bea2f1f4615c863a3ff7c7a081558237f2097b9ffa869f4b69fa32784f62c0b7a458411efd3a9108735de667c63c34af2225e382a17600acecc118ac1f81ec5ed9a26fa966bee8dc6f55c17bbd89a94932bf930b081fd310ef94c490855453551e9eb809e9d568500e6662564b65701a721208dcbef9a07650f9faa5a503d37f2e1b1912fbfb437f1f4c2d4a830a2dcfae905d323fe9a6a01cc8d88ff82a26a1c228103396b6756659b6a8a9ff8b31494cd8bde6205d6f62e698d9ae43ec740fafc60d798a85e5f8598486b6e82f23506c6004ec2f733cde633c3b45d9ef14fb223c020a67f305e33b5d3b239b5026ca679004e212725a4090818734435247b918dc9c65d2f0c580722651217ce7a2dec34c0f8c49e3dc051c01f5d445dca8675339f5c8b30ddc19f51ffa9e9c513f5fc9892dbe5ee5bc148ebf3033635401c8675f0fb43e503d73cd432e3ae2f25bf29b4088a3193c208f5ba51882364202dc3eed6f3ab9a871b4afa960f1776cc92deb7098ae6f61af30e715ab60d44f378bbb79f8fb663de164a5f4f582e6a17fd7e553e677632d1e8489a8138bc780418de30c0a95ae3ec3b0cdee51901869acc318a6725c0c06273dc67d393129278225b9384d978512befdf449f85146fbbe92e6b52cf40028b13d77ccc68e7b65e0c1a25f1f9d17b06b17f216729684fec1b4c0c3fdaf40af5dd1a3f4492d49e018f60f41d91524bc5d750789fd39b6e69cb66b1d86b2c1405331e3e793fb38dc447161f1ba02cee1519b72727aee9ede2898c5195adb0dc1c29fe6eca6598c5612a7f98bfe0d1853e44f47c94ae57bfdaee16711135226c9b44440abbeca5ed53b0aa58d34fa0faf766087135599d7b88a04d5ba7d69c148f3ebaee211a06438146d762c9f85d9007a228edd7d71ad18fe69a1af0caa6176eade25bea11504c2f0498a450d4d265bf97dea5b23c10560c9844d761702a5814fb355827ed6f46bcebb61d0a06c21746625a438c38496a941f447c2150c9125990ff7feef9d551a7adcbe0fd828ef4397c0799507599899259f61ff914f76be6077d0daa67ac0ab9093ecd0f78455b605a7885cae38a88b2955cecd37f972841f440de12831263ae64c7c78970138a738bcc66aae8c1a5c3ca0e166dde9860bbfc4c7bdb854cdb3d94ad4c723b2de03a50dfd120041a9b3107a480e7e108f729484d0df0d8e47c3a6b7ce0376e642ec5a267a91dd2bb1f1b3fe56a5097edddba482627cf79b66801fdd4ecb733067ad52e8fb9970be01a397ede6a3eaee6b8524f8e1cf00e0c5aed165b8b1533afaaeeaa82153f9840760b58b8a12e8168956db4522f2dd5a13183cf861acb0c0bb2735ff5cb683f633bd99ba2bfa7f1fcdd0a54d3b4fa9a7d3de250d7e40bd7b3a829a4f04fd71c64ed4f2503094773b45fdd821688d10ced9da17089b7c954f7e4a7f3e56226abee46d7eb93a6f3d039a7cf3dc14c18dd7502aa0e29e1c54bd1c2182138e06326f3cd4cddcf1997c9739f9e4a0899ce919f20b2def0ff103e5a9e123a1db4a544d438f789a0ed26664523bd55902364f4a21b2a92fcc111392dcdcf7ac0ece18c474d47a11d544b64836a62e3e1e0e9d15f8066315f000b7d8603f772704ed5b96798f28e4f699a671023a4d49c5a1e30d14145b9179e4b0f3424fd46cc22ca48cde74904876cc037a04aee32b53d02e4869427b6b18bf0ce7b5ffb75268788ca5029d2d12b2df068219af12d4e17e56f83e581b0fd6cb7048204803342ab8b146b0c237d6ac7aeb2ee21550c00da60286994f1e7ca53de19d874f7bb27c8c5e263fa350448ea28f4ac0cdfdc4c0d5096f2ab328d089dacb5e87f0a29814e8461470a22ee8a4a318f5e2b5317a027da39789b7b17bdcc9b26bdad1ba5e4580f671a3179a9fde91408aa41a68f47c71c524f8e413557b0656cc2a67e36da5a07ee7c55b0877ecf41a8616ec20f59d370f3eff6b10e68a6c55feff6f52f498bc9ab77224a7548ccdfa3de41ff44ee4bd32295a42d9fdac1a4c8484a7383a6bd5e39cb0249e939fe7f53075d6d4a54bcfbaec50853c5e4bfda256665ed56dcd20fbd04a1d40c200223ddac36a7229df6003f335227a6bde261f7e2f7c980e7e522c68abc63601b3b1a9ebdd4530e4f33b9986f582300", 0x2000, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x78, 0x0, 0x0, {0x410000003, 0x10, 0x0, {0x0, 0x80002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x8001, 0x0, r8}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x800) process_vm_readv(r4, &(0x7f0000000000)=[{&(0x7f0000000100)=""/91, 0x5b}, {&(0x7f00000003c0)=""/67, 0x43}], 0x2, &(0x7f0000000440)=[{&(0x7f00000004c0)=""/86, 0x56}, {&(0x7f0000000180)=""/30, 0x1e}, {&(0x7f0000000540)=""/96, 0x60}, {&(0x7f0000000600)=""/136, 0x88}], 0x4, 0x0) signalfd(0xffffffffffffffff, &(0x7f0000000c80)={[0xfffffffffffffffe]}, 0x8) r9 = syz_io_uring_setup(0x4169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000480), &(0x7f0000000040)=0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x16, 0x3, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_io_uring_setup(0xa94, &(0x7f0000000280)={0x0, 0xd867, 0x0, 0x2}, &(0x7f0000000340)=0x0, &(0x7f00000005c0)) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) syz_io_uring_submit(r11, r10, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_enter(r9, 0x48e9, 0x0, 0x0, 0x0, 0x0) rseq(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50) fadvise64(r2, 0x18, 0x0, 0x4) 1m27.130167309s ago: executing program 6 (id=3155): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYRES16=r0, @ANYRES32=r2], 0x44}}, 0x0) unshare(0x20000400) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1f00000000000000000000000010"], 0x48) ppoll(&(0x7f0000002500)=[{r3, 0x8}], 0x1, &(0x7f0000002540)={0x0, 0x989680}, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {0x2, 0x4e21, @loopback}, {0x2, 0x4e23, @rand_addr=0x64010100}, {0x2, 0x4e21, @empty}, 0x100, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000180)='veth1_to_batadv\x00', 0xc651, 0x1ff, 0xfd7e}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r4}, &(0x7f0000000800), &(0x7f0000000840)=r5}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r6}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) r7 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x5}, &(0x7f0000000080)=0x8) sendmsg$inet_sctp(r7, &(0x7f0000001dc0)={&(0x7f0000000140)=@in={0x2, 0x4e23, @remote}, 0x10, &(0x7f0000001a80)=[{&(0x7f00000001c0)="09f0197ec70e", 0x6}], 0x1, &(0x7f00000000c0), 0x0, 0x50}, 0x8000) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 1m23.406047935s ago: executing program 6 (id=3163): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x5}]}}, 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2, 0xd, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}]}, 0x60}}, 0x0) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000000c0)="17000000020001000003be8c5ee17688a2003308030300ecff3f0200000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59", 0x4f) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x143082, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r2, &(0x7f0000000d00)=[{&(0x7f0000000100)="89e7ee2c7cdad9b4b47380c988ca", 0xfdef}], 0x1) ioctl$VT_ACTIVATE(r0, 0x4b4a, 0x10000000000004) r6 = socket$kcm(0x10, 0x2, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r4, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x68, r5, 0x300, 0x70bd2b, 0x25dfdbfd, {{}, {}, {0x4c, 0x18, {0x1e3, @link='syz1\x00'}}}, ["", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x20000041) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="140000001d000b63d25a80648c2594f90524fc60", 0x14}], 0x1, 0x0, 0x0, 0x4000}, 0x40000) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0x4c, 0x1, 0x2, 0x201, 0x0, 0x0, {0x7}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x101}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0xf}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x5060d25582070a09}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xa681}, @CTA_EXPECT_MASTER={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8080}, 0x4004) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a8c000000060a090400000000000000000200000060000480300001800e000100696d6d6564696174650000001c000280100002800c000280080001800000000008000140000000002c0001800b0001006e756d67656e00001c0002800800034000000001080001400000000408000240000000940900010073797a30000000000900020073797a32"], 0xb4}}, 0x0) connect$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0x204, 0xf9, 0x1, 0x1, 0x71, @multicast}, 0x10) 1m7.985377375s ago: executing program 34 (id=3163): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x5}]}}, 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2, 0xd, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private2}}]}, 0x60}}, 0x0) setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000000c0)="17000000020001000003be8c5ee17688a2003308030300ecff3f0200000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59", 0x4f) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x143082, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r2, &(0x7f0000000d00)=[{&(0x7f0000000100)="89e7ee2c7cdad9b4b47380c988ca", 0xfdef}], 0x1) ioctl$VT_ACTIVATE(r0, 0x4b4a, 0x10000000000004) r6 = socket$kcm(0x10, 0x2, 0x10) sendmsg$TIPC_CMD_SET_LINK_PRI(r4, &(0x7f0000000500)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x68, r5, 0x300, 0x70bd2b, 0x25dfdbfd, {{}, {}, {0x4c, 0x18, {0x1e3, @link='syz1\x00'}}}, ["", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x20000041) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="140000001d000b63d25a80648c2594f90524fc60", 0x14}], 0x1, 0x0, 0x0, 0x4000}, 0x40000) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0x4c, 0x1, 0x2, 0x201, 0x0, 0x0, {0x7}, [@CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x101}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0xf}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x5060d25582070a09}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0xa681}, @CTA_EXPECT_MASTER={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8080}, 0x4004) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a8c000000060a090400000000000000000200000060000480300001800e000100696d6d6564696174650000001c000280100002800c000280080001800000000008000140000000002c0001800b0001006e756d67656e00001c0002800800034000000001080001400000000408000240000000940900010073797a30000000000900020073797a32"], 0xb4}}, 0x0) connect$llc(0xffffffffffffffff, &(0x7f0000000040)={0x1a, 0x204, 0xf9, 0x1, 0x1, 0x71, @multicast}, 0x10) 14.955559443s ago: executing program 0 (id=3316): socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x40000006) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) userfaultfd(0x801) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa07, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82) r4 = fanotify_init(0x4, 0x101801) fanotify_mark(r4, 0x105, 0x40001032, r3, 0x0) open(&(0x7f0000000180)='./file2\x00', 0x1cd842, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0200bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) writev(r5, &(0x7f0000000300)=[{&(0x7f0000000040)="01000000", 0x4}], 0x1) 13.640903876s ago: executing program 5 (id=3319): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfffffffffffffffe}, 0x18) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6(0xa, 0x3, 0xff) sendmsg$inet6(r4, &(0x7f0000000240)={&(0x7f0000000040)={0xa, 0x7, 0x3ae2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="24000000000000002901800032000000ff020000000000000000000001000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x28}, 0x24044010) r5 = getpid() socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1b, 0x9, 0x4, 0x0, 0x104, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) ioctl$SIOCSIFHWADDR(r6, 0x8946, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'}) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x28, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x5da0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) syz_pidfd_open(r5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) r8 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a1300) poll(&(0x7f0000000040)=[{r8, 0x8744}], 0x1, 0x0) read$FUSE(r8, &(0x7f0000000040)={0x2020}, 0x2020) 12.411658512s ago: executing program 4 (id=3323): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r3, 0x7b0, 0x0) prlimit64(r0, 0xe, &(0x7f0000000080)={0x9, 0x100000001}, &(0x7f00000000c0)) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r0, 0x5, 0x0) rseq(&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000180)='Ue\x00P\xe7\xf8O4_\x8fES\xbdt>.WZ\xe2\x9eD\xb4\xa6p\xeb)`', &(0x7f0000000140)='t', 0x0) fcntl$lock(r1, 0x6, &(0x7f0000000000)={0x2, 0x1, 0xa3, 0x6, r0}) 11.866256393s ago: executing program 4 (id=3324): ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x980920, 0x0, '\x00', @value=0x80000000}}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x1c, 0x0, 0x0, 0x0}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000000c0)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) memfd_create(&(0x7f0000000300)='\x00\xc2\xea\x99\xbb\x1c\xdfjw\x97\x05\xa3\xa2\'\xdd\xe4q\xbf\t\x8c\xe0\x19`\x8e\x00\x00\x00\x00\x00\x00\x00\x00\x00\b \xff\x13\x96\xe3?\xdfH\x8c\xe4V\xe2\xfe\v8\x04\xa5\xf6y_w\xd8\xcf\x90k\x05\x00\xf9\x1e\xe8m\x0e\x12\xa015\xc2\xb3u|K\x111\xd4\f8\xeb\x18\xad\xbb!1\x85\x96P\x1b\xa1\x9a\x81\xf8\xb1\xecB)\xe5\xaa7\xfe\xdd,_\x95\x00\x00\x00j^\xaec}\x1a\xb4\x17\xafP\x85I\xd5\xa0I\xb0\xaf\xb5\x8b\\\x05\xd7g\xcbV\x8e\xd0\xac\x87I7\xbd\xc6\x9bI\x92\xb2\x87.\xb3\x1fs\xe7-\xdd+\r\xb4\x117\xa7ei~\xb8\x16\xd1P\xf2\x84\x89K\x16\xd0F|\xa3\x89\xc9~9\x00'/204, 0x6) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000580)='net/snmp\x00') ioctl$NS_GET_OWNER_UID(r3, 0x5421, &(0x7f0000000040)=0x0) setuid(r4) r5 = memfd_create(&(0x7f0000000740)='D\xa3\xd5Wj\x00\x00x0\xc1\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\bI\xd7\'\xe0\xc0\n|\xd3\x1fC\xd5I1\xe0\xc2(UB9\xf7\x86', 0x0) write(r5, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0x0) r6 = dup3(r2, r5, 0x0) fchdir(r6) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008aec1, &(0x7f00000001c0)=ANY=[@ANYRES64, @ANYRESHEX=0x0]) 11.289744432s ago: executing program 0 (id=3328): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r0) semtimedop(0x0, &(0x7f0000000040)=[{0x3, 0x2, 0x1000}, {0x0, 0x0, 0x800}, {0x3, 0x1000, 0x1000}], 0x3, &(0x7f0000000080)) write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000000c0)={0x8, {"8645c335e57f81748a6e2425822e1b24222fd53bf6011bfc770901fe644ccef38e233e8708ce9d733de33792c0dafc9c5b3049fd044731c08153e4bc5ef5c9290e546dadd6a3cbfbeedf0adc8d6d8a2c4155f4b7ad0a7465162e3dd8b2fde3bc734209c97c31f2d9e203e69bb6c76750bea8eb3436ecaabbe096d69916c1b6c070b3d520de363831444a0d42141fc78c5c23902d43cd011b4d1fbd654eb0d52f492a96dd01ac0e74077ec689a3d792b52471242394ad9d4d79a16ccff1f166618eb8978ee9582dc6be110270e04eb6c7f170e5ed7bfb79d3d1ebff7f045b71c9d5aceeb7b0c178af429f6b9f83962547e16f5b0caff44ed119396e8eb2a1d1b3b4565c05b5dc010be25114b2dfc629e705aac1ab9e7366f8ed4a55cc341671a40ba27075cd7f130df4ef539b467207cd7a98dbdf0e939bcc67782d3b8df11607c59e0051c81a14642ebb2c8f84d88daf91333d92b8f8f426dd29ca6866623736c4e4e07c0e91e05c654d2368d27c8cca1722af9e2e56f6fb1e181f05edb2dce6335f2804d3ee0fb94ac7a2bddc3d24a5ead4971ee175b2afd656c4e139d2cf115b68cc02174f4d14109a2dc0f922656384af241d4c4a5ba8fa534180df7736819b20e2dfed21f147b57c0d46bf0a1d82c2bc3d7bfe95bc67348c2975998241c7f356d3147d366fd55785f4b787b70c55bd639b48451cf38211caa6e22ca710c97988cdd8b2f3fcffa6bf1ce83dce668a819aecbde118fae418ca36def6cd97c81fe30307848d80d36eb16e14778a123a56e14aefea35f8e16fb3ae8b46d5b9f211a83cac0429ea982516f2bb98805bfdee09c0ad6a5f65816f825e6c47836513f455692211396c7f95014f4c9682865a669920d67d298e5866664b87b5a16f1aee56aab76ccbc933df55aae0e0ea4e38177c5c2d4b05ae900c2e8400b3a56633f957816ec1ad71a18ee133514ec4ff10674f1f7a0d8cb564434d73dfbedddfd8a68e79a04f3f243dace0eff74846c8f52a865419cc98ddd2dd8c16240875ca8d3598dc1cb237c600b241cf3d94600e9eea848416e27f51bdf414ea43675ce7558053409df45390fa00d8534ab9be5c343a9eac6285504076a0138e0edaa430f4431828d6160edfb8f51b3a172cad95883804d07f03fe6151bf6e31726fe954e8e74498fab163e53b80da5232226b1d9b616cb5eba153fb04d293a4a55d6a3310534a0f758a6c6b48d284343d32706a6abeb600089677315ac9eace8462082691fcd60eee5690368247b90291fabc6ee9b2ca35b94b079730ac0d9037d1f6f214d717ce25475f69dd4c39bd09d94054f86636ea3a67b6d34ecb584999b486fac3f547cc2e0beee91bb166b6465c4aa8f7fb552ca7f7453b4255cbe6dcaa252dfb54538a2807db51279a7f4af2612c1ab561cdb6bd9265e69d577622091063726a06b6869c663093625822d5e466ccbf6b05a4718de84ffc8a4e425932c2ef40f7551d7d99837797f5f2ae594d19f726f2b08194276bd27613451e90d49a6e7489df0b194db573d3b8d7b325b8297c3f114b828dde16a4e5f70526bc7fd9333597242f4467de9e52a1c4ef7ce273c3f5b5aa4007f08e8450841209622b0bca398a4dc2bd8596164ba00b37fe460e75427d7347c6f9234f72a536f6454967b3ae7f92ef773ae2369fbd469fc829b82df4e01d97c43984ace0d95faba6048c3e54494dcf59fb73d43568501aa4e01c3ae0605c151e4a5799464f82fdee6be7cb65974da50d9973c0791a9800abc6c7f95d4477b080d62db66c5d561e80fd97c85f130de33b776a0307747f8ac871cd0f74d9ba263094281c94d6afcb0293c245a566fa7e45c0cc0c8da86a3d39a1798ae46a7ea9374931604a758209d262c2e3845c8a8c9d475f32d32955145b2534a90c5f0d6322fbcd0730c8cdc2f78d1410d2bf658b208132a79fe6cf5871763e36687035d091cab71e15f2b553fd5686a3b839ced3161dff6e3c459f4c218fd9a053718e1d41c184f7670a0f3caa6e30625d29c10b42775c088af280882867b4844f10ec47da188ddd3b7250eb452594ec3e472a2d0d4ea5f0f4b35d94e8d975f7a812ff4dd7ef72a52eff521f9e07e942ccdd376b0375db8e1c8d09848fe82856b51761825f58a00af1252729387dbdb90d355b46d6c7369794b99714275a3decc0c64af71da22d3e51d2cdc8247cf7c8d26a2186543c821137463d66115ede6a3ca0bb27263c05084fe373511ae3c6a68538bd09d23f258388e4f4ccfb348edd99e62a404a2fac45d02aa0781d6c89a613131694ff892b606988eaa2a65d5ad47cd764d61808d12e31ee28298b33667f2dbd8db36a15414f1407a00fa0164dad9668ba62fb82f0768182643020bbfd4e2a327da76bf63458b03fbe35f5d4eb6f74a9ac4fea591c41008f193d08019bea1c734031afb8b7e07fff61cccdb8e98aa1e987321d9bd3f57406bdc0bff4a3ae81f6d4bdd36d05be463a375165ad7c2bbf3f24fd6427c44d3452844ecdf69bd7d54806d8bd418f40c738c5f052f0aab2992bcc1f7f5b741771f3643d19b49891350e96a3f2917663a7a2ec71a941b7d8292f7f40d1acd6c961b9432bd2f92a43018946c8c099fd7e23e7e41f18e2dc24ebfde93edf00f691e0de0275c992fceef1a6c966b8b533b4ba50b568e9eb7bfd80cd39472828a5bf371954ed3668a3ff3a7755a996e5145fd69c2b62cb05bd4aeaac67c5fd9c768bc49610737163fad10a20f557aa5ab5c39fd796c055556409ad3796a0a338fe65207d01b5c209e5bd2fd934ccd01c00bb28d0e88ab44738035a5144d1fb67d7ccd234525f23545ca1c36fbc9e501d0a0f3b1453de4f9995f7201013167f57656dc85577e1c09510da55814b6675c0304f40b5dbacb6827bebe8c18fe1f14a1ecab218240a16e6dde8fac458da6e244b69cbcf884d168eab41a4355b6e926536a562f9c18b78928384b5609a83b6ac3bf2576b3ed214fa4fdf5b620ca52160a3eea44b101c9dd69bea594643bf0615978a4a78f32acf077ebdb53b9ee708e5f484868719d9e5e1b44e68a1538e83aa3adc05757f664b14d3dfa0f69e7be59ced64424aed464691ac4383a8b53904221ffe6fb9630ca8ff4194b83461408756a085ed404fb42cdefc771dc3cb9629ce9967ee0b20a8131cde619493b04dd5a24b31a951f974bd1ac665c1e805afe73cb7ecd47343f3757001f20a7dd2b82041948c929f44749a4ce7bf299eb87f0cb3af15ac878a6cb5ab05848302d036bf910230df5af2e4ae516d975e28f23f9aa82b9eca13e5f1c2ff707ed281f77676411abf70888f4841b93d2d3879f32edc98247ddf994b2738f5be43c4d95effaa7afa6f45dbb90cc9b0d22528623acae7b0a16b27693b630d488835152666c31b7a2c097eafb50cde6898b4cb4bdf90797f489b2773f9c21b9cbadd7ee7e2253a59749c9649a0515f7558d469e7be5e15e21b114b266a062923b697406de69439fab400dd722e2c9ea5ee323b819a19f5ba0a5bd5a3a839a0a7dc7c44570af4bece8ed08142f85610b61c18d9ea3c4733e90122cdd5b3c4797b64b01129ad024b5dc77b83e5e7b45770420b13ffd57c13d6043363295f99c9fe5694f7c03e5bb80b19d092ad3d4c769a69345eb8cfa153c04c2a00c7e4a62be655c7e9a3f9eea77175fdd21c7208461fa133ee8e204794805155d4c467dfe1d6b15d3e4c8f72864105ecd2577b0cbd48cf14c51040d3bfdaca3a252088708f449bbae6b7432c15057a53834b74524aea3082f96e00d4e866e4f7d806fccb9a8aaa3de927b972f6af25ab95e9fe72549f206f3e196b98d1754ccb07d51cb44caf55b337768ce0bfb9d1c05c5c4307dcc40d10dd842decaad185ff78d09cfd331d62a36dd969a3ffe93f91e3ef7d8e1b54f6441e98e58e9ff8ab944500a8446be496bc0e776622e3214d446cbb1cf95625bee858c762b2246b5c3734e6f18fb49805fa40753f5cd3b35bf273b3dd8b78c5767458c356672a517307dbb355506954fcfdc80f05a4449ef1f67cf93ca2c1f24c16afee53e02a5e5e49711610e8794712abb1c1474189280ce3f51838012cc895dafbf6cb9c263557b2745cc331b7c2cd531696460065c10ba994180537c2fcdcfae2d9f7ddd440a44467693d3751bb690304f1e5761602265580684e3d85d8b7e2b6dd56950a1a2d0545e010366713e2e5499d181613cce592a6c1e2e5641fd47d15714073906024f82997bf514f64f9233644484867d7da03ae2ddd7a65ccd22eee4c69e22348846704dcb1982ad532742c00bd20e8139541dde65208bac3b800a3cdd67b04ff32996ad6c1451d0cbdff553f5b9cacd86c39a963139034a3ca407cda8f3517de0f31951cec7e335541bbcb63b71535b922f449d4096607866dd6e80556398e46c0bfcc2fbeb51e26a35e405df09f3ef2dae22e59ca6759bb5326aa863e5a178d5c6f0c55b201ff835d8c9b3a5283a73f05ea5fb1a939cc20f72c0be5389ac0b2ec0b7079be311d17c4c69ddcc79f4f493e7661da718356f3ef5892243979f66858fa19e74730143635f52e454fdcd71007ff5cc0eccd7f3727a8f58a71d7f1dd060ab22f31712a00d9ba35599e56790bb4a8439ee9093c80e6f391371930af4cceb309aaf978050f0abc55a8be609248f31950024e06374b45708d98998f9634de9c17f99b9fb71077ef7730ad9634d6bf8ef5aedd9d0a2a1d9a83832b056e31d7e40a466047ae97463819e67e8e1f5770f22012aa08d32a996054b1f1560ee04d68f5f218744a9e437b4e4e273a5adc8a2d7ae82914dbdc0efc25a20f150a9a290fc820e97fff5eb6949beae3110e7380d022eae02bc676f7b650f1a17dd51a46e19db501138ec91ec03b118a7d38b2a86805ad1c80236a2e74b4f0bdf2feae93b08d71c3ebcb699ea019d966c2a1034c4e1351e873f9a91131ecf9e175122ec27b5c20f2a48f4c8a3d3e3c8ad699fc879b22b866f36e06fabc942d3772961d501c1181d53bc4a583ebe476ad2f33d6a14f1b58e87e50bcf2c099ac3ec97abf4e38fa6039b51919308e0ea5aead5c7cc6855df9df00be8b8e8d61b7a43ef759cee926b5ff2d02034d53decbcb93dc49358612e7c1c61480c5358482c8a1d6a3be74ced2aad5dd059fc66112d1d96aa3222b4f47fbd338039ee64924ca2c398d75f5033b2d462198db643c813fbcee76d4d372dcb01e22ca9e326e2a20fbf01da515ec0f6914800831c2190707d736f70e90b6a61c0999fb9f06c5924a18c3f9727498c3623ba6c7c96ed1a58ffce4d890c20958d91da61f8f492757347e4ffe7358a3c553e8f65736ac6b3f7d89b41818222c065abec58779952377d64b888508f815e1e9830b33cc98995ccc87bcd494b2f683042b2eb4fe15101df0a4988cd0ba366389fcb486b22006e88815d981bfabf9e72db8ec40c226187f7d9f8a638779b48e6b09009846c4e6ff0d1d49ab0112870fbf3bade9f7df8bf7fc7adfabfc3e300b5fc6d61e3c1bde43e35beacabd0e771dd8e12122762c5efaa2670e483f3925eae7b2e3aff21517f7bbff02f91b6ba3e1d938713e335fe76787adeec65bde19d2245fb56902b818edb93f526010c62897173c3e196985730a5e15b784600483ce1b67a7dd77ed55eccda5f44e27ec5dc2d83e17b4c4ee11e0bb9a960ee759e2f2d7d97b5db32a330a6942f1cfce964384f0195eee0d879e0dbc52a3fbf9b5d72e19e888e347b5a6adf40efe31ee0ea532610dee39a7818957", 0x1000}}, 0x1006) io_setup(0x7, &(0x7f0000001100)=0x0) io_getevents(r1, 0x100000000, 0x2, &(0x7f0000001140)=[{}, {}], &(0x7f0000001180)={0x0, 0x989680}) (async) io_getevents(r1, 0x100000000, 0x2, &(0x7f0000001140)=[{}, {}], &(0x7f0000001180)={0x0, 0x989680}) io_destroy(r1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) pipe2(&(0x7f00000011c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84880) io_getevents(r1, 0x8, 0x7, &(0x7f0000001200)=[{}, {}, {}, {}, {}, {}, {}], 0x0) socket$rxrpc(0x21, 0x2, 0xa) (async) socket$rxrpc(0x21, 0x2, 0xa) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000001440)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x18, 0x1e, &(0x7f0000001300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@map_idx={0x18, 0x4, 0x5, 0x0, 0x6}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @ldst={0x3, 0x1, 0x3, 0xa, 0x6, 0x16a, 0x4}, @alu={0x4, 0x1, 0x5, 0x1, 0x0, 0x8eebce22cd7bc7c1, 0xfffffffffffffff0}, @generic={0x80, 0x9, 0xa, 0x800, 0xfffffffc}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001400)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000001480)={0x5, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f00000014c0)=[r2], &(0x7f0000001500)=[{0x0, 0x3, 0x4, 0x8}, {0x2, 0x3}, {0x3, 0x4, 0x4, 0x1}, {0x4, 0x5, 0x10, 0x4}, {0x0, 0x3, 0xc, 0xb}, {0x2, 0x2, 0x9, 0x6}, {0x2, 0x4, 0x10, 0xc}, {0x5, 0x1, 0xd, 0x2}], 0x10, 0x1, @void, @value}, 0x94) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001580)={0x18, 0x1e, &(0x7f0000001300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@map_idx={0x18, 0x4, 0x5, 0x0, 0x6}, @func={0x85, 0x0, 0x1, 0x0, 0x5}, @ldst={0x3, 0x1, 0x3, 0xa, 0x6, 0x16a, 0x4}, @alu={0x4, 0x1, 0x5, 0x1, 0x0, 0x8eebce22cd7bc7c1, 0xfffffffffffffff0}, @generic={0x80, 0x9, 0xa, 0x800, 0xfffffffc}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001400)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000001480)={0x5, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f00000014c0)=[r2], &(0x7f0000001500)=[{0x0, 0x3, 0x4, 0x8}, {0x2, 0x3}, {0x3, 0x4, 0x4, 0x1}, {0x4, 0x5, 0x10, 0x4}, {0x0, 0x3, 0xc, 0xb}, {0x2, 0x2, 0x9, 0x6}, {0x2, 0x4, 0x10, 0xc}, {0x5, 0x1, 0xd, 0x2}], 0x10, 0x1, @void, @value}, 0x94) faccessat2(r3, &(0x7f0000001640)='./file0\x00', 0x1, 0x0) io_setup(0x7f, &(0x7f0000001680)) (async) io_setup(0x7f, &(0x7f0000001680)=0x0) clock_gettime(0x0, &(0x7f0000001800)={0x0, 0x0}) io_pgetevents(r5, 0x800, 0xa, &(0x7f00000016c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000001840)={r6, r7+60000000}, &(0x7f00000018c0)={&(0x7f0000001880)={[0x6]}, 0x8}) (async) io_pgetevents(r5, 0x800, 0xa, &(0x7f00000016c0)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000001840)={r6, r7+60000000}, &(0x7f00000018c0)={&(0x7f0000001880)={[0x6]}, 0x8}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000001940), 0xffffffffffffffff) (async) r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000001940), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001980)={'wpan0\x00'}) (async) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001980)={'wpan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000019c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r8, &(0x7f0000001a80)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001a40)={&(0x7f0000001a00)={0x38, r9, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x20004800}, 0x20044800) (async) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r8, &(0x7f0000001a80)={&(0x7f0000001900)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001a40)={&(0x7f0000001a00)={0x38, r9, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x20004800}, 0x20044800) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000001ac0)={'wpan1\x00'}) ioctl$VIDIOC_G_CROP(r4, 0xc014563b, &(0x7f0000001b00)={0x5, {0x5, 0x26, 0xffff7b83, 0x108}}) ioctl$FBIOBLANK(r3, 0x4611, 0x4) (async) ioctl$FBIOBLANK(r3, 0x4611, 0x4) r12 = add_key$fscrypt_provisioning(&(0x7f0000001b40), &(0x7f0000001b80)={'syz', 0x2}, &(0x7f0000001bc0)={0x3, 0x0, @auto=[0x3b, 0x24, 0x15, 0x34, 0x20, 0x3a, 0x2, 0x2c]}, 0x10, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r12, &(0x7f0000001c00)='keyring\x00', 0x0) io_getevents(r5, 0x3, 0x4, &(0x7f0000001c40)=[{}, {}, {}, {}], &(0x7f0000001cc0)={0x0, 0x3938700}) r13 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000001d00), 0x20000, 0x0) close_range(r13, 0xffffffffffffffff, 0x0) 10.294469062s ago: executing program 0 (id=3332): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001a80)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=r3, @ANYBLOB="00000000000000002c001280110001006272696467655f736c617665000000001400058005002b"], 0x4c}, 0x1, 0x0, 0x0, 0x4000081}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r7, 0xab00, r8) mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c51000/0x2000)=nil) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/slabinfo\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r9, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) r10 = dup3(r7, r0, 0x80000) ioctl$NBD_DO_IT(r10, 0xab03) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r6, 0x1, 0x70bd2b, 0x8, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x20000004) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000140)={0x5, 0xffffffffffffffff, 0x1c, {0x9, 0x1}, 0x6}, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x86, 0xc95a, 0x3, 0x3, 0x80, 0x2, 0x1, 0x7f, 0x5, 0x4d, 0xfffffff2, 0x2, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x3, 0x24, 0xffffffff, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x3, 0x5, 0x3c, 0x8f, 0x5, 0x6, 0x3, 0x5, 0x8, 0x3, 0x0, 0x80, 0x0, 0x5, 0xfffffff7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf6, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x9, 0x2f, 0xe, 0x101, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x8000, 0x800009, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0xffff, 0x9, 0x5f31, 0x0, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x2, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x3, 0x4, 0x1, 0x7, 0x4, 0xb, 0x48c9368d, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x6, 0x7fff, 0x0, 0x6, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1f0, 0x5, 0x8, 0x86, 0x8, 0x10000009, 0x3e7, 0x2, 0x2, 0x202, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x25, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x7, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0xb, 0x2, 0x400000, 0xfffffff9, 0x1, 0x1, 0x5, 0x1, 0x5, 0x0, 0x120000, 0x3, 0x6, 0x9, 0x5, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x2, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x7, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x805, 0x8, 0xc8, 0x4a2, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x80000009, 0x1, 0x6c1b, 0x0, 0x3, 0x8, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) 9.88423336s ago: executing program 1 (id=3333): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001a80)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=r3, @ANYBLOB="00000000000000002c001280110001006272696467655f736c617665000000001400058005002b"], 0x4c}, 0x1, 0x0, 0x0, 0x4000081}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r7, 0xab00, r8) mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c51000/0x2000)=nil) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/slabinfo\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r9, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r10 = dup3(r7, r0, 0x80000) ioctl$NBD_DO_IT(r10, 0xab03) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r6, 0x1, 0x70bd2b, 0x8, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x20000004) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000140)={0x5, 0xffffffffffffffff, 0x1c, {0x9, 0x1}, 0x6}, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x86, 0xc95a, 0x3, 0x3, 0x80, 0x2, 0x1, 0x7f, 0x5, 0x4d, 0xfffffff2, 0x2, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x3, 0x24, 0xffffffff, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x3, 0x5, 0x3c, 0x8f, 0x5, 0x6, 0x3, 0x5, 0x8, 0x3, 0x0, 0x80, 0x0, 0x5, 0xfffffff7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf6, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x9, 0x2f, 0xe, 0x101, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x8000, 0x800009, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0xffff, 0x9, 0x5f31, 0x0, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x2, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x3, 0x4, 0x1, 0x7, 0x4, 0xb, 0x48c9368d, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x6, 0x7fff, 0x0, 0x6, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1f0, 0x5, 0x8, 0x86, 0x8, 0x10000009, 0x3e7, 0x2, 0x2, 0x202, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x25, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x7, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0xb, 0x2, 0x400000, 0xfffffff9, 0x1, 0x1, 0x5, 0x1, 0x5, 0x0, 0x120000, 0x3, 0x6, 0x9, 0x5, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x2, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x7, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x805, 0x8, 0xc8, 0x4a2, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x80000009, 0x1, 0x6c1b, 0x0, 0x3, 0x8, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) 9.722157688s ago: executing program 5 (id=3334): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791090000000000063000000000000009500010000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8000}, 0x8) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmsg$inet(r4, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f00000011c0)='z', 0x1}], 0x1}, 0x18840) sendto$inet6(r4, &(0x7f0000001080)='_', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10000}, 0x1c) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r5, 0x40186f40, 0x20000502) read$msr(r5, &(0x7f00000000c0)=""/42, 0x2a) shutdown(r4, 0x1) socket$inet_udp(0x2, 0x2, 0x0) 8.774516546s ago: executing program 0 (id=3337): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000000)={0x2, 0x3, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000140)=0xffffffff, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x26, &(0x7f0000000040)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @remote}, 0xc) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) read$msr(0xffffffffffffffff, 0x0, 0x0) socket$xdp(0x2c, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000300)={0x2, @pix={0x2e7, 0xff, 0x30314247, 0x0, 0x5, 0x0, 0xa, 0x4, 0x0, 0x0, 0x2, 0x4}}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x7fffffff}]}}]}, 0x40}}, 0x8004) r5 = socket$can_bcm(0x1d, 0x2, 0x2) readv(r5, &(0x7f0000000200), 0x0) sendmsg$can_bcm(r5, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_usb_connect(0x0, 0x36, 0x0, 0x0) 8.730308739s ago: executing program 1 (id=3338): socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x40000006) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) userfaultfd(0x801) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa07, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82) r4 = fanotify_init(0x4, 0x101801) fanotify_mark(r4, 0x105, 0x40001032, r3, 0x0) open(&(0x7f0000000180)='./file2\x00', 0x1cd842, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0200bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) writev(r5, &(0x7f0000000300)=[{&(0x7f0000000040)="01000000", 0x4}], 0x1) 8.518078167s ago: executing program 4 (id=3339): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000280)=[{&(0x7f00000003c0)="580000001400192340834b80140d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe889000000fff5dd0000000800010009280800418e00000004fcff", 0x58}], 0x1) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-des3_ede-asm\x00'}, 0x58) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000800000000000000000000000000000002"]) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x44) r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x6) r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000000380)='./file0\x00', 0xa6000159) read(r3, 0x0, 0x20) close_range(r2, 0xffffffffffffffff, 0x0) r4 = openat$ipvs(0xffffff9c, &(0x7f0000000780)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) write$tcp_mem(r4, &(0x7f0000001440)={0x0, 0x20, 0xf65, 0x20, 0x184e}, 0x6b) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) setsockopt$sock_timeval(r1, 0x1, 0x2, 0x0, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r5, 0x3b88, &(0x7f0000000300)={0xc, r6}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000340)={0x28, 0x4, r6, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2}) ioctl$IOMMU_VFIO_SET_IOMMU(r5, 0x3b66, 0x1) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r5, 0x3b72, &(0x7f0000000440)=ANY=[@ANYBLOB="1800007f00000000002000000000000000010021"]) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {r1}}, './file0\x00'}) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000140)={'veth0_to_team\x00', 0x2000}) getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98) 6.701041906s ago: executing program 5 (id=3342): getpid() mount$bind(0x0, 0x0, 0x0, 0x81105a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) r4 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x44004) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) bind$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='\x00', 0x1}], 0x1}}], 0x1, 0x0) 6.241384573s ago: executing program 4 (id=3344): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(&(0x7f0000000580)='./file0\x00', 0xe0) mount$tmpfs(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2a00a9, &(0x7f0000000180)=ANY=[@ANYBLOB='inode32,nr_inodes=g']) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r1, &(0x7f000000ac40)={0x2020}, 0x2020) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x8}]}}}]}]}], {0x14}}, 0xc8}}, 0x0) 5.770551605s ago: executing program 4 (id=3347): ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40047459, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@ipv6_newaddr={0x64, 0x14, 0x100, 0x70bd2a, 0x25dfdbfd, {0xa, 0x38, 0x41, 0xff, r0}, [@IFA_CACHEINFO={0x14, 0x6, {0x3, 0x5, 0xff, 0x9}}, @IFA_FLAGS={0x8, 0x8, 0x184}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}, @IFA_LOCAL={0x14, 0x2, @empty}, @IFA_CACHEINFO={0x14, 0x6, {0x3, 0x10, 0xc, 0x40008000}}]}, 0x64}, 0x1, 0x0, 0x0, 0x400c004}, 0x4028004) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value=0x180}, 0x50) 5.627593779s ago: executing program 5 (id=3348): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001a80)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=r3, @ANYBLOB="00000000000000002c001280110001006272696467655f736c617665000000001400058005002b"], 0x4c}, 0x1, 0x0, 0x0, 0x4000081}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) r7 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r7, 0xab00, r8) mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c51000/0x2000)=nil) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/slabinfo\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x11, r9, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, 0x0) r10 = dup3(r7, r0, 0x80000) ioctl$NBD_DO_IT(r10, 0xab03) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r6, 0x1, 0x70bd2b, 0x8, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}}, 0x20000004) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000140)={0x5, 0xffffffffffffffff, 0x1c, {0x9, 0x1}, 0x6}, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x86, 0xc95a, 0x3, 0x3, 0x80, 0x2, 0x1, 0x7f, 0x5, 0x4d, 0xfffffff2, 0x2, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x3, 0x24, 0xffffffff, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x3, 0x5, 0x3c, 0x8f, 0x5, 0x6, 0x3, 0x5, 0x8, 0x3, 0x0, 0x80, 0x0, 0x5, 0xfffffff7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf6, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x9, 0x2f, 0xe, 0x101, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x8000, 0x800009, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0xffff, 0x9, 0x5f31, 0x0, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x2, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x3, 0x4, 0x1, 0x7, 0x4, 0xb, 0x48c9368d, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x6, 0x7fff, 0x0, 0x6, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1f0, 0x5, 0x8, 0x86, 0x8, 0x10000009, 0x3e7, 0x2, 0x2, 0x202, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x25, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x7, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0xb, 0x2, 0x400000, 0xfffffff9, 0x1, 0x1, 0x5, 0x1, 0x5, 0x0, 0x120000, 0x3, 0x6, 0x9, 0x5, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x2, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x7, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x805, 0x8, 0xc8, 0x4a2, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x80000009, 0x1, 0x6c1b, 0x0, 0x3, 0x8, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) 5.485701173s ago: executing program 0 (id=3349): ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x980920, 0x0, '\x00', @value=0x80000000}}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x1c, 0x0, 0x0, 0x0}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000000c0)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) memfd_create(&(0x7f0000000300)='\x00\xc2\xea\x99\xbb\x1c\xdfjw\x97\x05\xa3\xa2\'\xdd\xe4q\xbf\t\x8c\xe0\x19`\x8e\x00\x00\x00\x00\x00\x00\x00\x00\x00\b \xff\x13\x96\xe3?\xdfH\x8c\xe4V\xe2\xfe\v8\x04\xa5\xf6y_w\xd8\xcf\x90k\x05\x00\xf9\x1e\xe8m\x0e\x12\xa015\xc2\xb3u|K\x111\xd4\f8\xeb\x18\xad\xbb!1\x85\x96P\x1b\xa1\x9a\x81\xf8\xb1\xecB)\xe5\xaa7\xfe\xdd,_\x95\x00\x00\x00j^\xaec}\x1a\xb4\x17\xafP\x85I\xd5\xa0I\xb0\xaf\xb5\x8b\\\x05\xd7g\xcbV\x8e\xd0\xac\x87I7\xbd\xc6\x9bI\x92\xb2\x87.\xb3\x1fs\xe7-\xdd+\r\xb4\x117\xa7ei~\xb8\x16\xd1P\xf2\x84\x89K\x16\xd0F|\xa3\x89\xc9~9\x00'/204, 0x6) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') r4 = syz_open_procfs(0x0, &(0x7f0000000580)='net/snmp\x00') ioctl$NS_GET_OWNER_UID(r4, 0x5421, &(0x7f0000000040)=0x0) setuid(r5) r6 = memfd_create(&(0x7f0000000740)='D\xa3\xd5Wj\x00\x00x0\xc1\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddhg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\bI\xd7\'\xe0\xc0\n|\xd3\x1fC\xd5I1\xe0\xc2(UB9\xf7\x86', 0x0) write(r6, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r6, 0x0) r7 = dup3(r3, r6, 0x0) fchdir(r7) r8 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_MSRS(r8, 0xc008aec1, &(0x7f00000001c0)=ANY=[@ANYRES64=r8, @ANYRESHEX=0x0]) 5.210333651s ago: executing program 1 (id=3350): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv4_newaddr={0x28, 0x14, 0x509, 0xfffffffe, 0x25dfdbfc, {0x2, 0x0, 0x2b, 0xcb, r1}, [@IFA_FLAGS={0x8, 0x8, 0x5bd}, @IFA_LOCAL={0x8, 0x2, @multicast1}]}, 0x28}, 0x1, 0x300000000000000, 0x0, 0x8000}, 0x0) 4.917180262s ago: executing program 1 (id=3351): getpid() mount$bind(0x0, 0x0, 0x0, 0x81105a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r4, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) r5 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(r4, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x584}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, 0x0, 0x0) bind$inet6(r6, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='\x00', 0x1}], 0x1}}], 0x1, 0x0) 4.807200052s ago: executing program 7 (id=3352): r0 = syz_open_dev$loop(&(0x7f0000000200), 0x1, 0x20000) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x2, 0x0, "fee8a2ab78fc179fd1f8a0e91ddaaccabd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) dup(0xffffffffffffffff) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000400)={0x0, 0x9d, "11517127fcac76ed3a876679227a45d856e167110cbbb54b71bb2ce2fd4aafc63162b04f24ef66da0e46e79279222fcbfd81d599e0a359cf4d74e0e22a6035c5fe1d063e6cf3664442d9ad2a8ad143a2ab8bc32a9b612c10c4cfe9a4be360c4e71111ac73836fd1858dd1c15fe00132d99f19030baec9e03998ab9bb274219beba0f37be825a082e8ae435dcc12e445b73a0006062f33bc80f7c038cfe"}, &(0x7f0000000280)=0xa5) 4.645336546s ago: executing program 7 (id=3353): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = syz_io_uring_setup(0x19d1, &(0x7f00000003c0)={0x0, 0x37c5, 0x10100, 0x8000000, 0x8000000}, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0xa3d, 0x0, 0x0, 0x0, 0xff39) write$dsp(r2, &(0x7f00000001c0)='\\', 0x1) ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) r6 = fsopen(&(0x7f0000000040)='btrfs\x00', 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r7, 0x6, 0x21, &(0x7f0000000180)="e4d79b3b828024b59aa49c257addff4e", 0x10) getsockopt$inet6_tcp_buf(r7, 0x6, 0x21, 0x0, &(0x7f0000000140)) fsconfig$FSCONFIG_SET_PATH_EMPTY(r6, 0x4, &(0x7f00000000c0)='acl\x00', &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x1, 0x0, r0, &(0x7f0000000200)={0x90002018}, r0}) r8 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0) writev(r8, &(0x7f00000028c0)=[{&(0x7f0000002600)='u', 0x4000}, {0x0, 0x2}], 0x2) r9 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write$UHID_CREATE2(r10, &(0x7f0000000240)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r10, 0x0) ioctl$RNDADDENTROPY(r9, 0x40085203, &(0x7f0000000000)=ANY=[]) fanotify_mark(r0, 0x400, 0x24, r1, &(0x7f0000000100)='./file1\x00') socket$alg(0x26, 0x5, 0x0) unlinkat(r0, &(0x7f0000000040)='./file0\x00', 0x200) close(r1) 4.48334694s ago: executing program 5 (id=3354): r0 = syz_usb_connect(0x6, 0x24, &(0x7f0000000180)=ANY=[], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0) syz_open_pts(0xffffffffffffffff, 0x22000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffd, 0xd, 0x0, 0x40000000000, 0x0, 0x3, 0x248a, 0x0, 0x3, 0x8, 0x7, 0x3, 0xf, 0x0, 0x0, 0x200000000, 0x6, 0x4, 0x0, 0x0, 0xffffffffffffffff}) io_uring_enter(0xffffffffffffffff, 0x567, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000000f80)=ANY=[@ANYBLOB="85000000a4000000350000000000000085000000230000009500000000000000f4670880271e3503000ffa95a2c8c037c5fcadf78683149e17e24e96a142dfa8ba6287066c5197fabd5f7010e81ae0b737126ea6f7dc39cd34d5aeed8d38665c01002ff5dde54704d25c79949c23e2eb15d755a2350ea7c09c6db5640c11664baf8adb2142a9c28de194f44800000000b0d3712c7e93363af3c075ff1e23160104d95433bb755af3d57609d700ab56e77201bc692c5a2ad40709d031f40f3012e9576e51a7f550afc852003b2ff346c744ae6af3c037102124e25cec074c6949e1d76d067a97000247fe5f17fdab800f4104dbaba46aac3abe6c4d7f47ef6d02ba536cdacecf7eb6baaa4a9779f8555eaea76899f2c221c110ef050000000ee282ab76f593d928cf95846be6277cd8a4f8dc8dcba00b1b2d2547c45b0c52087b5efabf8496b9a9812ed03cee579251667dd58ea032eda2296efb19a34268335648e1f844ce328c10752a42dca52fb98c1452b651ebf942f7297f7b2744419a2f238f173d0cd46dafc6e9d929e03e5309ec91d83cf4fbd775e629b3000000000000000000000000000000000000000000000000004e410700ff9cfa139a35a8a669689144ff0173b15aa0f3794dbe2b0e6523155f5c4631f4cd2947de92f74fe3889ea5786118a4a8010e1de54a7d37885343e2545cffe14c8206da26a9ebf6cda6f5c081a320020bb82f56c0ab09797161997af2ad43ab7347a8c2ba7726a60459f43f8482482cc85096f11f14eecff54dca4a32ee9cfa02b397"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc38, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x15) 3.430139787s ago: executing program 7 (id=3355): getpid() mount$bind(0x0, 0x0, 0x0, 0x81105a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r4, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) r5 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) bind$inet6(r6, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='\x00', 0x1}], 0x1}}], 0x1, 0x0) 3.38478349s ago: executing program 1 (id=3356): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000005640)=0x2, 0x4) getsockopt$packet_buf(r0, 0x107, 0x6, 0x0, &(0x7f0000000100)) r1 = openat$incfs(0xffffffffffffffff, &(0x7f00000000c0)='.log\x00', 0x1, 0x2) r2 = openat$cgroup_ro(r1, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$PIO_CMAP(r3, 0x4b71, &(0x7f0000000300)={0x3, 0x9, 0x8, 0xd, 0x40, 0x4}) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e24, 0x20000800, @rand_addr=' \x01\x00', 0x2}}, 0x18f7, 0x9}, &(0x7f00000003c0)=0x90) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x3, 0xfffffffffffffca3, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) prlimit64(0x0, 0x2, &(0x7f0000000140)={0x3, 0x4000000080}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000200)=@userptr={0x0, 0x4, 0x4, 0x10000, 0x0, {}, {0x4, 0x2, 0x9, 0xf7, 0xe, 0xa, "0f23077d"}, 0xa, 0x2, {&(0x7f00000002c0)}, 0x200}) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56", 0x2) ioprio_set$pid(0x0, 0x0, 0x2007) mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[]) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_ringparam={0x33, 0x5, 0x20000a2e, 0x0, 0x0, 0x3, 0x2000000, 0x0, 0x3000000}}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000140)={0x3, 0x8000000, 0x3}) r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='0.0:\x00', 0x0) syz_create_resource$binfmt(&(0x7f0000000180)='./file0\x00') socket$nl_route(0x10, 0x3, 0x0) 1.427910478s ago: executing program 5 (id=3357): r0 = socket$inet6(0xa, 0x5, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r1) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0) write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0) write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="020008030300005ac125b6b882da08e64b83f425010016004e200000140beb4ebddbc93cf9817e82b7d10e58abe42f4220a66e8a58e1b0db222fe547f28b628580d8ba5e69f66b92266728de65b584fcfe097673edee0a35e5ada91d79017ef091a30253089f7c7a52724eb83761b14a5efe3e86bdea8a9a65cee8f9f502de9e7a78dffa7abf50bb691bd698977d103f16519df9af2ddf48a265eee5888a25432b419ea8b0a8ec1d3206af879690c11934b27fea748a357fa724c1a251251c864dc475dfcc61ccdb7257b75afd0cbd7c67cdc482c5c8aee5c9ed697a89c825613876cb5ff91679229fde46a11c02fe77219154ec4f11ad8a2521becc8b726b7c8a4b0f228b7ca4dea9f63f7d48451eaf57928660"], 0x18}}, 0x20008084) r4 = io_uring_setup(0x6281, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r6, 0x4020aeb2, &(0x7f0000000080)) r7 = syz_open_dev$sndmidi(&(0x7f0000000140), 0x2, 0x141381) r8 = dup(r7) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) pipe(&(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_FLUSH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x14, r9, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x24000011}, 0x24000051) getsockopt$IPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x43, 0x0, &(0x7f0000000100)) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000001100)=[@in={0x2, 0x0, @broadcast}], 0x10) 1.40748715s ago: executing program 7 (id=3358): r0 = socket(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r6, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r7 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) r8 = openat$random(0xffffffffffffff9c, 0x0, 0x8000, 0x0) ioctl$RNDGETENTCNT(r8, 0x80045200, &(0x7f0000000140)) sendmsg$tipc(r7, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4100, 0x4}}, 0x10, 0x0}, 0x10) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10) write(r0, 0x0, 0x0) 1.293278211s ago: executing program 1 (id=3359): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1000000001140101"], 0x10}}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x16}]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="8000000010000104000000000000000000", @ANYRES32], 0x80}}, 0x0) ioctl$BTRFS_IOC_SCRUB_CANCEL(r1, 0xc0182101, 0x20000000) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000180)=""/135, 0x87}], 0x1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x9}, 0x1c) setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r2, &(0x7f00000000c0)="04", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000080)='scalable\x00', 0x9) shutdown(r2, 0x1) syz_usb_connect(0x3, 0x96d, &(0x7f0000000980)=ANY=[@ANYRESOCT=r0], &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0}) 840.055786ms ago: executing program 0 (id=3360): r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9, 0x0, 0xffffffff, 0x400}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_OPENAT={0x12, 0x12, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0\x00', 0x44, 0x842, 0x23456}) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) readv(r4, &(0x7f0000000340)=[{&(0x7f0000000100)=""/64, 0x20}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x11, r3, 0xd2e8d000) io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0) r5 = gettid() signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x0) readv(r0, &(0x7f0000002940), 0x10000000000002f1) tkill(r5, 0x7) socket$alg(0x26, 0x5, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="0100000000000000003039b74d2bcf70000c000000"], 0x14}}, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f000049c000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, &(0x7f0000000640)=0x4) ioctl$KVM_RUN(r8, 0xae80, 0x0) 78.391728ms ago: executing program 7 (id=3361): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="38000000031401002abd7000000000000900020000007a31000000000800410072786500140033"], 0x38}}, 0x108) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), r1) sendmsg$FOU_CMD_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x38, r2, 0xef6087c4bd11be11, 0x70bd27, 0x25dfdbfb, {}, [@FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}, @FOU_ATTR_PEER_V6={0x14, 0x9, @mcast1}, @FOU_ATTR_AF={0x5, 0x2, 0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 16.089778ms ago: executing program 7 (id=3362): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0xffffdffe, 0x1}, 0xc) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000640)={{{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @in=@local, 0x100, 0x0, 0x2, 0x0, 0xa}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1}, {0x0, 0x40000000, 0x0, 0xfd}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@empty, 0x0, 0x32}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffffe, 0x4}}, 0xe8) sendmmsg$inet6(r1, &(0x7f0000000300)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @dev, 0x700}, 0x1c, 0x0}}], 0x1, 0x0) 0s ago: executing program 4 (id=3363): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4, 0xe4ffffff}}, 0x2e) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000000540)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}}) syz_io_uring_setup(0x1e1e, 0x0, 0x0, 0x0) mount(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)='ramfs\x00', 0x2000000, 0x0) chdir(0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) creat(0x0, 0x15d) r4 = open(&(0x7f00000000c0)='./bus\x00', 0x14103e, 0x0) r5 = open(&(0x7f0000000000)='./file0\x00', 0x143042, 0xfe) r6 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r6, &(0x7f0000001b00)={0x2020}, 0x2020) ftruncate(r5, 0x2008002) sendfile(r4, r5, 0x0, 0x80000001) kernel console output (not intermixed with test programs): 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1148.139153][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1148.173519][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1148.184572][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1148.199136][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1148.213220][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1148.221554][T15733] ldm_validate_partition_table(): Disk read failed. [ 1148.238228][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1148.248180][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1148.259716][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1148.269250][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1148.278894][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1148.288238][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1148.309504][T15733] Dev loop6: unable to read RDB block 0 [ 1148.321333][T15733] loop6: unable to read partition table [ 1148.327250][T15733] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1149.241798][T15749] IPVS: sync thread started: state = MASTER, mcast_ifn = vcan0, syncid = 2, id = 0 [ 1150.535595][T15763] i2c i2c-0: Invalid block write size 252 [ 1154.254249][T15789] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2835'. [ 1154.281483][T15789] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2835'. [ 1156.214948][T15797] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2839'. [ 1158.679631][T15824] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2848'. [ 1158.713408][T15824] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2848'. [ 1159.198991][T15827] ubi0: attaching mtd0 [ 1159.208809][T15827] ubi0: scanning is finished [ 1159.864494][T15827] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1159.877425][T15829] ubi0: attaching mtd0 [ 1159.882865][T15829] ubi0: scanning is finished [ 1160.080770][T15829] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1162.059290][T15845] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2852'. [ 1162.920838][ T5904] usb 5-1: new full-speed USB device number 55 using dummy_hcd [ 1163.136228][ T5904] usb 5-1: config 0 has an invalid interface number: 122 but max is 0 [ 1163.187910][ T5904] usb 5-1: config 0 has no interface number 0 [ 1163.194112][ T5904] usb 5-1: config 0 interface 122 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 1163.257084][ T5904] usb 5-1: config 0 interface 122 altsetting 0 endpoint 0x84 has invalid maxpacket 792, setting to 64 [ 1163.324100][ T5904] usb 5-1: New USB device found, idVendor=0ace, idProduct=b215, bcdDevice=6f.a6 [ 1163.355386][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1164.310421][ T5904] usb 5-1: Product: syz [ 1164.325874][ T5904] usb 5-1: Manufacturer: syz [ 1164.330543][ T5904] usb 5-1: SerialNumber: syz [ 1164.388504][ T5904] usb 5-1: config 0 descriptor?? [ 1164.399827][T15848] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1164.482028][T15848] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1164.757951][T14423] Bluetooth: hci5: unexpected event for opcode 0x0419 [ 1164.783075][T14423] Bluetooth: hci5: unexpected event for opcode 0xb6ea [ 1165.336546][T15848] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1165.346069][T15848] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1166.422798][T15881] ubi0: attaching mtd0 [ 1166.434815][T15881] ubi0: scanning is finished [ 1167.048409][ T5904] usb 5-1: USB disconnect, device number 55 [ 1167.193297][T15881] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1169.593026][T15895] 9pnet_fd: Insufficient options for proto=fd [ 1172.827741][T15667] usb 6-1: new full-speed USB device number 20 using dummy_hcd [ 1173.170903][T15933] ubi0: attaching mtd0 [ 1173.180831][T15933] ubi0: scanning is finished [ 1173.945796][T15933] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1174.417850][T15667] usb 6-1: config 0 has an invalid interface number: 120 but max is 0 [ 1174.443240][T15667] usb 6-1: config 0 has no interface number 0 [ 1174.454101][T15667] usb 6-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid maxpacket 30768, setting to 64 [ 1174.467856][T15927] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1174.511780][T15667] usb 6-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 1174.565976][T15667] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1174.607769][T15667] usb 6-1: config 0 descriptor?? [ 1174.628574][T15667] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.120/input/input92 [ 1175.012496][T15925] FAULT_INJECTION: forcing a failure. [ 1175.012496][T15925] name failslab, interval 1, probability 0, space 0, times 0 [ 1175.040252][T15927] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1175.921262][T15925] CPU: 0 UID: 0 PID: 15925 Comm: syz.5.2872 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 1175.921296][T15925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1175.921309][T15925] Call Trace: [ 1175.921317][T15925] [ 1175.921325][T15925] dump_stack_lvl+0x241/0x360 [ 1175.921371][T15925] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1175.921403][T15925] ? __pfx__printk+0x10/0x10 [ 1175.921435][T15925] ? kmem_cache_alloc_noprof+0x48/0x380 [ 1175.921464][T15925] ? __pfx___might_resched+0x10/0x10 [ 1175.921489][T15925] ? 0xffffffffa00038c0 [ 1175.921511][T15925] should_fail_ex+0x40a/0x550 [ 1175.921539][T15925] should_failslab+0xac/0x100 [ 1175.921567][T15925] ? alloc_empty_file+0x9e/0x1d0 [ 1175.921593][T15925] kmem_cache_alloc_noprof+0x70/0x380 [ 1175.921625][T15925] alloc_empty_file+0x9e/0x1d0 [ 1175.921655][T15925] path_openat+0x107/0x3590 [ 1175.921697][T15925] ? __pfx_stack_trace_save+0x10/0x10 [ 1175.921725][T15925] ? mark_lock+0x9a/0x360 [ 1175.921765][T15925] ? __pfx_path_openat+0x10/0x10 [ 1175.921816][T15925] do_filp_open+0x27f/0x4e0 [ 1175.921850][T15925] ? __pfx_do_filp_open+0x10/0x10 [ 1175.921881][T15925] ? do_raw_spin_lock+0x14f/0x370 [ 1175.921939][T15925] do_sys_openat2+0x13e/0x1d0 [ 1175.921968][T15925] ? __pfx_do_sys_openat2+0x10/0x10 [ 1175.921994][T15925] ? __fget_files+0x2a/0x410 [ 1175.922024][T15925] ? __fget_files+0x2a/0x410 [ 1175.922066][T15925] __x64_sys_openat+0x247/0x2a0 [ 1175.922097][T15925] ? __pfx___x64_sys_openat+0x10/0x10 [ 1175.922129][T15925] ? do_syscall_64+0x100/0x230 [ 1175.922160][T15925] ? do_syscall_64+0xb6/0x230 [ 1175.922188][T15925] do_syscall_64+0xf3/0x230 [ 1175.922215][T15925] ? clear_bhb_loop+0x35/0x90 [ 1175.922249][T15925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1175.922277][T15925] RIP: 0033:0x7febc018b710 [ 1175.922295][T15925] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 1175.922312][T15925] RSP: 002b:00007febc0f6ab70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1175.922334][T15925] RAX: ffffffffffffffda RBX: 00000000001e5782 RCX: 00007febc018b710 [ 1175.922349][T15925] RDX: 00000000001e5782 RSI: 00007febc0f6ac10 RDI: 00000000ffffff9c [ 1175.922363][T15925] RBP: 00007febc0f6ac10 R08: 0000000000000000 R09: 0000000000000000 [ 1175.922376][T15925] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1175.922389][T15925] R13: 0000000000000000 R14: 00007febc03a5fa0 R15: 00007fffb0f2e468 [ 1175.922418][T15925] [ 1175.956776][ T941] usb 6-1: USB disconnect, device number 20 [ 1175.959306][ C0] usbtouchscreen 6-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -19 [ 1176.403974][T15949] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2879'. [ 1176.446364][T15927] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.628438][T15927] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.700248][T15952] 9pnet_fd: Insufficient options for proto=fd [ 1177.835048][T15927] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1177.915627][T15927] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1178.605983][T15927] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1178.649555][T15927] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1178.766240][T15971] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2886'. [ 1182.573915][T16002] netlink: 'syz.6.2891': attribute type 1 has an invalid length. [ 1182.596524][T16002] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2891'. [ 1183.166310][T16001] syz.4.2894 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1185.316313][T16016] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2898'. [ 1185.316353][T16016] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2898'. [ 1185.316392][T16016] netlink: 'syz.6.2898': attribute type 6 has an invalid length. [ 1185.496254][T16024] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2901'. [ 1185.702621][T13825] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1186.902175][T13825] usb 5-1: New USB device found, idVendor=041e, idProduct=4011, bcdDevice=af.98 [ 1186.921209][T13825] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1186.994882][T13825] usb 5-1: config 0 descriptor?? [ 1187.030655][T13825] pwc: Creative Labs Webcam Pro Ex detected. [ 1187.108001][T16045] IPVS: Unknown mcast interface: vcan0 [ 1187.268292][T16020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1187.356836][T16020] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1187.477087][T16053] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1188.181457][T16057] netlink: 'syz.1.2909': attribute type 1 has an invalid length. [ 1188.198488][T16057] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2909'. [ 1189.273496][T13825] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1189.312852][T13825] pwc: recv_control_msg error -32 req 02 val 2700 [ 1189.593406][T16060] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2910'. [ 1189.711705][T16060] block nbd1: shutting down sockets [ 1189.742292][T16062] block nbd1: NBD_DISCONNECT [ 1189.804534][T16062] block nbd1: Send disconnect failed -32 [ 1190.699370][T16071] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2913'. [ 1191.621085][T13825] pwc: recv_control_msg error -71 req 04 val 1600 [ 1191.635211][T13825] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1191.802831][T13825] pwc: recv_control_msg error -71 req 04 val 1000 [ 1191.813130][T13825] pwc: recv_control_msg error -71 req 04 val 1300 [ 1191.828465][T13825] pwc: recv_control_msg error -71 req 04 val 1400 [ 1191.849798][T13825] pwc: recv_control_msg error -71 req 02 val 2000 [ 1191.882302][T13825] pwc: recv_control_msg error -71 req 02 val 2100 [ 1191.908506][T16079] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 1191.924302][T13825] pwc: recv_control_msg error -71 req 06 val 0600 [ 1191.944026][T13825] pwc: recv_control_msg error -71 req 04 val 1500 [ 1191.970171][T13825] pwc: recv_control_msg error -71 req 02 val 2500 [ 1191.988463][T13825] pwc: recv_control_msg error -71 req 02 val 2400 [ 1192.021771][T13825] pwc: recv_control_msg error -71 req 02 val 2600 [ 1192.046610][T13825] pwc: recv_control_msg error -71 req 02 val 2900 [ 1192.064579][T13825] pwc: recv_control_msg error -71 req 02 val 2800 [ 1192.084313][T13825] pwc: recv_control_msg error -71 req 04 val 1100 [ 1192.110527][T13825] pwc: recv_control_msg error -71 req 04 val 1200 [ 1192.126237][T13825] pwc: Registered as video103. [ 1192.279246][ T5877] IPVS: starting estimator thread 0... [ 1192.529754][T16088] IPVS: using max 18 ests per chain, 43200 per kthread [ 1193.124028][T13825] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input93 [ 1193.139412][T13825] usb 5-1: USB disconnect, device number 56 [ 1194.018801][T16109] ubi0: attaching mtd0 [ 1194.024324][T16109] ubi0: scanning is finished [ 1194.485949][T16105] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1194.495473][T16105] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1194.504403][T16105] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1194.513226][T16105] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1194.722548][T16109] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1194.803255][T16112] overlayfs: missing 'workdir' [ 1200.127019][T16156] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1201.529458][T16162] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2938'. [ 1201.688094][T16162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2938'. [ 1202.006506][ T5904] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 1202.315661][ T5904] usb 7-1: Using ep0 maxpacket: 8 [ 1202.367846][ T5904] usb 7-1: config 0 has an invalid interface number: 22 but max is 0 [ 1202.401626][ T5904] usb 7-1: config 0 has no interface number 0 [ 1203.635634][ T5904] usb 7-1: config 0 interface 22 has no altsetting 0 [ 1203.678964][ T5904] usb 7-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=bf.9a [ 1203.716444][ T5904] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1203.732327][ T5904] usb 7-1: Product: syz [ 1203.758514][ T5904] usb 7-1: Manufacturer: syz [ 1203.887568][ T5904] usb 7-1: SerialNumber: syz [ 1204.251034][ T5904] usb 7-1: config 0 descriptor?? [ 1204.398934][T16185] netlink: 'syz.1.2945': attribute type 1 has an invalid length. [ 1204.425411][T16185] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2945'. [ 1205.038003][ T5904] RobotFuzz Open Source InterFace, OSIF 7-1:0.22: version bf.9a found at bus 007 address 033 [ 1205.212917][T13825] usb 5-1: new full-speed USB device number 57 using dummy_hcd [ 1205.768752][T13825] usb 5-1: device descriptor read/64, error -71 [ 1206.121460][ T5877] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 1206.226945][T13825] usb 5-1: new full-speed USB device number 58 using dummy_hcd [ 1206.560304][T13825] usb 5-1: device descriptor read/64, error -71 [ 1206.799858][T16199] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1206.806517][T16199] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1206.827172][T13825] usb usb5-port1: attempt power cycle [ 1206.862488][T16199] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1206.868626][T16199] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1206.899411][T16199] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1206.905738][T16199] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1206.906720][T15687] usb 7-1: USB disconnect, device number 33 [ 1206.920659][T16199] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1206.926996][T16199] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1207.009147][ T5877] usb 6-1: Using ep0 maxpacket: 16 [ 1207.028583][ T5877] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1207.083697][ T5877] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1207.128140][ T5877] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1207.213605][T13825] usb 5-1: new full-speed USB device number 59 using dummy_hcd [ 1207.221826][ T5877] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1207.271210][ T5877] usb 6-1: Product: syz [ 1207.290653][ T5877] usb 6-1: Manufacturer: syz [ 1207.295358][ T5877] usb 6-1: SerialNumber: syz [ 1207.342254][T13825] usb 5-1: device descriptor read/8, error -71 [ 1207.347223][ T5877] usb 6-1: config 0 descriptor?? [ 1207.499198][ T5877] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1207.562454][ T5877] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class) [ 1207.703968][T13825] usb 5-1: new full-speed USB device number 60 using dummy_hcd [ 1207.824228][T13825] usb 5-1: device descriptor read/8, error -71 [ 1207.999606][T13825] usb usb5-port1: unable to enumerate USB device [ 1208.361386][ T5877] em28xx 6-1:0.0: chip ID is em2874 [ 1208.848244][ T5877] usb 6-1: USB disconnect, device number 21 [ 1208.854284][T14423] Bluetooth: hci1: command 0x0406 tx timeout [ 1208.855108][ T5877] em28xx 6-1:0.0: Disconnecting em28xx [ 1208.931170][ T5877] em28xx 6-1:0.0: Freeing device [ 1209.019344][T14423] Bluetooth: hci4: command 0x0406 tx timeout [ 1209.049140][T16221] overlay: Unknown parameter 'mInError 0 [ 1209.049140][T16221] XfrmInBufferError 0 [ 1209.049140][T16221] XfrmInHdrError 0 [ 1209.049140][T16221] XfrmInNoStates 0 [ 1209.049140][T16221] XfrmInStateProtoError 0 [ 1209.049140][T16221] XfrmInStateModeError 0 [ 1209.049140][T16221] XfrmInStateSeqError 0 [ 1209.049140][T16221] XfrmInStateExpired 0 [ 1209.049140][T16221] XfrmInStateMismatch 0 [ 1209.049140][T16221] XfrmInStateInvalid 0 [ 1209.049140][T16221] XfrmInTmplMismatch 0 [ 1209.049140][T16221] XfrmInNoPols 0 [ 1209.049140][T16221] XfrmInPolBlock 0 [ 1209.049140][T16221] XfrmInPolError 0 [ 1209.049140][T16221] XfrmOutError 0 [ 1209.049140][T16221] XfrmOutBundleGenError 0 [ 1209.049140][T16221] XfrmOutBundleCheckError 0 [ 1209.049140][T16221] XfrmOutNoStates 0 [ 1209.049140][T16221] XfrmOutStateProtoError 0 [ 1209.049140][T16221] XfrmOutStateModeError 0 [ 1209.049140][T16221] XfrmOutStateSeqError 0 [ 1209.049140][T16221] XfrmOutStat' [ 1209.080463][T16223] support for cryptoloop has been removed. Use dm-crypt instead. [ 1209.154514][T14423] Bluetooth: hci3: command 0x0405 tx timeout [ 1209.163649][T14423] Bluetooth: hci5: command 0x0406 tx timeout [ 1209.233885][T13825] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1210.182888][T16241] sctp: [Deprecated]: syz.4.2963 (pid 16241) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1210.182888][T16241] Use struct sctp_sack_info instead [ 1210.301460][T16243] netlink: 512 bytes leftover after parsing attributes in process `syz.5.2962'. [ 1210.431851][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1210.630527][T13825] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1211.064120][T14423] Bluetooth: hci1: command 0x0406 tx timeout [ 1211.091879][T13825] usb 5-1: Using ep0 maxpacket: 32 [ 1211.105464][T13825] usb 5-1: config 0 has an invalid interface number: 218 but max is 0 [ 1211.114185][T13825] usb 5-1: config 0 has no interface number 0 [ 1211.124407][T13825] usb 5-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=74.07 [ 1211.205351][ T5829] Bluetooth: hci4: command 0x0406 tx timeout [ 1211.233934][ T5829] Bluetooth: hci5: command 0x0406 tx timeout [ 1211.300549][ T5829] Bluetooth: hci3: command 0x0405 tx timeout [ 1211.899488][T13825] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1211.908553][T13825] usb 5-1: Product: syz [ 1211.912774][T13825] usb 5-1: Manufacturer: syz [ 1211.917546][T13825] usb 5-1: SerialNumber: syz [ 1212.077755][T13825] usb 5-1: config 0 descriptor?? [ 1212.209190][T16257] ubi0: attaching mtd0 [ 1212.218840][T16257] ubi0: scanning is finished [ 1212.560749][T15687] usb 5-1: USB disconnect, device number 62 [ 1212.599110][T16257] ubi0 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt0d", error -4 [ 1212.932138][T16264] dlm: no local IP address has been set [ 1212.939418][T16264] dlm: cannot start dlm midcomms -107 [ 1213.659425][T16279] befs: (nullb0): No write support. Marking filesystem read-only [ 1213.681529][T16279] befs: (nullb0): invalid magic header [ 1213.854476][T16284] xt_cgroup: invalid path, errno=-2 [ 1214.775431][T15667] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 1214.949891][T15687] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1215.445819][T15667] usb 2-1: New USB device found, idVendor=041e, idProduct=4011, bcdDevice=af.98 [ 1215.483724][T15667] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1215.507439][T15667] usb 2-1: config 0 descriptor?? [ 1215.564942][T15667] pwc: Creative Labs Webcam Pro Ex detected. [ 1216.543260][T15687] usb 5-1: config index 0 descriptor too short (expected 9, got 0) [ 1216.588802][T15687] usb 5-1: can't read configurations, error -22 [ 1216.751681][T16292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1216.789382][T16292] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1216.822275][T15687] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1216.873278][T16311] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2986'. [ 1218.058345][T15667] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1218.065868][T15667] pwc: recv_control_msg error -32 req 02 val 2700 [ 1218.084801][T15667] pwc: recv_control_msg error -71 req 04 val 1600 [ 1218.093928][T15667] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1218.101643][T15687] usb 5-1: device descriptor read/all, error -71 [ 1218.103203][T15667] pwc: recv_control_msg error -71 req 04 val 1000 [ 1218.116235][T15667] pwc: recv_control_msg error -71 req 04 val 1300 [ 1218.128463][T15667] pwc: recv_control_msg error -71 req 04 val 1400 [ 1218.137440][T15687] usb usb5-port1: attempt power cycle [ 1218.140018][T15667] pwc: recv_control_msg error -71 req 02 val 2000 [ 1218.159196][T15667] pwc: recv_control_msg error -71 req 02 val 2100 [ 1218.166439][T15667] pwc: recv_control_msg error -71 req 06 val 0600 [ 1218.228322][T16316] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1218.259449][T15667] pwc: recv_control_msg error -71 req 04 val 1500 [ 1218.280093][T15667] pwc: recv_control_msg error -71 req 02 val 2500 [ 1218.287347][T16316] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1218.297571][T15667] pwc: recv_control_msg error -71 req 02 val 2400 [ 1218.326498][T15667] pwc: recv_control_msg error -71 req 02 val 2600 [ 1218.354791][T15667] pwc: recv_control_msg error -71 req 02 val 2900 [ 1218.377253][T15667] pwc: recv_control_msg error -71 req 02 val 2800 [ 1218.401558][T15667] pwc: recv_control_msg error -71 req 04 val 1100 [ 1218.465370][T15667] pwc: recv_control_msg error -71 req 04 val 1200 [ 1218.499690][T15667] pwc: Registered as video103. [ 1218.538050][T16322] befs: (nullb0): No write support. Marking filesystem read-only [ 1218.546968][T16322] befs: (nullb0): invalid magic header [ 1218.550624][T15667] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input94 [ 1219.481933][T15667] usb 2-1: USB disconnect, device number 37 [ 1219.489547][T16304] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2983'. [ 1219.682598][T16336] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1220.452566][T16340] can0: slcan on ttyS3. [ 1220.878216][T16330] can0 (unregistered): slcan off ttyS3. [ 1222.860566][T16360] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1223.454762][T16364] netlink: 'syz.6.3001': attribute type 7 has an invalid length. [ 1223.658005][T16369] hsr0: entered allmulticast mode [ 1223.685043][T16369] hsr_slave_0: entered allmulticast mode [ 1223.721053][T16369] hsr_slave_1: entered allmulticast mode [ 1223.830296][T16371] befs: (nullb0): No write support. Marking filesystem read-only [ 1223.850293][T16371] befs: (nullb0): invalid magic header [ 1223.896652][ T29] audit: type=1326 audit(1738539294.975:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16367 comm="syz.6.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38cb8cda9 code=0x7ffc0000 [ 1224.162738][ T29] audit: type=1326 audit(1738539295.022:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16367 comm="syz.6.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38cb8cda9 code=0x7ffc0000 [ 1224.421416][T16377] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 1224.430531][ T29] audit: type=1326 audit(1738539295.209:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16367 comm="syz.6.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fa38cb8cda9 code=0x7ffc0000 [ 1224.562135][ T29] audit: type=1326 audit(1738539295.237:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16367 comm="syz.6.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38cb8cda9 code=0x7ffc0000 [ 1224.647426][ T29] audit: type=1326 audit(1738539295.303:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16367 comm="syz.6.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38cb8cda9 code=0x7ffc0000 [ 1224.698896][T16383] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3007'. [ 1224.710037][ T29] audit: type=1326 audit(1738539295.303:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16367 comm="syz.6.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa38cb8b710 code=0x7ffc0000 [ 1224.732003][T16383] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3007'. [ 1224.744664][ T29] audit: type=1326 audit(1738539295.303:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16367 comm="syz.6.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa38cb8b710 code=0x7ffc0000 [ 1224.769939][T15654] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 1224.869170][ T29] audit: type=1326 audit(1738539295.303:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16367 comm="syz.6.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38cb8cda9 code=0x7ffc0000 [ 1224.872417][T16386] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1225.419136][T15654] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1225.460119][T15654] usb 2-1: config 3 has an invalid interface number: 101 but max is 0 [ 1225.468828][T15654] usb 2-1: config 3 has no interface number 0 [ 1225.505243][ T29] audit: type=1326 audit(1738539295.303:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16367 comm="syz.6.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa38cb8cda9 code=0x7ffc0000 [ 1225.531506][T15654] usb 2-1: config 3 interface 101 altsetting 9 bulk endpoint 0x9 has invalid maxpacket 32 [ 1225.595228][T15654] usb 2-1: config 3 interface 101 altsetting 9 bulk endpoint 0xC has invalid maxpacket 64 [ 1225.647095][ T29] audit: type=1326 audit(1738539295.303:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16367 comm="syz.6.3005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa38cb8b710 code=0x7ffc0000 [ 1225.681941][T15654] usb 2-1: config 3 interface 101 has no altsetting 0 [ 1225.977293][T15654] usb 2-1: string descriptor 0 read error: -22 [ 1226.105125][T15654] usb 2-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice=6f.3a [ 1226.195761][T15654] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1226.503645][T16379] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1226.588865][T16379] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1226.724595][T15654] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1226.821030][T15654] snd-usb-audio 2-1:3.101: probe with driver snd-usb-audio failed with error -2 [ 1227.100344][ T5904] usb 2-1: USB disconnect, device number 38 [ 1227.249103][T16401] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 1228.035249][ T941] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 1228.210064][T16404] FAULT_INJECTION: forcing a failure. [ 1228.210064][T16404] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1228.223325][T16404] CPU: 1 UID: 0 PID: 16404 Comm: syz.4.3015 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 1228.223354][T16404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1228.223368][T16404] Call Trace: [ 1228.223376][T16404] [ 1228.223385][T16404] dump_stack_lvl+0x241/0x360 [ 1228.223428][T16404] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1228.223464][T16404] ? __pfx__printk+0x10/0x10 [ 1228.223508][T16404] should_fail_ex+0x40a/0x550 [ 1228.223535][T16404] strncpy_from_user+0x36/0x270 [ 1228.223561][T16404] getname_flags+0xf1/0x540 [ 1228.223589][T16404] ? _copy_from_user+0x95/0xb0 [ 1228.223612][T16404] user_path_at+0x24/0x60 [ 1228.223645][T16404] __se_sys_mount+0x297/0x3c0 [ 1228.223672][T16404] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1228.223704][T16404] ? __pfx___se_sys_mount+0x10/0x10 [ 1228.223733][T16404] ? do_syscall_64+0x100/0x230 [ 1228.223764][T16404] ? __x64_sys_mount+0x20/0xc0 [ 1228.223793][T16404] do_syscall_64+0xf3/0x230 [ 1228.223821][T16404] ? clear_bhb_loop+0x35/0x90 [ 1228.223855][T16404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1228.223883][T16404] RIP: 0033:0x7f23e138cda9 [ 1228.223904][T16404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1228.223921][T16404] RSP: 002b:00007f23e216d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1228.223945][T16404] RAX: ffffffffffffffda RBX: 00007f23e15a5fa0 RCX: 00007f23e138cda9 [ 1228.223961][T16404] RDX: 0000000020000200 RSI: 0000000020000040 RDI: 00000000200004c0 [ 1228.223975][T16404] RBP: 00007f23e216d090 R08: 0000000000000000 R09: 0000000000000000 [ 1228.223988][T16404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1228.224001][T16404] R13: 0000000000000000 R14: 00007f23e15a5fa0 R15: 00007ffde8f0fd98 [ 1228.224032][T16404] [ 1228.615486][T16412] netdevsim netdevsim6: Direct firmware load for / [ 1228.615486][T16412] failed with error -2 [ 1228.628406][T16412] netdevsim netdevsim6: Falling back to sysfs fallback for: / [ 1228.628406][T16412] [ 1228.644521][T14423] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 1229.688978][ T941] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 1229.703202][ T941] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 1229.711393][ T941] usb 1-1: config 0 has no interface number 0 [ 1229.721518][ T941] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1230.838839][ T941] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1231.093681][ T941] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 1231.158323][ T941] usb 1-1: string descriptor 0 read error: -71 [ 1231.189037][ T941] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 1231.198156][ T941] usb 1-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0 [ 1231.294441][ T941] usb 1-1: config 0 descriptor?? [ 1231.360079][ T941] usb 1-1: can't set config #0, error -71 [ 1231.481877][ T941] usb 1-1: USB disconnect, device number 21 [ 1233.479203][T15670] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 1233.656330][T16450] befs: (nullb0): No write support. Marking filesystem read-only [ 1233.666860][T16450] befs: (nullb0): invalid magic header [ 1233.675889][T15670] usb 6-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1233.706031][T15670] usb 6-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1233.722570][T15670] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1233.740904][T15670] usb 6-1: New USB device found, idVendor=056a, idProduct=00b4, bcdDevice= 0.00 [ 1233.778515][T15670] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1233.809382][T15670] usb 6-1: config 0 descriptor?? [ 1233.964656][T16456] FAULT_INJECTION: forcing a failure. [ 1233.964656][T16456] name failslab, interval 1, probability 0, space 0, times 0 [ 1234.041795][T16456] CPU: 0 UID: 0 PID: 16456 Comm: syz.1.3031 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 1234.041835][T16456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1234.041848][T16456] Call Trace: [ 1234.041857][T16456] [ 1234.041868][T16456] dump_stack_lvl+0x241/0x360 [ 1234.041911][T16456] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1234.041945][T16456] ? __pfx__printk+0x10/0x10 [ 1234.041981][T16456] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 1234.042011][T16456] ? __pfx___might_resched+0x10/0x10 [ 1234.042039][T16456] should_fail_ex+0x40a/0x550 [ 1234.042067][T16456] should_failslab+0xac/0x100 [ 1234.042095][T16456] __kmalloc_node_noprof+0xe1/0x4d0 [ 1234.042123][T16456] ? __kvmalloc_node_noprof+0x72/0x190 [ 1234.042160][T16456] __kvmalloc_node_noprof+0x72/0x190 [ 1234.042193][T16456] simple_xattr_set+0x74/0x360 [ 1234.042230][T16456] kernfs_vfs_xattr_set+0x7e/0xc0 [ 1234.042253][T16456] ? __pfx_kernfs_vfs_xattr_set+0x10/0x10 [ 1234.042278][T16456] __vfs_setxattr+0x468/0x4a0 [ 1234.042316][T16456] __vfs_setxattr_noperm+0x12e/0x660 [ 1234.042351][T16456] vfs_setxattr+0x221/0x430 [ 1234.042386][T16456] ? __pfx_vfs_setxattr+0x10/0x10 [ 1234.042425][T16456] filename_setxattr+0x2af/0x430 [ 1234.042450][T16456] ? __phys_addr_symbol+0x2f/0x70 [ 1234.042497][T16456] ? __pfx_filename_setxattr+0x10/0x10 [ 1234.042527][T16456] ? getname_flags+0x1e3/0x540 [ 1234.042559][T16456] path_setxattrat+0x440/0x510 [ 1234.042596][T16456] ? __pfx_path_setxattrat+0x10/0x10 [ 1234.042624][T16456] ? vfs_write+0x7fa/0xd10 [ 1234.042694][T16456] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1234.042724][T16456] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1234.042758][T16456] __x64_sys_lsetxattr+0xbf/0xe0 [ 1234.042789][T16456] do_syscall_64+0xf3/0x230 [ 1234.042818][T16456] ? clear_bhb_loop+0x35/0x90 [ 1234.042851][T16456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1234.042879][T16456] RIP: 0033:0x7fe67058cda9 [ 1234.042898][T16456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1234.042915][T16456] RSP: 002b:00007fe6713f9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 1234.042938][T16456] RAX: ffffffffffffffda RBX: 00007fe6707a5fa0 RCX: 00007fe67058cda9 [ 1234.042954][T16456] RDX: 0000000020000100 RSI: 0000000020000080 RDI: 0000000020000040 [ 1234.042967][T16456] RBP: 00007fe6713f9090 R08: 0000000000000003 R09: 0000000000000000 [ 1234.042980][T16456] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 1234.042992][T16456] R13: 0000000000000001 R14: 00007fe6707a5fa0 R15: 00007ffde9934868 [ 1234.043024][T16456] [ 1237.089286][T15670] usbhid 6-1:0.0: can't add hid device: -71 [ 1237.101827][T15670] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1237.554996][T15670] usb 6-1: USB disconnect, device number 22 [ 1240.363615][T16500] ubi0: attaching mtd0 [ 1240.374025][T16500] ubi0: scanning is finished [ 1240.618438][T16500] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1240.626229][T16500] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1240.633761][T16500] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1240.641112][T16500] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1240.648747][T16500] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1240.656039][T16500] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1240.664255][T16500] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 4011149906 [ 1240.674872][T16500] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1240.711381][T16502] ubi0: background thread "ubi_bgt0d" started, PID 16502 [ 1241.163735][T15670] usb 6-1: new full-speed USB device number 23 using dummy_hcd [ 1241.286888][T16517] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551615) [ 1241.301960][T16517] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647 [ 1241.378556][T15670] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1241.400793][T15670] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1241.450917][T15670] usb 6-1: New USB device found, idVendor=056a, idProduct=0090, bcdDevice= 0.00 [ 1241.472668][T15670] usb 6-1: New USB device strings: Mfr=0, Product=23, SerialNumber=0 [ 1241.510964][T15670] usb 6-1: Product: syz [ 1241.538647][T15670] usb 6-1: config 0 descriptor?? [ 1243.303502][T15670] usbhid 6-1:0.0: can't add hid device: -71 [ 1243.309585][T15670] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1243.324970][T15670] usb 6-1: USB disconnect, device number 23 [ 1244.252440][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 1244.252463][ T29] audit: type=1326 audit(1738539313.985:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16540 comm="syz.5.3056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1244.413377][ T29] audit: type=1326 audit(1738539313.985:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16540 comm="syz.5.3056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1244.498865][T16545] netlink: 'syz.6.3055': attribute type 21 has an invalid length. [ 1244.508517][T16545] netlink: 'syz.6.3055': attribute type 6 has an invalid length. [ 1244.517250][T16545] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3055'. [ 1244.825827][ T29] audit: type=1326 audit(1738539313.985:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16540 comm="syz.5.3056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1244.859619][ T29] audit: type=1326 audit(1738539313.985:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16540 comm="syz.5.3056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1244.947855][ T29] audit: type=1326 audit(1738539313.985:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16540 comm="syz.5.3056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7febc018b710 code=0x7ffc0000 [ 1245.143735][ T29] audit: type=1326 audit(1738539313.985:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16540 comm="syz.5.3056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7febc018b710 code=0x7ffc0000 [ 1245.242833][T16548] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x1 [ 1245.297118][ T29] audit: type=1326 audit(1738539313.985:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16540 comm="syz.5.3056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1245.428099][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1245.449499][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1245.461161][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1245.478176][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1245.487815][ T29] audit: type=1326 audit(1738539313.985:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16540 comm="syz.5.3056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1245.511478][ T5829] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1245.558637][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1245.616481][ T29] audit: type=1326 audit(1738539313.985:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16540 comm="syz.5.3056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7febc018b710 code=0x7ffc0000 [ 1245.868368][ T29] audit: type=1326 audit(1738539313.985:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16540 comm="syz.5.3056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1246.099030][T16553] lo speed is unknown, defaulting to 1000 [ 1246.479957][T16569] ubi: mtd0 is already attached to ubi0 [ 1247.271852][T16576] fuse: Bad value for 'group_id' [ 1247.282834][T16576] fuse: Bad value for 'group_id' [ 1247.462691][T16580] befs: (nullb0): No write support. Marking filesystem read-only [ 1247.477872][T16580] befs: (nullb0): invalid magic header [ 1247.864951][ T5829] Bluetooth: hci0: command tx timeout [ 1247.880055][T16553] chnl_net:caif_netlink_parms(): no params data found [ 1248.268490][T16591] use of bytesused == 0 is deprecated and will be removed in the future, [ 1248.278309][T16591] use the actual size instead. [ 1248.443796][T16592] netlink: 512 bytes leftover after parsing attributes in process `syz.6.3066'. [ 1249.171415][T16553] bridge0: port 1(bridge_slave_0) entered blocking state [ 1249.193894][T16553] bridge0: port 1(bridge_slave_0) entered disabled state [ 1249.201470][T16553] bridge_slave_0: entered allmulticast mode [ 1249.208905][T16553] bridge_slave_0: entered promiscuous mode [ 1249.229343][T16553] bridge0: port 2(bridge_slave_1) entered blocking state [ 1249.245363][T16553] bridge0: port 2(bridge_slave_1) entered disabled state [ 1249.258929][T16553] bridge_slave_1: entered allmulticast mode [ 1249.291795][T16553] bridge_slave_1: entered promiscuous mode [ 1249.407169][T16553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1249.441966][T16553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1249.477625][T16597] netlink: 756 bytes leftover after parsing attributes in process `syz.0.3069'. [ 1249.532002][T16553] team0: Port device team_slave_0 added [ 1249.544764][T16553] team0: Port device team_slave_1 added [ 1249.775811][T16553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1249.789162][T16553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1249.825294][T16553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1249.848175][T16553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1249.855883][T16553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1249.886237][T14423] Bluetooth: hci0: command tx timeout [ 1249.894421][T16553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1249.983628][ T5829] block nbd4: Receive control failed (result -32) [ 1249.983760][T16595] block nbd4: shutting down sockets [ 1250.128731][T16553] hsr_slave_0: entered promiscuous mode [ 1250.194047][T16553] hsr_slave_1: entered promiscuous mode [ 1250.225081][T16606] befs: (nullb0): No write support. Marking filesystem read-only [ 1250.246255][T16606] befs: (nullb0): invalid magic header [ 1250.259914][T16553] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1250.378681][T16553] Cannot create hsr debugfs directory [ 1251.119017][ T29] kauditd_printk_skb: 30 callbacks suppressed [ 1251.119038][ T29] audit: type=1804 audit(1738539320.716:259): pid=16608 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.3073" name="/newroot/602/file0" dev="tmpfs" ino=3201 res=1 errno=0 [ 1251.952112][ T5829] Bluetooth: hci0: command tx timeout [ 1252.513182][T16553] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1252.565210][T16553] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1252.594611][T16553] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1252.617843][T16553] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1252.676237][ T29] audit: type=1326 audit(1738539322.260:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16633 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23e138cda9 code=0x7ffc0000 [ 1252.768259][ T29] audit: type=1326 audit(1738539322.289:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16633 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f23e138cda9 code=0x7ffc0000 [ 1252.824519][T16553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1252.838694][ T29] audit: type=1326 audit(1738539322.289:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16633 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23e138cda9 code=0x7ffc0000 [ 1252.915833][ T29] audit: type=1326 audit(1738539322.289:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16633 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f23e138b710 code=0x7ffc0000 [ 1252.937067][T16553] 8021q: adding VLAN 0 to HW filter on device team0 [ 1252.974931][ T29] audit: type=1326 audit(1738539322.289:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16633 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f23e138b710 code=0x7ffc0000 [ 1252.976899][ T6624] bridge0: port 1(bridge_slave_0) entered blocking state [ 1253.003765][ T6624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1253.043232][ T29] audit: type=1326 audit(1738539322.289:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16633 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23e138cda9 code=0x7ffc0000 [ 1253.104292][ T29] audit: type=1326 audit(1738539322.289:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16633 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f23e138b710 code=0x7ffc0000 [ 1253.149884][ T6624] bridge0: port 2(bridge_slave_1) entered blocking state [ 1253.157082][ T6624] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1253.201761][ T29] audit: type=1326 audit(1738539322.289:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16633 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23e138cda9 code=0x7ffc0000 [ 1253.256092][ T29] audit: type=1326 audit(1738539322.289:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16633 comm="syz.4.3081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f23e138cda9 code=0x7ffc0000 [ 1253.409627][T16632] block nbd5: shutting down sockets [ 1254.045037][T16553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1254.086008][ T5829] Bluetooth: hci0: command tx timeout [ 1254.265477][T16553] veth0_vlan: entered promiscuous mode [ 1254.342140][T16553] veth1_vlan: entered promiscuous mode [ 1254.409183][T16553] veth0_macvtap: entered promiscuous mode [ 1254.453018][T16553] veth1_macvtap: entered promiscuous mode [ 1254.621156][T16553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1254.640235][T16553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.655821][T16553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1254.686816][T16553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.698880][T16553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1254.719865][T16553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.780726][T16553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1254.808449][T16553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.830872][T16553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1254.843867][T16553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.873700][T16553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1254.916029][T16553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1254.944080][T16553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.958016][T16553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1254.977987][T16553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1254.989137][T16553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1255.007041][T16553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1255.018318][T16553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1255.029635][T16553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1255.039961][T16553] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1255.052149][T16553] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1255.073028][T16553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1255.104213][T16553] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1255.127543][T16553] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1255.166243][T16553] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1255.177367][T16553] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1255.472397][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1255.641707][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1255.779515][T16665] netlink: 192 bytes leftover after parsing attributes in process `syz.5.3089'. [ 1255.804172][ T5921] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1255.880065][T16674] netlink: zone id is out of range [ 1255.893035][T16674] netlink: set zone limit has 8 unknown bytes [ 1256.040595][T15654] usb 1-1: new low-speed USB device number 22 using dummy_hcd [ 1256.116761][ T5921] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1256.798341][T15654] usb 1-1: string descriptor 0 read error: -22 [ 1256.804704][T15654] usb 1-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1256.869753][T15654] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1256.891809][T15654] usb 1-1: config 0 descriptor?? [ 1256.904018][T15654] usbtest 1-1:0.0: FX2 device [ 1256.908810][T15654] usbtest 1-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1257.261141][T16671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1257.555712][T16671] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1257.609892][T16671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1257.619804][T16671] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1257.619812][T16687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1257.682662][T16687] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1257.704765][T15654] usb 1-1: USB disconnect, device number 22 [ 1258.086947][T15670] usb 6-1: new full-speed USB device number 24 using dummy_hcd [ 1258.423541][T15670] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 1258.552411][T15670] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 1258.621023][T15670] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 1258.656332][T15670] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 1258.722712][T15670] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 1258.794856][T15670] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1258.825034][T15670] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 1258.870624][T15670] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 1258.910991][T15670] usb 6-1: Product: syz [ 1258.924705][T15670] usb 6-1: Manufacturer: syz [ 1258.929399][T15670] usb 6-1: SerialNumber: syz [ 1258.987081][T15670] usb 6-1: config 0 descriptor?? [ 1258.996935][T16689] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1259.034623][T15670] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 1259.085699][T16704] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3103'. [ 1259.124749][T15670] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 1259.180431][T16704] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3103'. [ 1259.477880][T15670] usb 6-1: USB disconnect, device number 24 [ 1259.489153][T15670] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 1259.567553][T16706] loop9: detected capacity change from 0 to 8 [ 1259.600372][T16706] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 1259.611774][T16706] loop9: partition table partially beyond EOD, truncated [ 1259.621536][T16706] loop9: p1 size 81768186 extends beyond EOD, truncated [ 1259.735321][T16708] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 1259.749271][T16708] loop9: partition table partially beyond EOD, truncated [ 1259.786366][T16708] loop9: p1 size 81768186 extends beyond EOD, truncated [ 1260.154569][T14423] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1260.168484][T14423] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1260.180814][T14423] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1260.201756][T14423] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1260.272380][T14423] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1260.282613][T14423] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1260.686609][ T5904] usb 2-1: new full-speed USB device number 39 using dummy_hcd [ 1261.115984][T16713] lo speed is unknown, defaulting to 1000 [ 1261.136060][ T5904] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1261.163370][ T5904] usb 2-1: not running at top speed; connect to a high speed hub [ 1261.178186][ T5904] usb 2-1: config 1 interface 0 has no altsetting 0 [ 1261.201617][ T5904] usb 2-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.40 [ 1261.237896][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1261.262218][ T5904] usb 2-1: Product: syz [ 1261.266453][ T5904] usb 2-1: Manufacturer: syz [ 1261.279405][ T5904] usb 2-1: SerialNumber: syz [ 1261.460286][T16713] chnl_net:caif_netlink_parms(): no params data found [ 1261.527032][ T5904] usb 2-1: USB disconnect, device number 39 [ 1261.689778][T16713] bridge0: port 1(bridge_slave_0) entered blocking state [ 1261.708431][T16713] bridge0: port 1(bridge_slave_0) entered disabled state [ 1261.732263][T16713] bridge_slave_0: entered allmulticast mode [ 1261.744289][T16713] bridge_slave_0: entered promiscuous mode [ 1261.744425][T16733] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3109'. [ 1261.762073][T16713] bridge0: port 2(bridge_slave_1) entered blocking state [ 1261.769327][T16713] bridge0: port 2(bridge_slave_1) entered disabled state [ 1261.840509][T16713] bridge_slave_1: entered allmulticast mode [ 1261.848779][T16713] bridge_slave_1: entered promiscuous mode [ 1261.920827][T16713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1261.943853][T16713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1262.017102][T16713] team0: Port device team_slave_0 added [ 1262.464683][T14423] Bluetooth: hci1: command tx timeout [ 1262.580437][T16713] team0: Port device team_slave_1 added [ 1262.793899][T16745] netlink: 512 bytes leftover after parsing attributes in process `syz.0.3113'. [ 1263.244324][T16713] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1263.260923][T16713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1263.307813][T16713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1263.325096][T16713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1263.332778][T16713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1263.364746][T16713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1263.501561][T16713] hsr_slave_0: entered promiscuous mode [ 1263.534027][T16713] hsr_slave_1: entered promiscuous mode [ 1263.542639][T16713] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1263.551388][T16713] Cannot create hsr debugfs directory [ 1263.766735][T16753] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3115'. [ 1263.838330][T16753] block nbd6: NBD_DISCONNECT [ 1263.864929][T16753] block nbd6: Disconnected due to user request. [ 1263.927191][T16753] block nbd6: shutting down sockets [ 1264.136288][T16713] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1264.564382][T14423] Bluetooth: hci1: command tx timeout [ 1265.181554][T16767] befs: (nullb0): No write support. Marking filesystem read-only [ 1265.228179][T16767] befs: (nullb0): invalid magic header [ 1265.764736][T16713] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.000779][T16771] befs: (nullb0): No write support. Marking filesystem read-only [ 1266.015839][T16771] befs: (nullb0): invalid magic header [ 1266.377282][T16756] lo speed is unknown, defaulting to 1000 [ 1266.504609][T16713] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.641124][T14423] Bluetooth: hci1: command tx timeout [ 1266.768401][T16713] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.851038][T16783] 9pnet_fd: Insufficient options for proto=fd [ 1267.057652][T15687] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 1267.221772][T15687] usb 6-1: Using ep0 maxpacket: 8 [ 1267.242190][T15687] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 1267.303332][T15687] usb 6-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 1267.421407][T16713] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1267.466410][T15687] usb 6-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 1267.556341][T15687] usb 6-1: Product: syz [ 1267.593867][T15687] usb 6-1: Manufacturer: syz [ 1267.630803][T15687] usb 6-1: SerialNumber: syz [ 1267.890034][T16713] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1267.988068][T16713] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1268.035885][T16713] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1268.247013][T15687] usb 6-1: palm_os_3_probe - error -71 getting connection information [ 1268.255639][T15687] visor 6-1:1.0: probe with driver visor failed with error -71 [ 1268.270027][T15687] usb 6-1: USB disconnect, device number 25 [ 1269.238695][T14423] Bluetooth: hci1: command tx timeout [ 1270.000081][T16713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1270.067329][T16713] 8021q: adding VLAN 0 to HW filter on device team0 [ 1270.343311][T13443] bridge0: port 1(bridge_slave_0) entered blocking state [ 1270.350570][T13443] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1271.375281][T13443] bridge0: port 2(bridge_slave_1) entered blocking state [ 1271.382513][T13443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1272.744793][T16812] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3130'. [ 1272.916049][T16713] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1272.943497][T16713] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1273.016398][T16815] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3131'. [ 1273.302482][T16829] 9pnet_fd: Insufficient options for proto=fd [ 1273.332578][T16713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1273.357831][ T5877] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1273.535980][ T5877] usb 2-1: Using ep0 maxpacket: 16 [ 1273.543757][ T5877] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1273.608745][ T5877] usb 2-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0x11, changing to 0x1 [ 1273.643760][ T5877] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1273.681852][ T5877] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1273.721983][ T5877] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1273.746877][ T5877] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 1273.767306][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1273.793896][ T5877] usb 2-1: Product: syz [ 1273.821725][ T5877] usb 2-1: Manufacturer: syz [ 1273.870465][ T5877] usb 2-1: SerialNumber: syz [ 1273.883611][ T5877] usb 2-1: config 0 descriptor?? [ 1274.516518][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1274.578884][T15667] usb 2-1: USB disconnect, device number 40 [ 1274.766556][T16713] veth0_vlan: entered promiscuous mode [ 1274.814131][T16713] veth1_vlan: entered promiscuous mode [ 1274.894304][T16713] veth0_macvtap: entered promiscuous mode [ 1274.908599][T16713] veth1_macvtap: entered promiscuous mode [ 1274.923843][T16845] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3138'. [ 1274.966332][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1274.990663][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.015924][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1275.033186][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.056927][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1275.075446][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.085862][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1275.096902][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.114520][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1275.125691][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.135877][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1275.156050][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.179819][T16713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1275.219488][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1275.234937][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.246402][T15667] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1275.278203][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1275.299608][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.309569][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1275.341374][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.359925][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1275.373011][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.399489][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1275.416599][T15667] usb 6-1: Using ep0 maxpacket: 16 [ 1275.424138][T15667] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1275.445678][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.455938][T15667] usb 6-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1275.477382][T16713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1275.488163][T15667] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1275.501261][T16713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1275.511459][T15667] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1275.526706][T16713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1275.547072][T15667] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1275.558236][T16713] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1275.575567][T16713] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1275.584671][T16713] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1275.604077][T16713] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1275.614220][T15667] usb 6-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 1275.624289][T15667] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1275.661529][T15667] usb 6-1: Product: syz [ 1275.672284][T15667] usb 6-1: Manufacturer: syz [ 1275.673435][T16854] overlayfs: metacopy with no lower data found - abort lookup (/bus) [ 1275.676949][T15667] usb 6-1: SerialNumber: syz [ 1275.716326][T15667] usb 6-1: config 0 descriptor?? [ 1275.722036][T16846] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1275.991948][T16845] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1276.361845][T15667] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input95 [ 1276.449019][T11143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1276.492923][T11143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1276.505769][T15667] usb 6-1: USB disconnect, device number 26 [ 1276.505769][ C1] synaptics_usb 6-1:0.0: synusb_irq - usb_submit_urb failed with result: -19 [ 1276.551727][ T5180] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -19 [ 1276.566161][ T6070] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1276.575232][ T6070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1277.391973][T16871] FAULT_INJECTION: forcing a failure. [ 1277.391973][T16871] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1277.408591][T16871] CPU: 0 UID: 0 PID: 16871 Comm: syz.1.3144 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 1277.408619][T16871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1277.408632][T16871] Call Trace: [ 1277.408640][T16871] [ 1277.408649][T16871] dump_stack_lvl+0x241/0x360 [ 1277.408690][T16871] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1277.408724][T16871] ? __pfx__printk+0x10/0x10 [ 1277.408761][T16871] ? snprintf+0xda/0x120 [ 1277.408806][T16871] should_fail_ex+0x40a/0x550 [ 1277.408834][T16871] _copy_to_user+0x31/0xb0 [ 1277.408856][T16871] simple_read_from_buffer+0xca/0x150 [ 1277.408885][T16871] proc_fail_nth_read+0x1e9/0x250 [ 1277.408913][T16871] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1277.408941][T16871] ? rw_verify_area+0x243/0x630 [ 1277.408973][T16871] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1277.408999][T16871] vfs_read+0x1f8/0xb40 [ 1277.409032][T16871] ? fdget_pos+0x254/0x320 [ 1277.409061][T16871] ? __pfx___mutex_lock+0x10/0x10 [ 1277.409089][T16871] ? __pfx_vfs_read+0x10/0x10 [ 1277.409125][T16871] ? __fget_files+0x2a/0x410 [ 1277.409154][T16871] ? __fget_files+0x395/0x410 [ 1277.409179][T16871] ? __fget_files+0x2a/0x410 [ 1277.409216][T16871] ksys_read+0x18f/0x2b0 [ 1277.409262][T16871] ? __pfx_ksys_read+0x10/0x10 [ 1277.409295][T16871] ? do_syscall_64+0x100/0x230 [ 1277.409326][T16871] ? do_syscall_64+0xb6/0x230 [ 1277.409355][T16871] do_syscall_64+0xf3/0x230 [ 1277.409382][T16871] ? clear_bhb_loop+0x35/0x90 [ 1277.409415][T16871] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1277.409443][T16871] RIP: 0033:0x7f4b1638b7bc [ 1277.409461][T16871] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1277.409479][T16871] RSP: 002b:00007f4b17169030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1277.409500][T16871] RAX: ffffffffffffffda RBX: 00007f4b165a6080 RCX: 00007f4b1638b7bc [ 1277.409516][T16871] RDX: 000000000000000f RSI: 00007f4b171690a0 RDI: 0000000000000007 [ 1277.409529][T16871] RBP: 00007f4b17169090 R08: 0000000000000000 R09: 0000000000000000 [ 1277.409542][T16871] R10: 00000000200004c0 R11: 0000000000000246 R12: 0000000000000001 [ 1277.409554][T16871] R13: 0000000000000000 R14: 00007f4b165a6080 R15: 00007ffd35893038 [ 1277.409591][T16871] [ 1277.634345][ C0] vkms_vblank_simulate: vblank timer overrun [ 1277.843541][T16876] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3145'. [ 1278.081484][T16876] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3145'. [ 1281.501054][T16892] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1282.652504][T16868] syz.6.3143 (16868) used greatest stack depth: 18256 bytes left [ 1284.080727][T16908] netlink: 512 bytes leftover after parsing attributes in process `syz.5.3154'. [ 1284.427461][T16914] 9pnet_fd: Insufficient options for proto=fd [ 1285.171735][T15687] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 1285.667506][T16930] ubi: mtd0 is already attached to ubi0 [ 1286.367422][T15687] usb 2-1: Using ep0 maxpacket: 8 [ 1286.403456][T15687] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 255, changing to 11 [ 1286.460574][T15687] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 59391, setting to 1024 [ 1286.507416][T15687] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 1287.349880][T15687] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1287.361236][T16919] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1287.462716][T16935] tipc: Started in network mode [ 1287.483514][T16935] tipc: Node identity 8e3652905bae, cluster identity 4711 [ 1287.509738][T16935] tipc: Enabled bearer , priority 0 [ 1287.632093][T16944] netlink: 'syz.4.3164': attribute type 29 has an invalid length. [ 1288.035541][T16944] netlink: 'syz.4.3164': attribute type 3 has an invalid length. [ 1288.353794][T16944] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3164'. [ 1288.397710][T16935] syzkaller0: entered promiscuous mode [ 1288.478918][T15687] usb 2-1: string descriptor 0 read error: -71 [ 1288.506025][T15687] hub 2-1:32.0: USB hub found [ 1288.530393][T15687] hub 2-1:32.0: config failed, can't read hub descriptor (err -22) [ 1288.533339][T16935] syzkaller0: entered allmulticast mode [ 1288.583790][T15654] tipc: Node number set to 3583529616 [ 1288.584218][T16935] tipc: Resetting bearer [ 1288.655562][T16933] tipc: Resetting bearer [ 1288.817348][T15687] usb 2-1: USB disconnect, device number 41 [ 1288.856106][T16949] netlink: 512 bytes leftover after parsing attributes in process `syz.5.3166'. [ 1288.936368][T16960] netlink: zone id is out of range [ 1288.949541][T16960] netlink: set zone limit has 8 unknown bytes [ 1289.913944][T16961] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3168'. [ 1290.913148][T16970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3168'. [ 1291.481988][T16979] ubi: mtd0 is already attached to ubi0 [ 1294.331315][T17006] netlink: zone id is out of range [ 1294.344138][T17006] netlink: set zone limit has 8 unknown bytes [ 1295.249276][T17010] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3181'. [ 1295.430362][T17007] Bluetooth: MGMT ver 1.23 [ 1298.577034][T15667] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1298.758023][T15667] usb 5-1: Using ep0 maxpacket: 32 [ 1298.792303][T15667] usb 5-1: config 253 has an invalid interface number: 66 but max is 0 [ 1298.802550][T15667] usb 5-1: config 253 has no interface number 0 [ 1298.822245][T15667] usb 5-1: New USB device found, idVendor=0403, idProduct=f9d4, bcdDevice=84.e2 [ 1298.831544][T15667] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1298.850385][T15667] ftdi_sio 5-1:253.66: FTDI USB Serial Device converter detected [ 1298.859190][T15667] ftdi_sio ttyUSB0: unknown device type: 0x84e2 [ 1299.527325][T17035] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 1299.561349][T17035] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1301.918968][T15667] usb 5-1: USB disconnect, device number 66 [ 1301.925874][T15667] ftdi_sio 5-1:253.66: device disconnected [ 1301.933503][T16933] tipc: Disabling bearer [ 1302.779432][T17047] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1302.896339][T17048] befs: (nullb0): No write support. Marking filesystem read-only [ 1302.914235][T17048] befs: (nullb0): invalid magic header [ 1303.593226][ T5829] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1303.608142][ T5829] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1303.619416][ T5829] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1303.655956][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1303.671403][ T5829] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1303.678962][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1303.814417][T17051] lo speed is unknown, defaulting to 1000 [ 1305.910014][ T5829] Bluetooth: hci2: command tx timeout [ 1306.068040][ T1140] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1306.126593][ T1140] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1306.389018][T17084] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3200'. [ 1307.308526][T17091] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3200'. [ 1307.470844][ T1140] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1307.481642][ T1140] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1307.590851][ T1140] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1307.624569][ T1140] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1307.660263][T17051] chnl_net:caif_netlink_parms(): no params data found [ 1307.681626][ T941] usb 2-1: new full-speed USB device number 42 using dummy_hcd [ 1307.788744][T15654] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1307.832557][T17105] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1307.854799][ T941] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1308.013906][T15654] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1308.019634][ T1140] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1308.042195][T15654] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 1308.056966][ T941] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 1308.106380][ T941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 1308.106524][ T1140] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1308.122920][T15654] usb 5-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 1308.149778][ T5829] Bluetooth: hci2: command tx timeout [ 1308.151551][ T941] usb 2-1: Product: syz [ 1308.222720][T15654] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1308.266903][ T941] usb 2-1: Manufacturer: syz [ 1308.314184][ T941] usb 2-1: SerialNumber: syz [ 1308.336307][T15654] usb 5-1: Product: syz [ 1308.340750][T15654] usb 5-1: Manufacturer: syz [ 1308.343973][T17107] lo speed is unknown, defaulting to 1000 [ 1308.382968][T15654] usb 5-1: SerialNumber: syz [ 1308.414217][ T941] usb 2-1: config 0 descriptor?? [ 1308.465177][T15654] usb 5-1: config 0 descriptor?? [ 1308.521516][T17107] lo speed is unknown, defaulting to 1000 [ 1308.528264][T17107] lo speed is unknown, defaulting to 1000 [ 1308.547266][T17107] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 1308.700311][T17107] lo speed is unknown, defaulting to 1000 [ 1308.711263][T17051] bridge0: port 1(bridge_slave_0) entered blocking state [ 1308.721082][T17101] netlink: 'syz.4.3206': attribute type 1 has an invalid length. [ 1308.740387][T17051] bridge0: port 1(bridge_slave_0) entered disabled state [ 1308.747910][T17051] bridge_slave_0: entered allmulticast mode [ 1308.773601][T17112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1308.782204][T17051] bridge_slave_0: entered promiscuous mode [ 1308.785594][T17051] bridge0: port 2(bridge_slave_1) entered blocking state [ 1308.808054][T17051] bridge0: port 2(bridge_slave_1) entered disabled state [ 1308.815709][T17112] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1308.825153][T17051] bridge_slave_1: entered allmulticast mode [ 1308.843878][T17051] bridge_slave_1: entered promiscuous mode [ 1308.899761][T17107] lo speed is unknown, defaulting to 1000 [ 1308.935257][T15654] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1309.038428][T15654] usb 5-1: USB disconnect, device number 67 [ 1309.198948][T17107] lo speed is unknown, defaulting to 1000 [ 1309.210815][T17051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1309.259546][T17051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1309.284677][T17107] lo speed is unknown, defaulting to 1000 [ 1309.288598][ T1140] bridge_slave_1: left allmulticast mode [ 1310.032361][ T1140] bridge_slave_1: left promiscuous mode [ 1310.038194][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state [ 1310.067139][ T1140] bridge_slave_0: left allmulticast mode [ 1310.072866][ T1140] bridge_slave_0: left promiscuous mode [ 1310.085946][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state [ 1310.200654][T15654] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1310.353342][ T5829] Bluetooth: hci2: command tx timeout [ 1310.387914][T15654] usb 5-1: config 0 has an invalid interface number: 11 but max is 0 [ 1310.396642][T15654] usb 5-1: config 0 has no interface number 0 [ 1310.407617][T15654] usb 5-1: config 0 interface 11 altsetting 253 bulk endpoint 0x7 has invalid maxpacket 1024 [ 1310.436879][T15654] usb 5-1: config 0 interface 11 has no altsetting 0 [ 1310.446714][T15654] usb 5-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 1310.491918][T15654] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1310.507556][T15654] usb 5-1: config 0 descriptor?? [ 1310.519183][T17122] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1310.533244][T15654] keyspan 5-1:0.11: Keyspan 2 port adapter converter detected [ 1310.564371][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 81 [ 1310.572790][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 82 [ 1310.588588][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 1 [ 1310.608055][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 2 [ 1310.621591][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 85 [ 1310.629827][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 5 [ 1310.648958][T15654] usb 5-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 1310.672425][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 83 [ 1310.691917][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 84 [ 1310.702248][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 3 [ 1310.726388][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 4 [ 1310.734708][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 86 [ 1310.758496][T15654] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 6 [ 1310.770535][T15654] usb 5-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 1311.219923][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1311.264850][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1311.278271][T15654] usb 2-1: USB disconnect, device number 42 [ 1311.291801][ T1140] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1311.308404][ T1140] bond0 (unregistering): Released all slaves [ 1311.428491][T17107] lo speed is unknown, defaulting to 1000 [ 1311.442215][T17107] lo speed is unknown, defaulting to 1000 [ 1311.460453][T17107] lo speed is unknown, defaulting to 1000 [ 1311.501539][T17051] team0: Port device team_slave_0 added [ 1311.879406][T17107] lo speed is unknown, defaulting to 1000 [ 1311.885438][ T1140] tipc: Left network mode [ 1311.918134][T17051] team0: Port device team_slave_1 added [ 1312.468039][T17107] lo speed is unknown, defaulting to 1000 [ 1312.594911][ T941] usb 5-1: USB disconnect, device number 68 [ 1312.601130][ T5829] Bluetooth: hci2: command tx timeout [ 1312.607589][ T1140] IPVS: stopping master sync thread 13490 ... [ 1312.640932][ T941] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 1312.663814][T17051] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1312.670922][T17051] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1312.703480][ T941] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 1312.714272][ T941] keyspan 5-1:0.11: device disconnected [ 1312.723071][T17051] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1312.760132][T17107] lo speed is unknown, defaulting to 1000 [ 1312.810118][T13825] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 1312.840947][T17051] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1312.878127][T17051] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1313.017089][T17051] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1313.073691][T13825] usb 2-1: config 0 has an invalid interface number: 94 but max is 0 [ 1313.203516][T13825] usb 2-1: config 0 has no interface number 0 [ 1313.209869][T13825] usb 2-1: config 0 interface 94 altsetting 0 endpoint 0x4 has invalid maxpacket 1560, setting to 64 [ 1313.297221][T17143] netlink: 2 bytes leftover after parsing attributes in process `syz.5.3215'. [ 1313.555431][T13825] usb 2-1: New USB device found, idVendor=fba0, idProduct=4f36, bcdDevice=7e.e3 [ 1313.570315][T13825] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1313.596683][T13825] usb 2-1: Product: syz [ 1313.629325][T17147] FAULT_INJECTION: forcing a failure. [ 1313.629325][T17147] name failslab, interval 1, probability 0, space 0, times 0 [ 1313.644408][T13825] usb 2-1: Manufacturer: syz [ 1313.655743][T13825] usb 2-1: SerialNumber: syz [ 1313.665643][T13825] usb 2-1: config 0 descriptor?? [ 1313.671546][T17147] CPU: 0 UID: 0 PID: 17147 Comm: syz.0.3216 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 1313.671567][T17147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1313.671577][T17147] Call Trace: [ 1313.671583][T17147] [ 1313.671590][T17147] dump_stack_lvl+0x241/0x360 [ 1313.671622][T17147] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1313.671646][T17147] ? __pfx__printk+0x10/0x10 [ 1313.671670][T17147] ? __kmalloc_cache_noprof+0x48/0x390 [ 1313.671692][T17147] ? __pfx___might_resched+0x10/0x10 [ 1313.671713][T17147] should_fail_ex+0x40a/0x550 [ 1313.671733][T17147] should_failslab+0xac/0x100 [ 1313.671754][T17147] __kmalloc_cache_noprof+0x70/0x390 [ 1313.671773][T17147] ? assoc_array_insert+0x52c/0x33e0 [ 1313.671800][T17147] assoc_array_insert+0x52c/0x33e0 [ 1313.671835][T17147] ? __pfx_assoc_array_insert+0x10/0x10 [ 1313.671861][T17147] ? __pfx_lock_release+0x10/0x10 [ 1313.671879][T17147] ? down_write+0x18c/0x220 [ 1313.671908][T17147] __key_link_begin+0xe5/0x1f0 [ 1313.671929][T17147] request_key_and_link+0xedc/0x19c0 [ 1313.671959][T17147] ? request_key_and_link+0x49a/0x19c0 [ 1313.671987][T17147] ? __pfx_request_key_and_link+0x10/0x10 [ 1313.672012][T17147] ? __pfx_lookup_user_key+0x10/0x10 [ 1313.672039][T17147] ? __pfx_down_read+0x10/0x10 [ 1313.672065][T17147] ? __pfx_dns_resolver_cmp+0x10/0x10 [ 1313.672087][T17147] ? __pfx_keyring_search_iterator+0x10/0x10 [ 1313.672118][T17147] __se_sys_request_key+0x271/0x3b0 [ 1313.672141][T17147] ? __pfx___se_sys_request_key+0x10/0x10 [ 1313.672165][T17147] ? do_syscall_64+0x100/0x230 [ 1313.672187][T17147] ? do_syscall_64+0xb6/0x230 [ 1313.672208][T17147] do_syscall_64+0xf3/0x230 [ 1313.672227][T17147] ? clear_bhb_loop+0x35/0x90 [ 1313.672251][T17147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.672271][T17147] RIP: 0033:0x7f81e7d8cda9 [ 1313.672293][T17147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1313.672305][T17147] RSP: 002b:00007f81e8b2d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9 [ 1313.672322][T17147] RAX: ffffffffffffffda RBX: 00007f81e7fa5fa0 RCX: 00007f81e7d8cda9 [ 1313.672333][T17147] RDX: 0000000020003d00 RSI: 0000000020003cc0 RDI: 0000000020003c80 [ 1313.672342][T17147] RBP: 00007f81e8b2d090 R08: 0000000000000000 R09: 0000000000000000 [ 1313.672351][T17147] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000002 [ 1313.672361][T17147] R13: 0000000000000000 R14: 00007f81e7fa5fa0 R15: 00007ffec3d8d9b8 [ 1313.672383][T17147] [ 1313.988395][T13825] usb 2-1: bad CDC descriptors [ 1314.193732][T15670] usb 2-1: USB disconnect, device number 43 [ 1314.827903][T17051] hsr_slave_0: entered promiscuous mode [ 1314.885483][T17051] hsr_slave_1: entered promiscuous mode [ 1314.912292][T17051] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1314.920279][T17051] Cannot create hsr debugfs directory [ 1314.944849][T17160] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3222'. [ 1315.090155][T17157] fuse: root generation should be zero [ 1315.155058][T17167] netlink: 'syz.1.3222': attribute type 1 has an invalid length. [ 1315.169783][T17167] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3222'. [ 1315.794994][T17168] befs: (nullb0): No write support. Marking filesystem read-only [ 1315.810561][T17168] befs: (nullb0): invalid magic header [ 1316.119401][ T1140] hsr_slave_0: left promiscuous mode [ 1316.150375][ T1140] hsr_slave_1: left promiscuous mode [ 1316.156443][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1316.406478][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1316.415747][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1316.423261][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1318.463895][ T1140] veth1_macvtap: left promiscuous mode [ 1318.493614][ T1140] veth0_macvtap: left promiscuous mode [ 1318.551797][ T1140] veth1_vlan: left promiscuous mode [ 1318.560178][ T1140] veth0_vlan: left promiscuous mode [ 1318.874343][T17193] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1325.353464][T17226] 9pnet_fd: Insufficient options for proto=fd [ 1326.437373][ T1140] team0 (unregistering): Port device team_slave_1 removed [ 1326.640329][ T1140] team0 (unregistering): Port device team_slave_0 removed [ 1327.979681][T17189] ip6_vti0: entered allmulticast mode [ 1327.993042][T15654] lo speed is unknown, defaulting to 1000 [ 1328.019727][T17237] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3242'. [ 1329.119481][T17051] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1329.314281][T17051] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1330.248543][T17051] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1330.288694][T17261] FAULT_INJECTION: forcing a failure. [ 1330.288694][T17261] name failslab, interval 1, probability 0, space 0, times 0 [ 1330.304631][T17261] CPU: 1 UID: 0 PID: 17261 Comm: syz.4.3249 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 1330.304664][T17261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1330.304678][T17261] Call Trace: [ 1330.304686][T17261] [ 1330.304694][T17261] dump_stack_lvl+0x241/0x360 [ 1330.304737][T17261] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1330.304771][T17261] ? __pfx__printk+0x10/0x10 [ 1330.304805][T17261] ? __kmalloc_cache_node_noprof+0x47/0x3a0 [ 1330.304835][T17261] ? __pfx___might_resched+0x10/0x10 [ 1330.304864][T17261] should_fail_ex+0x40a/0x550 [ 1330.304891][T17261] should_failslab+0xac/0x100 [ 1330.304918][T17261] ? __get_vm_area_node+0x132/0x2d0 [ 1330.304946][T17261] __kmalloc_cache_node_noprof+0x6f/0x3a0 [ 1330.304988][T17261] __get_vm_area_node+0x132/0x2d0 [ 1330.305023][T17261] __vmalloc_node_range_noprof+0x344/0x1380 [ 1330.305057][T17261] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 1330.305084][T17261] ? mark_lock+0x9a/0x360 [ 1330.305136][T17261] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1330.305178][T17261] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 1330.305202][T17261] __vmalloc_noprof+0x79/0x90 [ 1330.305233][T17261] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 1330.305294][T17261] bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 1330.305322][T17261] ? bpf_prog_alloc+0x28/0x1b0 [ 1330.305349][T17261] bpf_prog_alloc+0x3a/0x1b0 [ 1330.305375][T17261] bpf_prog_load+0x7f4/0x20e0 [ 1330.305415][T17261] ? __pfx_bpf_prog_load+0x10/0x10 [ 1330.305439][T17261] ? __pfx___might_resched+0x10/0x10 [ 1330.305474][T17261] ? __might_fault+0xaa/0x120 [ 1330.305515][T17261] __sys_bpf+0x4ee/0x810 [ 1330.305539][T17261] ? __pfx___sys_bpf+0x10/0x10 [ 1330.305575][T17261] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1330.305605][T17261] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1330.305634][T17261] ? do_syscall_64+0x100/0x230 [ 1330.305666][T17261] __x64_sys_bpf+0x7c/0x90 [ 1330.305686][T17261] do_syscall_64+0xf3/0x230 [ 1330.305713][T17261] ? clear_bhb_loop+0x35/0x90 [ 1330.305746][T17261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1330.305775][T17261] RIP: 0033:0x7f63fc38cda9 [ 1330.305793][T17261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1330.305811][T17261] RSP: 002b:00007f63fd16a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1330.305834][T17261] RAX: ffffffffffffffda RBX: 00007f63fc5a5fa0 RCX: 00007f63fc38cda9 [ 1330.305849][T17261] RDX: 0000000000000048 RSI: 000000002000e000 RDI: 0000000000000005 [ 1330.305861][T17261] RBP: 00007f63fd16a090 R08: 0000000000000000 R09: 0000000000000000 [ 1330.305875][T17261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1330.305887][T17261] R13: 0000000000000001 R14: 00007f63fc5a5fa0 R15: 00007ffd08d4b3e8 [ 1330.305917][T17261] [ 1330.305928][T17261] warn_alloc: 1 callbacks suppressed [ 1330.305939][T17261] syz.4.3249: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1330.613739][T17258] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3248'. [ 1330.638484][T17261] CPU: 1 UID: 0 PID: 17261 Comm: syz.4.3249 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 1330.638508][T17261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1330.638518][T17261] Call Trace: [ 1330.638524][T17261] [ 1330.638531][T17261] dump_stack_lvl+0x241/0x360 [ 1330.638562][T17261] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1330.638586][T17261] ? __pfx__printk+0x10/0x10 [ 1330.638611][T17261] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 1330.638636][T17261] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 1330.638674][T17261] warn_alloc+0x278/0x410 [ 1330.638702][T17261] ? __pfx_warn_alloc+0x10/0x10 [ 1330.638723][T17261] ? __kasan_kmalloc+0x23/0xb0 [ 1330.638740][T17261] ? __kmalloc_cache_node_noprof+0x25d/0x3a0 [ 1330.638764][T17261] ? __get_vm_area_node+0x280/0x2d0 [ 1330.638790][T17261] __vmalloc_node_range_noprof+0x369/0x1380 [ 1330.638814][T17261] ? mark_lock+0x9a/0x360 [ 1330.638850][T17261] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1330.638878][T17261] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 1330.638898][T17261] __vmalloc_noprof+0x79/0x90 [ 1330.638931][T17261] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 1330.638957][T17261] bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 1330.638980][T17261] ? bpf_prog_alloc+0x28/0x1b0 [ 1330.639005][T17261] bpf_prog_alloc+0x3a/0x1b0 [ 1330.639032][T17261] bpf_prog_load+0x7f4/0x20e0 [ 1330.639071][T17261] ? __pfx_bpf_prog_load+0x10/0x10 [ 1330.639096][T17261] ? __pfx___might_resched+0x10/0x10 [ 1330.639134][T17261] ? __might_fault+0xaa/0x120 [ 1330.639174][T17261] __sys_bpf+0x4ee/0x810 [ 1330.639200][T17261] ? __pfx___sys_bpf+0x10/0x10 [ 1330.639235][T17261] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1330.639266][T17261] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1330.639295][T17261] ? do_syscall_64+0x100/0x230 [ 1330.639327][T17261] __x64_sys_bpf+0x7c/0x90 [ 1330.639349][T17261] do_syscall_64+0xf3/0x230 [ 1330.639376][T17261] ? clear_bhb_loop+0x35/0x90 [ 1330.639410][T17261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1330.639438][T17261] RIP: 0033:0x7f63fc38cda9 [ 1330.639456][T17261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1330.639473][T17261] RSP: 002b:00007f63fd16a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1330.639496][T17261] RAX: ffffffffffffffda RBX: 00007f63fc5a5fa0 RCX: 00007f63fc38cda9 [ 1330.639511][T17261] RDX: 0000000000000048 RSI: 000000002000e000 RDI: 0000000000000005 [ 1330.639524][T17261] RBP: 00007f63fd16a090 R08: 0000000000000000 R09: 0000000000000000 [ 1330.639537][T17261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1330.639550][T17261] R13: 0000000000000001 R14: 00007f63fc5a5fa0 R15: 00007ffd08d4b3e8 [ 1330.639580][T17261] [ 1330.909793][ C1] vkms_vblank_simulate: vblank timer overrun [ 1330.917605][T17239] block nbd0: shutting down sockets [ 1330.942247][T17261] Mem-Info: [ 1330.946098][T17051] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1330.974859][T17261] active_anon:345 inactive_anon:3994 isolated_anon:0 [ 1330.974859][T17261] active_file:21608 inactive_file:37440 isolated_file:0 [ 1330.974859][T17261] unevictable:768 dirty:193 writeback:0 [ 1330.974859][T17261] slab_reclaimable:11035 slab_unreclaimable:115873 [ 1330.974859][T17261] mapped:30124 shmem:1439 pagetables:827 [ 1330.974859][T17261] sec_pagetables:0 bounce:0 [ 1330.974859][T17261] kernel_misc_reclaimable:0 [ 1330.974859][T17261] free:1302807 free_pcp:477 free_cma:0 [ 1331.106848][T17261] Node 0 active_anon:1380kB inactive_anon:16076kB active_file:86360kB inactive_file:149760kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120496kB dirty:772kB writeback:0kB shmem:4220kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12528kB pagetables:3308kB sec_pagetables:0kB all_unreclaimable? no [ 1331.117919][T17267] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3251'. [ 1331.139484][ C1] vkms_vblank_simulate: vblank timer overrun [ 1331.140358][T17261] Node 1 active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1331.184990][ C1] vkms_vblank_simulate: vblank timer overrun [ 1331.193340][T17261] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1331.220477][ C1] vkms_vblank_simulate: vblank timer overrun [ 1331.227260][T17261] lowmem_reserve[]: 0 2493 2494 0 0 [ 1331.232938][T17261] Node 0 DMA32 free:1291004kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:1376kB inactive_anon:16040kB active_file:85572kB inactive_file:149708kB unevictable:1536kB writepending:772kB present:3129332kB managed:2553684kB mlocked:0kB bounce:0kB free_pcp:1576kB local_pcp:624kB free_cma:0kB [ 1331.263490][ C1] vkms_vblank_simulate: vblank timer overrun [ 1331.275403][T17267] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3251'. [ 1331.296686][T17261] lowmem_reserve[]: 0 0 0 0 0 [ 1331.301575][T17261] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:4kB inactive_anon:36kB active_file:788kB inactive_file:52kB unevictable:0kB writepending:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1331.328645][ C1] vkms_vblank_simulate: vblank timer overrun [ 1331.354437][T17051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1331.355928][T17271] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3252'. [ 1331.370508][T17261] lowmem_reserve[]: 0 0 0 0 0 [ 1331.409547][T17051] 8021q: adding VLAN 0 to HW filter on device team0 [ 1331.425941][T17261] Node 1 Normal free:3905556kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:72kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1331.474521][ T5960] bridge0: port 1(bridge_slave_0) entered blocking state [ 1331.481767][ T5960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1331.503910][ T5960] bridge0: port 2(bridge_slave_1) entered blocking state [ 1331.511141][ T5960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1331.531583][T17261] lowmem_reserve[]: 0 0 0 0 0 [ 1331.536425][T17261] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1331.561556][T17261] Node 0 DMA32: 726*4kB (ME) 1059*8kB (UME) 647*16kB (UME) 814*32kB (UME) 528*64kB (UME) 183*128kB (UME) 94*256kB (UME) 53*512kB (UME) 37*1024kB (UME) 9*2048kB (ME) 263*4096kB (UME) = 1289760kB [ 1331.595373][T17261] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1331.622923][T17261] Node 1 Normal: 219*4kB (UME) 61*8kB (UME) 38*16kB (UME) 197*32kB (UME) 99*64kB (UME) 34*128kB (UME) 16*256kB (UME) 9*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 945*4096kB (M) = 3905556kB [ 1331.670199][T17261] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1331.691785][T17261] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1331.705868][T17261] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1331.717105][T17261] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1331.732550][T17261] 60489 total pagecache pages [ 1331.748790][T17261] 0 pages in swap cache [ 1331.753305][T17261] Free swap = 124540kB [ 1331.763349][T17261] Total swap = 124996kB [ 1331.772786][T17261] 2097051 pages RAM [ 1331.812530][T17261] 0 pages HighMem/MovableOnly [ 1331.839458][T17261] 426778 pages reserved [ 1331.845984][T17261] 0 pages cma reserved [ 1331.925601][T15688] usb 1-1: new full-speed USB device number 23 using dummy_hcd [ 1332.043270][T17051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1332.312695][T15688] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1332.327126][T15688] usb 1-1: not running at top speed; connect to a high speed hub [ 1332.616883][ T941] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1332.666593][T15688] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1332.883715][T15688] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 1332.933057][ T941] usb 5-1: Using ep0 maxpacket: 16 [ 1333.203353][T15688] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 1333.252140][T15688] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1333.263491][ T941] usb 5-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=d5.24 [ 1333.274132][T15688] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1333.282196][T15688] usb 1-1: Product: syz [ 1333.286634][ T941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1333.304694][ T941] usb 5-1: Product: syz [ 1333.308996][ T941] usb 5-1: Manufacturer: syz [ 1333.313641][ T941] usb 5-1: SerialNumber: syz [ 1333.318692][T15688] usb 1-1: Manufacturer: syz [ 1333.323343][T15688] usb 1-1: SerialNumber: syz [ 1333.337076][ T941] usb 5-1: config 0 descriptor?? [ 1333.455845][T17262] block nbd5: shutting down sockets [ 1333.457148][ T941] gspca_main: conex-2.14.0 probing 0572:0041 [ 1333.491682][T17302] sctp: [Deprecated]: syz.1.3258 (pid 17302) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1333.491682][T17302] Use struct sctp_sack_info instead [ 1334.169128][T15688] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1334.183946][T15688] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor [ 1334.199077][T15688] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 1334.260091][T15688] usb 1-1: USB disconnect, device number 23 [ 1334.267676][T17051] veth0_vlan: entered promiscuous mode [ 1334.297858][T17051] veth1_vlan: entered promiscuous mode [ 1334.357363][ T941] usb 5-1: USB disconnect, device number 69 [ 1334.404048][T17051] veth0_macvtap: entered promiscuous mode [ 1334.430032][T17051] veth1_macvtap: entered promiscuous mode [ 1334.447574][T17306] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3260'. [ 1334.464270][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1334.472812][T17306] netlink: 'syz.1.3260': attribute type 1 has an invalid length. [ 1334.475706][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.493164][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1334.499577][T17306] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3260'. [ 1334.516635][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.532066][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1334.544439][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.557403][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1334.568093][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.579226][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1334.590387][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.601605][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1334.612871][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.645060][T17051] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1334.698361][T17310] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3259'. [ 1334.742412][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1334.770646][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.808888][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1334.832088][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.852459][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1334.885932][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.927536][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1334.938587][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.948957][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1334.963267][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.994704][T17051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1335.016070][T17051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1335.033306][T17051] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1335.044601][T17314] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3262'. [ 1335.167704][T17318] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3262'. [ 1335.192911][T17051] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.218657][T17051] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.240590][T17051] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.263476][T17051] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.594997][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1335.611767][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1335.623377][T17322] netlink: 'syz.0.3264': attribute type 7 has an invalid length. [ 1339.173834][T17349] block nbd1: NBD_DISCONNECT [ 1339.182464][T17349] block nbd1: Disconnected due to user request. [ 1339.473667][T17349] block nbd1: shutting down sockets [ 1339.519200][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1339.712985][T17341] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3271'. [ 1339.838444][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1340.176595][T17360] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3274'. [ 1341.218639][T17377] befs: (nullb0): No write support. Marking filesystem read-only [ 1341.236992][T17377] befs: (nullb0): invalid magic header [ 1341.592627][T17375] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 1342.263596][T17389] netlink: 512 bytes leftover after parsing attributes in process `syz.0.3279'. [ 1343.002974][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 1343.002994][ T29] audit: type=1326 audit(1738539408.195:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17390 comm="syz.5.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1343.040933][ T29] audit: type=1326 audit(1738539408.195:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17390 comm="syz.5.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1343.062836][ T29] audit: type=1326 audit(1738539408.195:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17390 comm="syz.5.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1343.131366][ T29] audit: type=1326 audit(1738539408.195:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17390 comm="syz.5.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1343.221682][ T29] audit: type=1326 audit(1738539408.195:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17390 comm="syz.5.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1343.301049][ T29] audit: type=1326 audit(1738539408.227:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17390 comm="syz.5.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7febc018b710 code=0x7ffc0000 [ 1343.312665][T17400] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3284'. [ 1343.374172][ T29] audit: type=1326 audit(1738539408.227:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17390 comm="syz.5.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7febc018b710 code=0x7ffc0000 [ 1343.437177][ T29] audit: type=1326 audit(1738539408.227:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17390 comm="syz.5.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1343.594368][T17403] netlink: 'syz.1.3284': attribute type 1 has an invalid length. [ 1343.639817][T17403] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3284'. [ 1344.109378][ T29] audit: type=1326 audit(1738539408.227:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17390 comm="syz.5.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc018cda9 code=0x7ffc0000 [ 1344.144462][ T29] audit: type=1326 audit(1738539408.227:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17390 comm="syz.5.3281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7febc018b710 code=0x7ffc0000 [ 1344.544607][T17412] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3288'. [ 1344.621055][T17412] block nbd4: shutting down sockets [ 1344.653644][T17414] block nbd4: NBD_DISCONNECT [ 1344.675994][T17414] block nbd4: Send disconnect failed -32 [ 1344.823368][T13825] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 1344.985123][T13825] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1345.012431][T13825] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1345.044081][T13825] usb 1-1: config 0 descriptor?? [ 1345.067190][T13825] cp210x 1-1:0.0: cp210x converter detected [ 1345.122636][T15687] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 1345.345001][T15687] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1345.390092][T15687] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1345.410794][T15687] usb 2-1: config 0 descriptor?? [ 1345.480405][T13825] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1345.503139][T13825] usb 1-1: cp210x converter now attached to ttyUSB0 [ 1345.652434][T17425] befs: (nullb0): No write support. Marking filesystem read-only [ 1345.664187][T17425] befs: (nullb0): invalid magic header [ 1347.823573][T15687] [drm] vendor descriptor length:b9 data:b9 07 38 29 08 17 2f 84 c0 cb 01 [ 1347.838913][T15687] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 1347.853376][T15687] [drm:udl_init] *ERROR* Selecting channel failed [ 1348.035206][ T29] kauditd_printk_skb: 94 callbacks suppressed [ 1348.035224][ T29] audit: type=1326 audit(1738539413.239:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17433 comm="syz.7.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb619b8cda9 code=0x7fc00000 [ 1348.047391][T15687] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 1348.178100][ T29] audit: type=1326 audit(1738539413.268:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17433 comm="syz.7.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7fb619b8cda9 code=0x7fc00000 [ 1348.220630][ T29] audit: type=1326 audit(1738539413.268:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17433 comm="syz.7.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb619b8cda9 code=0x7fc00000 [ 1348.232041][T15687] [drm] Initialized udl on minor 2 [ 1348.324772][ T29] audit: type=1326 audit(1738539413.268:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17433 comm="syz.7.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb619b8cda9 code=0x7fc00000 [ 1348.381266][ T29] audit: type=1326 audit(1738539413.268:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17433 comm="syz.7.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb619b8cda9 code=0x7fc00000 [ 1348.427504][T15687] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1348.482127][ T29] audit: type=1326 audit(1738539413.268:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17433 comm="syz.7.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb619b8cda9 code=0x7fc00000 [ 1348.506603][T15687] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1348.527156][T15687] usb 2-1: USB disconnect, device number 44 [ 1348.534985][ T941] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1348.544478][ T29] audit: type=1326 audit(1738539413.268:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17433 comm="syz.7.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb619b8cda9 code=0x7fc00000 [ 1348.567431][ T941] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 1348.604586][ T29] audit: type=1326 audit(1738539413.268:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17433 comm="syz.7.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb619b8cda9 code=0x7fc00000 [ 1348.645681][T17434] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3294'. [ 1348.701959][ T29] audit: type=1326 audit(1738539413.268:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17433 comm="syz.7.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb619b8cda9 code=0x7fc00000 [ 1348.728832][T13825] usb 1-1: USB disconnect, device number 24 [ 1348.744822][T13825] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1348.770034][T13825] cp210x 1-1:0.0: device disconnected [ 1348.770791][ T29] audit: type=1326 audit(1738539413.268:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17433 comm="syz.7.3294" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb619b8cda9 code=0x7fc00000 [ 1348.896367][T17451] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1349.606109][T17454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3301'. [ 1349.988951][T15687] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 1350.272734][T15687] usb 1-1: Using ep0 maxpacket: 8 [ 1350.374802][T15687] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1350.951656][T15687] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1350.963088][T17468] block nbd4: NBD_DISCONNECT [ 1350.970235][T15687] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1350.980085][T15687] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1350.990165][T15687] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1351.004137][T15687] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1351.006951][T17468] block nbd4: Disconnected due to user request. [ 1351.019844][T15687] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1351.083279][T17468] block nbd4: shutting down sockets [ 1351.253927][T17476] netlink: 512 bytes leftover after parsing attributes in process `syz.7.3306'. [ 1351.259102][T15687] usb 1-1: usb_control_msg returned -32 [ 1351.305768][T15687] usbtmc 1-1:16.0: can't read capabilities [ 1351.428894][T17459] sit1: entered promiscuous mode [ 1351.852028][T17477] netlink: 'syz.0.3302': attribute type 1 has an invalid length. [ 1351.880909][T15687] usb 1-1: USB disconnect, device number 25 [ 1354.087890][T17499] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3313'. [ 1354.099838][T17499] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3313'. [ 1354.751139][ T29] kauditd_printk_skb: 90 callbacks suppressed [ 1354.751161][ T29] audit: type=1326 audit(1738539419.882:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17479 comm="syz.1.3307" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4b1638cda9 code=0x0 [ 1355.197232][T17511] netlink: zone id is out of range [ 1355.214239][T17511] netlink: set zone limit has 8 unknown bytes [ 1356.603830][T17513] lo speed is unknown, defaulting to 1000 [ 1356.718377][T17521] lo speed is unknown, defaulting to 1000 [ 1358.390186][ T29] audit: type=1326 audit(1738539423.306:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17540 comm="syz.4.3324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63fc38cda9 code=0x7ffc0000 [ 1358.518195][ T29] audit: type=1326 audit(1738539423.306:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17540 comm="syz.4.3324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f63fc38cda9 code=0x7ffc0000 [ 1358.540004][ T29] audit: type=1326 audit(1738539423.306:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17540 comm="syz.4.3324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63fc38cda9 code=0x7ffc0000 [ 1358.561838][ T29] audit: type=1326 audit(1738539423.306:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17540 comm="syz.4.3324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f63fc38b710 code=0x7ffc0000 [ 1358.597313][ T29] audit: type=1326 audit(1738539423.306:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17540 comm="syz.4.3324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f63fc38b710 code=0x7ffc0000 [ 1358.706993][ T29] audit: type=1326 audit(1738539423.306:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17540 comm="syz.4.3324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63fc38cda9 code=0x7ffc0000 [ 1358.818876][ T29] audit: type=1326 audit(1738539423.306:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17540 comm="syz.4.3324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f63fc38b710 code=0x7ffc0000 [ 1358.966892][ T29] audit: type=1326 audit(1738539423.306:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17540 comm="syz.4.3324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f63fc38cda9 code=0x7ffc0000 [ 1359.114494][ T29] audit: type=1326 audit(1738539423.306:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17540 comm="syz.4.3324" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f63fc38cda9 code=0x7ffc0000 [ 1359.697479][T17570] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3332'. [ 1359.803662][T17570] block nbd0: shutting down sockets [ 1359.820519][T17573] block nbd0: NBD_DISCONNECT [ 1359.852100][T17573] block nbd0: Send disconnect failed -32 [ 1360.026450][T17575] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3333'. [ 1360.124248][T17566] delete_channel: no stack [ 1360.278231][T17575] block nbd1: NBD_DISCONNECT [ 1360.307564][T17575] block nbd1: Disconnected due to user request. [ 1360.317368][T17575] block nbd1: shutting down sockets [ 1360.439688][T17584] ubi: mtd0 is already attached to ubi0 [ 1362.664963][T17602] overlayfs: failed to resolve './file1': -2 [ 1363.444150][T17611] FAULT_INJECTION: forcing a failure. [ 1363.444150][T17611] name failslab, interval 1, probability 0, space 0, times 0 [ 1363.507479][T17611] CPU: 0 UID: 0 PID: 17611 Comm: syz.7.3343 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 1363.507515][T17611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1363.507529][T17611] Call Trace: [ 1363.507538][T17611] [ 1363.507549][T17611] dump_stack_lvl+0x241/0x360 [ 1363.507590][T17611] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1363.507625][T17611] ? __pfx__printk+0x10/0x10 [ 1363.507660][T17611] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 1363.507692][T17611] ? __pfx___might_resched+0x10/0x10 [ 1363.507721][T17611] should_fail_ex+0x40a/0x550 [ 1363.507749][T17611] should_failslab+0xac/0x100 [ 1363.507778][T17611] kmem_cache_alloc_node_noprof+0x77/0x380 [ 1363.507807][T17611] ? __alloc_skb+0x1c3/0x440 [ 1363.507840][T17611] __alloc_skb+0x1c3/0x440 [ 1363.507876][T17611] ? __pfx___alloc_skb+0x10/0x10 [ 1363.507908][T17611] ? netlink_autobind+0xd6/0x2f0 [ 1363.507928][T17611] ? netlink_autobind+0x2b0/0x2f0 [ 1363.507953][T17611] netlink_sendmsg+0x638/0xcb0 [ 1363.507999][T17611] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1363.508044][T17611] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1363.508075][T17611] __sock_sendmsg+0x221/0x270 [ 1363.508105][T17611] ____sys_sendmsg+0x52a/0x7e0 [ 1363.508146][T17611] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1363.508178][T17611] ? __fget_files+0x2a/0x410 [ 1363.508208][T17611] ? __fget_files+0x2a/0x410 [ 1363.508245][T17611] __sys_sendmsg+0x269/0x350 [ 1363.508283][T17611] ? __pfx___sys_sendmsg+0x10/0x10 [ 1363.508329][T17611] ? do_sys_openat2+0x17a/0x1d0 [ 1363.508383][T17611] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1363.508424][T17611] ? do_syscall_64+0x100/0x230 [ 1363.508456][T17611] ? do_syscall_64+0xb6/0x230 [ 1363.508486][T17611] do_syscall_64+0xf3/0x230 [ 1363.508514][T17611] ? clear_bhb_loop+0x35/0x90 [ 1363.508548][T17611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1363.508577][T17611] RIP: 0033:0x7fb619b8cda9 [ 1363.508596][T17611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1363.508614][T17611] RSP: 002b:00007fb61aad3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1363.508637][T17611] RAX: ffffffffffffffda RBX: 00007fb619da5fa0 RCX: 00007fb619b8cda9 [ 1363.508653][T17611] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 1363.508668][T17611] RBP: 00007fb61aad3090 R08: 0000000000000000 R09: 0000000000000000 [ 1363.508682][T17611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1363.508695][T17611] R13: 0000000000000000 R14: 00007fb619da5fa0 R15: 00007ffe9c51c0d8 [ 1363.508725][T17611] [ 1364.419957][T17626] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3348'. [ 1364.520077][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 1364.520099][ T29] audit: type=1326 audit(1738539429.233:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17629 comm="syz.0.3349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e7d8cda9 code=0x7ffc0000 [ 1364.555339][T17628] block nbd5: NBD_DISCONNECT [ 1364.580817][T17626] block nbd5: Disconnected due to user request. [ 1364.597106][ T29] audit: type=1326 audit(1738539429.270:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17629 comm="syz.0.3349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f81e7d8cda9 code=0x7ffc0000 [ 1364.646417][T17628] block nbd5: Send disconnect failed -32 [ 1364.659232][T17626] block nbd5: shutting down sockets [ 1364.738400][ T29] audit: type=1326 audit(1738539429.270:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17629 comm="syz.0.3349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e7d8cda9 code=0x7ffc0000 [ 1364.795489][ T29] audit: type=1326 audit(1738539429.270:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17629 comm="syz.0.3349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f81e7d8b710 code=0x7ffc0000 [ 1364.826262][ T29] audit: type=1326 audit(1738539429.270:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17629 comm="syz.0.3349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f81e7d8b710 code=0x7ffc0000 [ 1364.857770][ T29] audit: type=1326 audit(1738539429.270:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17629 comm="syz.0.3349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e7d8cda9 code=0x7ffc0000 [ 1364.889893][ T29] audit: type=1326 audit(1738539429.270:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17629 comm="syz.0.3349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f81e7d8b710 code=0x7ffc0000 [ 1364.967351][ T29] audit: type=1326 audit(1738539429.270:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17629 comm="syz.0.3349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e7d8cda9 code=0x7ffc0000 [ 1365.042755][ T29] audit: type=1326 audit(1738539429.270:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17629 comm="syz.0.3349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f81e7d8cda9 code=0x7ffc0000 [ 1365.090617][ T29] audit: type=1326 audit(1738539429.270:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17629 comm="syz.0.3349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81e7d8cda9 code=0x7ffc0000 [ 1366.249421][T17638] ALSA: mixer_oss: invalid OSS volume 'u' [ 1369.120173][T11571] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 1369.334003][T11571] usb 2-1: device descriptor read/64, error -71 [ 1369.933350][T11571] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 1482.280049][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1482.287055][ C0] rcu: 1-...!: (0 ticks this GP) idle=f034/1/0x4000000000000000 softirq=68588/68588 fqs=0 [ 1482.299042][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6624/1:b..l [ 1482.307009][ C0] rcu: (detected by 0, t=10502 jiffies, g=86625, q=175 ncpus=2) [ 1482.314768][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1482.314809][ C1] NMI backtrace for cpu 1 [ 1482.314824][ C1] CPU: 1 UID: 0 PID: 17676 Comm: syz.4.3363 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 1482.314844][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1482.314856][ C1] RIP: 0010:__lock_acquire+0xec7/0x2100 [ 1482.314886][ C1] Code: 31 d9 44 01 f0 41 29 ce 89 ca c1 c2 06 44 31 f2 01 c1 29 d0 89 d6 c1 c6 08 31 c6 01 ca 29 f1 89 f3 c1 c3 10 31 cb 01 d6 29 da <89> dd c1 c5 13 31 d5 01 f3 29 ee 01 eb c1 c5 04 31 f5 48 c1 e5 20 [ 1482.314902][ C1] RSP: 0018:ffffc90000a18a10 EFLAGS: 00000092 [ 1482.314917][ C1] RAX: 00000000001048a1 RBX: 00000000050645da RCX: 000000001058aa7d [ 1482.314930][ C1] RDX: 00000000fae9315e RSI: 00000000ef968c96 RDI: dffffc0000000000 [ 1482.314943][ C1] RBP: ffff888068620af0 R08: ffffffff942c3847 R09: 1ffffffff2858708 [ 1482.314957][ C1] R10: dffffc0000000000 R11: fffffbfff2858709 R12: ffff888068620000 [ 1482.314970][ C1] R13: ffff888068620000 R14: 0000000000004022 R15: 0000000000000001 [ 1482.314982][ C1] FS: 00007f63fd16a6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 1482.314998][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1482.315010][ C1] CR2: 000000002001f000 CR3: 0000000034622000 CR4: 00000000003526f0 [ 1482.315025][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1482.315036][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1482.315047][ C1] Call Trace: [ 1482.315056][ C1] [ 1482.315065][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1482.315085][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1482.315108][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1482.315133][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1482.315153][ C1] ? nmi_handle+0x14f/0x5a0 [ 1482.315177][ C1] ? nmi_handle+0x2a/0x5a0 [ 1482.315202][ C1] ? __lock_acquire+0xec7/0x2100 [ 1482.315223][ C1] ? default_do_nmi+0x63/0x160 [ 1482.315251][ C1] ? exc_nmi+0x123/0x1f0 [ 1482.315277][ C1] ? end_repeat_nmi+0xf/0x53 [ 1482.315306][ C1] ? __lock_acquire+0xec7/0x2100 [ 1482.315329][ C1] ? __lock_acquire+0xec7/0x2100 [ 1482.315351][ C1] ? __lock_acquire+0xec7/0x2100 [ 1482.315372][ C1] [ 1482.315379][ C1] [ 1482.315393][ C1] lock_acquire+0x1ed/0x550 [ 1482.315414][ C1] ? advance_sched+0xa02/0xca0 [ 1482.315434][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1482.315456][ C1] ? advance_sched+0x9b4/0xca0 [ 1482.315472][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 1482.315490][ C1] ? __pfx_lock_release+0x10/0x10 [ 1482.315514][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1482.315532][ C1] ? taprio_set_budgets+0x32c/0x370 [ 1482.315551][ C1] ? advance_sched+0xa02/0xca0 [ 1482.315568][ C1] advance_sched+0xa1e/0xca0 [ 1482.315584][ C1] ? advance_sched+0xa02/0xca0 [ 1482.315612][ C1] ? __pfx_advance_sched+0x10/0x10 [ 1482.315630][ C1] __hrtimer_run_queues+0x59b/0xd30 [ 1482.315663][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1482.315688][ C1] ? sched_clock+0x4a/0x70 [ 1482.315707][ C1] ? read_tsc+0x9/0x20 [ 1482.315723][ C1] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 1482.315748][ C1] hrtimer_interrupt+0x403/0xa40 [ 1482.315783][ C1] __sysvec_apic_timer_interrupt+0x110/0x420 [ 1482.315811][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1482.315832][ C1] [ 1482.315838][ C1] [ 1482.315845][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1482.315872][ C1] RIP: 0010:finish_task_switch+0x1ea/0x870 [ 1482.315898][ C1] Code: c9 50 e8 79 09 0c 00 48 83 c4 08 4c 89 f7 e8 fd 39 00 00 e9 de 04 00 00 4c 89 f7 e8 e0 81 61 0a e8 cb 66 38 00 fb 48 8b 5d c0 <48> 8d bb 08 16 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc [ 1482.315913][ C1] RSP: 0018:ffffc90004a87588 EFLAGS: 00000282 [ 1482.315928][ C1] RAX: 1dde09cff66af600 RBX: ffff888068620000 RCX: ffffffff9a3ca903 [ 1482.315942][ C1] RDX: dffffc0000000000 RSI: ffffffff8c0aa680 RDI: ffffffff8c5fac60 [ 1482.315955][ C1] RBP: ffffc90004a875d0 R08: ffffffff901a1777 R09: 1ffffffff20342ee [ 1482.315968][ C1] R10: dffffc0000000000 R11: fffffbfff20342ef R12: 1ffff110170e7eb6 [ 1482.315982][ C1] R13: dffffc0000000000 R14: ffff8880b863e780 R15: ffff8880b873f5b0 [ 1482.316002][ C1] ? finish_task_switch+0x1e5/0x870 [ 1482.316030][ C1] __schedule+0x18c4/0x4c40 [ 1482.316059][ C1] ? __pfx___schedule+0x10/0x10 [ 1482.316079][ C1] ? __pfx_lock_release+0x10/0x10 [ 1482.316107][ C1] ? schedule+0x90/0x320 [ 1482.316125][ C1] schedule+0x14b/0x320 [ 1482.316145][ C1] schedule_timeout+0xb0/0x290 [ 1482.316162][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 1482.316188][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1482.316214][ C1] ? wait_for_completion+0x2fe/0x620 [ 1482.316235][ C1] ? wait_for_completion+0x2fe/0x620 [ 1482.316255][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1482.316273][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1482.316294][ C1] ? wait_for_completion+0x2fe/0x620 [ 1482.316315][ C1] wait_for_completion+0x355/0x620 [ 1482.316335][ C1] ? __smp_call_single_queue+0x11a/0x3a0 [ 1482.316367][ C1] ? __pfx_wait_for_completion+0x10/0x10 [ 1482.316391][ C1] ? smp_call_function_single_async+0xb4/0x110 [ 1482.316419][ C1] rdmsr_safe_on_cpu+0x16c/0x310 [ 1482.316448][ C1] ? __pfx_rdmsr_safe_on_cpu+0x10/0x10 [ 1482.316474][ C1] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 1482.316501][ C1] ? __pfx_lock_release+0x10/0x10 [ 1482.316528][ C1] ? __might_fault+0xaa/0x120 [ 1482.316554][ C1] ? __might_fault+0xc6/0x120 [ 1482.316583][ C1] msr_read+0x15d/0x260 [ 1482.316650][ C1] ? __pfx_msr_read+0x10/0x10 [ 1482.316675][ C1] ? bpf_lsm_file_permission+0x9/0x10 [ 1482.316693][ C1] ? rw_verify_area+0x243/0x630 [ 1482.316718][ C1] ? __pfx_msr_read+0x10/0x10 [ 1482.316744][ C1] vfs_read+0x1f8/0xb40 [ 1482.316773][ C1] ? __pfx_vfs_read+0x10/0x10 [ 1482.316800][ C1] ? __fget_files+0x2a/0x410 [ 1482.316823][ C1] ? __fget_files+0x395/0x410 [ 1482.316844][ C1] ? __fget_files+0x2a/0x410 [ 1482.316870][ C1] ksys_read+0x18f/0x2b0 [ 1482.316897][ C1] ? __pfx_ksys_read+0x10/0x10 [ 1482.316924][ C1] ? do_syscall_64+0x100/0x230 [ 1482.316948][ C1] ? do_syscall_64+0xb6/0x230 [ 1482.316971][ C1] do_syscall_64+0xf3/0x230 [ 1482.316993][ C1] ? clear_bhb_loop+0x35/0x90 [ 1482.317020][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1482.317043][ C1] RIP: 0033:0x7f63fc38cda9 [ 1482.317060][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1482.317074][ C1] RSP: 002b:00007f63fd16a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1482.317091][ C1] RAX: ffffffffffffffda RBX: 00007f63fc5a5fa0 RCX: 00007f63fc38cda9 [ 1482.317104][ C1] RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000004 [ 1482.317115][ C1] RBP: 00007f63fc40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1482.317126][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1482.317137][ C1] R13: 0000000000000000 R14: 00007f63fc5a5fa0 R15: 00007ffd08d4b3e8 [ 1482.317155][ C1] [ 1482.317803][ C0] task:kworker/u8:12 state:R running task stack:20280 pid:6624 tgid:6624 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 1483.009526][ C0] Workqueue: bat_events batadv_nc_worker [ 1483.015237][ C0] Call Trace: [ 1483.018546][ C0] [ 1483.021507][ C0] __schedule+0x18bc/0x4c40 [ 1483.026069][ C0] ? __pfx___schedule+0x10/0x10 [ 1483.030954][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1483.036980][ C0] ? preempt_schedule_irq+0xf0/0x1c0 [ 1483.042300][ C0] preempt_schedule_irq+0xfb/0x1c0 [ 1483.047448][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 1483.053304][ C0] irqentry_exit+0x5e/0x90 [ 1483.057752][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1483.063253][ C0] RIP: 0010:__rcu_read_unlock+0x5/0x110 [ 1483.068831][ C0] Code: e1 07 80 c1 03 38 c1 7c aa 4c 89 ff e8 94 78 7d 00 eb a0 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 49 bc 00 00 00 00 00 fc ff df 65 4c 8b [ 1483.088475][ C0] RSP: 0018:ffffc90003037a38 EFLAGS: 00000246 [ 1483.094583][ C0] RAX: 5a3b27cafee85a00 RBX: ffff8880607a8d80 RCX: ffffc90003037903 [ 1483.102582][ C0] RDX: 0000000000000002 RSI: ffffffff8c0ab8e0 RDI: ffffffff8c5fac60 [ 1483.110609][ C0] RBP: ffff8880332c8180 R08: ffffffff901a1777 R09: 1ffffffff20342ee [ 1483.118607][ C0] R10: dffffc0000000000 R11: fffffbfff20342ef R12: ffff8880607a8d80 [ 1483.126605][ C0] R13: 1ffff1100c0f5314 R14: ffff88814c6ab318 R15: ffffffff8bb95dd0 [ 1483.134603][ C0] ? __pfx_batadv_nc_sniffed_purge+0x10/0x10 [ 1483.140632][ C0] ? __pfx_batadv_nc_sniffed_purge+0x10/0x10 [ 1483.146648][ C0] batadv_nc_process_nc_paths+0x2f5/0x3a0 [ 1483.152409][ C0] ? batadv_nc_process_nc_paths+0xb5/0x3a0 [ 1483.158248][ C0] batadv_nc_worker+0x52c/0x610 [ 1483.163141][ C0] ? process_scheduled_works+0x976/0x1840 [ 1483.168892][ C0] process_scheduled_works+0xa66/0x1840 [ 1483.174525][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 1483.180545][ C0] ? assign_work+0x364/0x3d0 [ 1483.185172][ C0] worker_thread+0x870/0xd30 [ 1483.189820][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1483.194880][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1483.200025][ C0] kthread+0x7a9/0x920 [ 1483.204212][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.208839][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1483.214003][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.218625][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.223251][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.227871][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1483.233098][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1483.238327][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.242950][ C0] ret_from_fork+0x4b/0x80 [ 1483.247399][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.252024][ C0] ret_from_fork_asm+0x1a/0x30 [ 1483.256833][ C0] [ 1483.259873][ C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g86625 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 1483.271091][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1483.281082][ C0] rcu: RCU grace-period kthread stack dump: [ 1483.286989][ C0] task:rcu_preempt state:R running task stack:25656 pid:17 tgid:17 ppid:2 task_flags:0x208040 flags:0x00004000 [ 1483.300553][ C0] Call Trace: [ 1483.303858][ C0] [ 1483.306816][ C0] __schedule+0x18bc/0x4c40 [ 1483.311551][ C0] ? __pfx___schedule+0x10/0x10 [ 1483.316453][ C0] ? __pfx_lock_release+0x10/0x10 [ 1483.321520][ C0] ? __pfx___mod_timer+0x10/0x10 [ 1483.326487][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1483.332849][ C0] ? schedule+0x90/0x320 [ 1483.337119][ C0] schedule+0x14b/0x320 [ 1483.341304][ C0] schedule_timeout+0x15a/0x290 [ 1483.346180][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 1483.351593][ C0] ? __pfx_process_timeout+0x10/0x10 [ 1483.356926][ C0] ? prepare_to_swait_event+0x330/0x350 [ 1483.362505][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1483.367739][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 1483.372629][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1483.377873][ C0] ? rcu_gp_init+0x1256/0x1630 [ 1483.382676][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 1483.387652][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 1483.392992][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1483.398223][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 1483.402873][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1483.408100][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1483.414031][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1483.419093][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1483.424325][ C0] kthread+0x7a9/0x920 [ 1483.428442][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.433069][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1483.438301][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.442922][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.447577][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.452197][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1483.457421][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1483.462646][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.467267][ C0] ret_from_fork+0x4b/0x80 [ 1483.471712][ C0] ? __pfx_kthread+0x10/0x10 [ 1483.476343][ C0] ret_from_fork_asm+0x1a/0x30 [ 1483.481156][ C0] [ 1483.484198][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1483.490540][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.13.0-syzkaller-09760-g69e858e0b8b2 #0 [ 1483.500541][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1483.510622][ C0] RIP: 0010:acpi_safe_halt+0x21/0x30 [ 1483.515945][ C0] Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 c0 d4 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d a5 89 7b 00 f3 0f 1e fa fb f4 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 1483.535579][ C0] RSP: 0018:ffffffff8e607ca8 EFLAGS: 00000246 [ 1483.541676][ C0] RAX: ffffffff8e696580 RBX: ffff888144e90064 RCX: 00000000017e8191 [ 1483.549681][ C0] RDX: 0000000000000001 RSI: ffff888144e90000 RDI: ffff888144e90064 [ 1483.557684][ C0] RBP: 000000000003a8f8 R08: ffff8880b863795b R09: 1ffff110170c6f2b [ 1483.565690][ C0] R10: dffffc0000000000 R11: ffffffff8bedab50 R12: ffff888147687000 [ 1483.573694][ C0] R13: 0000000000000001 R14: 0000000000000001 R15: ffffffff8f11d240 [ 1483.581693][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 1483.590654][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1483.597263][ C0] CR2: 000000110c37608d CR3: 0000000034622000 CR4: 00000000003526f0 [ 1483.605260][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1483.613252][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1483.621247][ C0] Call Trace: [ 1483.624549][ C0] [ 1483.627418][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 1483.633793][ C0] ? print_other_cpu_stall+0x1481/0x15c0 [ 1483.639478][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 1483.645323][ C0] ? timekeeping_advance+0x5e8/0x770 [ 1483.650654][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 1483.656963][ C0] ? rcu_sched_clock_irq+0xa26/0x10e0 [ 1483.662383][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 1483.668063][ C0] ? update_process_times+0x242/0x2f0 [ 1483.673469][ C0] ? tick_nohz_handler+0x37c/0x500 [ 1483.678612][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 1483.684101][ C0] ? __hrtimer_run_queues+0x551/0xd30 [ 1483.689565][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1483.695328][ C0] ? read_tsc+0x9/0x20 [ 1483.699423][ C0] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 1483.705528][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 1483.710699][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 1483.716927][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1483.722812][ C0] [ 1483.725784][ C0] [ 1483.728741][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1483.734937][ C0] ? __pfx_acpi_idle_enter+0x10/0x10 [ 1483.740353][ C0] ? acpi_safe_halt+0x21/0x30 [ 1483.745070][ C0] acpi_idle_enter+0xe4/0x140 [ 1483.749789][ C0] cpuidle_enter_state+0x109/0x470 [ 1483.754960][ C0] ? __pfx_menu_select+0x10/0x10 [ 1483.759947][ C0] cpuidle_enter+0x5d/0xa0 [ 1483.764416][ C0] do_idle+0x372/0x5c0 [ 1483.768529][ C0] ? __pfx_do_idle+0x10/0x10 [ 1483.773147][ C0] ? rest_init+0x20/0x300 [ 1483.777522][ C0] ? rest_init+0x31/0x300 [ 1483.781883][ C0] cpu_startup_entry+0x42/0x60 [ 1483.786673][ C0] rest_init+0x2dc/0x300 [ 1483.790951][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 1483.796534][ C0] start_kernel+0x484/0x510 [ 1483.801079][ C0] x86_64_start_reservations+0x2a/0x30 [ 1483.806570][ C0] x86_64_start_kernel+0x9f/0xa0 [ 1483.811537][ C0] common_startup_64+0x13e/0x147 [ 1483.816529][ C0]