last executing test programs: 7.446506213s ago: executing program 4 (id=1475): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xfffffc}, 0x10) r1 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r1, 0x29, 0xcc, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000f00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0xfffffe49}], 0x1, 0x20, 0x0) write(r0, &(0x7f0000000000)="1c0000001a005f0214f9f4070009010000000000fe03000100000000", 0x1c) 7.203698402s ago: executing program 4 (id=1477): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x4f2, 0x1421, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x20, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x2, 0x0, 0x1, {0x22, 0x8}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0xfe, 0x9}}}}}]}}]}}, 0x0) syz_usb_connect$cdc_ecm(0x6, 0x82, &(0x7f00000003c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x70, 0x1, 0x1, 0x40, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x2, 0x6, 0x0, 0x7, {{0xa, 0x24, 0x6, 0x0, 0x0, "d53f7d52af"}, {0x5, 0x24, 0x0, 0xead9}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2, 0x10, 0x81}, [@ncm={0x6, 0x24, 0x1a, 0x8000, 0x4}, @acm={0x4, 0x24, 0x2, 0x8}, @country_functional={0x6, 0x24, 0x7, 0x9, 0x1916}, @network_terminal={0x7, 0x24, 0xa, 0xff, 0x2, 0x2, 0x10}, @acm={0x4, 0x24, 0x2, 0x9}, @mbim={0xc, 0x24, 0x1b, 0x9, 0x2, 0x3, 0x5, 0x2, 0x6}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x2, 0x9, 0x57}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x7, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x1, 0x5, 0x9}}}}}]}}]}}, &(0x7f0000000700)={0xa, &(0x7f00000004c0)={0xa, 0x6, 0x200, 0xea, 0x6, 0xd9, 0x10, 0x4}, 0x176, &(0x7f0000000500)={0x5, 0xf, 0x176, 0x6, [@ssp_cap={0x24, 0x10, 0xa, 0xf3, 0x6, 0x1000, 0x0, 0xa, [0x0, 0x0, 0x30, 0x3f00, 0xff0000, 0x1010000]}, @generic={0xe9, 0x10, 0x1, "f511e008711c6629af00036057d9095d7a802a59d2d494189b1e614086c03362d07a910755862317b2b70d6586d408b8a13dc693c7ed3bb801053dcecd3f7c9970b70ad311786f7f145b97e785193e380625bd2add26554d3f538edd0ebf81ce39ff96da2eff7fa557ad1a2479c09b40b8413419b2726a9bd0c5860cf7c9e9a29dfe569c0e63b8ac34b5788c08c4ba8065833c0ed2557577e30b2e97751f9919232c161feceaceb493052e012f0226d6d667c88bb00afe54f5e755ee5b7a26574099e13c10dda0299619f5af28edcc0df802887b533ee1e8a8935ffa5cc36c4b23367242f972"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x4, 0x20, 0x6, 0x7}, @generic={0x4b, 0x10, 0x4, "7589dc6a897fd3076e922b1d900c76f70fe13a1baa22d12d1986af2a9ab7dd61d053cebedd40c829f405cd408ce920de21f1013d7ecccf889196ccc3aef02117e0bb1e6369eb212a"}, @ssp_cap={0xc, 0x10, 0xa, 0x5, 0x0, 0xac, 0xf01e, 0x8}, @ptm_cap={0x3}]}, 0x1, [{0x6b, &(0x7f0000000680)=@string={0x6b, 0x3, "c3788624db3ade56c078c24d5cf15c9427c56a943df8f1fffd193f04708dc0cb08c07df3cb2f09291ed076c9e0c7875b3c3e57cfde5b9d78abc2710aad71ea55d105ce2b0d3f6e0fa356fdc301acf3d86eb41ab06b957ff903cf7bd3a49ba7a5e635ca432ab3f9ea49"}}]}) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) fsopen(&(0x7f0000000340)='rpc_pipefs\x00', 0x0) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) ioctl$FBIOPUTCMAP(r1, 0x4605, &(0x7f0000000480)={0x8, 0x1, &(0x7f0000000380)=[0x401], &(0x7f0000000200), 0x0, 0x0}) syz_usb_connect$cdc_ncm(0x5, 0xd3, &(0x7f0000000100)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xc1, 0x2, 0x1, 0x6, 0x50, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "dc9e46a1"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x1, 0x25}, {0x6, 0x24, 0x1a, 0x2}, [@mdlm_detail={0x56, 0x24, 0x13, 0x6, "199bac04f37e126e626e4690ae3eb2f4b6690c3bbd37e5e5d4b1e3f408e3a8e326f9a7bdbae56010fe97d7eece28fd740df61f4c3beba1e8fe138682d6bda1ca931d58f3ea2d67bde815bb3ee6e45f0e05f8"}, @acm={0x4, 0x24, 0x2, 0xf}, @network_terminal={0x7, 0x24, 0xa, 0x8, 0x6, 0xa2, 0xe}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x9, 0xf, 0xff}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x5, 0x8, 0xa8}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x5, 0x8, 0x8}}}}}}}]}}, &(0x7f0000000080)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0x0, 0x6, 0x4a, 0x40}, 0xc, &(0x7f0000000040)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0xc, 0x0, 0x2}]}, 0x2, [{0x67, &(0x7f0000000200)=@string={0x67, 0x3, "25c35656d3e62c40237238c62a232f11777cd7f40be55443032bd50ac19fae48df608d2bd9bb0ff798b4851ee7f1e5ae7a84dcb3ae1405319f2c5cb83cc1741a71afa15706e44bd5434f356573340a85d2963e7ddc97da6a77595cfbbb2cded5707c732443"}}, {0x85, &(0x7f0000000280)=@string={0x85, 0x3, "d9a179868320acdfe1674f5219c1470a19fd6a1b02600357e252220b9340392a8d15567b0d96e7ae5b2c54477483010ebf1427f1d96f0f753181642044e04643e0fe10a203597d7e08f6727ab0925e5cb8da7aae3c4f15e01e6f6c0defdc93d00211cb6a590b5cfe7362ee595bcea0a4aac1b862ff4736d556c537cb63cdf4938821d9"}}]}) 7.10821596s ago: executing program 3 (id=1480): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) close(0xffffffffffffffff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f000000e280)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) chdir(&(0x7f0000000540)='./file0/../file0/file0\x00') write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x50) lstat(&(0x7f0000000ac0)='./file0/../file0/file0\x00', 0x0) syz_fuse_handle_req(r0, &(0x7f00000021c0)="6b894db915ecd1d3e6688bd58c3865d24c5e5a98a35c0fe86c9450d36001da41761d65e6f50eac112b60d31066b31ecc5396f540472fd7a2636d9aff59e1f8ac5777abf8ac7796156450a61ed355d9a1d7ba35422ca12e66d8487ac243bbf78d27aee7a1716003bb8986e5e7d8fee892bd7a0a95d0ce8d33e49f74097332fa4300c28f99896a404bd34b031ea72a230f528507e055aa3767a0d5bbe647814650c95f7f6148ba8f0e3a33b7cc31144801cd7a7fea9d0f2093d63d34306cc8dc73dec77e8e59e31dcda17acdcc75caf598a963ea33533bc73f4d1ee8a8cc7197286fdb8fa152de6e5e006e3d12275a8d007a7155b1d1e151b5560f3e8185d33a5b7fc0b7f55618d8f511b9016721ee55b2eab0e7cc7153adfd111befde24192fca072c98d3d5e80073e71a10b2bf7134a956d190df636cd2a18bb29e1f72bb8b97c129c339a7ae87ca4494c22299ed6ecad451d758def573f594d19a2bba2ed01296abde71db2ec81cc4b2f1a3bfc9dbc568b478e1f1de57b4e7111effaafffbbde432d5822aa475a818847339593ad07676567971f233afabc9593d4f798f5b344f9fd4b5fc67bb6d563dea6f2f963e19c3305d3c45c8e220d51fb83fb06e0e5bcfdb50e0842f7e620b19c8931210c871321a1c8968ae89e63235a653fb239189b18656528ef2f8c1d81e4285b73335c8c22f34d0124d02626532231e230bac9b307c26d815b092c8f9bdc0df774c18742fc65b2c88e0996f736999c525b9f3b26f2f8e904e6f76dc258fd0638532dc6b50e4393f64986a1bed39c32046e32f5266696596461fb6cda3935269812214ddec4a8f122966c2bb6c80b06ccc0154da54210bed45afc85a5d1fa7266320011c70f04382cdeb1734b0148651a49a0b52e2cd9b6ef09df08314bb2285b3c8cb4f54da721db10147d915b383cd1b52e728ee224f25e9894914fc6f7710a5533033ee84e101572bce93b5d1002d2b262365c8aad2cf9c49846ca6bb06913e9801ccd5da7121af116362027f233cc60c54c934c2b3a6f4a8fa5d3135544d7d1e32e40fb967acfcc55a989694058a06fe84ff2841907d8ba15c3c961cfe55326b0d7916b067c3e8364469062dee2ca854bff73cae55b50fa6ae3bea40350e901b529d165a63e2cc16afc3fb0d389dd51d5a4b46e0868b1dd2f76a892b4ceb7bd4e4aac3bc1b377797d40ddde115d73cbc7d949ea43fe62b015cd3756de7d25a21b33e8a3bee7d40f2add9764cfdcc4093ea084909c4186ace5efe4ec1c746c3d944612473adffdac23f7c35b3da94403e608c79171419cb39cc8c6dd7d51cba8a1dbc7ac67a2d1a5c7edde5969a323f7565c7decdf5bd2f1f479346a674c0f707eb8b1a418cc3adf4fd6b7ec5bab1903956e5feab5c9cc524b97ce776b97c779683ca1fad33a6d9a454c3b66e85ceddd8528283e36e6413b832b0d6810334204518472f857dd5456dc1315c4e5baec341c6dd556690ebf366985082cec1003d70c6f2115938bd64988de0709093303221a503246dacf2d4c4d788e13e92f0d00be61d7a7ab098d920355c9cad496ff7276f1427e99531e80a60cdcb9dc18d245530ad5af9d0c8c7c570cf3c0e330d8c4ed4236e19cc3cecb7cfd26946b083fe1cfe3bed824828b1d4e94b3812e10e29f22babcb8a09f31e9190e20f871c5cb6551c4cd7082a3d7f8ef5390c1e44a11e0f6471de85b3bfdde3b7dcfc8dbdfe534192d5b7214fc3a84654f8a8ccf8195a0259ce59b6af7c619d781226a04a6d7a5b88aac070c80e9e0cfecf2f6a43d5cf5ebf71ec6ed21c2f22b850332e7f2a210d0c400665e5c68fe24be882d6af2e5b43abe1f102541a1ecada68ec63df9947c40d9bb7c7883ffd56c99bd0a50b870d9139fab4c5ff2c655ef6be16c5dd114e6505b4bc8b19a9b72e5c6e1ce7c999ee540a0f5e0bf83b3a355ccb799a027cda04a086c58ead7d672d7366fbb9ca69e2e44c6d5bb0afe06e75005b0f721dc328deeceb7ed1fc98529b7acbe0a2e485a15968441b740e66fba83e737684fe5de20d9cef67e7c1818bf39e6dc4255f581833eabaf117ee553fdc616aa7f3f09fc3d24defadcc02f4b28bbd2e28fa59fd923d49dcde7c3ab9910645a3b96f12bbf29e647e4207b58a3fa11aadc501358bacdae801c2d48a94486a996ba70487fe5fec1a3937679ced79ae009ee7ce60bfa087d4ea0efb2214e5d675928ef696a63547cfc5227ec6020f1c35592da7146fd39daa0b4714634d64b7d2b0118922821e905b59a8e76bd9d0ba21ac2d9b93bbeaa0e789982bef2d62eadf32ef201be9de069b3994dce13ea9fb67b819d549c6bda0e2f6ed557aa0e4007df534bcba07d9a8d65ec6936d1379fb5671eba3a250e5cee110582bc3d05c2a235c0a7392b4908776e3bfcb0ce7863105db20c0f3f5845222c4d9fc18aa8bebc1690a85b283ae49e145b4c2dfb61ab0ab9e79db007dee98f6bb097a09efab825e2674d97d581a9078375f27a5eb8d7a527db59b7d3cae1d492f094cfad41bcf842935e15eece1c927c00aec120a223da4a589eba6a60dc45ef8bfeb277ad0318afc2ba5ccb300325c8c0c5dbeca5b39ce1d5e8710f1a88f15297cd1fa27a0872e5cf977148fcb5c486b7c1023015a6286011b545ff1e1de0248c87a049bfc880b54daacc6b5c9f6e1edee7df17e0fadd261089e4e762d89e78d3ce9f6ff088364531bf96f918bcb3c9abd759577f6ad9b4d9b4044c79813a38a23c6c0d3716fba6c36c9b5f1b5eb839e9c72d57bffb8984043d30c80099a96d5eeb707471de3fc7f76223dcdfa25d8e75286797fd7fe51bc23d4ee9467fab63cf564a34e2b1b0bbb10979f295bda83748d05125b8a254e3ec8585e1eb183d594ab6d8da194ccedc901b3f8604a4b0cb116cbce85c8ba3c494f953a7620cb8419d7f94251e684a84b997a8b6a785ab30bc5c1dfd9058d5fb3f685a35ef14a0f3b09461650d1a0dc888d714202900c0d5830325b39c9ba35f35e2f03c16ab35e0a4007a46b6cf3ce2e06a252bedefb173ab064677d49fc26f3233a6c663c9de1efe91192d655853f61589f4584bdfd4f0a0b02eb061b3edc91fb3069422f36d783ae20c3f92ec95dacd7bec26258f46d4b718fa0908d931be708ca849f919c751cc98c9f3765dfea87605fbdeb87a4d42bb1cff6b043849b1654c0e9fb6edc1bc63dcd265e8054f48679dedcc83c3d597dd062771c4a828cf65eb2e784f83debdc9f51d66f86ae8258b25b0defa628669460b85514d29aa70e8af5a87db26d0fe6ad2f755971892446ce0119e8c0011039dbb7af5d01912221279af779026e15bc86ceb08b5c63b3d48c74ddbdef6a816e62af32a4cb241d92230aaef020da3c17a42b0776094de46ad5bc1be58a927369f75211c7a81199571aad4860833cf4d626d7df38aed4f95298f0ee6c99992aed4da8dced1023a39ee86891ee13d327cbdb052a8b8d4a9bd6090fbf349f77a15494d1221d5cb5cb790136b0a3405b3d35c6762b9c1998e8f694ce804d96738a639aba0aafe43740f326afd5eb746f311015a8cffe34a7d8b70fc35174c6ab76d83bd2441c0b1ba290c6bda674dcdfc87c439035e88c05efc3c013a39c707bdb884e75ccd5281eefc52bbfdb168a3dfd554c67ff72f7cf191d31c7c2a3a28b55626c27ae4c58c245471bbd9581e3763e059d7e05db780c4c32b8c6c3535486e3a3c2982a3bb1aaa27c2deb928f40c4fe2ddcf050c671b9ed1f461c6af93b2d8b53e272b0cf314596330010333bb00eab4b6239a4f74b505d32d2a517c1ba3647b99805b1e4c50e87efd73b4fdfb6a8d4343363f9ad8eedac30102a6b22fa212b57fd363ff346c23df9060cd129e7fe82e25b393c8f112ae3d11b54f58e9f5896ed9a2ef37499408b0b310034bdeb776374742c916034249898936b3393e8c3793d1300aeeb3c1138d3e7790680ab9d2f25f9fecc73e669c8794f8820fe68492a390ce321c37ca8ecf78e44b33539e598a514edac31b513a64f24e8aa63bb5f69af24431742f693e56ddd1ac2317fbd51922f92852fa04d48be26f786d2bf3cf30e68149b505d0403abe59f4bbc91406383f49808b0ea330255d73adb39b7a7595ee53105226019c77714ee991d664b13398257cc2258558c653519f9f33cc04787021197a5896e7284ccca1e1930d0f3ce8849900d4879e21463b5f93e4a381737e36608c4d1ab80d03bbf1b8cfc3738d08204ad48412a2d13b621f15bbb5b6779346c00e5a0aa82fd7e64b478ca942fbcc47966a249929224fb1f6dcd561664b01d501aa283d7c38101245947670f8f55433d8c3c35d7e841e3a7ada5f84df2c3f61c1c2828b1e2caafff2c605aa57ff0b037803a5b649e81c50e9249a9c44932601f9c9169f506ccfefad31fd3ed707e57f4414ceacf4af5302f8f89dcf6968d6474af914b42de0f7bcc6c62b287b9379f9efd27554dc7c3bf883cbb386cc8b1f8c06e30ced9f92e14b3506576b5fca6c5e5a3fcf17a37f83fd7923ba8bbad7f6131a325e49d9da723ca9adc697ac6e40507ed0fb2d5a02b4a901e73a01373b666b28541b8ebf60ffff6453a034865f328332d797ebfcac6eca5b857b9888a1b4233d4de8ed85d2e23e95da26a67a6c9b3d9634c36fddd55a296266faf124ec7c1755e2bb0d0816a5f4aff23762b4a981416fea8903008d4ac6d46546993678d8b8331d2fe73d1ee4eb4d095a47a2f4dfc33ab2d530c82fe1ea58eccb9f093191fa3ac197ae76fcf82facb7dc00c38be5ff17fd1b6018e9a38328ebce24c2a837f05df7e5d22a2326e37b03a270c1b908b31e795fa13bc2d989bcad5acddc1c51ac16179cf4244560872be75a1d011dc9fa4f1234375291e17bf170cc5e06421e9dd289a8fd7e71413020811f9fa4edc12e66044732d5cc39fa99d59195d892ef9a1574b13b58185cb954cafb30397684e6f636f75bb40cd49db2ffce25ca74a252d568e924537dfb586c31fa2cdc10c720f552c341a3d92471cdc9a63b1eea8db4a7eecbaa981a91fc1af5640a2e0d6115283a6a493e5e52059894a5b8d622efe1cdbd05410004393c7f9438ca263ea9239cb72fd2c86871040108cf00bf464b9fd194cd8d5090163d31d5960e8ac57938546f5ab0d0b6befefc7219424bd560e799403a9798290be9279f6cc72a16dc00b411456456485d91cdda88719d011aca7591046dcde6c2cc4fc247a2bce71fc9afbbddd6ec30a649abc6739eb0271fc3c365b194a422819ebdeeaf9355ebb152a291269d9cd1844a28be5079087b251c177ab87513cd88f0b0c50e0d29429cdf6c9ac98db79410e0751841c7bb59028bd9f32496ee955819a41a6b2de036d30c8294808c93e76b647c26bdb504d223d15353acad1c2615de2f946142996f4b0c85931c25ad4cb3a3e35506ab358478996943b919aa2e5dc65948c92c1818b622b96598f1fd6ece94c1fb3cb16bda61d66185a4a5b5baa706de37af397d4a73d1d495049b62aac978942cc6caeb06ecdf1b0f7c62d776bb5ef123e4ddfbdd16c0d222433b14e2efd05e7e38933ff2df0f2de40872833b33aaab18123b766cc4558d5ad1dc9dafc11bb91b6150e45ed14a8b376a44d3e460430187c7472a961637b0eec5ca7e47a5aa8a7c13723b8ddc1f4a986350b0c3b4ff4ddb3f2222012e4385672bf437ed4735ae0b92da197afea2e6f98eedc3181b3cc7df2552e5855341ae0e2a7738d011498a6068617ffec4a5863b91fefde5278bf58bb65292d5f099e5aa8672694620bfb3c12a39e588f9507136de644e09f6186ede854021ba7b6ec060af7d268ecc00c6276e93a0ca6b8b8b9299fc6fe8b73ac6bc2818c232fb573924c7488eea3c64d07462ce240aff2bc0903f9ca604a6e47e0826f4d85c1c05197558aab1397c43e396eccaf0dbcee48dd763433f4e2f6f7487385ec1d9166bc64dc6d0eaf44f44a37a28c171b20c95fa4ae8226ca3dd02e14f19ec165d8725b9d5f83b0b82e35cb52aca131c8b8dbf87eb765df38a20cd49e7433d89179e9030900cc9a91e5582c9d65ccc234cdba3d499c4e9db0ab99707f5be5fc139449e6ec4d07b2e6961b7033b6dd57a054926a75fa2de99ba6ecf3839f3be4d21417746acc93ec0823f504a4604ceddb7e20814ae1f9a4fe246e174b1ce538c826855eb4ab496085eea7b20b09640a924464561e5078e127ea8701b21454eca73c6fe200c2f3de3db4d235184612ceaf6145eaad5c1e37e94c85c0931c70c2d6f0784cedcc5ece969a88a3984b36c8950e58558d29f02c90effc59cbcc304d3b6fe784a16d950a20dd2e16ab148a43933bf77f16af37c8b820b1d7c42b3961bf593d13afee64add262c712fb80a04f2f33c92352638cfb1b6e1d480a9f8b5e0335c5fd1cb268b40e35a8f3b727a73206816bc8439128004ecb9009adc11c338e7a2590ea6665299ac1662a2694692ae9273cfd5c919a45f8eac634eca82987b903cfa056d2a11164f64e93b5bac3f3c29409c0fba0d89f285717d2b796836cffbfb777f30a257878727e4ed179be7de7b255f5f7a3887ae139bb24a56137bc60c75e4539c6c306e23c832d07392b54d8f294d29b20b1d130b5732bf17e6f3f2eb9009f931583b399f447c1d337bbc9526cf88bb9d4103f6df721768bec4d526f4cfb5e5f84fb591950fb5fcfb4063cf4f328a1ae41349496948a9ad92ca1ad7248ae89cb8b37256b7f6db91ef00d7910b2154617a8b8c4f841a9a8956ace2611f0846179dc0f9f93e0ad57b7d64f981af27da37451e65d96052df1673d14c5c36d3ecfa4b19fd8444216c7ab39d9385358d9ca3f6d8d30676af07b1cc555cf035c83da5ce04153732db618e08ed9f13f95fb4e58bcb2dab471cbec07e892546cab9712c1c73a6a858083b5378459b739bafd001341a7d52312e3fdaab675d11131984143fe566f11fda9eedb82b9d711f232d43f66af5facce3006cd421efe69ef66ff9f2f0db9f525ba188b3d6b4bbe4e3a4a818db982d7070c93deb86f83efd8cbad370234952d15a92d7ff0f7e097d4a219aed8652344a051ad7324a0ad7863d52864a11f714868c9a2e1ebfa500fb8335ce6eac32072f14000d68fb3e36a89fe021376764f5f80e442f3cc3363346945118a69099f8e903a7823e7248a0802771f110a5c073ac51bd805f180a701bbec557fdc7a58f8f61adaf2e59a9891906c88b8a41b60932f7decfbbd158403cd7fd53ee9dc5dc19176c1b76cecdd2705921801c071c10f5c658214af1b99d6d874dba3e9c78836158a317654b7e7315f4be867796b42978a3c099114e15ef94e2ff5d2de444e59d7319596040a72dbe19388a6e1771356fb61e5c09136e09372b061a078ce35110df871af0eaa6b0b75c52d54a60532f45556dd0c9c36573644cec250bf7d16cee8394e8eb7ac57a7f61adbe072de475fc7ce59e79f79799f0d36714915735027bc93ba20512b28090f58c7716a9d5c15b9b21338925805506214b7d723b5e44780f6702e411fa3af30c7a49586c322f08aef0a2d2a23197d30a42561459ef29bc45ff404a69ff3f0af45b8e1b602e5d765b039cbff5fab4aa7d78331716913a13dd71256cae32675872ef8b24d886f3e6fe82d98060407cfa4a80769e71e07c63d4dccc02975df0615a8198d43c10ccb4cdc366b4f8d0b400b298a56f4aad2ac870558cfe7e4e4ba7c288bd61431b77c10f0122370f54908d730eb4559bb2b8521e769ce53e6a38c2a857129dae253b695c230f608c6e3250975d96ffc7b2944d7530194826e4788cf8611c1a62e8e1477d714d1478ebe4ad9ca59428fd18b1590cd9c9b059de268060dd5a056cf6875e2d41ff88b9dea774359d9542bec7464214d90cba71547de1b104bba0cb9e3f9f1ad76602621b6775149767dfba907c34137632ecdd89c7c535908c680b7e75a646741e0fff7aeac240c2ba2a4d774d7176686c87fe3ca3548a9eaf9a7c0c894857fcbdf8a2d1890ba99b962bcec170078e70c14bd900d0a46c4b911c5ee58cce21553bd41d1769af26a27f5079bb902e627ce1c06e81e9bac93e12e71553d012a730115e46ce7b13a526675b272f349f2d2a87e104d1c4f9aef31acb71acb88eaa4fc19e9ecbc7b0006295bf063196840c63984adf0f84371f2dd53da3e12b381e1e51575e16895b7c559ef06f58866460d6e18dcba6a9fde62713bb9a3278677758e2dd2e530551967ad4e6f8be1756d54842ea2f6a95f3d71ae7f5a5de0cabaff592d01fe4c8cacde600b372287cc33403b2d0d7dc8ac922d2ae85c4209ce919b1e02a84778a9b3c5a21e39d1dfa3ee1f87920c2800be04eb7d963f01ec2e892b9f192085332d4900810eae8c08488af6ae0cfe2ddc48575f2e3f26dfdca1f082143638d60e3dae6c25ffafb7891d2cd719f95d34c126dfaa4cddf8ec731fb220f3ce7bb233c57330c4539785f67ad93ccacbf90be16ee03305b3fd22b06231206aaf83181dc1f7a25919cabee108d6b664268fc9f3d1231a936d1cfc2f654577328911b831036cfb48d2fdadeb9ab9dab1ccf95a9ce5be439b6d21bd7199575831df0e26c241cfcaa8caf7e528496ee143e21375725bdb8a908830c34276389e4a8cf4861cb2d517e1aafb83a2b81ebc93dc9c49871b12bda00739c636ffa3471183bccbc7a176ec6fb9b9e758999c2d3724a08baf7eb68966f8eea246c1780e18132ff6a04418dd40a882b4650d7b1af7462e68634f3d95ba8dc79186f9f50156d42eb4a42e92cedd2ae92da21ed953b1e20fd4536297b732a6b79612ee856db819f10be0e6320b4cf0b46dc48b8639e872b146e77c6f5e296c1460197cf9a41c54f8119b9b089996c2a01523294a3e34273f90236486b1b31e07238bc31d2974a5f70564e53c4a109a08d6ff168c139338713054dd964e2aba273baf150ebaf09538e10cd63725b84ee01507646bffd7422d2b755d3101765fe5c26e13ed6afa2dcfd0f0736205e581ec492b833d7122f77cecc98ea5b26abce80d37249a03d109bd04df3fe06bada6fdc12d7d0c1260ee3d276aa504e827295de16dd00e2b5a0909d1e1c9e664d7d584cf17b415fc3cba09d956ddb6c65c9a06637e200cd548f9457af50f2d9da0f2af4f5db939312e6351f760375bbcb6396cf2fc33baf8555929877d062739d56c77963a010d0c00c541f1cae4d1b0a18cf1a09b4db6255209f7e573307cf06cd8f91ca8a472a8b11a82d559f3fb36d9bca17db713ab5f746dfe4eced1d0abb163d69141b89b3723d1dab82c4490882808877cf6b1367fe10feaa5f6c70e5ba2c2401eb68952d885e9a11950ec0a3dd8b67190783884d6ae5a5a4aed6cff8a1a411ec6ca44c9529089f7c2a2148df572027e1baf70fa6ffb34b0adef3689ee856869d4a8f1fe4bcfcb6359e99d827bd9cf646f5b84d53ef16f1400683a6facb31e0e862bdbb1520d6e7e7b2cbc5476ec0798c74650535f893040268b2bf49770571ea81b9ddca0b1e442cd9608cccda5dab8e64f01014bb5eb2f1998d723cb767020c58c9960f11cf5e4d905348f8d32c40fbe57b20f251f30bce136e2c21259244057ae1668ad6c81725a35b0c6377e346a7f159ea5c97cdfce2603ecc1d860c3ea449c90665c42834151b06589025268f9e97fc625545014ddbb9f5f4fdd79dc754b077cea1ff29355d121652637c8b622599bb02d6e2d7efb3cb55886a0ff79cc94bac276b9fdeeeb7dae731eb3a92265a98ae86e3df8888f5ba7df5e9d907bd87d323c848da86c65048b8685b4a8aca319e9b6abefe008ad6f2f21c23bcab9e46bd3c684ac801e9a895d9a3be60b98e17c991846ac80dc3e6fee8ec239f8d851c44a83c17657061d0ab430dd5f53596555cdb5a0aea96ee9220c76737a74a29be6635b146239f21299bf9cbf4af4d4518d959ac4bbfa26c6c6a2eb986663b79326736daf4be0290912bfeda81eac5f87bf77baebb0a7b2fc6869634e67292d83c7394fd0d42dced62f5d5fa87711cdb5e6785689bcb66c0abe57d89f5f6fcafe34ea8dd326199206a7a0710ff1696b7d1099bea23d29e979c8029e569210c1d2cbfe0e58de88af53542fb08f605ca1f683a86522eb26fb3db94f7e1fd01680b3a7612620920fd241bc9f386786a517f7cf2f68bc669c92125bcc9ae22777e9cb59a23b8f31d88221fd5c3a5f9bf13b4a5ca3589c3206db6988f65d255528295facc1636bd736779ee1837c84343c76f4003544f3bcaa07b40d403e1f63c7bd2e0d46cb01707a0dc7d2c08ff24d49d811f76b399a05d14df37bd42f497269035a7d6946edd22a79a2f382f662856efb7ed977c6cc387c2150943db4841976ca08a25c545b9d95e97f92703631f341e214d2c93a9a85c05ce76f06812a1ee731924180d947a6b19b4510f3e765d1237e8856e6fab3f256d6743d8a62836915aac22b27016c0ebe9b43ae78c9d5d4c77a41e869a3d7d4be57d65741f189f02346e692140fc2646f684ded1fd98172381069336d877a70a7ec8ee01cef15e1631b63ff4b1988aef9f16434c1f2d1abdd99426609d0aabcb0d3bed755e3da5e15bdd0041f1a129a21f25917fc1510ce788ed3ea9430a1635fc6d246c0e21914b015f4273dbad29b29100c4094c6f3c80f6bd717c3f2bae278277df7f483cabc072e43e5bdefe51a246cd750150f15540b4a80f495b0f26eaf69e9918245305b5ec0c0c85d383c243f9a2b05c51b13d873dc20d558fc02040b7e0b8c08e3b0a596ddc8782edd9dd478d3f5a60cc6cb1ff239bf28dc459442cc7861e8fc8b4ec888b7a5fcc49645941c5fe8332a32812fc89d693ae613b113c1ba03ad11c730ff024b417a37397804a2958634b6e9689bbdd92d5ee89dcb78d07a26a5c5be38f13c374454c140ad9403ae942e512ce07f4ce02cfcbeee57b19772ba67d21885e16cb064407461af326c0328ee88e44336000c41796a420639965eaba8961be5274e2c353410b4c2b036a082717f2868bf2ba7e42390f9206e2e3c6cd9da77ed6ab1dbc57953532493649924da31531ebcf8518ae73e5a22ecf58df5cdae3a653e7e6af64157018729e64d4a6c0d06796dd153c1f50d50f5e72bf3a86c44e57eda96a1e967a1596d7d12d351cb1bfb30fa7da8d434b1c9e36f216b4ec9d6553934224db6296eca17bebb6e6be4df5e11bcc407901cc291cfc2b56df426e8af4cf7fad140c68e41b047fd404c73e342ba71e2171e0bb5d1bf396089048db5e10850cd501aae3730437d14168a1a8c2b8f5b6fc48e2a4e7533036a77ec1e91d495f6290e0c53fd2bfd154cdb213330a8ec4d5cae98cee44c366d89435b69df11d4677de69e55882ca675a1e34cca81188e1d37b860a2bc8b256a9dc5809e619409cbdb8fa7303d18a81a6093702dcbac22cb04f342ce4afd0fd46722717abd0cb2347ac956aa0150f443de4ea5f1e2bf09ddcc51558a72f865e7efb8940b4e261a2a82c67afeafdfec1ff838333c3237ad8e466db9ad5a5b3be5a48fcb454ee6b83828c08e912397e307dbf8bc63d9ebaa", 0x2000, &(0x7f0000001140)={&(0x7f0000000300)={0x50, 0x0, 0x2, {0x7, 0x2b, 0xeca0, 0x267724ee2733dc40, 0x5, 0x0, 0x5, 0x180, 0x0, 0x0, 0x10, 0x8}}, 0x0, &(0x7f0000000100)={0x18, 0x0, 0x2, {0x4}}, &(0x7f0000000180)={0x18, 0x0, 0x6, {0xffffff00}}, &(0x7f0000000580)={0x18, 0xfffffffffffffff5, 0x7f, {0xfffffffa}}, &(0x7f00000005c0)={0x28, 0x0, 0x1, {{0xfffffffffffffff5, 0x5, 0x3, r4}}}, &(0x7f0000000780)={0x60, 0x0, 0xc000, {{0x3, 0x1, 0x0, 0x80000000000000, 0xac2, 0x9, 0x3ff, 0xf}}}, &(0x7f0000000800)={0x18, 0x0, 0x5, {0x9}}, &(0x7f0000000840)={0x1a, 0x0, 0x3, {'/dev/fuse\x00'}}, &(0x7f0000000880)={0x20, 0xfffffffffffffffe, 0x7, {0x0, 0x1e}}, &(0x7f00000008c0)={0x78, 0xfffffffffffffff5, 0x8, {0x7ff, 0x5, 0x0, {0x1, 0x569b, 0x200, 0xffffffffffffffff, 0x5, 0x100000000, 0x5, 0x8, 0x1, 0x4000, 0x52c, r2, r3, 0x0, 0x8}}}, &(0x7f0000000940)={0x90, 0xfffffffffffffff5, 0x10, {0x5, 0x3, 0x2, 0x0, 0xa7da, 0x76, {0x4, 0x0, 0x6f94, 0x93, 0x200, 0x8, 0xfffffffb, 0x7, 0xfffffcaa, 0x2000, 0x10000, r2, r3, 0x6, 0x3}}}, &(0x7f0000000a00)={0x90, 0x0, 0xcc1b, [{0x3, 0x4, 0x5, 0x1, 'fuse\x00'}, {0x0, 0x1, 0x13, 0x4, '/dev/snd/controlC#\x00'}, {0x0, 0x6c5, 0x12, 0x200, '/dev/snd/pcmC#D#p\x00'}]}, &(0x7f0000000c40)=ANY=[@ANYBLOB="58010000240000000000000000000000060000000000000000000000000000000300000000000000090000000000000000010000080000000600000000000000010000000000000000000080000000008500000000000000090000000000000003000000000000002bf6ffff0b0000000100000000400000e7000000", @ANYRES32=r2, @ANYRES32=0x0, @ANYBLOB="03000000b40000000000000005000000000000000c000000000000000a0000009e2a00002f6465762f6675736500000000000000040000000000000003000000000000000100000000000080080000000000000004000000ea00000001000000000700000000000000f7ffffffffffff03000000000000001006000000000000000b000000000000401600000003000000030000000060004000000000", @ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="01000000030000000000000000000000000000001000000000000000010000000c00"/44], &(0x7f0000000f00)={0xa0, 0x0, 0x283a, {{0x5, 0x0, 0xffffffffffffc4da, 0x1000, 0x8000, 0x3566, {0x4, 0x7f, 0x4, 0xfff, 0x1, 0xfffffffffffffffd, 0x1, 0x1, 0x7ff, 0x6000, 0xc486, r2, r3, 0x80, 0xff}}, {0x0, 0x10}}}, &(0x7f0000000fc0)={0x20, 0x0, 0x4, {0x6, 0x0, 0x8, 0xac33}}, &(0x7f0000001000)={0x130, 0x0, 0x3000000000000000, {0x0, 0x6, 0x0, '\x00', {0x1, 0xffff0001, 0x10001, 0x0, r2, r3, 0x8000, '\x00', 0x401, 0x932f, 0x0, 0x7, {0x78a, 0x6dc8}, {0x401}, {0x0, 0x800}, {0xff, 0x7}, 0xfff, 0x2, 0x3ff, 0x1}}}}) 6.979729831s ago: executing program 1 (id=1482): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000240)="13000000", 0x4}], 0x1) 6.92181158s ago: executing program 1 (id=1483): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x8080000, 0xffffffff, 0x0, 0xeffffdff, 0x0, [{0x0, 0x80, 0x0, '\x00', 0x1d}, {0x19, 0x9, 0x0, '\x00', 0x10}, {0xfc, 0x4}, {0xfe, 0x0, 0x7f, '\x00', 0x2}, {0x8, 0x0, 0x5, '\x00', 0xb}, {}, {0xfc, 0x81, 0x27}, {0x0, 0x6, 0x0, '\x00', 0x3}, {0x0, 0x81, 0xfe, '\x00', 0x7f}, {0x8, 0x6, 0xff, '\x00', 0x12}, {0x0, 0x2}, {0x0, 0x50}, {0x4, 0x0, 0x4, '\x00', 0x3}, {0x5, 0x4e}, {0x4, 0x2, 0x4, '\x00', 0xfe}, {}, {0x1, 0x0, 0x4, '\x00', 0x1}, {0x0, 0x0, 0x0, '\x00', 0xfd}, {0x1, 0x4, 0xf, '\x00', 0x3}, {0x80, 0x0, 0x0, '\x00', 0x40}, {0x0, 0x4}, {0x0, 0x0, 0x0, '\x00', 0x2}, {0x1, 0x0, 0x0, '\x00', 0x12}, {0xfc, 0x83, 0xe}]}}) syz_open_dev$mouse(&(0x7f00000001c0), 0x1, 0x18000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0) ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f0000000200)={0x2, &(0x7f0000000180)=[{0x3ff, 0x3, 0xa, 0x3}, {0x5657, 0x9e, 0xf, 0x6}]}) listxattr(0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r5, 0xc1105511, &(0x7f0000000040)={0x8, 0x3, 0x2, 0x4, 'syz1\x00', 0x2}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x4f3, 0x74d, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x30, 0x5, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0xff, 0x1, 0x1, {0x22, 0xbb0}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0xba, 0x7}}}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x250, 0x6, 0x8, 0x54, 0xff, 0x2}, 0x0, 0x0}) unshare(0x40000000) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r7 = openat$sndseq(0xffffffffffffff9c, 0x0, 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00', 0x49}) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r8, 0x84, 0x72, &(0x7f0000000000)={r10, 0x8, 0x30}, &(0x7f0000000040)=0xc) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r6, 0x40505412, &(0x7f0000000440)={0x1, 0x20000006}) 6.202864285s ago: executing program 3 (id=1484): mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) memfd_create(&(0x7f0000000000)='prodM\xb0\xea\a\x06\xbe\xaen/\xce4\xb7\xc1\xef\xba!\x9d\rSt\xa24\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1dz\xd05\xe2e,\xb1\x84\xea\x91^%A\xe5\x9e\x13TdT\xc6^p\xb0#R\x04\x06\xae\xebA;Y\xeb\x8f\xec\xb4\xf9\x17\xb7\x04\xc2\xc0\xc6\xb4\v\xff\xfc\x88\x90\xabC\x02\x00\xf04\x03\x88\xae9\'>R^P{Vr!\xe2W\xc72\xea\xb7Wp\xc36\x96\xffZ\\A@\x00\x00\x00\xc9\xf3Y\xb8\x89#\xa1\xb1)Dk\xeb\xa1\t\x00{u[\xbd\x9d\xf4\xbf\\\xce\x02P\xf2MY\x05^\xffj\x9c\x14\xb7\xb6v\x1d*1>\x00 \x00\x00\x00\x00\x14C?]\x8c\xb4Y\xcf\x80\x85\xd6\x036\xc8~\xa8\f\x00\x00\xb5M\x9a\x9dc\xaaAU\xec\xe06\xed\xe4\xfb\xdf\a\xd0lg\x13\xf9\x8b:s>\xd7s\xef\xb3\x9f#\x15)\xf9\xe10\xc7\xb262\x00\x00\x00\x00\x00\x00\x00\x00Nz\x0eu\x8f\x01\x00\x00\x00\x00\x00\x00\xdd\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\xa7/\x0f\x9b`\xa5\x98\x81a\xeev\x00\x00\x00\x00\a\x10\x00m2\xf2\xd8,\x17\xf8\x8e\xae\xc8\xad\xed<\"\x8e\n\x9d\xb13\x8d\xef\x96\xd2I\"8=tg\xdfU\xd0q\x95/f\xec\xdc\xa3\xe1[\xc0\xaa\xefz\xc9\xf4[\x00\x00\x00Q\xff}5\x94\x88\xa1\xdc\xa1g\xe0q\xc5:\xe4\xdf\x80\xb3,\xb9\xb2\xdc\x81\x9f6\x0f\x84WY\xbfSY`\xb8\a\x19\xb1\x058\xa4\xc3\xbb\xf8aB:\x84\x02?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3o-GU\xb0\x00F\xb3o(aI[\xd6\x9fG\xaeI\x83\x93\x8cC\xc0#\xe0q\xd0Ex|\xdb\xa8\x16\xfe>:\t0\xfd\x8a\xc7\x84\xb5\xc7M-0A\xf0\x94\xf3\xcc\x8d\xbb3\\\"\x882\xb3\xa84\xac\x00\xdd}Ft\xc6\xcc\f}1X#\xe4\xe1\x94i\xce\xa1\xff\x95\x80\xb4T\x9c\x01\xf3\x1cLB\x94m(m\f\xbc\xebY\xa0\xf7\xf0\x9d\x10\xbd\x86\x1by\xe6\xdf\xc0\xc5\xb9\xb9\xbf\xdf~9\nC\xe9\xc5\x0e\xda\x9c(\x9b\"\xc7\x97\xfc\b\xd9\xc2T\xa7*}]\xc8\xb3 .\x9b\x89\x0f\xf8$\xdd>lU\x13EG\xbb1] \xda\x19\xc5\x9b\x15\x95\xc4\xfcw\xbb\x92\x91\xc4\xa6\x907XK\xfc\x17]\xfa\xff\'\xef\x92\x1c\xb8\x1fK\xb2o \xd1\xbd\xb2\x11+\xa3R\xefQ\xc2\xbdW\x05\xec\xb3=@\x03\xc6^\xa2\x15%\xb0\'D#\xb6Q\x8f\x82?S>\x0fP\x9cE\x92{d\xe6\x9cj1\x87\xb3\x01\xde\xe8\x89\xc4s\xb7\x14~}\xaa\x8c\xc3\x95BAE\xf2.\x8f#;a\x94\"\xd1U\xff\xe8v\xd3\x84d\xf4\x134\xa6XI\xe5h\xaa\x15\x9a\xf7Z\xe3%\x88p\x90\xbb\x9dt\xa3\xe1\r\x8d\x94\"\x19\x8b\x17)\xea\xd5\x17\xeb\xe4\x1b\x0fBZ1\xbe\xee\xfa\x1c\xf9\xa6\x11\x94\x06\\P:\xaf\xcex\xc2\x82\x9a\x16\xfc\xa1\xf9q\x12\xe3\x1a\xdc\xb7\x12\xbba\b\xbb\xed\xb2\xd1W\xe2\x8b\x8d8}\x10W\xbd\xa60A\xc3\x03\xfa\x890\x86#\bQ\xcb)\x00]\x9e\x14\xd2\xea\x82\xa8\xb7ZG\x15r\xf1\t\x00\x00\x00 \xc1\xaf\x19?\x00\\\x91\x13\x1b8\xe1\xc3\xa4\v\x94\xbfJ\xb5\xde\x95\x82\x00]B|\xe2[%\xe3\xf0\x04\xba\xed\xdb\xf5\x7f\x9d\xfe>\xf6m$M&\x7fq]\xe4\xf6\x82\xc3\x00\xb1zg}\x99E\xa4\x19\xe9\x1a4a\xd75D-k\x84\xa6\x12+\xebk\xa1\xfek\x89\xef\x18\xc1)6\xa65\xe2D\xbe\xe1\xdfq\xdd68\xf37g\xab9m\xe7\xddO\v?\xe0\xbe}\xa9U\xc7{\xd3\x16W\xbb\xe5\xd2\x93\xfe\xa4\x9d\r$\xe91c8`\x86\xbc)\xe29\xc3}\xb9P\xd5F\xc6\x12\x8c_x\xa8\xfa\xb5K\x03\x85\x93k\xe1\x8e\x1f)\".\xcc\'\v\xa6\x1bj\\\n\xe98yA\xd8T\x85\x80A\xcbo\x99\x99\xeb)r\x1a\xce\x18(\x185LL\xbcOeO\'\xe2\x86&\xe4\xe2\xe7~\x92\xa2\xb2\x1b\xc3\x00\x85\xce\xad7\x87\xa0\xfcc\xf5\xf8\xaf\v,q\xd4\x18\xbdM\x1a\xde\xba*L\x05m6\xecH\xd0T\xb8m\xdb\b\xa6\x02\xfb\x13\xac\x91\x8a\x8d\x94\x93\x8d=\xb1\x84\x9c\x9b\xe5\xc7\xa6\xc9Q\xc1eUc\xcc\x180^\x00\x00\x00\x00\x00\x00\x00\x00\xe7]6+\\\x00\x00\x00\x00?#C.\x1dj\xd9\xc3\xdd&\x80g:N\xec\x06[\x8f\x92\xe2\xb01\xb0\xef\x10,\xde\xf3\x86D\x8b\xf7\xf1>AH\xef\\\xf9\x8b\a\xe0\xb2\xcb\xf0\x97\b\r\xd5`\xb9\xd6\xa4\x1e\xbe\x12-}\xc5\x84\xde@\x18\x87\f\x01O\xedS\x8f\x9en,\xbce\xb2\xe4\x82v\x1c\xed\x84-s\xab\x06b\x9c\xba\xec\xa5\xc9A\x84\xd0\xe0 S\xc8\xa2\xaf\x85\v\xad\xa5\x88\xcf\xb6}`\x14\'\xea\xbfN\xac)\xa1\xe8\xb2\x9f\x112TJ\x16\x8c9\xe9\xf5\x18\x15Dd\x8a%>\x91\x93\x88\xe9\x18\x82]\x9e&\xfa\xaa\xfa8Z2\x00'/1301, 0x3) r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) socket$inet_udp(0x2, 0x2, 0x0) io_setup(0x7, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x8004, 0x4) syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004d"], 0x0) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0x5}], 0x40002ff, 0x2, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x87, 0x0, 0xee00}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x8d, 0x0, 0x4}, {0x0, 0x4000000000009, 0x40000000000000, 0x800}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@local, 0x0, 0x6c}, 0xa, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0x0, 0x5, 0x6}}, 0xe8) sendmmsg$inet6(r1, &(0x7f0000000880)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x4001) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f000000c3c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10408}}, 0x50) syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000f60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1997e358660e994000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000056087d7200000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r3, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0x0, 0x0, 0x0, {0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3966, 0x6, 0x8000, 0x4, r5, r6, 0xe, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) write$tcp_congestion(r7, &(0x7f00000000c0)='lp\x00', 0xfffffdef) dup2(r7, r3) r8 = dup(r2) write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c) openat(0xffffffffffffff9c, 0x0, 0x2c41, 0x0) 5.456270696s ago: executing program 2 (id=1485): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x0, &(0x7f0000000040)}) r1 = open_tree(0xffffffffffffff9c, 0x0, 0x0) faccessat(r1, 0x0, 0x5) r2 = syz_open_dev$media(&(0x7f0000000100), 0x0, 0x0) r3 = socket$inet(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00') syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000130d00"/20, @ANYRES32=0x0, @ANYBLOB="d11101000000000008000500", @ANYRES32=r4, @ANYBLOB="140012800c0001006d6163766c616e"], 0x3c}, 0x1, 0x0, 0x0, 0x4004014}, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000540)={'bond0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x3b, 0x2, [{0x301}, {0xfffffffd}]}}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x16}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x6c}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f00000016c0)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @remote}, @echo}}}}, 0x0) r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x8241, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io(r7, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$MEDIA_IOC_SETUP_LINK(r2, 0x401c5820, &(0x7f0000000c80)) 4.15487215s ago: executing program 4 (id=1486): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000080)="0f20e06635020000000f22e066b9490900000f320fae0cb8a2008ec0ba4000b021ee360f786ca1ba4100ed66b9740200000f320f01c80f32", 0x38}], 0x1, 0x34, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x68, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async, rerun: 64) syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x58b9c26c7b96d59a) (rerun: 64) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 32) openat$vcsa(0xffffffffffffff9c, 0x0, 0x208402, 0x0) (async) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x41045508, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) (async, rerun: 64) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xe) (rerun: 64) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f0000000300)=0x1) (async, rerun: 32) ioctl$PPPIOCSFLAGS1(r5, 0x40047459, &(0x7f0000000000)=0x5a0411) (rerun: 32) r6 = syz_open_dev$dri(0x0, 0x1ff, 0x10040) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000140)={&(0x7f0000000640)}) r7 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r7, 0xc0745645, &(0x7f0000000000)={0xbcad, [0x1, 0x8001, 0xb, 0xc1fc, 0x94c, 0x100, 0x1, 0xfde8, 0x6, 0x8, 0x83, 0x5, 0x6, 0x4, 0x5, 0x9, 0x204, 0x2, 0x52, 0x0, 0x7fff, 0x4, 0x80, 0x9, 0x5, 0x5, 0xfff, 0xb12, 0x8, 0x8, 0x0, 0x1000, 0xe, 0xffff, 0x3, 0x10, 0x2, 0xb5e, 0x3, 0x7, 0x5, 0x1ff, 0x8000, 0x48, 0x8, 0x4, 0x9, 0x4], 0x7}) (async, rerun: 64) open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) (async, rerun: 64) socket$can_j1939(0x1d, 0x2, 0x7) (async) fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x1) (async) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$packet(0x11, 0x3, 0x300) (async) socket$inet6(0xa, 0x2, 0x0) 3.986773909s ago: executing program 0 (id=1487): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffe, &(0x7f0000000200)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3800}, [@RTA_DST={0x8, 0x1, @remote}]}, 0x24}}, 0x0) 3.77971775s ago: executing program 0 (id=1488): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200"/66, @ANYRES32=0x41424344], 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0), 0x12) openat$vcsu(0xffffff9c, &(0x7f0000000180), 0x88080, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='0.::/', 0x0) r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0xbe912100) 3.63329308s ago: executing program 4 (id=1489): socket$key(0xf, 0x3, 0x2) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet(r0, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000001b00)="b43c", 0x2}], 0x1, &(0x7f0000000500)=ANY=[@ANYBLOB="9757bac5675d30bb7f94eb10000000c8260d2d000000c110cfd222cae628619bd85058bb29db2c75cde7c5eb47bce2f434a1e55c64d971583e3c43cba993678fe2ad9800e3c34e479969c25327139c96728f406b9f371591b67d0a36"], 0x10}, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000900000003000000fcffffff01000000", @ANYRES32, @ANYBLOB="0300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000fbfffffffff4ffff000000000000000200000000000100"], 0x50) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000140)={0x0, 0xffbe, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[], 0x1c}}, 0x26040159) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r3, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x80) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r2, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000740)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="100025bd7000fedbdf25190038a7b704ecb51057b41a6752b7e7a3e1546f65107411666b26fc3469b6dd6baee3e90bd68cafebee2c1b2c8b3b118e15cee95f1aa69c14802953a5689b5e342c252ab142a1be9b844996ff22035e9bb8fed9e6cc6ecdd5bf258ad21a98a26895171f780b66fea4a652391cdc809c4c75c9c8cc", @ANYRES32=r5, @ANYBLOB="0c009900100000003000000005001d00070000000500a30000000000050060000100000006006d00000000000500a3000000000005001e0002000000"], 0x58}, 0x1, 0x0, 0x0, 0x40010}, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x1}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffe}, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$VT_OPENQRY(r6, 0x5600, &(0x7f0000000100)) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r7, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r7, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10) 3.627812719s ago: executing program 1 (id=1490): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000000000000f0070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a300000"], 0xc8}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800) 3.443769626s ago: executing program 4 (id=1491): socket(0x1, 0x80802, 0x0) unshare(0x20400) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x20000, 0x0) close(r0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) 3.429894813s ago: executing program 1 (id=1492): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x800000000000003, 0x22542) close(r0) socket$kcm(0x10, 0x2, 0x0) syz_usb_connect(0x6, 0x36, &(0x7f0000000040)=ANY=[], 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0xfffffffffffffffe, 0x3, 0xb086}, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) socket(0xa, 0x3, 0x3a) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$l2tp(r3, 0x0, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2061, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0xc00, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) 3.381910601s ago: executing program 0 (id=1493): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000240)="130000000202", 0x6}], 0x1) 3.319552037s ago: executing program 2 (id=1494): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000580)={'gretap0\x00', &(0x7f0000001440)=@ethtool_dump={0x3f, 0x2c1, 0x7}}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff024}, {0x30, 0x0, 0x0, 0xfffff038}, {0x6}]}, 0x10) sendmmsg$inet(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000040) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x200, 0x0, @mcast1, 0xff}, 0x1c) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x66, &(0x7f00000004c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbbbbbbbbbbbbb86dd60003a0400033afffe8000000000000000000000000000bbff020000000000000000000000000001"], 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)={0x1c, r4, 0xfc5, 0x70bd2a, 0x0, {{0x11}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4804}, 0x0) 3.194373941s ago: executing program 0 (id=1495): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f000905", @ANYRES32], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)={0x4c, 0x13, 0xa03, 0x70bd2c, 0x25dfdbff, {0x6, 0x34, 0x9, 0x0, {0x4e20, 0x4e21, [0x3, 0x5, 0x5cf, 0x9], [0xd, 0x0, 0x7ff, 0x1], 0x0, [0x4, 0x7f]}, 0x401, 0x9}}, 0x4c}, 0x1, 0x0, 0x0, 0x20008000}, 0x14) syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f0000000100)={0x2, 0x100, 0x0, 0x2, 0x1947, 0xf}) socketpair(0x25, 0xa, 0x1ff, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f00000000c0)) r3 = socket(0x10, 0x800, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newtclass={0x94, 0x28, 0x10, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0x6, 0x5}, {0xe, 0xc}, {0xc}}, [@tclass_kind_options=@c_drr={{0x8}, {0xc, 0x2, @TCA_DRR_QUANTUM={0x8, 0x1, 0x2}}}, @tclass_kind_options=@c_clsact={0xb}, @TCA_RATE={0x6, 0x5, {0x95, 0x4}}, @TCA_RATE={0x6, 0x5, {0x4, 0xff}}, @tclass_kind_options=@c_red={0x8}, @tclass_kind_options=@c_qfq={{0x8}, {0x24, 0x2, [@TCA_QFQ_WEIGHT={0x8, 0x1, 0x6}, @TCA_QFQ_LMAX={0x8, 0x2, 0x7}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x1}, @TCA_QFQ_LMAX={0x8, 0x2, 0xb}]}}, @tclass_kind_options=@c_netem={0xa}]}, 0x94}, 0x1, 0x0, 0x0, 0x24040800}, 0x44040) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="53df2b456239aaaaaaaaaabb0800450400000000000000889078e0000002ffffffffba2c67c3b5da5af2"], 0x0) 3.071739831s ago: executing program 2 (id=1496): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000002c0)={{{@in, @in=@local, 0x0, 0x8, 0x0, 0x0, 0xa, 0x50, 0x180, 0x2b}, {0x0, 0x0, 0x0, 0x0, 0x7}, {0x0, 0x3}, 0x0, 0x0, 0x1, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x42}, 0x0, 0x6c}, 0x0, @in6=@remote, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe}}, 0xe4) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$uinput_user_dev(r2, &(0x7f0000000240)={'syz0\x00', {0x508, 0x7, 0x7, 0x1}, 0x4a, [0x5f11bec3, 0x3, 0x5, 0x40, 0x0, 0x3, 0x0, 0x7d, 0x80013, 0x5, 0x0, 0x6, 0x0, 0x0, 0x4000000, 0x2, 0x1a4, 0xfffff605, 0x3, 0x0, 0x80, 0x7ff, 0xe2b, 0x7, 0x681c1eb5, 0x11e, 0x0, 0x2, 0x0, 0xe9, 0x0, 0xffff, 0x9, 0x4, 0x0, 0x3, 0x0, 0x0, 0x5de82a4e, 0x0, 0x0, 0x20000, 0x4, 0xfffffffe, 0x1, 0x0, 0x8000, 0x7, 0x0, 0xe0, 0x3fd, 0x5, 0xfffffff7, 0x0, 0xf685, 0x0, 0x1ab9, 0x0, 0x2, 0x0, 0xfffffffb, 0x1c15d73a, 0x2], [0x0, 0x0, 0x0, 0x0, 0x4, 0x1, 0x8, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x0, 0x61c5fb46, 0x10000, 0x80, 0x4, 0x10001, 0x75, 0x0, 0x4, 0x0, 0xd, 0x80000000, 0x0, 0x61c2, 0x9, 0x0, 0x9, 0x2, 0xff, 0x2, 0x10001, 0x3, 0x0, 0x7, 0xfffffffb, 0xffffff00, 0x0, 0x10, 0x0, 0x0, 0x0, 0x1, 0xffff, 0x9, 0x441238ca, 0x0, 0x0, 0x0, 0xfffffff9, 0x2, 0x7fffffff, 0x6, 0x9], [0x0, 0xc50, 0x3, 0x9f5, 0x0, 0xa02, 0x1c75, 0xf51, 0x6, 0x40, 0x0, 0x21, 0x20000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x205, 0x5, 0xfffffffd, 0xc, 0x0, 0x200, 0xcc0, 0x401, 0x6, 0x6, 0x0, 0x0, 0xffffff7f, 0xe, 0x921, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x15960318, 0x0, 0x0, 0x0, 0xfffffffc, 0x9, 0x5, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffe, 0x4, 0x0, 0x6574, 0x7, 0x0, 0xcd55, 0xfb], [0x0, 0x6, 0x0, 0x2, 0x1, 0xffffffff, 0x5, 0x200, 0xffffffff, 0xd63, 0x6, 0x0, 0x0, 0x0, 0xfffffffa, 0xfa3, 0x3ff, 0x8, 0x4, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x194e, 0x0, 0xe793, 0x4ad, 0x0, 0x0, 0x80000001, 0x3, 0x0, 0x0, 0x101, 0x0, 0x1, 0x0, 0x40, 0x8000010, 0x0, 0x5, 0x0, 0x0, 0x7ff7, 0x6, 0x800, 0x5, 0xd, 0x0, 0x40000000, 0x0, 0x4, 0x45d, 0x4, 0x0, 0xfff, 0xb2, 0xa, 0xb]}, 0x45c) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) pwritev(r3, &(0x7f0000000580)=[{&(0x7f0000000240)="01000000", 0x4}, {&(0x7f0000000280)="f697079a161cfb7702711e629acda76933ddd0c205", 0x15}, {&(0x7f00000002c0)="c27d037369597e0a4e", 0x9}], 0x3, 0xfffffffe, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, 0x0, &(0x7f0000000180)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x4e1, 0x0, 0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) r9 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x42) ioctl$SCSI_IOCTL_SEND_COMMAND(r9, 0x1, &(0x7f0000000000)={0x0, 0x8, 0x4000bf}) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003100000002200000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x20040040) 3.036442669s ago: executing program 4 (id=1497): socket(0x3, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000044c0), 0x141802) ioctl$SNDRV_TIMER_IOCTL_TREAD(r2, 0x40045402, &(0x7f0000004500)) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000140), 0x59fa, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffe}, 0x0) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r4, 0x29, 0xc8, 0x0, 0x0) r5 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'macvlan0\x00', &(0x7f0000000040)=@ethtool_gstrings={0x1b, 0x3}}) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x20}}, 0x0) 2.942806706s ago: executing program 3 (id=1498): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000940)={0xa, 0x100, 0x3, {0x8000, 0x4, 0x2d0, 0x870}}) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRES64=r1], 0x7c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) r4 = socket(0x10, 0x803, 0x2) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000500)={&(0x7f0000004000)={0x14, 0x0, 0x300, 0x70bd28, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0x8010) sendmmsg$inet6(r3, &(0x7f0000000780)=[{{&(0x7f0000001140)={0xa, 0x4e23, 0x0, @private2, 0x2}, 0x1c, &(0x7f0000000080)=[{&(0x7f00000011c0)="99", 0x1}], 0x1}}, {{&(0x7f0000000240)={0xa, 0x4e22, 0xb7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x8}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000400)="f64c8fd3e81287", 0x7}], 0x1}}], 0x2, 0x0) r5 = fsopen(&(0x7f0000000000)='aufs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f00000000c0)='\x00', 0x0, r1) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4-generic)\x00'}, 0x58) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r3, 0x84, 0x23, &(0x7f0000000040)={0x0, 0x76d}, 0x8) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001008c000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000580)={0x0, 0x0, 0x13}, 0x18) prctl$PR_SCHED_CORE(0x3e, 0x1, r7, 0x0, &(0x7f0000000080)) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000280)="f30faa0f01c80f01c2b8010000000f01d90f015eeb260f01c90f3266ba4300b0e6ee0f06f30f09", 0x27}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) quotactl$Q_SYNC(0x80000301, 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x604000, 0x0) quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) 2.019636745s ago: executing program 3 (id=1499): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140)=0x7ffd) ioctl$PPPIOCSPASS(r2, 0x40107447, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x880) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r4, &(0x7f0000000300)=[{0x84, 0x77, 0x0, 0x0, @tick, {0xfd, 0xfb}, {0x7}, @raw32={[0x2, 0xffffffff, 0x8000000]}}, {0x2, 0x0, 0x5, 0x83, @tick, {0xf9}, {}, @note={0x81}}, {0x6, 0x3, 0x9, 0x3, @tick=0x2001, {0x10, 0x5}, {0xd, 0x2}, @queue={0x0, {0x90a, 0x2d0}}}], 0x54) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01) write$sndseq(r5, &(0x7f00000000c0)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {}, {}, @result}], 0x1c) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) io_uring_register$IORING_REGISTER_PROBE(r1, 0x8, &(0x7f0000000400)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x3b) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r7, 0x4018aee3, &(0x7f0000000300)=@attr_pmu_filter={0x0, 0x1, 0x1, &(0x7f0000000280)={0xb2a, 0x800, 0x2}}) r8 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r8, 0x11b, 0x4, &(0x7f0000000240)={&(0x7f0000000200)=""/58, 0x304000, 0x800, 0x8, 0x3}, 0x20) ioctl$UFFDIO_COPY(r6, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) 1.876105307s ago: executing program 2 (id=1500): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x2c, r0, 0x1, 0x0, 0x25dfdbfd, {0x1b}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}]}]}, 0x2c}}, 0x40000d5) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000680)={'filter\x00', 0x7, 0x4, 0x3c8, 0x0, 0x110, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0xffffff, 0x0, 0x7, 0x0, {}, {@mac, {[0x0, 0xff]}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'macvlan1\x00', 'veth1_macvtap\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac, @remote, @multicast1, 0x2, 0x1}}}, {{@arp={@multicast2, @rand_addr, 0xff, 0x0, 0xc, 0x3, {@empty, {[0xff, 0xff]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}, {[0x0, 0x0, 0xff]}}, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 'team_slave_0\x00', 'veth0\x00', {0xff}}, 0xc0, 0xe8}, @unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x4}}}, {{@arp={@local, @remote, 0x0, 0x0, 0x0, 0xb, {@mac, {[0x0, 0x0, 0xa86e373238e3ef48, 0xff]}}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_bond\x00', 'geneve1\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0xfffffffd}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x418) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000100)=ANY=[@ANYRES32=r0], 0x44}, 0x1, 0x0, 0x0, 0x8004}, 0x44000) prctl$PR_SET_SECUREBITS(0x1c, 0x3) 1.714367228s ago: executing program 2 (id=1501): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, &(0x7f0000000080)={0xeeef0000, 0xdddd0000, 0xe, 0xb, 0x8}) socket$inet6_tcp(0xa, 0x1, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) dup(r7) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 904.325753ms ago: executing program 3 (id=1502): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000600)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000800)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7000fbdbdf252100000008000300", @ANYRES32=r3, @ANYBLOB="0c007d80040002"], 0x28}, 0x1, 0x0, 0x0, 0x24000845}, 0x40000) 854.618752ms ago: executing program 2 (id=1503): socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(0xffffffffffffffff, 0x4068aea3, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, r3, 0x0) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44000}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x15) sendmsg$netlink(r5, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000180)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) r6 = syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2) syz_io_uring_setup(0xc61, &(0x7f00000002c0)={0x0, 0x5fa2, 0x800, 0x3, 0x8129b}, 0x0, &(0x7f0000000380)) ioctl$VIDIOC_DQBUF(r6, 0xc0585611, &(0x7f0000000080)=@mmap={0x7, 0x8, 0x4, 0x1901, 0x7ff, {0x0, 0x2710}, {0x6, 0x8, 0x0, 0x1, 0x7, 0x4d, "7ac26a7c"}, 0x2, 0x1, {}, 0xe0ee}) rseq(0x0, 0x0, 0x0, 0x0) r7 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_IPV6_DSTOPTS(r7, 0x29, 0x3b, &(0x7f0000000000)={0xc}, 0x8) r8 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x440, 0x270, 0x168, 0x9, 0x0, 0xb, 0x370, 0x250, 0x250, 0x370, 0x250, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', [], [], 'ip6tnl0\x00', 'sit0\x00', {}, {}, 0x6c}, 0x6000000, 0x230, 0x270, 0x0, {0x0, 0x28e}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x0, 0x7ff, 0x0, 0x0, 0x0, 0x6, 0x1000}}}, @common=@inet=@ipcomp={{0x30}, {[], 0x12}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a0) r9 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) get_robust_list(r9, &(0x7f0000000100)=&(0x7f00000000c0), &(0x7f0000000140)=0x18) kcmp(r9, r4, 0x5, r1, r0) 777.840571ms ago: executing program 3 (id=1504): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_io_uring_setup(0x88a, &(0x7f0000000140)={0x0, 0xa65a, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r2, 0x0, 0x0, 0x0, 0x24004014}) io_uring_enter(r3, 0x47f6, 0x0, 0x2, 0x0, 0x41) 632.655354ms ago: executing program 0 (id=1505): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0x6ad01, 0x0) writev(r0, &(0x7f0000000140)=[{&(0x7f0000000240)="130000000202", 0x6}], 0x1) 150.85481ms ago: executing program 1 (id=1506): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) stat(&(0x7f0000000100)='./file0\x00', 0x0) lremovexattr(&(0x7f0000000080)='./file0\x00', 0x0) syz_pidfd_open(0x0, 0x0) getpeername$inet(0xffffffffffffffff, 0x0, 0x0) 67.669353ms ago: executing program 0 (id=1507): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xd9, 0x72, 0xa4, 0x40, 0x20b7, 0x1540, 0xb75a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r1 = syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="1e46a04b61756c745f7065726d697373696f6e732c616c6c6f77526f746865722c736d61636b6673726f6f743d262c00"], 0x0, 0x0, &(0x7f0000000200)="e24e5f01f44cd7e24c0015c25363ab5a61ba2ce9ed20aa48b4cc62fa50345bf13a4a114a122b5aeffe4f869abb3b7f0b3fb8ca8f24dcd337cd855dfc0de54fc79107f13d205ae7075c555f253ad84428056b7f5852d68139126a8d0ce216b9306295e7e44911285d59a3f7d78d30083b9122d8db105c3114b6") getdents64(r1, &(0x7f00000000c0)=""/45, 0x2d) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000100)={0x0, 0x13, 0x1, "80"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000d00)={0x44, &(0x7f0000000ac0)={0x20, 0x3, 0x2, "a1a4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000640)={0x2c, &(0x7f00000003c0)={0x0, 0x3, 0x2, '{r'}, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 1 (id=1508): r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8101, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) pause() syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r3 = socket$inet_smc(0x2b, 0x1, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000100)=@l2={0x1f, 0x81, @none, 0xf66e}}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f0000000000)={0x0, 'macvlan1\x00'}, 0x18) kernel console output (not intermixed with test programs): 3.333352][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.399831][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.438851][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.501448][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.522474][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.548145][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.584019][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.659016][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.682669][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.878863][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.887549][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.898154][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.921447][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.952033][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.974385][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 313.993671][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.010887][ T5895] usb 5-1: USB disconnect, device number 38 [ 314.023615][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.041686][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.053843][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.128221][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.205373][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.213152][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.222627][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.230511][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.243083][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.251766][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.262977][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.273513][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.283342][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.313986][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.325536][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.364631][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.384664][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.392099][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.431717][ T8961] netlink: 20 bytes leftover after parsing attributes in process `syz.0.922'. [ 314.443545][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.461624][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.469561][ T8961] netlink: 124 bytes leftover after parsing attributes in process `syz.0.922'. [ 314.484850][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.505264][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.533054][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.574671][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.582085][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.623502][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.638595][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.673798][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.691921][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.705887][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.717226][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.748785][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.758448][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.766623][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.778722][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.837712][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.898064][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.926206][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.931310][ T8969] netlink: 12 bytes leftover after parsing attributes in process `syz.4.925'. [ 314.933643][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 314.993620][ T8971] syzkaller1: entered promiscuous mode [ 314.995586][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.019558][ T8969] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 315.034790][ T8971] syzkaller1: entered allmulticast mode [ 315.038720][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.064981][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.072421][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.087318][ T8969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.925'. [ 315.237340][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.245261][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.275597][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.291978][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.299670][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.314747][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.322193][ T5926] hid-generic 0011:0000:0000.000E: unknown main item tag 0x0 [ 315.332175][ T8971] netlink: 4 bytes leftover after parsing attributes in process `syz.0.926'. [ 315.335629][ T5926] hid-generic 0011:0000:0000.000E: hidraw0: HID v0.00 Device [syz0] on syz0 [ 315.362409][ T5926] usb 3-1: USB disconnect, device number 37 [ 316.008802][ T5926] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 316.221223][ T5926] usb 3-1: config 0 has no interfaces? [ 316.231916][ T5926] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 316.267648][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.289421][ T8993] netlink: 8 bytes leftover after parsing attributes in process `syz.0.932'. [ 316.296722][ T5926] usb 3-1: Product: syz [ 316.313008][ T5926] usb 3-1: Manufacturer: syz [ 316.326710][ T5926] usb 3-1: SerialNumber: syz [ 316.342757][ T5926] usb 3-1: config 0 descriptor?? [ 316.939395][ T8996] random: crng reseeded on system resumption [ 317.071764][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.084462][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.399534][ T9008] usb usb8: usbfs: process 9008 (syz.1.937) did not claim interface 2 before use [ 319.031033][ T9018] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.048678][ T5894] usb 3-1: USB disconnect, device number 38 [ 319.065056][ T9018] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 319.176924][ T9021] ptrace attach of "./syz-executor exec"[5857] was attempted by "./syz-executor exec"[9021] [ 319.475855][ T9023] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.597843][ T9023] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 319.935017][ T9018] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.959896][ T9018] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.873555][ T9036] FAULT_INJECTION: forcing a failure. [ 320.873555][ T9036] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 321.160053][ T9036] CPU: 0 UID: 0 PID: 9036 Comm: syz.0.945 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 321.160086][ T9036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 321.160099][ T9036] Call Trace: [ 321.160108][ T9036] [ 321.160117][ T9036] dump_stack_lvl+0x241/0x360 [ 321.160156][ T9036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.160186][ T9036] ? __pfx__printk+0x10/0x10 [ 321.160227][ T9036] should_fail_ex+0x424/0x570 [ 321.160255][ T9036] prepare_alloc_pages+0x220/0x610 [ 321.160287][ T9036] __alloc_frozen_pages_noprof+0x162/0x5b0 [ 321.160316][ T9036] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 321.160347][ T9036] ? dev_hard_start_xmit+0x7d0/0x840 [ 321.160383][ T9036] alloc_pages_mpol+0x339/0x690 [ 321.160410][ T9036] ? __local_bh_enable_ip+0x168/0x200 [ 321.160430][ T9036] ? lockdep_hardirqs_on+0x9d/0x150 [ 321.160459][ T9036] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 321.160485][ T9036] ? __dev_queue_xmit+0x2f9/0x3f60 [ 321.160520][ T9036] vma_alloc_folio_noprof+0x12d/0x260 [ 321.160552][ T9036] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 321.160593][ T9036] folio_prealloc+0x2e/0x170 [ 321.160615][ T9036] do_wp_page+0x14f6/0x5e00 [ 321.160648][ T9036] ? __lock_acquire+0xad5/0xd80 [ 321.160684][ T9036] ? __pfx_do_wp_page+0x10/0x10 [ 321.160719][ T9036] ? __lock_acquire+0xad5/0xd80 [ 321.160745][ T9036] ? do_raw_spin_lock+0x151/0x370 [ 321.160796][ T9036] handle_pte_fault+0xfaf/0x61c0 [ 321.160830][ T9036] ? __pfx_ip_finish_output2+0x10/0x10 [ 321.160854][ T9036] ? ip_skb_dst_mtu+0x8b5/0xbc0 [ 321.160873][ T9036] ? ip_skb_dst_mtu+0x147/0xbc0 [ 321.160898][ T9036] ? __pfx_handle_pte_fault+0x10/0x10 [ 321.160931][ T9036] ? ip_send_skb+0x9b/0x100 [ 321.160955][ T9036] ? udp_send_skb+0xc1c/0x1650 [ 321.160993][ T9036] ? dst_release+0x72/0x1b0 [ 321.161033][ T9036] ? mtree_range_walk+0x700/0x8e0 [ 321.161069][ T9036] handle_mm_fault+0x1129/0x1bf0 [ 321.161099][ T9036] ? mt_find+0x28a/0x8f0 [ 321.161154][ T9036] ? __pfx_handle_mm_fault+0x10/0x10 [ 321.161209][ T9036] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 321.161242][ T9036] exc_page_fault+0x2bb/0x920 [ 321.161276][ T9036] asm_exc_page_fault+0x26/0x30 [ 321.161296][ T9036] RIP: 0010:__put_user_4+0xd/0x20 [ 321.161322][ T9036] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 [ 321.161340][ T9036] RSP: 0018:ffffc9001b5af9b8 EFLAGS: 00050202 [ 321.161361][ T9036] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000007ff8 [ 321.161375][ T9036] RDX: 0000200000007fc0 RSI: ffffffff8e4fde72 RDI: ffffffff8ca1b760 [ 321.161390][ T9036] RBP: ffffc9001b5afed0 R08: 0000000000000001 R09: 0000000000000000 [ 321.161402][ T9036] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc9001b5afd20 [ 321.161415][ T9036] R13: 000000000000002d R14: ffffc9001b5afd00 R15: 1ffff920036b5f48 [ 321.161449][ T9036] __sys_sendmmsg+0x524/0x7b0 [ 321.161486][ T9036] ? __pfx___sys_sendmmsg+0x10/0x10 [ 321.161549][ T9036] ? rcu_read_lock_any_held+0xbb/0x160 [ 321.161577][ T9036] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 321.161609][ T9036] ? vfs_write+0xb29/0xd10 [ 321.161645][ T9036] ? ksys_write+0x24e/0x2d0 [ 321.161672][ T9036] ? __mutex_unlock_slowpath+0x229/0x800 [ 321.161730][ T9036] ? ksys_write+0x275/0x2d0 [ 321.161768][ T9036] __x64_sys_sendmmsg+0xa0/0xb0 [ 321.161793][ T9036] do_syscall_64+0xf3/0x230 [ 321.161820][ T9036] ? clear_bhb_loop+0x45/0xa0 [ 321.161844][ T9036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.161864][ T9036] RIP: 0033:0x7f2e6b58e169 [ 321.161881][ T9036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.161898][ T9036] RSP: 002b:00007f2e6c364038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 321.161917][ T9036] RAX: ffffffffffffffda RBX: 00007f2e6b7b5fa0 RCX: 00007f2e6b58e169 [ 321.161941][ T9036] RDX: 000000000000002d RSI: 0000200000007fc0 RDI: 0000000000000003 [ 321.161955][ T9036] RBP: 00007f2e6c364090 R08: 0000000000000000 R09: 0000000000000000 [ 321.161968][ T9036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 321.161980][ T9036] R13: 0000000000000000 R14: 00007f2e6b7b5fa0 R15: 00007f2e6b8dfa28 [ 321.162012][ T9036] [ 321.797168][ T30] audit: type=1326 audit(1744719111.850:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9039 comm="syz.4.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86db38e169 code=0x7ffc0000 [ 321.819376][ C1] vkms_vblank_simulate: vblank timer overrun [ 321.945793][ T30] audit: type=1326 audit(1744719111.850:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9039 comm="syz.4.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f86db38e169 code=0x7ffc0000 [ 321.968541][ T30] audit: type=1326 audit(1744719111.850:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9039 comm="syz.4.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86db38e169 code=0x7ffc0000 [ 321.992782][ T30] audit: type=1326 audit(1744719111.850:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9039 comm="syz.4.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f86db38e169 code=0x7ffc0000 [ 322.015863][ T30] audit: type=1326 audit(1744719111.850:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9039 comm="syz.4.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86db38e169 code=0x7ffc0000 [ 322.049010][ T30] audit: type=1326 audit(1744719111.850:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9039 comm="syz.4.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f86db38cc1f code=0x7ffc0000 [ 322.146109][ T30] audit: type=1326 audit(1744719111.850:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9039 comm="syz.4.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86db38e169 code=0x7ffc0000 [ 322.204984][ T30] audit: type=1326 audit(1744719111.850:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9039 comm="syz.4.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f86db38e169 code=0x7ffc0000 [ 322.227704][ T30] audit: type=1326 audit(1744719111.850:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9039 comm="syz.4.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86db38e169 code=0x7ffc0000 [ 322.250493][ T30] audit: type=1326 audit(1744719111.850:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9039 comm="syz.4.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f86db38e169 code=0x7ffc0000 [ 322.476449][ T9047] program syz.0.947 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 322.542034][ T9047] syz.0.947 (9047): drop_caches: 2 [ 322.594380][ T9047] syz.0.947 (9047): drop_caches: 2 [ 322.620521][ T9048] usb usb8: usbfs: process 9048 (syz.4.949) did not claim interface 2 before use [ 323.534834][ T5894] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 323.662010][ T9067] vlan0: entered allmulticast mode [ 323.671729][ T9067] bond0: entered allmulticast mode [ 323.750851][ T5894] usb 5-1: config 0 has no interfaces? [ 323.779305][ T9068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 323.808846][ T5894] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 323.844203][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.845055][ T9068] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 323.890028][ T5894] usb 5-1: Product: syz [ 323.921613][ T5894] usb 5-1: Manufacturer: syz [ 323.940173][ T5894] usb 5-1: SerialNumber: syz [ 323.981713][ T5894] usb 5-1: config 0 descriptor?? [ 324.267575][ T9081] FAULT_INJECTION: forcing a failure. [ 324.267575][ T9081] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 324.285357][ T9081] CPU: 1 UID: 0 PID: 9081 Comm: syz.0.963 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 324.285390][ T9081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 324.285400][ T9081] Call Trace: [ 324.285406][ T9081] [ 324.285419][ T9081] dump_stack_lvl+0x241/0x360 [ 324.285448][ T9081] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.285470][ T9081] ? __pfx__printk+0x10/0x10 [ 324.285499][ T9081] should_fail_ex+0x424/0x570 [ 324.285519][ T9081] _copy_to_user+0x31/0xb0 [ 324.285543][ T9081] simple_read_from_buffer+0xc4/0x170 [ 324.285569][ T9081] proc_fail_nth_read+0x1ef/0x260 [ 324.285587][ T9081] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 324.285605][ T9081] ? rw_verify_area+0x246/0x630 [ 324.285621][ T9081] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 324.285638][ T9081] vfs_read+0x21f/0xb90 [ 324.285658][ T9081] ? __pfx___mutex_lock+0x10/0x10 [ 324.285679][ T9081] ? __pfx_vfs_read+0x10/0x10 [ 324.285697][ T9081] ? __fget_files+0x2a/0x420 [ 324.285712][ T9081] ? __fget_files+0x39d/0x420 [ 324.285724][ T9081] ? __fget_files+0x2a/0x420 [ 324.285744][ T9081] ksys_read+0x19d/0x2d0 [ 324.285763][ T9081] ? __pfx_ksys_read+0x10/0x10 [ 324.285784][ T9081] ? do_syscall_64+0xb6/0x230 [ 324.285805][ T9081] do_syscall_64+0xf3/0x230 [ 324.285824][ T9081] ? clear_bhb_loop+0x45/0xa0 [ 324.285841][ T9081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.285856][ T9081] RIP: 0033:0x7f2e6b58cb7c [ 324.285869][ T9081] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 324.285882][ T9081] RSP: 002b:00007f2e6c364030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 324.285898][ T9081] RAX: ffffffffffffffda RBX: 00007f2e6b7b5fa0 RCX: 00007f2e6b58cb7c [ 324.285910][ T9081] RDX: 000000000000000f RSI: 00007f2e6c3640a0 RDI: 0000000000000004 [ 324.285919][ T9081] RBP: 00007f2e6c364090 R08: 0000000000000000 R09: 0000000000000000 [ 324.285927][ T9081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 324.285936][ T9081] R13: 0000000000000000 R14: 00007f2e6b7b5fa0 R15: 00007f2e6b8dfa28 [ 324.285958][ T9081] [ 324.504459][ C1] vkms_vblank_simulate: vblank timer overrun [ 324.670972][ T9088] FAULT_INJECTION: forcing a failure. [ 324.670972][ T9088] name failslab, interval 1, probability 0, space 0, times 0 [ 324.750784][ T9088] CPU: 0 UID: 0 PID: 9088 Comm: syz.1.965 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 324.750808][ T9088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 324.750818][ T9088] Call Trace: [ 324.750824][ T9088] [ 324.750831][ T9088] dump_stack_lvl+0x241/0x360 [ 324.750860][ T9088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.750881][ T9088] ? __pfx__printk+0x10/0x10 [ 324.750905][ T9088] ? __pfx___might_resched+0x10/0x10 [ 324.750929][ T9088] should_fail_ex+0x424/0x570 [ 324.750948][ T9088] should_failslab+0xac/0x100 [ 324.750970][ T9088] kmem_cache_alloc_noprof+0x78/0x390 [ 324.750990][ T9088] ? security_inode_alloc+0x37/0x310 [ 324.751017][ T9088] security_inode_alloc+0x37/0x310 [ 324.751040][ T9088] inode_init_always_gfp+0xa0f/0xd90 [ 324.751065][ T9088] ? __pfx_sock_alloc_inode+0x10/0x10 [ 324.751088][ T9088] alloc_inode+0xa3/0x1b0 [ 324.751110][ T9088] __sock_create+0x127/0xa30 [ 324.751139][ T9088] __sys_socket+0x14d/0x3c0 [ 324.751162][ T9088] ? __pfx___sys_socket+0x10/0x10 [ 324.751191][ T9088] __x64_sys_socket+0x7a/0x90 [ 324.751213][ T9088] do_syscall_64+0xf3/0x230 [ 324.751233][ T9088] ? clear_bhb_loop+0x45/0xa0 [ 324.751250][ T9088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.751265][ T9088] RIP: 0033:0x7fc8e6190087 [ 324.751278][ T9088] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.751290][ T9088] RSP: 002b:00007fc8e7071fa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 324.751306][ T9088] RAX: ffffffffffffffda RBX: 00007fc8e63b5fa0 RCX: 00007fc8e6190087 [ 324.751317][ T9088] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 324.751326][ T9088] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 324.751334][ T9088] R10: 0000200000000100 R11: 0000000000000286 R12: 0000000000000001 [ 324.751344][ T9088] R13: 0000000000000000 R14: 00007fc8e63b5fa0 R15: 00007fc8e64dfa28 [ 324.751366][ T9088] [ 324.751399][ T9088] socket: no more sockets [ 324.804728][ T5926] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 325.214605][ T5926] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 325.244069][ T5926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 325.263750][ T5926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 325.319215][ T5926] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 325.395155][ T5926] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 325.404365][ T5926] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 325.433240][ T5926] usb 1-1: Manufacturer: syz [ 325.468152][ T5926] usb 1-1: config 0 descriptor?? [ 325.487316][ T9096] fuse: Bad value for 'fd' [ 325.511657][ T9096] netlink: 12 bytes leftover after parsing attributes in process `syz.1.967'. [ 325.828512][ T9104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 325.872587][ T9104] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 325.890057][ T9104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 325.900264][ T9104] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 325.959778][ T5926] appleir 0003:05AC:8243.000F: unknown main item tag 0x0 [ 326.089304][ T5926] appleir 0003:05AC:8243.000F: No inputs registered, leaving [ 326.188934][ T5926] appleir 0003:05AC:8243.000F: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 326.370194][ T5894] usb 5-1: USB disconnect, device number 39 [ 326.558118][ T9086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 326.571449][ T9086] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 326.770994][ T5926] usb 1-1: USB disconnect, device number 37 [ 327.114631][ T5895] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 327.436905][ T5895] usb 3-1: config 0 has no interfaces? [ 327.461840][ T5895] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 327.724675][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.804904][ T5895] usb 3-1: Product: syz [ 327.809127][ T5895] usb 3-1: Manufacturer: syz [ 327.875696][ T5895] usb 3-1: SerialNumber: syz [ 327.896512][ T5895] usb 3-1: config 0 descriptor?? [ 328.354616][ T5892] usb 1-1: new full-speed USB device number 38 using dummy_hcd [ 328.510290][ T5892] usb 1-1: config 117 has too many interfaces: 34, using maximum allowed: 32 [ 328.521832][ T5892] usb 1-1: config 117 has an invalid interface number: 93 but max is 33 [ 328.544904][ T5892] usb 1-1: config 117 has 1 interface, different from the descriptor's value: 34 [ 328.554993][ T5892] usb 1-1: config 117 has no interface number 0 [ 328.573266][ T5892] usb 1-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65 [ 328.582968][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.591753][ T5892] usb 1-1: Product: syz [ 328.596791][ T5892] usb 1-1: Manufacturer: syz [ 328.601772][ T5892] usb 1-1: SerialNumber: syz [ 328.794407][ T9130] random: crng reseeded on system resumption [ 328.820320][ T5892] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state. [ 328.845415][ T5892] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 328.875040][ T5892] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 328.904571][ T5892] usb 1-1: media controller created [ 328.933202][ T5892] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 329.019501][ T5892] DVB: Unable to find symbol dib7000p_attach() [ 329.043334][ T5892] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 329.055556][ T5892] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 329.067319][ T5892] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design) [ 329.188607][ T5892] usb 1-1: media controller created [ 329.198141][ T5892] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 329.274382][ T5892] dib0700: the master dib7090 has to be initialized first [ 329.282103][ T5892] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design' [ 329.374558][ T5892] rc_core: IR keymap rc-dib0700-rc5 not found [ 329.391033][ T5892] Registered IR keymap rc-empty [ 329.406454][ T5892] dvb-usb: could not initialize remote control. [ 329.420987][ T5892] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected. [ 329.452380][ T5892] usb 1-1: USB disconnect, device number 38 [ 329.496557][ T9137] usb usb8: usbfs: process 9137 (syz.1.977) did not claim interface 2 before use [ 329.511034][ T5892] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected. [ 329.663163][ T9141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 329.722948][ T9141] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 329.950645][ T9141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 329.972403][ T9141] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 330.117044][ T9153] netlink: 16 bytes leftover after parsing attributes in process `syz.0.982'. [ 330.316311][ T9160] netlink: 12 bytes leftover after parsing attributes in process `syz.4.983'. [ 330.539473][ T9160] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 330.542668][ T9161] netlink: 4 bytes leftover after parsing attributes in process `syz.4.983'. [ 330.715723][ T5895] usb 3-1: USB disconnect, device number 39 [ 330.995130][ T9171] capability: warning: `syz.2.987' uses 32-bit capabilities (legacy support in use) [ 331.086727][ T9175] netlink: 'syz.1.988': attribute type 21 has an invalid length. [ 331.165553][ T9175] netlink: 128 bytes leftover after parsing attributes in process `syz.1.988'. [ 331.252591][ T9175] netlink: 'syz.1.988': attribute type 5 has an invalid length. [ 331.278014][ T9175] netlink: 'syz.1.988': attribute type 6 has an invalid length. [ 331.289741][ T9175] netlink: 3 bytes leftover after parsing attributes in process `syz.1.988'. [ 331.311899][ T9179] usb usb8: usbfs: process 9179 (syz.3.989) did not claim interface 2 before use [ 331.584272][ T9183] netlink: 12 bytes leftover after parsing attributes in process `syz.3.991'. [ 331.607281][ T9183] netlink: 16 bytes leftover after parsing attributes in process `syz.3.991'. [ 332.238036][ T9202] netlink: 12 bytes leftover after parsing attributes in process `syz.1.997'. [ 332.325837][ T9202] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 332.343144][ T9208] sch_tbf: burst 8791 is lower than device lo mtu (65550) ! [ 332.419076][ T9209] netlink: 4 bytes leftover after parsing attributes in process `syz.1.997'. [ 332.568006][ T9214] usb usb8: usbfs: process 9214 (syz.3.1001) did not claim interface 2 before use [ 334.543110][ T9243] program syz.0.1010 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 334.975591][ T9247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 335.036474][ T9247] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 335.218991][ T9247] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1012'. [ 335.318160][ T9253] usb usb8: usbfs: process 9253 (syz.2.1014) did not claim interface 2 before use [ 335.555209][ T9258] program syz.2.1015 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 335.657953][ T9258] syz.2.1015 (9258): drop_caches: 2 [ 335.691634][ T9258] syz.2.1015 (9258): drop_caches: 2 [ 336.653707][ T9281] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1022'. [ 336.676801][ T9279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 336.685836][ T9281] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 336.703204][ T9279] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 336.775083][ T9283] input: syz0 as /devices/virtual/input/input26 [ 336.878817][ T9281] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1022'. [ 338.610834][ T9291] usb usb8: usbfs: process 9291 (syz.1.1025) did not claim interface 2 before use [ 339.042489][ T9297] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1027'. [ 339.093392][ T9292] xt_ecn: cannot match TCP bits for non-tcp packets [ 339.214871][ T9300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 339.247985][ T9300] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 339.570955][ T9300] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 340.190136][ T5926] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 340.338434][ T9313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 340.371978][ T9313] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 340.417690][ T5926] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 340.418860][ T9315] netlink: 'syz.2.1034': attribute type 3 has an invalid length. [ 340.432735][ T5926] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 340.563506][ T5926] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 340.574136][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.598297][ T5926] usb 1-1: Product: syz [ 340.612780][ T5926] usb 1-1: Manufacturer: syz [ 340.628978][ T5926] usb 1-1: SerialNumber: syz [ 340.882945][ T9305] raw-gadget.6 gadget.0: fail, usb_ep_enable returned -22 [ 341.079852][ T9321] usb usb8: usbfs: process 9321 (syz.2.1036) did not claim interface 2 before use [ 341.340923][ T9329] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1038'. [ 341.377049][ T9329] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 341.540518][ T9305] raw-gadget.6 gadget.0: fail, usb_ep_enable returned -22 [ 341.825793][ T5926] cdc_mbim 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 341.832546][ T5926] cdc_mbim 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 341.934779][ T5926] cdc_mbim 1-1:1.0: setting rx_max = 2048 [ 342.028046][ T5926] cdc_mbim 1-1:1.0: setting tx_max = 184 [ 342.038052][ T5926] cdc_mbim 1-1:1.0: cdc-wdm0: USB WDM device [ 342.055888][ T5926] wwan wwan0: port wwan0mbim0 attached [ 342.246855][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 342.246872][ T30] audit: type=1326 audit(1744719132.350:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9304 comm="syz.0.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e6b58e169 code=0x7ffc0000 [ 342.275159][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.316362][ T5926] cdc_mbim 1-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.0-1, CDC MBIM, 42:42:42:42:42:42 [ 342.453662][ T30] audit: type=1326 audit(1744719132.350:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9304 comm="syz.0.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f2e6b58e169 code=0x7ffc0000 [ 342.475994][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.627339][ T30] audit: type=1326 audit(1744719132.350:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9304 comm="syz.0.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e6b58e169 code=0x7ffc0000 [ 342.705147][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 342.712031][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 342.718791][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 342.725527][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 342.732527][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 342.739276][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 342.741502][ T30] audit: type=1326 audit(1744719132.350:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9304 comm="syz.0.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f2e6b58e169 code=0x7ffc0000 [ 342.746159][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 342.768236][ T30] audit: type=1326 audit(1744719132.350:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9304 comm="syz.0.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e6b58e169 code=0x7ffc0000 [ 342.774894][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 342.775496][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.797818][ T30] audit: type=1326 audit(1744719132.350:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9304 comm="syz.0.1029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2e6b58dd6b code=0x7ffc0000 [ 342.805003][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 342.838154][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 342.844513][ C1] vkms_vblank_simulate: vblank timer overrun [ 342.851207][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 342.857926][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 342.864351][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 342.871098][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 342.877800][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 342.884539][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 342.894597][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 342.901324][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 342.907947][ C1] cdc_mbim 1-1:1.0: nonzero urb status received: -71 [ 342.914645][ C1] cdc_mbim 1-1:1.0: wdm_int_callback - 0 bytes [ 343.434752][ T5926] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 343.590165][ T5926] usb 3-1: config 0 has no interfaces? [ 343.628721][ T5926] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 343.650524][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.697573][ T5926] usb 3-1: Product: syz [ 343.717455][ T5926] usb 3-1: Manufacturer: syz [ 343.738331][ T5926] usb 3-1: SerialNumber: syz [ 343.776951][ T5926] usb 3-1: config 0 descriptor?? [ 344.038017][ T9358] batadv_slave_1: entered promiscuous mode [ 344.075066][ T976] usb 1-1: USB disconnect, device number 39 [ 344.113317][ T976] cdc_mbim 1-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.0-1, CDC MBIM [ 344.288234][ T9363] usb usb8: usbfs: process 9363 (syz.1.1049) did not claim interface 2 before use [ 344.318772][ T976] wwan wwan0: port wwan0mbim0 disconnected [ 344.597390][ T9369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 344.618481][ T9369] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 344.745427][ T976] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 344.964580][ T976] usb 1-1: Using ep0 maxpacket: 8 [ 344.971715][ T976] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 344.983817][ T976] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 344.998509][ T976] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 345.009012][ T976] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 345.022464][ T976] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 345.031859][ T976] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.004099][ T976] usb 1-1: usb_control_msg returned -71 [ 346.142409][ T976] usbtmc 1-1:16.0: can't read capabilities [ 346.149863][ T5926] usb 3-1: USB disconnect, device number 40 [ 346.287238][ T976] usb 1-1: USB disconnect, device number 40 [ 346.333872][ T9386] No such timeout policy "syz0" [ 346.825889][ T9358] batadv_slave_1: left promiscuous mode [ 346.903582][ T9411] bridge_slave_0: left allmulticast mode [ 346.913707][ T9411] bridge_slave_0: left promiscuous mode [ 346.920022][ T9411] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.409269][ T9420] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1060'. [ 347.428435][ T9411] bridge_slave_1: left allmulticast mode [ 347.434454][ T9411] bridge_slave_1: left promiscuous mode [ 347.440968][ T9411] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.503879][ T9420] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 347.530988][ T9422] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1060'. [ 347.605889][ T5926] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 347.627134][ T9411] bond0: (slave bond_slave_0): Releasing backup interface [ 347.639579][ T9411] bond_slave_0: left promiscuous mode [ 347.656115][ T9411] bond0: (slave bond_slave_1): Releasing backup interface [ 347.669173][ T9411] bond_slave_1: left promiscuous mode [ 347.700551][ T9411] team0: Port device team_slave_0 removed [ 347.723650][ T9411] team0: Port device team_slave_1 removed [ 347.733442][ T9411] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 347.742225][ T9411] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 347.807957][ T5926] usb 3-1: config 0 has no interfaces? [ 347.829512][ T5926] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 347.839673][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.870935][ T5926] usb 3-1: Product: syz [ 347.878009][ T5926] usb 3-1: Manufacturer: syz [ 347.887653][ T5926] usb 3-1: SerialNumber: syz [ 347.912759][ T5926] usb 3-1: config 0 descriptor?? [ 347.955185][ T9411] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 347.963044][ T9411] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 347.999626][ T9411] batman_adv: batadv0: Removing interface: gretap1 [ 348.113994][ T9429] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 348.207184][ T9429] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 348.751496][ T9435] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1064'. [ 348.832685][ T9435] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 348.842521][ T9435] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 348.851998][ T9435] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 348.861377][ T9435] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 349.824681][ T5894] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 349.995538][ T5894] usb 1-1: config 0 has no interfaces? [ 350.018439][ T5894] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 350.044702][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.081333][ T5894] usb 1-1: Product: syz [ 350.102910][ T5894] usb 1-1: Manufacturer: syz [ 350.133675][ T5894] usb 1-1: SerialNumber: syz [ 350.185097][ T5894] usb 1-1: config 0 descriptor?? [ 350.251520][ T9446] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1068'. [ 350.988517][ T9460] netlink: 'syz.3.1073': attribute type 1 has an invalid length. [ 351.007254][ T9460] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1073'. [ 351.633823][ T976] usb 3-1: USB disconnect, device number 41 [ 351.655870][ T9466] program syz.1.1074 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 351.683823][ T9464] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1075'. [ 351.741874][ T9464] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1075'. [ 351.852386][ T9464] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1075'. [ 351.866183][ T9465] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1075'. [ 351.886899][ T9465] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1075'. [ 352.403375][ T9466] syz.1.1074 (9466): drop_caches: 2 [ 352.564179][ T9466] syz.1.1074 (9466): drop_caches: 2 [ 352.927694][ T5941] usb 1-1: USB disconnect, device number 41 [ 353.036129][ T9483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 353.071139][ T9483] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.543286][ T9499] __nla_validate_parse: 7 callbacks suppressed [ 353.543303][ T9499] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1082'. [ 353.592197][ T9499] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 353.688992][ T9501] program syz.2.1083 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 353.720016][ T9501] syz.2.1083 (9501): drop_caches: 2 [ 353.818795][ T9501] syz.2.1083 (9501): drop_caches: 2 [ 354.445708][ T9509] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1086'. [ 354.527665][ T9509] dummy0: entered promiscuous mode [ 354.533008][ T9509] macvtap1: entered promiscuous mode [ 354.539241][ T9510] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1086'. [ 354.596986][ T9512] netlink: 'syz.1.1087': attribute type 1 has an invalid length. [ 354.733982][ T9509] macvtap1: entered allmulticast mode [ 354.755175][ T9509] dummy0: entered allmulticast mode [ 354.971677][ T9512] 8021q: adding VLAN 0 to HW filter on device bond4 [ 355.042545][ T9510] dummy0: left allmulticast mode [ 355.054988][ T9510] dummy0: left promiscuous mode [ 355.116675][ T9522] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1087'. [ 355.668326][ T9541] netlink: 'syz.0.1097': attribute type 1 has an invalid length. [ 355.698721][ T9539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 355.751748][ T9539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 355.981277][ T9541] 8021q: adding VLAN 0 to HW filter on device bond3 [ 356.039861][ T9548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1097'. [ 356.412897][ T9561] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1099'. [ 356.624722][ T5891] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 356.864597][ T5891] usb 3-1: Using ep0 maxpacket: 32 [ 356.884534][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 356.895611][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 356.906675][ T5891] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 356.916110][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.949570][ T5891] usb 3-1: config 0 descriptor?? [ 357.444425][ T9559] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1101'. [ 357.926384][ T9572] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1103'. [ 357.936151][ T9572] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1103'. [ 357.950827][ T9572] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1103'. [ 359.455031][ T5891] usbhid 3-1:0.0: can't add hid device: -71 [ 359.461560][ T5891] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 359.574585][ T5891] usb 3-1: USB disconnect, device number 42 [ 359.785553][ T9594] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1108'. [ 359.815022][ T9594] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 359.854183][ T9594] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1108'. [ 360.036977][ T9599] netlink: 'syz.2.1110': attribute type 1 has an invalid length. [ 360.160425][ T9599] 8021q: adding VLAN 0 to HW filter on device bond5 [ 360.258853][ T9601] bond5: (slave gretap1): making interface the new active one [ 360.267875][ T9601] bond5: (slave gretap1): Enslaving as an active interface with an up link [ 360.287407][ T9605] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1110'. [ 360.977769][ T9612] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1112'. [ 361.075933][ T9604] syz_tun: entered allmulticast mode [ 361.215953][ T9603] syz_tun: left allmulticast mode [ 361.436355][ T9626] FAULT_INJECTION: forcing a failure. [ 361.436355][ T9626] name failslab, interval 1, probability 0, space 0, times 0 [ 361.467372][ T5891] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 361.469978][ T9626] CPU: 1 UID: 0 PID: 9626 Comm: syz.4.1118 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 361.470012][ T9626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 361.470026][ T9626] Call Trace: [ 361.470035][ T9626] [ 361.470045][ T9626] dump_stack_lvl+0x241/0x360 [ 361.470088][ T9626] ? __pfx_dump_stack_lvl+0x10/0x10 [ 361.470121][ T9626] ? __pfx__printk+0x10/0x10 [ 361.470158][ T9626] ? __pfx___might_resched+0x10/0x10 [ 361.470191][ T9626] should_fail_ex+0x424/0x570 [ 361.470221][ T9626] should_failslab+0xac/0x100 [ 361.470255][ T9626] kmem_cache_alloc_noprof+0x78/0x390 [ 361.470286][ T9626] ? io_submit_one+0x156/0x18b0 [ 361.470313][ T9626] io_submit_one+0x156/0x18b0 [ 361.470357][ T9626] ? __lock_acquire+0xad5/0xd80 [ 361.470386][ T9626] ? __pfx_io_submit_one+0x10/0x10 [ 361.470424][ T9626] ? __might_fault+0xaa/0x120 [ 361.470463][ T9626] __se_sys_io_submit+0x17a/0x2e0 [ 361.470498][ T9626] ? __pfx___se_sys_io_submit+0x10/0x10 [ 361.470527][ T9626] ? ksys_write+0x275/0x2d0 [ 361.470565][ T9626] ? do_syscall_64+0xb6/0x230 [ 361.470597][ T9626] do_syscall_64+0xf3/0x230 [ 361.470626][ T9626] ? clear_bhb_loop+0x45/0xa0 [ 361.470660][ T9626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.470682][ T9626] RIP: 0033:0x7f86db38e169 [ 361.470702][ T9626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 361.470722][ T9626] RSP: 002b:00007f86dc28c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 361.470747][ T9626] RAX: ffffffffffffffda RBX: 00007f86db5b5fa0 RCX: 00007f86db38e169 [ 361.470763][ T9626] RDX: 0000200000000400 RSI: 0000000000000001 RDI: 00007f86dc26b000 [ 361.470778][ T9626] RBP: 00007f86dc28c090 R08: 0000000000000000 R09: 0000000000000000 [ 361.470792][ T9626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 361.470806][ T9626] R13: 0000000000000000 R14: 00007f86db5b5fa0 R15: 00007f86db6dfa28 [ 361.470840][ T9626] [ 361.676941][ T9627] program syz.1.1117 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 361.772622][ T9627] syz.1.1117 (9627): drop_caches: 2 [ 361.791433][ T9627] syz.1.1117 (9627): drop_caches: 2 [ 362.036320][ T5891] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 362.055706][ T5891] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 362.100917][ T5891] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 362.162255][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.256847][ T9622] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 362.272035][ T5891] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 362.372670][ T9633] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1120'. [ 362.578567][ T5891] usb 3-1: USB disconnect, device number 43 [ 362.785923][ T9637] FAULT_INJECTION: forcing a failure. [ 362.785923][ T9637] name failslab, interval 1, probability 0, space 0, times 0 [ 362.897919][ T9637] CPU: 1 UID: 0 PID: 9637 Comm: syz.3.1122 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 362.897953][ T9637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 362.897966][ T9637] Call Trace: [ 362.897974][ T9637] [ 362.897983][ T9637] dump_stack_lvl+0x241/0x360 [ 362.898022][ T9637] ? __pfx_dump_stack_lvl+0x10/0x10 [ 362.898053][ T9637] ? __pfx__printk+0x10/0x10 [ 362.898086][ T9637] ? __pfx___might_resched+0x10/0x10 [ 362.898116][ T9637] should_fail_ex+0x424/0x570 [ 362.898144][ T9637] should_failslab+0xac/0x100 [ 362.898174][ T9637] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 362.898205][ T9637] ? __alloc_skb+0x1c2/0x480 [ 362.898231][ T9637] __alloc_skb+0x1c2/0x480 [ 362.898267][ T9637] ? __pfx___alloc_skb+0x10/0x10 [ 362.898289][ T9637] ? netlink_autobind+0xd6/0x2f0 [ 362.898319][ T9637] ? netlink_autobind+0x2b0/0x2f0 [ 362.898355][ T9637] netlink_sendmsg+0x638/0xcd0 [ 362.898400][ T9637] ? __pfx_netlink_sendmsg+0x10/0x10 [ 362.898435][ T9637] ? aa_sock_msg_perm+0x91/0x160 [ 362.898470][ T9637] ? __pfx_netlink_sendmsg+0x10/0x10 [ 362.898499][ T9637] __sock_sendmsg+0x221/0x270 [ 362.898532][ T9637] ____sys_sendmsg+0x523/0x860 [ 362.898564][ T9637] ? __pfx_____sys_sendmsg+0x10/0x10 [ 362.898584][ T9637] ? __fget_files+0x2a/0x420 [ 362.898607][ T9637] ? __fget_files+0x2a/0x420 [ 362.898635][ T9637] __sys_sendmsg+0x271/0x360 [ 362.898664][ T9637] ? __pfx___sys_sendmsg+0x10/0x10 [ 362.898743][ T9637] ? do_syscall_64+0xb6/0x230 [ 362.898774][ T9637] do_syscall_64+0xf3/0x230 [ 362.898801][ T9637] ? clear_bhb_loop+0x45/0xa0 [ 362.898825][ T9637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.898846][ T9637] RIP: 0033:0x7fbd0198e169 [ 362.898864][ T9637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.898883][ T9637] RSP: 002b:00007fbcff7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 362.898906][ T9637] RAX: ffffffffffffffda RBX: 00007fbd01bb5fa0 RCX: 00007fbd0198e169 [ 362.898922][ T9637] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 362.898940][ T9637] RBP: 00007fbcff7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 362.898953][ T9637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 362.898965][ T9637] R13: 0000000000000000 R14: 00007fbd01bb5fa0 R15: 00007fbd01cdfa28 [ 362.898997][ T9637] [ 363.274865][ T6312] udevd[6312]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 363.855999][ T9655] netlink: 308 bytes leftover after parsing attributes in process `syz.3.1130'. [ 364.106818][ T9659] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1132'. [ 364.245505][ T5891] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 364.425063][ T5891] usb 3-1: config 0 has an invalid interface number: 64 but max is 0 [ 364.433358][ T5891] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 364.454040][ T5891] usb 3-1: config 0 has no interface number 0 [ 364.483962][ T5891] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 364.514542][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.521882][ T9668] netlink: 'syz.1.1136': attribute type 32 has an invalid length. [ 364.522609][ T5891] usb 3-1: Product: syz [ 364.554535][ T5891] usb 3-1: Manufacturer: syz [ 364.562877][ T9668] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1136'. [ 364.572995][ T5891] usb 3-1: SerialNumber: syz [ 364.590365][ T9668] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 364.600482][ T5891] usb 3-1: config 0 descriptor?? [ 364.617619][ T5891] usb 3-1: Found UVC 0.00 device syz (046d:0823) [ 364.624038][ T5891] usb 3-1: No valid video chain found. [ 364.930217][ T5894] usb 3-1: USB disconnect, device number 44 [ 365.087110][ T9685] IPVS: set_ctl: invalid protocol: 58 172.20.20.170:20004 [ 365.140130][ T9690] netlink: 308 bytes leftover after parsing attributes in process `syz.0.1143'. [ 365.225925][ T9685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 365.252192][ T9685] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 365.407209][ T9694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 365.444986][ T9694] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 365.448339][ T9696] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1145'. [ 365.471290][ T9685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 365.507456][ T9685] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 366.146321][ T5926] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 366.421365][ T5894] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 366.421508][ T5926] usb 1-1: config 0 has no interfaces? [ 366.468730][ T9710] ip6t_srh: unknown srh invflags 7D00 [ 366.480968][ T5926] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 366.487854][ T9710] openvswitch: netlink: IP tunnel TTL not specified. [ 366.500596][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.526015][ T5926] usb 1-1: Product: syz [ 366.530230][ T5926] usb 1-1: Manufacturer: syz [ 366.697735][ T5894] usb 3-1: config 0 has no interfaces? [ 366.703439][ T5894] usb 3-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 366.712866][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.734193][ T5894] usb 3-1: config 0 descriptor?? [ 366.749016][ T5926] usb 1-1: SerialNumber: syz [ 366.778060][ T5926] usb 1-1: config 0 descriptor?? [ 367.044949][ T9700] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 367.145636][ T5926] usb 1-1: USB disconnect, device number 42 [ 367.577430][ T9715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 367.596842][ T9715] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 368.415996][ T9719] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 368.430403][ T9719] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 368.920667][ T5894] usb 3-1: USB disconnect, device number 45 [ 369.528140][ T9731] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 369.535058][ T9731] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 369.607055][ T9731] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 369.613180][ T9731] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 369.692914][ T9731] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 369.856835][ T9749] batman_adv: batadv0: Adding interface: dummy0 [ 369.884852][ T9749] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 369.912762][ T9749] batman_adv: batadv0: Interface activated: dummy0 [ 369.918879][ T9755] netlink: 'syz.3.1163': attribute type 10 has an invalid length. [ 369.927465][ T9755] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1163'. [ 369.971082][ T9757] usb usb1: usbfs: interface 0 claimed by hub while 'syz.4.1162' sets config #1 [ 370.303911][ T9753] batadv0: mtu less than device minimum [ 370.314868][ T9753] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 370.327279][ T9753] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 370.339341][ T9753] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 370.351383][ T9753] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 370.363429][ T9753] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 370.375473][ T9753] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 370.387521][ T9753] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 370.399610][ T9753] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 370.568499][ T9755] bridge0: port 1(dummy0) entered blocking state [ 370.575341][ T9755] bridge0: port 1(dummy0) entered disabled state [ 370.794717][ T54] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 370.844290][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 370.982667][ T54] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 371.020682][ T54] usb 3-1: config 0 interface 0 has no altsetting 0 [ 371.048404][ T54] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 371.076742][ T54] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 371.094802][ T9771] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1168'. [ 371.113975][ T54] usb 3-1: Product: syz [ 371.116272][ T9772] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 371.128773][ T54] usb 3-1: Manufacturer: syz [ 371.133433][ T54] usb 3-1: SerialNumber: syz [ 371.165334][ T54] usb 3-1: config 0 descriptor?? [ 371.202002][ T54] usb 3-1: selecting invalid altsetting 0 [ 371.492680][ T54] usb 3-1: USB disconnect, device number 46 [ 371.624669][ T56] Bluetooth: hci3: command 0x0c1a tx timeout [ 371.630800][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 371.637172][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 371.714015][ T9783] tipc: Started in network mode [ 371.719006][ T56] Bluetooth: hci4: command 0x0c1a tx timeout [ 371.748934][ T9783] tipc: Node identity ac14140f, cluster identity 4711 [ 371.757010][ T9783] tipc: New replicast peer: 255.255.255.255 [ 371.765290][ T9783] tipc: Enabled bearer , priority 10 [ 371.800007][ T9785] FAULT_INJECTION: forcing a failure. [ 371.800007][ T9785] name failslab, interval 1, probability 0, space 0, times 0 [ 371.871576][ T9785] CPU: 1 UID: 0 PID: 9785 Comm: syz.4.1172 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 371.871612][ T9785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 371.871625][ T9785] Call Trace: [ 371.871633][ T9785] [ 371.871642][ T9785] dump_stack_lvl+0x241/0x360 [ 371.871683][ T9785] ? __pfx_dump_stack_lvl+0x10/0x10 [ 371.871715][ T9785] ? __pfx__printk+0x10/0x10 [ 371.871749][ T9785] ? __pfx___might_resched+0x10/0x10 [ 371.871782][ T9785] should_fail_ex+0x424/0x570 [ 371.871809][ T9785] should_failslab+0xac/0x100 [ 371.871847][ T9785] __kmalloc_noprof+0xdf/0x4d0 [ 371.871876][ T9785] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 371.871900][ T9785] ? apparmor_capable+0x13b/0x1b0 [ 371.871927][ T9785] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 371.871960][ T9785] genl_rcv_msg+0x819/0xf00 [ 371.871993][ T9785] ? __pfx_genl_rcv_msg+0x10/0x10 [ 371.872014][ T9785] ? __dev_queue_xmit+0x1780/0x3f60 [ 371.872036][ T9785] ? kasan_save_track+0x3f/0x80 [ 371.872057][ T9785] ? __kasan_slab_alloc+0x66/0x80 [ 371.872088][ T9785] ? do_syscall_64+0xf3/0x230 [ 371.872132][ T9785] ? __lock_acquire+0xad5/0xd80 [ 371.872156][ T9785] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 371.872175][ T9785] ? __pfx_nl80211_new_key+0x10/0x10 [ 371.872203][ T9785] ? __pfx_nl80211_post_doit+0x10/0x10 [ 371.872239][ T9785] netlink_rcv_skb+0x208/0x480 [ 371.872270][ T9785] ? __pfx_genl_rcv_msg+0x10/0x10 [ 371.872295][ T9785] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 371.872347][ T9785] ? netlink_deliver_tap+0x2e/0x1b0 [ 371.872385][ T9785] genl_rcv+0x28/0x40 [ 371.872406][ T9785] netlink_unicast+0x7f8/0x9a0 [ 371.872443][ T9785] ? __pfx_netlink_unicast+0x10/0x10 [ 371.872472][ T9785] ? skb_put+0x114/0x1f0 [ 371.872498][ T9785] netlink_sendmsg+0x8c3/0xcd0 [ 371.872543][ T9785] ? __pfx_netlink_sendmsg+0x10/0x10 [ 371.872578][ T9785] ? aa_sock_msg_perm+0x91/0x160 [ 371.872615][ T9785] ? __pfx_netlink_sendmsg+0x10/0x10 [ 371.872643][ T9785] __sock_sendmsg+0x221/0x270 [ 371.872676][ T9785] ____sys_sendmsg+0x523/0x860 [ 371.872709][ T9785] ? __pfx_____sys_sendmsg+0x10/0x10 [ 371.872729][ T9785] ? __fget_files+0x2a/0x420 [ 371.872751][ T9785] ? __fget_files+0x2a/0x420 [ 371.872781][ T9785] __sys_sendmsg+0x271/0x360 [ 371.872809][ T9785] ? __pfx___sys_sendmsg+0x10/0x10 [ 371.872898][ T9785] ? do_syscall_64+0xb6/0x230 [ 371.872930][ T9785] do_syscall_64+0xf3/0x230 [ 371.872957][ T9785] ? clear_bhb_loop+0x45/0xa0 [ 371.872983][ T9785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.873003][ T9785] RIP: 0033:0x7f86db38e169 [ 371.873022][ T9785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.873040][ T9785] RSP: 002b:00007f86dc28c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 371.873062][ T9785] RAX: ffffffffffffffda RBX: 00007f86db5b5fa0 RCX: 00007f86db38e169 [ 371.873078][ T9785] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000004 [ 371.873091][ T9785] RBP: 00007f86dc28c090 R08: 0000000000000000 R09: 0000000000000000 [ 371.873104][ T9785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 371.873117][ T9785] R13: 0000000000000000 R14: 00007f86db5b5fa0 R15: 00007f86db6dfa28 [ 371.873150][ T9785] [ 371.906497][ T9783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.222191][ T9783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 372.244068][ T9783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.257536][ T9783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 372.757030][ T5894] tipc: Node number set to 2886997007 [ 373.279210][ T9808] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1178'. [ 373.522928][ T9814] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1180'. [ 373.734623][ T5894] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 373.824292][ T9817] program syz.0.1181 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 373.964781][ T5894] usb 3-1: Using ep0 maxpacket: 16 [ 373.994207][ T5894] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 374.014062][ T9817] syz.0.1181 (9817): drop_caches: 2 [ 374.074996][ T5894] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 374.084343][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.129780][ T5894] usb 3-1: Product: syz [ 374.188238][ T9817] syz.0.1181 (9817): drop_caches: 2 [ 374.196494][ T5894] usb 3-1: Manufacturer: syz [ 374.201176][ T5894] usb 3-1: SerialNumber: syz [ 374.267830][ T5894] usb 3-1: config 0 descriptor?? [ 374.285718][ T5894] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 374.306891][ T5894] usb 3-1: Detected FT232R [ 375.576762][ T9834] Cannot find add_set index 0 as target [ 376.162796][ T9838] FAULT_INJECTION: forcing a failure. [ 376.162796][ T9838] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 376.195373][ T9838] CPU: 1 UID: 0 PID: 9838 Comm: syz.0.1187 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 376.195407][ T9838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 376.195422][ T9838] Call Trace: [ 376.195430][ T9838] [ 376.195439][ T9838] dump_stack_lvl+0x241/0x360 [ 376.195478][ T9838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 376.195510][ T9838] ? __pfx__printk+0x10/0x10 [ 376.195553][ T9838] should_fail_ex+0x424/0x570 [ 376.195582][ T9838] _copy_from_user+0x2d/0xb0 [ 376.195614][ T9838] restore_sigcontext+0xda/0x7d0 [ 376.195642][ T9838] ? __pfx_restore_sigcontext+0x10/0x10 [ 376.195706][ T9838] __do_sys_rt_sigreturn+0x1bf/0x290 [ 376.195731][ T9838] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 376.195772][ T9838] ? do_syscall_64+0xb6/0x230 [ 376.195803][ T9838] do_syscall_64+0xf3/0x230 [ 376.195830][ T9838] ? clear_bhb_loop+0x45/0xa0 [ 376.195858][ T9838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.195879][ T9838] RIP: 0033:0x7f2e6b52a359 [ 376.195897][ T9838] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 376.195914][ T9838] RSP: 002b:00007f2e6c363a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 376.195937][ T9838] RAX: ffffffffffffffda RBX: 00007f2e6b7b5fa0 RCX: 00007f2e6b52a359 [ 376.195952][ T9838] RDX: 00007f2e6c363a80 RSI: 00007f2e6c363bb0 RDI: 0000000000000021 [ 376.195966][ T9838] RBP: 00007f2e6c364090 R08: 0000000000000000 R09: 0000000000000000 [ 376.195979][ T9838] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 376.195991][ T9838] R13: 0000000000000000 R14: 00007f2e6b7b5fa0 R15: 00007f2e6b8dfa28 [ 376.196022][ T9838] [ 376.438963][ T5894] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 376.616378][ T5894] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 376.637085][ T5894] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 376.681077][ T5894] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 376.783843][ T5894] usb 3-1: USB disconnect, device number 47 [ 376.819452][ T9847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 376.828849][ T9847] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 376.863251][ T5894] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 377.201480][ T5894] ftdi_sio 3-1:0.0: device disconnected [ 377.224384][ T9856] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1192'. [ 377.743702][ T9859] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1193'. [ 378.513383][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.519878][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.534694][ T5894] usb 1-1: new full-speed USB device number 43 using dummy_hcd [ 378.750041][ T5894] usb 1-1: config 0 has an invalid interface number: 81 but max is 0 [ 378.812886][ T5894] usb 1-1: config 0 has no interface number 0 [ 378.854608][ T5894] usb 1-1: config 0 interface 81 altsetting 6 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 378.908663][ T5894] usb 1-1: config 0 interface 81 has no altsetting 0 [ 378.921731][ T9879] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1198'. [ 379.125141][ T5894] usb 1-1: New USB device found, idVendor=07b0, idProduct=0006, bcdDevice=40.a8 [ 379.161793][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.181866][ T5894] usb 1-1: Product: syz [ 379.191059][ T5894] usb 1-1: Manufacturer: syz [ 379.199773][ T5894] usb 1-1: SerialNumber: syz [ 379.214314][ T5894] usb 1-1: config 0 descriptor?? [ 379.267214][ T9864] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22 [ 379.734708][ T976] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 379.833632][ T5894] HFC-S_USB 1-1:0.81: probe with driver HFC-S_USB failed with error -5 [ 379.917646][ T976] usb 3-1: Using ep0 maxpacket: 8 [ 379.963819][ T9888] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1202'. [ 379.990530][ T976] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 380.030296][ T5894] usb 1-1: USB disconnect, device number 43 [ 380.050340][ T976] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 380.072289][ T976] usb 3-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3 [ 380.130703][ T976] usb 3-1: Product: syz [ 380.147360][ T976] usb 3-1: Manufacturer: syz [ 380.158595][ T976] usb 3-1: SerialNumber: syz [ 380.178048][ T976] usb 3-1: config 0 descriptor?? [ 380.203530][ T976] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 380.354065][ T9890] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1203'. [ 380.811383][ T9895] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1206'. [ 381.077052][ T9906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 381.086138][ T9906] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 381.204211][ T976] gspca_zc3xx: reg_w_i err -71 [ 381.429351][ T9884] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1200'. [ 381.445148][ T9884] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1200'. [ 381.489733][ T9915] netlink: 'syz.0.1211': attribute type 1 has an invalid length. [ 381.735991][ T9915] 8021q: adding VLAN 0 to HW filter on device bond4 [ 381.805217][ T976] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 381.812002][ T976] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 381.864785][ T976] usb 3-1: USB disconnect, device number 48 [ 383.344741][ T5892] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 383.797438][ T5892] usb 1-1: config 0 has no interfaces? [ 383.806799][ T5892] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 383.816638][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.829483][ T5892] usb 1-1: Product: syz [ 383.841232][ T5892] usb 1-1: Manufacturer: syz [ 383.864095][ T5892] usb 1-1: SerialNumber: syz [ 383.900366][ T5892] usb 1-1: config 0 descriptor?? [ 384.346113][ T9933] xt_bpf: check failed: parse error [ 384.907160][ T9935] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1217'. [ 385.257772][ T9939] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1216'. [ 385.329865][ T9939] 8021q: adding VLAN 0 to HW filter on device bond6 [ 385.423401][ T9947] 8021q: adding VLAN 0 to HW filter on device bond6 [ 385.467139][ T9947] bond6: (slave vti0): The slave device specified does not support setting the MAC address [ 385.507975][ T9947] bond6: (slave vti0): Error -95 calling set_mac_address [ 385.569620][ T9939] batman_adv: batadv0: Interface deactivated: dummy0 [ 385.586200][ T9939] batman_adv: batadv0: Removing interface: dummy0 [ 385.627867][ T5894] usb 1-1: USB disconnect, device number 44 [ 385.669119][ T9939] bond6: (slave dummy0): Error -99 calling set_mac_address [ 385.735413][ T9950] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 385.749430][ T9950] team0: Device macvtap1 is already an upper device of the team interface [ 386.086339][ T9957] netlink: 'syz.0.1222': attribute type 1 has an invalid length. [ 386.244328][ T9957] 8021q: adding VLAN 0 to HW filter on device bond5 [ 386.524681][ T5892] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 386.705868][ T5892] usb 3-1: Using ep0 maxpacket: 16 [ 386.712862][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 386.727653][ T5892] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 386.736979][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.745234][ T5892] usb 3-1: Product: syz [ 386.749527][ T5892] usb 3-1: Manufacturer: syz [ 386.754154][ T5892] usb 3-1: SerialNumber: syz [ 386.761969][ T5892] usb 3-1: config 0 descriptor?? [ 386.772137][ T5892] hub 3-1:0.0: bad descriptor, ignoring hub [ 386.778996][ T5892] hub 3-1:0.0: probe with driver hub failed with error -5 [ 386.791317][ T5892] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input30 [ 386.835475][ T5894] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 387.003015][ T5894] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 387.048788][ T5894] usb 1-1: config 0 has no interface number 0 [ 387.058441][ T5894] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 387.072426][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.078963][ T9986] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 387.089734][ T5894] usb 1-1: Product: syz [ 387.094351][ T9986] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 387.103702][ T5894] usb 1-1: Manufacturer: syz [ 387.108814][ T5894] usb 1-1: SerialNumber: syz [ 387.114014][ T9986] input: syz0 as /devices/virtual/input/input31 [ 387.149214][ T5894] usb 1-1: config 0 descriptor?? [ 387.962999][ T5894] usb 1-1: Found UVC 0.08 device syz (046d:0823) [ 387.992452][ T5894] uvcvideo 1-1:0.64: Entity type for entity Output 3 was not initialized! [ 388.024074][ T5894] usb 1-1: Failed to create links for entity 3 [ 388.038362][ T5894] usb 1-1: Failed to register entities (-22). [ 388.078280][ T5894] usb 1-1: USB disconnect, device number 45 [ 388.128982][ T9995] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1234'. [ 388.331547][T10001] netlink: 'syz.1.1237': attribute type 1 has an invalid length. [ 388.379957][T10001] 8021q: adding VLAN 0 to HW filter on device bond7 [ 388.386274][ T5198] usb 3-1: reset high-speed USB device number 49 using dummy_hcd [ 388.505655][T10003] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1236'. [ 388.518323][ T5198] usb 3-1: device reset changed ep0 maxpacket size! [ 388.549109][ T5941] usb 3-1: USB disconnect, device number 49 [ 388.684252][T10009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 388.699045][T10009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 388.770223][T10011] lo: entered promiscuous mode [ 388.778798][T10011] tunl0: entered promiscuous mode [ 388.786386][T10011] gre0: entered promiscuous mode [ 388.792311][T10011] gretap0: entered promiscuous mode [ 388.797977][ T5941] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 388.812289][T10011] erspan0: entered promiscuous mode [ 388.827518][T10011] ip_vti0: entered promiscuous mode [ 388.840302][T10011] ip6_vti0: entered promiscuous mode [ 388.859771][T10011] sit0: entered promiscuous mode [ 388.885403][T10011] ip6tnl0: entered promiscuous mode [ 388.914941][T10011] ip6gre0: entered promiscuous mode [ 388.945473][T10011] syz_tun: entered promiscuous mode [ 388.952776][T10011] ip6gretap0: entered promiscuous mode [ 388.960327][ T5941] usb 3-1: Using ep0 maxpacket: 32 [ 388.972007][T10011] bridge0: entered promiscuous mode [ 388.985790][ T5941] usb 3-1: unable to get BOS descriptor or descriptor too short [ 388.994941][ T5941] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 389.002809][ T5941] usb 3-1: can't read configurations, error -71 [ 389.010305][T10011] vcan0: entered promiscuous mode [ 389.042787][T10011] team0: entered promiscuous mode [ 389.051327][T10011] dummy0: entered promiscuous mode [ 389.058217][T10011] nlmon0: entered promiscuous mode [ 389.067038][T10011] caif0: entered promiscuous mode [ 389.072228][T10011] net_ratelimit: 12 callbacks suppressed [ 389.072245][T10011] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 389.799476][T10020] usb usb8: usbfs: process 10020 (syz.4.1242) did not claim interface 2 before use [ 390.114432][T10024] xt_CT: You must specify a L4 protocol and not use inversions on it [ 390.195265][ T5941] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 390.223992][T10030] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1246'. [ 390.345258][ T5941] usb 3-1: Using ep0 maxpacket: 16 [ 390.357959][ T5941] usb 3-1: config index 0 descriptor too short (expected 2834, got 18) [ 390.384575][ T5941] usb 3-1: config 0 has an invalid interface number: 236 but max is -1 [ 390.399772][ T5941] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 390.409480][ T5941] usb 3-1: config 0 has no interface number 0 [ 390.418679][ T5941] usb 3-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=84.33 [ 390.441169][ T5941] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.453244][ T5941] usb 3-1: Product: syz [ 390.470392][ T5941] usb 3-1: Manufacturer: syz [ 390.500447][ T5941] usb 3-1: SerialNumber: syz [ 390.513015][ T5941] usb 3-1: config 0 descriptor?? [ 390.531229][ T5941] usb-storage 3-1:0.236: USB Mass Storage device detected [ 390.571430][ T5941] usb-storage 3-1:0.236: device ignored [ 390.818688][T10042] program syz.1.1250 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 391.024827][T10045] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 391.100445][T10045] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 391.343741][T10022] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 391.415009][T10022] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.462583][ T5941] usb 3-1: USB disconnect, device number 52 [ 391.701518][T10055] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 391.708706][T10055] syzkaller0: linktype set to 804 [ 391.724004][T10055] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1254'. [ 391.782039][T10057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 391.792693][T10057] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.795313][ T54] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 391.812460][T10058] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 391.827575][T10058] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.840483][T10059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 391.887098][T10059] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.970285][ T54] usb 1-1: config index 0 descriptor too short (expected 35, got 18) [ 392.007183][ T54] usb 1-1: New USB device found, idVendor=055f, idProduct=b230, bcdDevice=b6.ac [ 392.026413][ T54] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.040895][T10063] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1257'. [ 392.054670][ T54] usb 1-1: Product: syz [ 392.058896][ T54] usb 1-1: Manufacturer: syz [ 392.063521][ T54] usb 1-1: SerialNumber: syz [ 392.100419][ T54] usb 1-1: config 0 descriptor?? [ 392.604631][ T54] usb 3-1: new low-speed USB device number 53 using dummy_hcd [ 392.758601][ T54] usb 3-1: LPM exit latency is zeroed, disabling LPM. [ 392.767953][ T54] usb 3-1: config 1 interface 0 altsetting 7 endpoint 0x82 is Bulk; changing to Interrupt [ 392.778389][ T54] usb 3-1: config 1 interface 0 altsetting 7 endpoint 0x3 is Bulk; changing to Interrupt [ 392.788905][ T54] usb 3-1: config 1 interface 0 has no altsetting 0 [ 392.799778][ T54] usb 3-1: string descriptor 0 read error: -22 [ 392.806416][ T54] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 392.816182][ T54] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.829901][T10069] raw-gadget.9 gadget.2: fail, usb_ep_enable returned -22 [ 392.837497][T10069] raw-gadget.9 gadget.2: fail, usb_ep_enable returned -22 [ 392.848655][ T54] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 392.989371][T10073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 392.998760][T10073] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.054216][T10069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.068335][T10069] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.083128][ T54] usb 3-1: USB disconnect, device number 53 [ 393.163441][T10077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.172293][T10077] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.678318][T10086] program syz.4.1264 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 393.736741][T10089] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1265'. [ 393.749905][T10086] syz.4.1264 (10086): drop_caches: 2 [ 393.793501][T10089] FAULT_INJECTION: forcing a failure. [ 393.793501][T10089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 393.876686][T10089] CPU: 1 UID: 0 PID: 10089 Comm: syz.2.1265 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 393.876726][T10089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 393.876739][T10089] Call Trace: [ 393.876747][T10089] [ 393.876756][T10089] dump_stack_lvl+0x241/0x360 [ 393.876793][T10089] ? __pfx_dump_stack_lvl+0x10/0x10 [ 393.876823][T10089] ? __pfx__printk+0x10/0x10 [ 393.876862][T10089] should_fail_ex+0x424/0x570 [ 393.876890][T10089] _copy_to_user+0x31/0xb0 [ 393.876922][T10089] simple_read_from_buffer+0xc4/0x170 [ 393.876955][T10089] proc_fail_nth_read+0x1ef/0x260 [ 393.876980][T10089] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 393.877004][T10089] ? rw_verify_area+0x246/0x630 [ 393.877026][T10089] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 393.877048][T10089] vfs_read+0x21f/0xb90 [ 393.877095][T10089] ? __pfx___mutex_lock+0x10/0x10 [ 393.877122][T10089] ? __pfx_vfs_read+0x10/0x10 [ 393.877149][T10089] ? __fget_files+0x2a/0x420 [ 393.877170][T10089] ? __fget_files+0x39d/0x420 [ 393.877187][T10089] ? __fget_files+0x2a/0x420 [ 393.877217][T10089] ksys_read+0x19d/0x2d0 [ 393.877243][T10089] ? __pfx_ksys_read+0x10/0x10 [ 393.877273][T10089] ? do_syscall_64+0xb6/0x230 [ 393.877303][T10089] do_syscall_64+0xf3/0x230 [ 393.877329][T10089] ? clear_bhb_loop+0x45/0xa0 [ 393.877354][T10089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.877374][T10089] RIP: 0033:0x7efc0318cb7c [ 393.877392][T10089] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 393.877410][T10089] RSP: 002b:00007efc040e2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 393.877433][T10089] RAX: ffffffffffffffda RBX: 00007efc033b5fa0 RCX: 00007efc0318cb7c [ 393.877448][T10089] RDX: 000000000000000f RSI: 00007efc040e20a0 RDI: 0000000000000006 [ 393.877461][T10089] RBP: 00007efc040e2090 R08: 0000000000000000 R09: 0000000000000000 [ 393.877474][T10089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 393.877486][T10089] R13: 0000000000000000 R14: 00007efc033b5fa0 R15: 00007efc034dfa28 [ 393.877518][T10089] [ 394.115356][T10095] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1268'. [ 394.157598][T10086] syz.4.1264 (10086): drop_caches: 2 [ 394.222373][T10097] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1269'. [ 395.245588][ T5941] usb 1-1: USB disconnect, device number 46 [ 395.308015][T10122] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 395.357929][T10125] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1279'. [ 395.786244][T10134] netlink: 276 bytes leftover after parsing attributes in process `syz.4.1284'. [ 397.898498][T10153] syzkaller1: entered promiscuous mode [ 397.915143][T10153] syzkaller1: entered allmulticast mode [ 398.190636][T10158] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1292'. [ 399.092126][T10181] FAULT_INJECTION: forcing a failure. [ 399.092126][T10181] name failslab, interval 1, probability 0, space 0, times 0 [ 399.108134][T10181] CPU: 1 UID: 0 PID: 10181 Comm: syz.3.1298 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 399.108163][T10181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 399.108176][T10181] Call Trace: [ 399.108183][T10181] [ 399.108192][T10181] dump_stack_lvl+0x241/0x360 [ 399.108229][T10181] ? __pfx_dump_stack_lvl+0x10/0x10 [ 399.108258][T10181] ? __pfx__printk+0x10/0x10 [ 399.108299][T10181] should_fail_ex+0x424/0x570 [ 399.108326][T10181] should_failslab+0xac/0x100 [ 399.108356][T10181] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 399.108387][T10181] ? __alloc_skb+0x1c2/0x480 [ 399.108411][T10181] __alloc_skb+0x1c2/0x480 [ 399.108436][T10181] ? __pfx___alloc_skb+0x10/0x10 [ 399.108467][T10181] xfrm_alloc_compat+0x1b9/0x1720 [ 399.108508][T10181] ? xfrm_get_translator+0x19/0x240 [ 399.108533][T10181] ? __pfx_xfrm_alloc_compat+0x10/0x10 [ 399.108565][T10181] xfrm_nlmsg_multicast+0xd7/0x1f0 [ 399.108594][T10181] xfrm_send_policy_notify+0x7da/0x1a70 [ 399.108639][T10181] ? __pfx_xfrm_send_policy_notify+0x10/0x10 [ 399.108685][T10181] ? __pfx_xfrm_send_policy_notify+0x10/0x10 [ 399.108713][T10181] km_policy_notify+0x126/0x210 [ 399.108737][T10181] ? km_policy_notify+0x2e/0x210 [ 399.108767][T10181] xfrm_add_policy+0x550/0x930 [ 399.108801][T10181] ? __pfx_xfrm_add_policy+0x10/0x10 [ 399.108830][T10181] ? apparmor_capable+0x13b/0x1b0 [ 399.108856][T10181] ? __nla_parse+0x40/0x60 [ 399.108886][T10181] xfrm_user_rcv_msg+0x9c3/0xca0 [ 399.108920][T10181] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 399.108986][T10181] ? __mutex_trylock_common+0x184/0x2e0 [ 399.109019][T10181] ? __pfx___mutex_trylock_common+0x10/0x10 [ 399.109058][T10181] netlink_rcv_skb+0x208/0x480 [ 399.109088][T10181] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 399.109118][T10181] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 399.109169][T10181] ? netlink_deliver_tap+0x2e/0x1b0 [ 399.109203][T10181] xfrm_netlink_rcv+0x79/0x90 [ 399.109230][T10181] netlink_unicast+0x7f8/0x9a0 [ 399.109265][T10181] ? __pfx_netlink_unicast+0x10/0x10 [ 399.109294][T10181] ? skb_put+0x114/0x1f0 [ 399.109319][T10181] netlink_sendmsg+0x8c3/0xcd0 [ 399.109362][T10181] ? __pfx_netlink_sendmsg+0x10/0x10 [ 399.109397][T10181] ? aa_sock_msg_perm+0x91/0x160 [ 399.109430][T10181] ? __pfx_netlink_sendmsg+0x10/0x10 [ 399.109457][T10181] __sock_sendmsg+0x221/0x270 [ 399.109486][T10181] ____sys_sendmsg+0x523/0x860 [ 399.109517][T10181] ? __pfx_____sys_sendmsg+0x10/0x10 [ 399.109536][T10181] ? __fget_files+0x2a/0x420 [ 399.109559][T10181] ? __fget_files+0x2a/0x420 [ 399.109586][T10181] __sys_sendmsg+0x271/0x360 [ 399.109623][T10181] ? __pfx___sys_sendmsg+0x10/0x10 [ 399.109699][T10181] ? do_syscall_64+0xb6/0x230 [ 399.109728][T10181] do_syscall_64+0xf3/0x230 [ 399.109754][T10181] ? clear_bhb_loop+0x45/0xa0 [ 399.109776][T10181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.109795][T10181] RIP: 0033:0x7fbd0198e169 [ 399.109813][T10181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.109830][T10181] RSP: 002b:00007fbcff7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 399.109851][T10181] RAX: ffffffffffffffda RBX: 00007fbd01bb5fa0 RCX: 00007fbd0198e169 [ 399.109866][T10181] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000005 [ 399.109878][T10181] RBP: 00007fbcff7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 399.109889][T10181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 399.109900][T10181] R13: 0000000000000000 R14: 00007fbd01bb5fa0 R15: 00007fbd01cdfa28 [ 399.109932][T10181] [ 399.464575][ C1] vkms_vblank_simulate: vblank timer overrun [ 399.548044][T10186] netlink: 'syz.4.1299': attribute type 1 has an invalid length. [ 399.573956][T10186] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1299'. [ 399.856552][ T30] audit: type=1326 audit(1744719189.970:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10176 comm="syz.1.1297" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc8e618e169 code=0x0 [ 399.878483][ C1] vkms_vblank_simulate: vblank timer overrun [ 400.002058][T10198] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1303'. [ 400.006857][T10199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 400.041618][T10199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 400.333401][T10205] program syz.2.1304 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 400.755924][T10205] syz.2.1304 (10205): drop_caches: 2 [ 400.782341][T10205] syz.2.1304 (10205): drop_caches: 2 [ 401.451964][T10218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 401.476346][T10218] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 401.498839][T10218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 401.509809][T10218] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 402.017968][T10229] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1312'. [ 402.057191][ T5926] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 402.298656][ T5926] usb 3-1: config 0 has no interfaces? [ 402.333212][ T5926] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 402.342564][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.361524][ T5926] usb 3-1: Product: syz [ 402.387606][ T5926] usb 3-1: Manufacturer: syz [ 402.487541][ T5926] usb 3-1: SerialNumber: syz [ 402.640596][ T5926] usb 3-1: config 0 descriptor?? [ 403.281209][T10235] FAULT_INJECTION: forcing a failure. [ 403.281209][T10235] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.300400][T10235] CPU: 0 UID: 0 PID: 10235 Comm: syz.0.1314 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 403.300433][T10235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 403.300447][T10235] Call Trace: [ 403.300456][T10235] [ 403.300465][T10235] dump_stack_lvl+0x241/0x360 [ 403.300504][T10235] ? __pfx_dump_stack_lvl+0x10/0x10 [ 403.300535][T10235] ? __pfx__printk+0x10/0x10 [ 403.300577][T10235] should_fail_ex+0x424/0x570 [ 403.300605][T10235] _copy_from_user+0x2d/0xb0 [ 403.300636][T10235] iommufd_fops_ioctl+0x4ae/0x610 [ 403.300671][T10235] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 403.300706][T10235] ? __fget_files+0x2a/0x420 [ 403.300732][T10235] ? __fget_files+0x2a/0x420 [ 403.300757][T10235] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 403.300789][T10235] __se_sys_ioctl+0xf1/0x160 [ 403.300817][T10235] do_syscall_64+0xf3/0x230 [ 403.300846][T10235] ? clear_bhb_loop+0x45/0xa0 [ 403.300872][T10235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.300892][T10235] RIP: 0033:0x7f2e6b58e169 [ 403.300911][T10235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.300930][T10235] RSP: 002b:00007f2e6c364038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 403.300962][T10235] RAX: ffffffffffffffda RBX: 00007f2e6b7b5fa0 RCX: 00007f2e6b58e169 [ 403.300977][T10235] RDX: 0000200000000900 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 403.300991][T10235] RBP: 00007f2e6c364090 R08: 0000000000000000 R09: 0000000000000000 [ 403.301004][T10235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 403.301016][T10235] R13: 0000000000000000 R14: 00007f2e6b7b5fa0 R15: 00007f2e6b8dfa28 [ 403.301049][T10235] [ 403.522472][T10237] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1315'. [ 403.589922][T10239] random: crng reseeded on system resumption [ 403.619644][T10241] PKCS7: Unknown OID: [4] 5.25.264.37.2351.52 [ 403.632709][T10241] PKCS7: Only support pkcs7_signedData type [ 403.963479][T10245] FAULT_INJECTION: forcing a failure. [ 403.963479][T10245] name failslab, interval 1, probability 0, space 0, times 0 [ 403.988912][T10245] CPU: 1 UID: 0 PID: 10245 Comm: syz.0.1318 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 403.988943][T10245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 403.988957][T10245] Call Trace: [ 403.988965][T10245] [ 403.988974][T10245] dump_stack_lvl+0x241/0x360 [ 403.989013][T10245] ? __pfx_dump_stack_lvl+0x10/0x10 [ 403.989044][T10245] ? __pfx__printk+0x10/0x10 [ 403.989077][T10245] ? __pfx___might_resched+0x10/0x10 [ 403.989110][T10245] should_fail_ex+0x424/0x570 [ 403.989138][T10245] should_failslab+0xac/0x100 [ 403.989169][T10245] __kmalloc_noprof+0xdf/0x4d0 [ 403.989282][T10245] ? esp6_init_state+0x74c/0x1180 [ 403.989311][T10245] esp6_init_state+0x74c/0x1180 [ 403.989331][T10245] ? __sock_sendmsg+0x221/0x270 [ 403.989357][T10245] ? ____sys_sendmsg+0x523/0x860 [ 403.989391][T10245] ? __pfx_esp6_init_state+0x10/0x10 [ 403.989448][T10245] ? __xfrm_init_state+0x6d9/0x1050 [ 403.989479][T10245] ? __xfrm_init_state+0x6d9/0x1050 [ 403.989510][T10245] __xfrm_init_state+0x7ac/0x1050 [ 403.989544][T10245] xfrm_add_sa+0x2fb9/0x4230 [ 403.989579][T10245] ? __pfx_xfrm_add_sa+0x10/0x10 [ 403.989613][T10245] ? __nla_parse+0x40/0x60 [ 403.989636][T10245] xfrm_user_rcv_msg+0x9c3/0xca0 [ 403.989661][T10245] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 403.989709][T10245] ? __mutex_trylock_common+0x184/0x2e0 [ 403.989734][T10245] ? __pfx___mutex_trylock_common+0x10/0x10 [ 403.989762][T10245] netlink_rcv_skb+0x208/0x480 [ 403.989786][T10245] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 403.989808][T10245] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 403.989845][T10245] ? netlink_deliver_tap+0x2e/0x1b0 [ 403.989871][T10245] xfrm_netlink_rcv+0x79/0x90 [ 403.989891][T10245] netlink_unicast+0x7f8/0x9a0 [ 403.989923][T10245] ? __pfx_netlink_unicast+0x10/0x10 [ 403.989944][T10245] ? skb_put+0x114/0x1f0 [ 403.989963][T10245] netlink_sendmsg+0x8c3/0xcd0 [ 403.989996][T10245] ? __pfx_netlink_sendmsg+0x10/0x10 [ 403.990022][T10245] ? aa_sock_msg_perm+0x91/0x160 [ 403.990048][T10245] ? __pfx_netlink_sendmsg+0x10/0x10 [ 403.990070][T10245] __sock_sendmsg+0x221/0x270 [ 403.990104][T10245] ____sys_sendmsg+0x523/0x860 [ 403.990136][T10245] ? __pfx_____sys_sendmsg+0x10/0x10 [ 403.990166][T10245] ? __fget_files+0x2a/0x420 [ 403.990190][T10245] ? __fget_files+0x2a/0x420 [ 403.990218][T10245] __sys_sendmsg+0x271/0x360 [ 403.990248][T10245] ? __pfx___sys_sendmsg+0x10/0x10 [ 403.990323][T10245] ? do_syscall_64+0xb6/0x230 [ 403.990346][T10245] do_syscall_64+0xf3/0x230 [ 403.990366][T10245] ? clear_bhb_loop+0x45/0xa0 [ 403.990389][T10245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.990405][T10245] RIP: 0033:0x7f2e6b58e169 [ 403.990419][T10245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.990432][T10245] RSP: 002b:00007f2e6c364038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 403.990450][T10245] RAX: ffffffffffffffda RBX: 00007f2e6b7b5fa0 RCX: 00007f2e6b58e169 [ 403.990461][T10245] RDX: 0000000000000000 RSI: 00002000000004c0 RDI: 0000000000000003 [ 403.990471][T10245] RBP: 00007f2e6c364090 R08: 0000000000000000 R09: 0000000000000000 [ 403.990480][T10245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 403.990489][T10245] R13: 0000000000000000 R14: 00007f2e6b7b5fa0 R15: 00007f2e6b8dfa28 [ 403.990512][T10245] [ 404.322022][ C1] vkms_vblank_simulate: vblank timer overrun [ 404.646257][ T5895] usb 3-1: USB disconnect, device number 54 [ 404.977007][T10267] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1327'. [ 405.135655][ T5895] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 405.311564][T10277] batadv_slave_1: entered promiscuous mode [ 405.335140][ T5895] usb 3-1: device descriptor read/64, error -71 [ 405.392293][T10277] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 405.403735][T10277] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 405.478539][T10277] fuse: Unknown parameter 'c[oup_id' [ 405.614669][ T5895] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 405.787102][ T5895] usb 3-1: device descriptor read/64, error -71 [ 405.946216][ T5895] usb usb3-port1: attempt power cycle [ 406.215047][ T976] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 406.424679][ T5895] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 406.456621][ T976] usb 1-1: Using ep0 maxpacket: 8 [ 406.489817][ T976] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 406.511128][ T5895] usb 3-1: device descriptor read/8, error -71 [ 406.587381][ T976] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 406.659416][T10304] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1339'. [ 406.674060][ T976] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.764931][ T5895] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 406.835725][ T5895] usb 3-1: device descriptor read/8, error -71 [ 406.945082][ T5895] usb usb3-port1: unable to enumerate USB device [ 406.994650][T10296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.003448][T10296] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.187044][T10268] batadv_slave_1: left promiscuous mode [ 407.411378][T10308] xt_ecn: cannot match TCP bits for non-tcp packets [ 408.527360][T10318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1344'. [ 408.572963][T10318] macvtap2: entered promiscuous mode [ 408.586067][T10318] macvtap2: entered allmulticast mode [ 408.603673][T10320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1344'. [ 408.885529][T10324] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1345'. [ 408.917935][T10324] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1345'. [ 409.366693][T10331] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode active-backup(1) [ 409.420997][T10331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.430807][T10331] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.445636][T10331] tipc: Enabled bearer , priority 22 [ 409.580991][ T5895] usb 1-1: USB disconnect, device number 47 [ 409.910580][T10337] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1350'. [ 410.355871][T10350] program syz.1.1355 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 410.392237][T10350] syz.1.1355 (10350): drop_caches: 2 [ 410.410638][T10350] syz.1.1355 (10350): drop_caches: 2 [ 410.585103][ T5895] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 410.876031][ T5895] usb 1-1: config 0 has no interfaces? [ 410.975185][ T5895] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 411.014251][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.051021][ T5895] usb 1-1: Product: syz [ 411.073243][ T5895] usb 1-1: Manufacturer: syz [ 411.092705][ T5895] usb 1-1: SerialNumber: syz [ 411.139145][ T5895] usb 1-1: config 0 descriptor?? [ 411.547937][T10360] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1353'. [ 411.569056][T10358] FAULT_INJECTION: forcing a failure. [ 411.569056][T10358] name failslab, interval 1, probability 0, space 0, times 0 [ 411.592085][T10358] CPU: 0 UID: 0 PID: 10358 Comm: syz.1.1358 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 411.592115][T10358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 411.592125][T10358] Call Trace: [ 411.592133][T10358] [ 411.592140][T10358] dump_stack_lvl+0x241/0x360 [ 411.592169][T10358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 411.592192][T10358] ? __pfx__printk+0x10/0x10 [ 411.592216][T10358] ? __pfx___might_resched+0x10/0x10 [ 411.592239][T10358] should_fail_ex+0x424/0x570 [ 411.592260][T10358] should_failslab+0xac/0x100 [ 411.592292][T10358] kmem_cache_alloc_noprof+0x78/0x390 [ 411.592312][T10358] ? fuse_get_req+0x7bf/0x1110 [ 411.592329][T10358] fuse_get_req+0x7bf/0x1110 [ 411.592349][T10358] ? lockdep_hardirqs_on+0x9d/0x150 [ 411.592370][T10358] ? __pfx_fuse_get_req+0x10/0x10 [ 411.592383][T10358] ? __fuse_simple_request+0x122b/0x1890 [ 411.592397][T10358] ? make_kgid+0x238/0x7a0 [ 411.592414][T10358] ? __pfx_make_kgid+0x10/0x10 [ 411.592435][T10358] __fuse_simple_request+0x13c/0x1890 [ 411.592457][T10358] ? __pfx___fuse_simple_request+0x10/0x10 [ 411.592475][T10358] ? do_raw_spin_unlock+0x13c/0x8b0 [ 411.592502][T10358] ? _raw_spin_unlock+0x28/0x50 [ 411.592517][T10358] ? fuse_change_attributes_i+0x523/0x940 [ 411.592539][T10358] ? fuse_dax_dontcache+0xee/0x150 [ 411.592561][T10358] fuse_getxattr+0x403/0x6d0 [ 411.592587][T10358] ? __pfx_fuse_getxattr+0x10/0x10 [ 411.592631][T10358] ? __pfx_process_measurement+0x10/0x10 [ 411.592659][T10358] fuse_xattr_get+0x7e/0xa0 [ 411.592681][T10358] ? __pfx_fuse_xattr_get+0x10/0x10 [ 411.592702][T10358] __vfs_getxattr+0x433/0x470 [ 411.592733][T10358] cap_inode_need_killpriv+0x45/0x60 [ 411.592752][T10358] security_inode_need_killpriv+0x86/0x250 [ 411.592770][T10358] file_remove_privs_flags+0x257/0x590 [ 411.592796][T10358] ? __pfx_file_remove_privs_flags+0x10/0x10 [ 411.592812][T10358] ? generic_write_checks_count+0x409/0x520 [ 411.592840][T10358] ? generic_write_checks+0x13e/0x1d0 [ 411.592865][T10358] ? __pfx_generic_write_checks+0x10/0x10 [ 411.592887][T10358] ? is_bpf_text_address+0x26/0x2a0 [ 411.592908][T10358] __generic_file_write_iter+0x7e/0x230 [ 411.592934][T10358] generic_file_write_iter+0x10e/0x5e0 [ 411.592956][T10358] ? kernel_text_address+0xa7/0xe0 [ 411.592971][T10358] ? __pfx_generic_file_write_iter+0x10/0x10 [ 411.592995][T10358] ? __lock_acquire+0xad5/0xd80 [ 411.593024][T10358] ? aa_file_perm+0x139/0xf60 [ 411.593048][T10358] ? aa_file_perm+0x139/0xf60 [ 411.593070][T10358] ? aa_file_perm+0x3f1/0xf60 [ 411.593099][T10358] ? __lock_acquire+0xad5/0xd80 [ 411.593115][T10358] ? __pfx_aa_file_perm+0x10/0x10 [ 411.593137][T10358] ? look_up_lock_class+0x7b/0x170 [ 411.593157][T10358] fuse_file_write_iter+0xe99/0x1180 [ 411.593176][T10358] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 411.593199][T10358] ? rcu_read_lock_any_held+0xbb/0x160 [ 411.593220][T10358] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 411.593251][T10358] vfs_write+0x70f/0xd10 [ 411.593279][T10358] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 411.593296][T10358] ? __pfx_vfs_write+0x10/0x10 [ 411.593316][T10358] ? __fget_files+0x2a/0x420 [ 411.593332][T10358] ? __fget_files+0x2a/0x420 [ 411.593353][T10358] ksys_write+0x19d/0x2d0 [ 411.593372][T10358] ? __pfx_ksys_write+0x10/0x10 [ 411.593394][T10358] ? do_syscall_64+0xb6/0x230 [ 411.593415][T10358] do_syscall_64+0xf3/0x230 [ 411.593434][T10358] ? clear_bhb_loop+0x45/0xa0 [ 411.593452][T10358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.593467][T10358] RIP: 0033:0x7fc8e618e169 [ 411.593481][T10358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 411.593495][T10358] RSP: 002b:00007fc8e7073038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 411.593511][T10358] RAX: ffffffffffffffda RBX: 00007fc8e63b5fa0 RCX: 00007fc8e618e169 [ 411.593523][T10358] RDX: 00000000fffffdef RSI: 00002000000000c0 RDI: 0000000000000006 [ 411.593533][T10358] RBP: 00007fc8e7073090 R08: 0000000000000000 R09: 0000000000000000 [ 411.593543][T10358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 411.593552][T10358] R13: 0000000000000000 R14: 00007fc8e63b5fa0 R15: 00007fc8e64dfa28 [ 411.593576][T10358] [ 412.194534][ T5894] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 412.367391][ T5894] usb 3-1: config 0 has no interfaces? [ 412.376088][ T5894] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 412.385349][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.393365][ T5894] usb 3-1: Product: syz [ 412.397592][ T5894] usb 3-1: Manufacturer: syz [ 412.402186][ T5894] usb 3-1: SerialNumber: syz [ 412.408928][ T5894] usb 3-1: config 0 descriptor?? [ 412.423197][T10349] xt_nat: multiple ranges no longer supported [ 414.073019][ T5941] usb 1-1: USB disconnect, device number 48 [ 414.401671][T10381] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1364'. [ 414.756381][ T976] usb 3-1: USB disconnect, device number 59 [ 414.764214][T10386] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1366'. [ 414.806476][T10386] 0ªX¹¦D: renamed from gretap0 (while UP) [ 414.861367][T10386] 0ªX¹¦D: entered allmulticast mode [ 414.896869][T10386] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 414.961328][T10390] FAULT_INJECTION: forcing a failure. [ 414.961328][T10390] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 414.975422][T10390] CPU: 0 UID: 0 PID: 10390 Comm: syz.2.1367 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 414.975451][T10390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 414.975465][T10390] Call Trace: [ 414.975473][T10390] [ 414.975481][T10390] dump_stack_lvl+0x241/0x360 [ 414.975517][T10390] ? __pfx_dump_stack_lvl+0x10/0x10 [ 414.975547][T10390] ? __pfx__printk+0x10/0x10 [ 414.975586][T10390] should_fail_ex+0x424/0x570 [ 414.975612][T10390] _copy_from_user+0x2d/0xb0 [ 414.975642][T10390] i2cdev_ioctl+0x23a/0xa20 [ 414.975666][T10390] ? __fget_files+0x2a/0x420 [ 414.975685][T10390] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 414.975711][T10390] ? __fget_files+0x2a/0x420 [ 414.975734][T10390] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 414.975758][T10390] __se_sys_ioctl+0xf1/0x160 [ 414.975786][T10390] do_syscall_64+0xf3/0x230 [ 414.975813][T10390] ? clear_bhb_loop+0x45/0xa0 [ 414.975837][T10390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.975857][T10390] RIP: 0033:0x7efc0318e169 [ 414.975876][T10390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.975894][T10390] RSP: 002b:00007efc040e2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 414.975915][T10390] RAX: ffffffffffffffda RBX: 00007efc033b5fa0 RCX: 00007efc0318e169 [ 414.975931][T10390] RDX: 00002000000000c0 RSI: 0000000000000707 RDI: 0000000000000004 [ 414.975944][T10390] RBP: 00007efc040e2090 R08: 0000000000000000 R09: 0000000000000000 [ 414.975957][T10390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 414.975969][T10390] R13: 0000000000000000 R14: 00007efc033b5fa0 R15: 00007efc034dfa28 [ 414.976000][T10390] [ 415.496705][T10399] program syz.0.1370 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 415.872538][T10399] syz.0.1370 (10399): drop_caches: 2 [ 416.052917][T10399] syz.0.1370 (10399): drop_caches: 2 [ 416.315243][T10409] usb usb1: usbfs: process 10409 (syz.1.1372) did not claim interface 0 before use [ 416.660739][T10414] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1375'. [ 416.733574][T10416] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 416.756371][T10416] team0: Device macvtap1 is already an upper device of the team interface [ 417.068732][ T5891] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 417.460688][ T5891] usb 3-1: config 0 has no interfaces? [ 417.480523][ T5891] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 417.510274][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.568574][ T5891] usb 3-1: Product: syz [ 417.669830][ T5891] usb 3-1: Manufacturer: syz [ 417.804795][ T5891] usb 3-1: SerialNumber: syz [ 417.881235][ T5891] usb 3-1: config 0 descriptor?? [ 417.962304][T10426] kvm: vcpu 4: requested lapic timer restore with starting count register 0x390=768 (1536 ns) > initial count (34 ns). Using initial count to start timer. [ 418.595818][T10432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 418.604398][T10432] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 418.621223][T10435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 418.635522][T10435] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 418.768984][T10437] program syz.4.1382 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 419.027078][T10437] syz.4.1382 (10437): drop_caches: 2 [ 419.089382][T10437] syz.4.1382 (10437): drop_caches: 2 [ 420.183800][T10447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 420.274786][T10447] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 420.346171][ T976] usb 3-1: USB disconnect, device number 60 [ 420.468915][T10451] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1388'. [ 421.182094][T10466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 421.192188][T10466] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.039877][T10478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 422.053157][T10478] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.101235][T10480] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1400'. [ 423.112001][T10490] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1403'. [ 423.117888][T10490] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1403'. [ 424.745217][T10502] ALSA: mixer_oss: invalid OSS volume '' [ 425.076948][T10512] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1411'. [ 425.794846][ T5895] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 426.302004][T10525] xt_ecn: cannot match TCP bits for non-tcp packets [ 426.464526][ T5895] usb 1-1: Using ep0 maxpacket: 8 [ 426.496835][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 426.534603][ T5892] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 426.558775][T10529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 426.567669][T10529] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 426.585195][ T5895] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 426.599353][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.623047][ T5895] usb 1-1: config 0 descriptor?? [ 426.865618][ T5892] usb 3-1: config 0 has no interfaces? [ 426.885492][ T5892] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 426.904720][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.918774][ T5892] usb 3-1: Product: syz [ 426.929360][ T5892] usb 3-1: Manufacturer: syz [ 426.934170][ T5892] usb 3-1: SerialNumber: syz [ 426.948029][ T5892] usb 3-1: config 0 descriptor?? [ 427.058060][ T5895] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 427.176918][T10535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 427.191770][T10535] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 427.973533][ T5895] usb 1-1: USB disconnect, device number 49 [ 428.740476][ T5895] usb 3-1: USB disconnect, device number 61 [ 428.934215][T10548] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1425'. [ 429.279843][T10550] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 429.316925][T10554] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 429.356611][T10550] net veth1_virt_wifi virt_wifi0 (unregistering): left allmulticast mode [ 429.584571][ T976] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 429.749172][ T976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 429.760935][ T976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 429.786586][ T976] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 429.800272][ T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.816156][ T976] usb 3-1: config 0 descriptor?? [ 430.279025][ T976] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0 [ 430.289020][ T976] cp2112 0003:10C4:EA90.0010: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 430.481558][ T976] cp2112 0003:10C4:EA90.0010: Part Number: 0x82 Device Version: 0xFE [ 430.680021][T10554] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 430.689291][T10554] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 430.709498][ T976] cp2112 0003:10C4:EA90.0010: error requesting SMBus config [ 430.722959][ T976] cp2112 0003:10C4:EA90.0010: probe with driver cp2112 failed with error -71 [ 430.761018][ T976] usb 3-1: USB disconnect, device number 62 [ 431.334938][T10577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 431.343959][T10577] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.530686][T10580] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 431.538265][T10580] IPv6: NLM_F_CREATE should be set when creating new route [ 431.914646][ T976] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 432.182938][ T976] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 432.233052][ T976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.268328][ T976] usb 3-1: Product: syz [ 432.282709][ T976] usb 3-1: Manufacturer: syz [ 432.292108][ T976] usb 3-1: SerialNumber: syz [ 432.339395][ T976] usb 3-1: config 0 descriptor?? [ 432.377209][ T976] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 432.941252][T10594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 432.950079][T10594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 434.424814][ T976] gspca_sunplus: reg_r err -110 [ 434.429831][ T976] sunplus 3-1:0.0: probe with driver sunplus failed with error -110 [ 434.826485][T10609] 8021q: VLANs not supported on sit0 [ 434.918035][T10614] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 434.939105][T10614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 434.975979][T10614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 435.018395][T10614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 435.051665][T10614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 435.145505][ T54] usb 3-1: USB disconnect, device number 63 [ 435.164608][ T5894] usb 1-1: new full-speed USB device number 50 using dummy_hcd [ 435.347724][ T5894] usb 1-1: unable to get BOS descriptor or descriptor too short [ 435.389217][ T5894] usb 1-1: not running at top speed; connect to a high speed hub [ 435.465024][ T5894] usb 1-1: config 4 has an invalid interface number: 147 but max is 0 [ 435.504583][ T5894] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 435.551304][ T5894] usb 1-1: config 4 has no interface number 0 [ 435.568577][ T5894] usb 1-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 435.587720][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.596450][ T5894] usb 1-1: Product: syz [ 435.655293][T10620] ptrace attach of "./syz-executor exec"[5855] was attempted by "./syz-executor exec"[10620] [ 435.695218][ T5894] usb 1-1: Manufacturer: syz [ 435.713069][ T5894] usb 1-1: SerialNumber: syz [ 435.849217][T10623] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1449'. [ 435.859200][T10623] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 435.872026][T10623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1449'. [ 435.967413][ T5894] usb 1-1: USB disconnect, device number 50 [ 436.385924][T10629] ip6t_srh: unknown srh match flags B153 [ 437.546922][T10643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 437.556249][T10643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 437.779455][T10649] tipc: Started in network mode [ 437.797912][T10649] tipc: Node identity ac4e0d, cluster identity 4711 [ 437.812462][T10649] tipc: Enabling of bearer rejected, failed to enable media [ 438.021689][T10655] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 438.044041][T10655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 438.057993][T10655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 438.102955][T10655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 438.164968][T10655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 438.604630][ T5892] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 438.982255][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.008610][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.092188][ T5892] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 439.117048][ T5892] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 439.159777][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.194145][T10670] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 439.228571][T10670] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 439.250319][T10670] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 439.260645][T10670] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 439.352587][ T5892] usb 3-1: config 0 descriptor?? [ 439.951862][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.958412][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.666869][T10674] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 441.619638][T10684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1468'. [ 441.774930][T10684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1468'. [ 442.007780][ T5892] usbhid 3-1:0.0: can't add hid device: -71 [ 442.013991][ T5892] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 442.066376][ T5892] usb 3-1: USB disconnect, device number 64 [ 442.420240][T10699] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 442.729309][T10704] netlink: 'syz.0.1476': attribute type 10 has an invalid length. [ 442.754564][ T5892] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 442.919425][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 442.938667][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 442.953084][ T5892] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 442.963411][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.980273][ T5892] usb 3-1: config 0 descriptor?? [ 443.342736][ T30] audit: type=1326 audit(1744719233.450:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10722 comm="syz.1.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e618e169 code=0x7ffc0000 [ 443.371293][T10724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 443.386901][T10724] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 443.400766][ T30] audit: type=1326 audit(1744719233.450:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10722 comm="syz.1.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e618e169 code=0x7ffc0000 [ 443.424369][ T30] audit: type=1326 audit(1744719233.480:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10722 comm="syz.1.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc8e618e169 code=0x7ffc0000 [ 443.428120][ T5892] cp2112 0003:10C4:EA90.0011: unknown main item tag 0x0 [ 443.447981][ T30] audit: type=1326 audit(1744719233.480:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10722 comm="syz.1.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e618e169 code=0x7ffc0000 [ 443.505117][ T5941] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 443.551931][ T30] audit: type=1326 audit(1744719233.480:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10722 comm="syz.1.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e618e169 code=0x7ffc0000 [ 443.608812][ T30] audit: type=1326 audit(1744719233.480:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10722 comm="syz.1.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc8e618e169 code=0x7ffc0000 [ 443.609665][ T5892] cp2112 0003:10C4:EA90.0011: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 443.632312][ T30] audit: type=1326 audit(1744719233.480:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10722 comm="syz.1.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e618e169 code=0x7ffc0000 [ 443.704041][ T5941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.717972][ T5941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 443.733431][ T5941] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 443.750185][ T30] audit: type=1326 audit(1744719233.480:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10722 comm="syz.1.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7fc8e618e169 code=0x7ffc0000 [ 443.776631][ T5941] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 443.788695][ T5941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.804955][ T30] audit: type=1326 audit(1744719233.480:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10722 comm="syz.1.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e618e169 code=0x7ffc0000 [ 443.828593][ T5892] cp2112 0003:10C4:EA90.0011: Part Number: 0x82 Device Version: 0xFE [ 443.856773][ T30] audit: type=1326 audit(1744719233.480:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10722 comm="syz.1.1483" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc8e618e169 code=0x7ffc0000 [ 443.881750][ T5941] usb 1-1: config 0 descriptor?? [ 444.027597][T10700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 444.039700][T10700] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 444.067774][ T5892] cp2112 0003:10C4:EA90.0011: error requesting SMBus config [ 444.079807][ T5892] cp2112 0003:10C4:EA90.0011: probe with driver cp2112 failed with error -71 [ 444.099706][ T5892] usb 3-1: USB disconnect, device number 65 [ 444.130930][ T5985] udevd[5985]: setting owner of /dev/bus/usb/003/065 to uid=0, gid=0 failed: No such file or directory [ 444.830722][T10733] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1485'. [ 444.869794][T10733] macvlan2: entered promiscuous mode [ 444.884063][T10733] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 445.164565][ T5892] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 445.314932][ T5892] usb 3-1: Using ep0 maxpacket: 16 [ 445.322858][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 445.338363][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 445.399897][ T5892] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 445.413747][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.441138][ T5892] usb 3-1: config 0 descriptor?? [ 445.939272][ T5892] input: HID 05ac:8241 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:05AC:8241.0012/input/input32 [ 446.080854][ T5941] usbhid 1-1:0.0: can't add hid device: -71 [ 446.087622][ T5941] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 446.104194][ T5941] usb 1-1: USB disconnect, device number 51 [ 446.123237][ T5892] appleir 0003:05AC:8241.0012: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0 [ 446.535448][T10749] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1490'. [ 446.635555][ T5891] usb 3-1: USB disconnect, device number 66 [ 446.917920][T10759] bond3: (slave gretap1): Releasing active interface [ 447.218825][T10767] program syz.2.1496 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 447.290286][ T5892] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 447.309385][T10767] netlink: 'syz.2.1496': attribute type 10 has an invalid length. [ 447.318551][T10767] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 447.333232][T10767] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 447.382226][T10767] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 447.517615][ T5892] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 447.526255][ T5892] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 447.538970][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 447.550935][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 447.562579][ T5892] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 447.584075][ T5892] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 447.644056][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.811062][ T5892] usb 1-1: config 0 descriptor?? [ 447.832328][T10770] "syz.3.1498" (10770) uses obsolete ecb(arc4) skcipher [ 447.912006][T10761] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 448.350715][ T5892] plantronics 0003:047F:FFFF.0013: reserved main item tag 0xd [ 448.399288][ T5892] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 448.486590][ T5892] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 448.641463][ T5941] usb 1-1: USB disconnect, device number 52 [ 450.010012][T10797] xt_ipcomp: unknown flags 12 [ 450.241566][T10807] [ 450.243926][T10807] ====================================================== [ 450.250936][T10807] WARNING: possible circular locking dependency detected [ 450.257975][T10807] 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 Not tainted [ 450.265084][T10807] ------------------------------------------------------ [ 450.272102][T10807] syz.1.1508/10807 is trying to acquire lock: [ 450.278156][T10807] ffffffff900fd588 (rtnl_mutex){+.+.}-{4:4}, at: start_sync_thread+0xde/0x2d60 [ 450.287129][T10807] [ 450.287129][T10807] but task is already holding lock: [ 450.294496][T10807] ffff888029c221a8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1b2/0xd50 [ 450.304633][T10807] [ 450.304633][T10807] which lock already depends on the new lock. [ 450.304633][T10807] [ 450.315050][T10807] [ 450.315050][T10807] the existing dependency chain (in reverse order) is: [ 450.324102][T10807] [ 450.324102][T10807] -> #2 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 450.332721][T10807] lock_acquire+0x116/0x2f0 [ 450.337757][T10807] __mutex_lock+0x1a5/0x10c0 [ 450.342885][T10807] smc_switch_to_fallback+0x35/0xda0 [ 450.348716][T10807] smc_sendmsg+0x11f/0x530 [ 450.353704][T10807] __sock_sendmsg+0x221/0x270 [ 450.358922][T10807] __sys_sendto+0x365/0x4c0 [ 450.363948][T10807] __x64_sys_sendto+0xde/0x100 [ 450.364613][ T5894] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 450.369223][T10807] do_syscall_64+0xf3/0x230 [ 450.369262][T10807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.388250][T10807] [ 450.388250][T10807] -> #1 (sk_lock-AF_INET6){+.+.}-{0:0}: [ 450.396001][T10807] lock_acquire+0x116/0x2f0 [ 450.401038][T10807] lock_sock_nested+0x48/0x100 [ 450.406341][T10807] do_ipv6_setsockopt+0xccd/0x3680 [ 450.411991][T10807] ipv6_setsockopt+0x5d/0x170 [ 450.417200][T10807] do_sock_setsockopt+0x3b1/0x710 [ 450.422775][T10807] __x64_sys_setsockopt+0x1ee/0x280 [ 450.428515][T10807] do_syscall_64+0xf3/0x230 [ 450.433546][T10807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.439981][T10807] [ 450.439981][T10807] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 450.447215][T10807] validate_chain+0xa69/0x24e0 [ 450.452507][T10807] __lock_acquire+0xad5/0xd80 [ 450.457705][T10807] lock_acquire+0x116/0x2f0 [ 450.462730][T10807] __mutex_lock+0x1a5/0x10c0 [ 450.467847][T10807] start_sync_thread+0xde/0x2d60 [ 450.473312][T10807] do_ip_vs_set_ctl+0x48e/0xe50 [ 450.478687][T10807] nf_setsockopt+0x295/0x2c0 [ 450.483808][T10807] smc_setsockopt+0x25c/0xd50 [ 450.489009][T10807] do_sock_setsockopt+0x3b1/0x710 [ 450.494554][T10807] __x64_sys_setsockopt+0x1ee/0x280 [ 450.500275][T10807] do_syscall_64+0xf3/0x230 [ 450.505307][T10807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.511723][T10807] [ 450.511723][T10807] other info that might help us debug this: [ 450.511723][T10807] [ 450.521949][T10807] Chain exists of: [ 450.521949][T10807] rtnl_mutex --> sk_lock-AF_INET6 --> &smc->clcsock_release_lock [ 450.521949][T10807] [ 450.535612][T10807] Possible unsafe locking scenario: [ 450.535612][T10807] [ 450.543057][T10807] CPU0 CPU1 [ 450.548428][T10807] ---- ---- [ 450.553825][T10807] lock(&smc->clcsock_release_lock); [ 450.559244][T10807] lock(sk_lock-AF_INET6); [ 450.566286][T10807] lock(&smc->clcsock_release_lock); [ 450.574193][T10807] lock(rtnl_mutex); [ 450.578183][T10807] [ 450.578183][T10807] *** DEADLOCK *** [ 450.578183][T10807] [ 450.586326][T10807] 1 lock held by syz.1.1508/10807: [ 450.591455][T10807] #0: ffff888029c221a8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1b2/0xd50 [ 450.602007][T10807] [ 450.602007][T10807] stack backtrace: [ 450.607898][T10807] CPU: 1 UID: 0 PID: 10807 Comm: syz.1.1508 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 450.607920][T10807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 450.607932][T10807] Call Trace: [ 450.607939][T10807] [ 450.607947][T10807] dump_stack_lvl+0x241/0x360 [ 450.607975][T10807] ? __pfx_dump_stack_lvl+0x10/0x10 [ 450.608000][T10807] ? __pfx__printk+0x10/0x10 [ 450.608023][T10807] ? print_lock+0x171/0x1a0 [ 450.608045][T10807] print_circular_bug+0x2e1/0x300 [ 450.608068][T10807] check_noncircular+0x142/0x160 [ 450.608093][T10807] validate_chain+0xa69/0x24e0 [ 450.608123][T10807] ? is_bpf_text_address+0x26/0x2a0 [ 450.608150][T10807] __lock_acquire+0xad5/0xd80 [ 450.608170][T10807] lock_acquire+0x116/0x2f0 [ 450.608186][T10807] ? start_sync_thread+0xde/0x2d60 [ 450.608214][T10807] __mutex_lock+0x1a5/0x10c0 [ 450.608235][T10807] ? start_sync_thread+0xde/0x2d60 [ 450.608259][T10807] ? sched_clock_cpu+0x77/0x4d0 [ 450.608280][T10807] ? start_sync_thread+0xde/0x2d60 [ 450.608303][T10807] ? __pfx___mutex_lock+0x10/0x10 [ 450.608332][T10807] start_sync_thread+0xde/0x2d60 [ 450.608357][T10807] ? lockdep_hardirqs_on+0x9d/0x150 [ 450.608379][T10807] ? rcu_is_watching+0x15/0xb0 [ 450.608400][T10807] ? trace_sched_exit_tp+0x3c/0x120 [ 450.608416][T10807] ? __schedule+0x1ba6/0x5240 [ 450.608439][T10807] ? __pfx_start_sync_thread+0x10/0x10 [ 450.608471][T10807] ? read_word_at_a_time+0xe/0x20 [ 450.608493][T10807] ? sized_strscpy+0x9a/0x2b0 [ 450.608517][T10807] do_ip_vs_set_ctl+0x48e/0xe50 [ 450.608535][T10807] ? __pfx_do_ip_vs_set_ctl+0x10/0x10 [ 450.608557][T10807] ? __mutex_unlock_slowpath+0x229/0x800 [ 450.608582][T10807] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 450.608605][T10807] ? __pfx___mutex_lock+0x10/0x10 [ 450.608629][T10807] nf_setsockopt+0x295/0x2c0 [ 450.608656][T10807] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 450.608682][T10807] smc_setsockopt+0x25c/0xd50 [ 450.608703][T10807] ? __pfx_aa_sk_perm+0x10/0x10 [ 450.608724][T10807] ? __pfx_smc_setsockopt+0x10/0x10 [ 450.608744][T10807] ? aa_sock_opt_perm+0x79/0x120 [ 450.608769][T10807] ? __pfx_smc_setsockopt+0x10/0x10 [ 450.608787][T10807] do_sock_setsockopt+0x3b1/0x710 [ 450.608807][T10807] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 450.608823][T10807] ? __fget_files+0x2a/0x420 [ 450.608839][T10807] ? __fget_files+0x39d/0x420 [ 450.608853][T10807] ? __fget_files+0x2a/0x420 [ 450.608870][T10807] __x64_sys_setsockopt+0x1ee/0x280 [ 450.608889][T10807] do_syscall_64+0xf3/0x230 [ 450.608911][T10807] ? clear_bhb_loop+0x45/0xa0 [ 450.608930][T10807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.608947][T10807] RIP: 0033:0x7fc8e618e169 [ 450.608963][T10807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.608978][T10807] RSP: 002b:00007fc8e7038038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 450.608996][T10807] RAX: ffffffffffffffda RBX: 00007fc8e63b6080 RCX: 00007fc8e618e169 [ 450.609009][T10807] RDX: 000000000000048b RSI: 0000000000000000 RDI: 0000000000000004 [ 450.609020][T10807] RBP: 00007fc8e6210a68 R08: 0000000000000018 R09: 0000000000000000 [ 450.609031][T10807] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 450.609043][T10807] R13: 0000000000000000 R14: 00007fc8e63b6080 R15: 00007fc8e64dfa28 [ 450.609061][T10807] [ 450.944606][T10807] IPVS: Unknown mcast interface: macvlan1 [ 451.170774][ T5894] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 451.189833][ T5894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.304512][ T5894] usb 1-1: Product: syz [ 451.318627][ T5894] usb 1-1: Manufacturer: syz [ 451.333453][ T5894] usb 1-1: SerialNumber: syz [ 451.356973][ T5894] usb 1-1: config 0 descriptor?? [ 451.770007][T10804] fuse: Bad value for 'fd' [ 452.378288][ T5894] usb 1-1: Firmware version (0.0) predates our first public release. [ 452.386566][ T5894] usb 1-1: Please update to version 0.2 or newer [ 452.438120][ T5894] usb 1-1: USB disconnect, device number 53