last executing test programs: 6m48.513691948s ago: executing program 3 (id=270): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000040b5b63050ac8664c0001"], 0x60}}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80080, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = userfaultfd(0x1) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x1}) (fail_nth: 1) 6m47.667244713s ago: executing program 3 (id=277): socket$can_bcm(0x1d, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000280)=@abs={0x0, 0x0, 0x4e22}, 0x6e) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x747, 0x0, 0x3}, 0xc) connect$bt_l2cap(r3, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3) shutdown(r3, 0x1) open(0x0, 0x0, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x40, '\x00', r5, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, 0x0, 0x0) io_setup(0xff, &(0x7f0000000240)=0x0) r8 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(r7, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x4, r8, &(0x7f00000001c0)="019e2f64", 0x4}]) 6m46.252185562s ago: executing program 3 (id=280): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010003f6fdd140402090b975f601020301090224000201005004090400f700c873b808090504105802030d"], &(0x7f0000000e80)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 6m43.609186143s ago: executing program 3 (id=289): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000180)=ANY=[@ANYRES16=r0], 0x0) r2 = socket$kcm(0x15, 0x5, 0x0) sendmsg$kcm(r2, &(0x7f0000000440)={&(0x7f0000000080)=@vsock={0x28, 0x0, 0x2711, @hyper}, 0x86, 0x0}, 0x4000881) syz_usb_control_io(r1, 0x0, 0x0) 6m40.413831524s ago: executing program 3 (id=304): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0) r1 = epoll_create(0xfffffffe) write$smackfs_access(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="202f6465762f6d70752f702f6d737200207861059d035a33b415db0a05d5b7415f1b24af9d9c2d3f48096ddffd3d7169c9dc5e7bd16f83ef38ef891185d86dad572c440e10918e5239b22298e1a9114d7fcec08ad9a71fdd3cb93695a83da5a02a00f5e6225ca3244427a7133541735399f9cfe65dea6fcef6181afc15b38920128f33c7696ec1202eb988cfa49c8f292d8d4cddde57a20381a9eb6ef016c0f04957ecdf6c06b3acfbdc5a9b349328ea87436b6e605453000000000000000000000000000000ccefee4e170892d73a783939e93b2f25057086d524457f937ea6b9411b16cadab193d08e6c496d3b328025d6f8f8781cd4b72400772013fa2d2b1e8d9ea98df3ace7e3b59a6c90bf2873802bcd48fc49ae7fe8ed7b8990ca05dbe52ea793b4f03235706d4403bc13855af07dcf9f01277839737715da8bbdfe32ef80d8d112506eb243a165e3c8aed85498a69c8f508ed806b9757a1da06dc4813ad4deeb08488a4d902c06e1b2c3642632598294ba34987fb337d00790809bdda6ea8b6956f1235558794d2bb51bc71bb21cea02b5a944ab5f5074f2cd2a52bd7f8d0fbf22149b5f2432e2b3acae78fc075c9444ec73d1d079ede75f00000000000000"], 0x16) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) symlink(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) setpgid(r2, 0x0) setpgid(0x0, r2) mount(0x0, &(0x7f0000000300)='./file1\x00', &(0x7f0000000080)='tmpfs\x00', 0x800, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) close(0x3) r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io(r3, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000780)=ANY=[@ANYRES16=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) r4 = inotify_init1(0x800) r5 = inotify_init1(0x0) r6 = inotify_add_watch(r5, &(0x7f0000000200)='.\x00', 0x41000880) inotify_rm_watch(r4, r6) syz_usb_control_io$uac1(r3, 0x0, 0x0) syz_usb_control_io$uac1(r3, &(0x7f0000000040)={0x14, 0x0, 0x0}, &(0x7f0000000500)={0x44, &(0x7f0000000280)={0x40, 0x13, 0x3, "efa9b7"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 6m37.558335538s ago: executing program 3 (id=316): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200"/66, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket(0x10, 0x803, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000380), 0x0, 0x2) r2 = epoll_create(0x5) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000240)={0x80000008}) ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f041}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b595000000000000000002000000", @ANYRES32=r0, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) iopl(0x3) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/20, @ANYRES32, @ANYBLOB="ebffffffffffffff280012800b00010065727370616e000018000280040012000500163001000000080015"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) 6m22.078345035s ago: executing program 32 (id=316): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200"/66, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket(0x10, 0x803, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000380), 0x0, 0x2) r2 = epoll_create(0x5) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000240)={0x80000008}) ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f041}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b595000000000000000002000000", @ANYRES32=r0, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) iopl(0x3) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400"/20, @ANYRES32, @ANYBLOB="ebffffffffffffff280012800b00010065727370616e000018000280040012000500163001000000080015"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) 6m17.585679011s ago: executing program 0 (id=394): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x8000003}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) readv(r5, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x8}], 0xe) 6m16.512127487s ago: executing program 0 (id=397): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000000001018510000007", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x0) 6m16.166296769s ago: executing program 0 (id=398): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000002240)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_INIT(r3, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21}}, 0x50) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000004640)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@uname={'uname', 0x3d, '}\x81{-/}(*'}}], [], 0x6b}}) read$FUSE(r0, &(0x7f0000007100)={0x2020}, 0x941f) r4 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f00000000c0)={0x44, &(0x7f0000000900)={0x40, 0x11}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_ep_write(r4, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000") 6m13.039780879s ago: executing program 0 (id=406): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b000000850000000f00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0x4, 0x200, 0x5c}) r2 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000540)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000d40)={0x44, &(0x7f0000000380)=ANY=[@ANYBLOB="2d2c2f34fb91b66efe5157decc9b926e5b4087c1c9e88f629557ca81bc84a9b4c59dfa17269c21745f56f7370ca3a74dcdc64ca607947f86cee4a056f751ad6807b53d35eea8757513e601600d50c870f45c150e1e6ff452dbf5768ec967e7ad00e8240059fa1216340a9f299dffbb10ac114927488d1eaa08e4a4085a6fa7af3a8e727ad31f34eb98af5cb899e9431aae7226664a4866c364fc41a96c9719a9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000340)={0x0, 0x15}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_int(r1, 0x10d, 0xbf, &(0x7f00000000c0), &(0x7f0000000140)=0x4) 6m9.780639004s ago: executing program 0 (id=410): ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f0000000140)={0xee, 0x4, 0x0, 'queue1\x00', 0xe402}) 6m9.63835031s ago: executing program 0 (id=411): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000000)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="00dc6b"], 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = add_key$user(0x0, &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000280)="85952b177328da2f8757c9343d6559eb7a8197c0479df99720c9f9d0a8093c94", 0x20, 0xfffffffffffffffd) r6 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r5, r6, r5}, &(0x7f00000000c0)=""/80, 0x50, 0x0) r7 = add_key$fscrypt_v1(&(0x7f0000000480), &(0x7f0000000380)={'fscrypt:', @desc4}, &(0x7f00000005c0)={0x0, "9dabf6b1e91501a094412751d6873060b09449f5d25b8cf0ce0bb47e20e2ed99e843ce69a2fc6b2046bfc40853f7064504e09cda0566bac10957e15ff411fba8", 0x8000}, 0x48, 0x0) keyctl$clear(0x7, r7) r8 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f00000000c0)='rxrpc\x00', &(0x7f00000001c0)) keyctl$dh_compute(0x17, &(0x7f0000000080)={r5, r7, r8}, &(0x7f0000000880)=""/4096, 0x1000, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000240)={0x24, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41b}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r4, &(0x7f00000002c0)={0x24, 0x0, &(0x7f00000007c0)=ANY=[], 0x0, 0x0}, 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f00000006c0)={0x24, &(0x7f00000005c0)={0x0, 0x10, 0xc, {0xc, 0x23, "5cb99e3e60c240d142f1"}}, 0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000001c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r9}}) ioprio_set$pid(0x1, 0x0, 0x2007) 5m54.095642671s ago: executing program 33 (id=411): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000000)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="00dc6b"], 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = add_key$user(0x0, &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000280)="85952b177328da2f8757c9343d6559eb7a8197c0479df99720c9f9d0a8093c94", 0x20, 0xfffffffffffffffd) r6 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r5, r6, r5}, &(0x7f00000000c0)=""/80, 0x50, 0x0) r7 = add_key$fscrypt_v1(&(0x7f0000000480), &(0x7f0000000380)={'fscrypt:', @desc4}, &(0x7f00000005c0)={0x0, "9dabf6b1e91501a094412751d6873060b09449f5d25b8cf0ce0bb47e20e2ed99e843ce69a2fc6b2046bfc40853f7064504e09cda0566bac10957e15ff411fba8", 0x8000}, 0x48, 0x0) keyctl$clear(0x7, r7) r8 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f00000000c0)='rxrpc\x00', &(0x7f00000001c0)) keyctl$dh_compute(0x17, &(0x7f0000000080)={r5, r7, r8}, &(0x7f0000000880)=""/4096, 0x1000, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000240)={0x24, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41b}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r4, &(0x7f00000002c0)={0x24, 0x0, &(0x7f00000007c0)=ANY=[], 0x0, 0x0}, 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f00000006c0)={0x24, &(0x7f00000005c0)={0x0, 0x10, 0xc, {0xc, 0x23, "5cb99e3e60c240d142f1"}}, 0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000001c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r9}}) ioprio_set$pid(0x1, 0x0, 0x2007) 2m55.645063041s ago: executing program 2 (id=990): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000080), &(0x7f00000000c0)=r0}, 0x20) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r4, 0x0, 0xd2, &(0x7f0000000040)={@multicast2, @multicast1, 0x0, "4f6fb4d1af0f724e6118ecd4ac1100843af297baebb0efcdf5a284da144a011a"}, 0x3c) pipe(&(0x7f0000000000)={0xffffffffffffffff}) close(r5) write$cgroup_subtree(r5, 0x0, 0x2b) ioctl$TIOCGSID(r5, 0x5429, &(0x7f0000000100)) setsockopt$MRT_DEL_MFC_PROXY(r4, 0x0, 0xd3, &(0x7f00000000c0)={@multicast2, @multicast1, 0x2, "c6c0e6ec8755b5dc4e305886d95f086707764f8d0e5a0358ea21274f844a69e9"}, 0x3c) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) shmat(0x0, &(0x7f00002e5000/0x4000)=nil, 0x66c8d4fe9b86d43c) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='coredump_filter\x00') readv(r6, &(0x7f0000001440)=[{&(0x7f0000000040)=""/20, 0x14}], 0x1) socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfb, 0x100}, 0xc) r7 = syz_open_dev$sndctrl(&(0x7f0000000040), 0xfa2, 0x109000) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f00000003c0)={{0x80000005, 0x5, 0xb48, 0x7, 'syz0\x00', 0x1}, 0x3, 0x10000000, 0x7, 0x0, 0x1, 0x2, 'syz1\x00', &(0x7f00000000c0)=['.*\x00'], 0x3}) 2m54.618731891s ago: executing program 2 (id=992): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="000000000000010185100000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) r2 = accept4(r1, 0x0, 0x0, 0x800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2m54.438051044s ago: executing program 2 (id=995): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f00000002c0)) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2f, 0xc, 0x81, 0x8, 0x187f, 0x200, 0x6bad, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3c, 0x7f, 0x98, 0x0, [], [{{0x9, 0x5, 0x3}}]}}]}}]}}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000440)={r2, @in={{0x2, 0x4e24, @local}}, [0x3, 0x5, 0x8, 0x8000000000000001, 0x75c1, 0x7fff, 0x5, 0x5, 0x2, 0xffffffff, 0x2, 0x1, 0xffffffffffff63a1, 0x5, 0x9]}, &(0x7f0000000540)=0x100) 2m50.612246947s ago: executing program 2 (id=1005): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="000000000000010185100000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) r2 = accept4(r1, 0x0, 0x0, 0x800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2m50.190408685s ago: executing program 2 (id=1007): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x806, 0x1) mmap(&(0x7f000074a000/0x3000)=nil, 0x3000, 0x4, 0x110, r0, 0xa0ad6000) setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f00000002c0)=0xfffffffa, 0x4) 2m49.302209392s ago: executing program 2 (id=1010): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) socketpair(0x2, 0xa, 0x2850, &(0x7f0000000240)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '\'{\'\xe8(&'}, {0x20, '{\x1d:*'}], 0xa, "822d0cc532d19aa0efedb831fb517557775d7feeb10d15fe343053828635850579e706cd8d0ddc638f4e46848916ece25cc3003c9e416726ab35c1717c29926124b57b5cd484c3c76464270cea5258e418ca0c02330212a1fe3b8ea0d88cbe6cd09e2b650c8005072166a7a41c4b1f66bc29bff25b46742cd1915c7b362356e2903e34ec010a05e3571d8695f50513c23bdaea5926210c84864bdb600423ddb275fe7387ae0ae4b96e416b7f"}, 0xc3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r2}, 0x10) r3 = gettid() r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r4, &(0x7f0000000740)={0x1f, @none}, 0x8) listen(r4, 0x0) accept4(r4, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f00000005c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r6, 0x80, 0x2}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x2, 0x0, 0x7, 0x40000, r1, 0x3, '\x00', r6, r0, 0x3, 0x0, 0x2, 0x1, @void, @value, @void, @value}, 0x50) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) 2m32.908239093s ago: executing program 34 (id=1010): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) socketpair(0x2, 0xa, 0x2850, &(0x7f0000000240)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '\'{\'\xe8(&'}, {0x20, '{\x1d:*'}], 0xa, "822d0cc532d19aa0efedb831fb517557775d7feeb10d15fe343053828635850579e706cd8d0ddc638f4e46848916ece25cc3003c9e416726ab35c1717c29926124b57b5cd484c3c76464270cea5258e418ca0c02330212a1fe3b8ea0d88cbe6cd09e2b650c8005072166a7a41c4b1f66bc29bff25b46742cd1915c7b362356e2903e34ec010a05e3571d8695f50513c23bdaea5926210c84864bdb600423ddb275fe7387ae0ae4b96e416b7f"}, 0xc3) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r2}, 0x10) r3 = gettid() r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r4, &(0x7f0000000740)={0x1f, @none}, 0x8) listen(r4, 0x0) accept4(r4, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f00000005c0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r6, 0x80, 0x2}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x2, 0x0, 0x7, 0x40000, r1, 0x3, '\x00', r6, r0, 0x3, 0x0, 0x2, 0x1, @void, @value, @void, @value}, 0x50) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) 9.663391496s ago: executing program 1 (id=1603): socket$inet(0x2, 0x2, 0x1) openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x89901) socket$igmp(0x2, 0x3, 0x2) socket$alg(0x26, 0x5, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r3) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000100)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r5, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000600)={r6, 0x0, 0x0, 0x0, 0x0, [0x0], [], [], [0xd]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r3, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r7], [0x2b8]}) 7.169896862s ago: executing program 7 (id=1616): syz_usb_connect(0x0, 0x4, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_procs(r0, 0x0, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r3], 0x50}, 0x1, 0xba01}, 0x0) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) 6.558187234s ago: executing program 1 (id=1619): r0 = io_uring_setup(0x4dc2, &(0x7f00000004c0)={0x0, 0xe641}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, 0x0, 0x0) 6.497402372s ago: executing program 1 (id=1620): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="000000000000010185100000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e", 0xc2}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 6.341922535s ago: executing program 1 (id=1621): r0 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000240)=0x60) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x7) ioctl$TCFLSH(r1, 0x8925, 0x20001116) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000280)=0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000040'], 0x2a, 0xfffffffffffffffc) r3 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f0000000040), &(0x7f0000000000), &(0x7f0000000340)="f9326dee1b", 0x5, 0xfffffffffffffffe) keyctl$read(0xb, r3, &(0x7f0000000240)=""/112, 0x349b7f55) sendmsg$nfc_llcp(r0, &(0x7f0000000500)={&(0x7f0000000300)={0x27, r2, 0x0, 0x7, 0x40, 0xf3, "69fa5103c304c585d78f81557fc3210a54b174e3055f8d2609a0c38e6a26196eb30400d9c03316c0659bf8d0c8926167b5b80a628b08618fe90facba6f00", 0x2}, 0x60, &(0x7f0000000400)=[{&(0x7f0000000380)="bca0fc58adc6ddcdd601328ddd6a24ac9c078da9f8dffce1f8ecb91f27a7141a5d43d3e38cc148f39edf51c2eec78ddc2d11ad94ece8123a375258f786e10b30e2a85da406eed5a30d4f9e8e536fa8993fdae1397f02cfed947bd4e79ec4a842f26ba51daddaca1ea72dfdd0851bdc50ff707054ba5d1b69f0", 0x79}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="880000000000000004010000070000002b327300f5a4d22499679020845a042842450890d4bde2c203be948b7241d7584cbeb1f81a12509c50880acbe6ca523ed0be07cff46f395c339616c913bef2375c7eb8380faa6104b8be7126c9caccb4bda172fe283c2aa3fae8a0509b33284161e292701fd693b7ed11cf20ed9de7010000000000000000"], 0x88, 0x4004040}, 0x1) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @multicast, @val={@void, {0x8100, 0x0, 0x0, 0x3}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010103, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x2, 0x23, 0x1, 0x64, 0xfffb, 0x27, 0x2f, 0x2, @empty, @remote}, "21d794038d6e3b77"}}}}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x41e, 0x3100, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0) syz_usb_control_io(r5, 0x0, 0x0) syz_usb_control_io(r5, &(0x7f0000000080)={0x2c, &(0x7f0000000040)={0x10, 0x19, 0x6, {0x6, 0x5, "87912ea0"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00003, 0x8) r8 = syz_open_procfs(0x0, &(0x7f0000001080)='smaps_rollup\x00') read$FUSE(r8, &(0x7f0000002e40)={0x2020}, 0x2020) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r9, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="20002abd7000fddbdf257f00000008000300", @ANYRES32=r7, @ANYBLOB="0a00340002020202020200000a00f50050505050505000000a00340002020202020200000600480052000000150034006a3ae5ae9cb6abf2a5686e6f4a08f0fe680000000a00f5000802110000010000018000000000000000fb0000"], 0x78}, 0x1, 0x0, 0x0, 0x4}, 0x2010) socket$inet6_tcp(0xa, 0x1, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000540), 0x480, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000005d40)={0x2b84, r6, 0x1, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_CSA_IES={0x2b68, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_IE_ASSOC_RESP={0x2a, 0x80, [@link_id={0x65, 0x12}, @mesh_chsw={0x76, 0x6, {0x5, 0xe, 0x34, 0x81}}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x82, 0x3, 0x28}}, @ibss={0x6, 0x2, 0x1}]}], @beacon_params=[@NL80211_ATTR_PROBE_RESP={0x80e, 0x91, "39bdae0bc71dd279b3a92d2fa125e663f064b74b121f7ba0b52c58e4ec27b51b664542194c8a24f56f9eae0056b9fec8cc83f6e4a7a26b3185dad4948df74da0a8b7c9884664435f9b8c6946eb3b498295a029157400dac588256198ddcb2f8ecc10de814da69f93151bed3c569f7bbe595426df15c91e866fe7aa6c757d2c6a014d4afd5313121b123b582f7dc51c6094c8aaad82cf146782e6c33453ad5e5dab41ab0e89ac3b5b3cc6f7d82e9b39bcd4b0f73150665fc3b7d6d2e0b4f8e23f17046e42239545541c70dbe87e07460bf4074e3010393fa987e33057aff736ea0c296116c37b639f712973b1f7e3eac4ab28132820f6ba08c6bb3e2e4cc27b728a6e9e3576cea3abedfc6c502d13afac0f8abd1e7c1cd72f951d990daf33ec5f76e85f77bf8292a6d3292d4d88bf4b4f83f666c77450b2663a782e82bd397c0287610f69257ffbb7ef36d2efa6dd939d29b383b05299a2131da25b5eb624977c18ac6a3cd466383743405d70423ed0e84c3d37a84c195a5c3588191578814375a7f9a5c2123e0a7f680158ca430934197cd16d379a3ad8d7160cf9eb46f2f23d98768c428df55377f77cc0c9df0ae9eee6adca30a3c875198a2abe092deb55ca54499fa7e02361d0946318384c5c5e37b84bc41fed89ef774ac0e43e75f58c82fb313aa8ca74bec5b0cc1d5dcd173dffda7ab6b5a457da5cbf4925810e4993ee1fd4ebd18e03b1afe2bbb617e9e4c5658389be51ee09a220e8f52ab1a77079d9cc2eed62713c9080289a7499bdb834e6dee44e35d4701d180c358182e4ddc1db23d03522017b478011eef0095f6c1aa7ae5131c05ef7a2d97c126615183710cd5bd7be4acd241256bc4ad2fd839c8888e1cff77c5c4f07ed639b244997f85a362e8f578332710ecafae38870cf77490ff99ddd4d647e6f905a3d95e5c190a9dcd04659b39cdd9a74638053e5278f7588dec28c004367badb9c58159e950e98b6ffc52f17d7425b8b34786614a9a8a9af1f7a28b571ffa9d0b73fd08eb578c660840248173200a502b3a2f061049255204aa6dfbc77dfdc40ac7301710a2c74e84086894061dfb21723b622531d4706679e17063b37eec76985b49b6b10cc23dc69f1cce1e6345ebf91c3dda8b9ed7b6ee01b5ffe9bb1e6186458f12491f4a3410f40fb12b038108e4180e77965cea16c0437f85619bb830e3c501c3dcbdadea5154c86a78e02a38fd6e9629328c7e3205719f53a66a554a8745658813070fcfe714047b7feeef6db1791e9ac08e347de2d9456cbd4e5d84942296546aa4b79d070090603cc60355fc62d2c3bc3552dd38f53f6ac4d3ff1b716bfde090abe0c8d3448fe60677b9ffd1cfac858dd65f7e5f4366d7c30319e90134e8edf96ec1e50a8c43c3af37b7f12d210091397ea914231f139e3520bd8bb0fad8d3754f6cfee97d6e96cb2cb56d3bd6c3de07bf41a5b960bb62d08d7f83d42e1c04f3e72125ab13ebfe65f99be5bcc9dece8c76f03db282e10b96bd6aba87f7502529d456f77a01ac32a73597796e482b5be3bcef37dbcc6f59f698b94d0d86702f5c3f9bcc041ef08875aca6a66c9f3680622903f612ed39d74b130238b85009a0a04a2a1b04f457b6777f7257c42e9ef153a6557dbe3bf751c281c0702119813cd89cabe6bae63b658461b66e9373332c4b2c4f22721a2c965fb6f3ab2722d424473d32289aa4e9ec4d15f96ad02e9bc62a69247ed5d2cc55ab06f68039940436050379b25754bbaa0ed3ffb99749cbe5d56dffc18ee8612a1b8630bd95067f5cba441c762888ba5d6c0ec7f3c3b6293b4c6c97faeb023d72cd46ca7f22bd20bd2ef14ab1920c6238d6f64632db6a8f669f8e82132d4d9f330e50969769a9d2ba2608ed087de714543ba10d85f4a6fd706e5f366b91e7fd73b094f9a2309e5f3c0eab0b733034506567e1ca3b887faba1f3dc9615bd8472b40762133f01a645f78d3456da953fab584a910efb44e63a954f7801081cbae4316195d108ad4330d8009dda6661bded2265438ab4982f812799c2b37c2a2a7b9d014ca29a23a5471fe9e91690874a84a57689eff109bd4c16b0c56f47aa2a089056925080a035a6becd3a291b82da4e4c449a64b809482ec4c439815c9b9cb168e85c6883ec3d9e268a9cfb06c21f58ade01eec2d2067ca3b821d11457b67f37f215b2a496fb1a6b9d73d357b4f7af843fa7736ac3ecf42ae838e6f99f508e4254bf0ef5767b44878c551639caf71114e6ab641b3b86a4b1c38df2d101791854984e92cbe70cd8a62cfdb4e1fd9007eb89065f22579047c56fb5050b4e3fba720f2e775ae5994749f9914f231299972e8ad9357c008e074d26e8d72195d763b4205b54b86f2a51b6469967f8b09c8fd8b66f90f3f40d8af1494ffc5b632d107e3bb2e90883b085edd57259ec78b2ab2f139a7f30f395a25b938fdef398dc121dfb888b29841136dfc60ead0743bf1e0800fd8fa14af3f370a5522a7d7578a3c10ce051a85c19a75076170203c42c70235daaebb0c071f69d952d9cf7d20fea5a854e3ba1340049c1178c435bbfa555430852ab5fa780b77c1130bac0b4e0bc0a34ae1077030330557b20d40b6fea0a2e3093baa869123aa2de6c512e275109b2cc49b73e6ca37c7055045455598d1eee1585cece074a9f8c6df57d6392216833c0f6ad524e299b19b583611e2c156248e27491a4108e90b141e2b382f8eb8dc7149343ac179eb9aaadb5b85eff071da76f3034b403df01579b390020173074cae1060ab3fdda004bdcf907305fa83467fd5855a18f7d6aa42a9fd4b4c4c0ddeca534ce6f4a57f41a2ed8fc8746939196c60c774078e7ba8ad6461f2fd3f20234215e0d19767d01737983f99198534aca15458b9a2b542b"}, @NL80211_ATTR_FTM_RESPONDER={0xf0, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xe9, 0x3, "403827d48eea14e3f53c2697a46b7a5942c2244d4c3c09c1b5ce6e80bdfe5f2f5aac2e5ab66302eba44fb3c272ee59c58053dafa900b86f07d9913369dc53a0198b3f61cf86c42f5a24bad1dbe501cdce8b4bb0c8a45e84734912718ab0cd8c41003c72a65c921b53d00414d315a41a5a7db3461713f435483529b7d006fba58b708f169071f55161d07581b7d7909ff747379af7f32bb507d37a086bad7175cb5f501fc1bc0dc852d554f1bfdb11e1bfed04128614344a07001e105566f1a1b439574b23a3bd7c664367ac2e64e5bef68c5dab1cffd52a51b0305fa925fa947b2f21bc5e7"}]}, @NL80211_ATTR_PROBE_RESP={0x714, 0x91, "cbb9a4b1510127016f4ac375df5cbfa9d1857cff4d0e4ab0420194468ec777519bf9dbb757c7238c6f76841b1930817d9855ca4e4dd25d73e887c37b75c47d1c672f573cd0a4a9567291f67a3137eb921ad161a48356a9b3d667959b17fac9365e5e429fa6dc6a62e08ad0e8a5efce3a776236ef5c408a8faa5ec0d483d751611ccd62af27d1e5819dc66dba010212174bd956ebab65757098cfa326a7eceb79e9884bc299d21a59f8f48a598743cf83bcccbd2ab71b23af2ba5818bf6e047f605713bc4d004656069f323d2b3ae1e1952dcf47e94778bdf5e55f46200316bd263feb72618c3c8cc880846e9fdbbd2db2203fb0986c86db7fc52d1bb64f99a7c50b6e326cfc8c66b21383a245e56ff3f2cadbfae644fdc284d4b44cba63f05f310cfded2a0dd8bb4556da068fa5287553d402eaa26a21f18a69e4f81a25fc313145e61428ec6b918fdbfcee3aa48b67f50898e64564622abcaeb15ef0bc98a355d3016ec3faeabd4d4c409e360bd66af769686172d90f14d571db1688c1069287d3a86843b994a4b4478cc4192813780bcc8fbbd658bd3d025ed7a2f2df05bd7989fb4507bb6eb66ee31e2d9c36c27ec129d7f67bb061510fc44a2a718d760ab6b7088cab5fd046ae3bccd9a3702b80c06093965299a251b9e693471030ef0c3c02d1056efd3badf63b1f072636fecc3896bef212d3819dfe98f61626776c4d14f967dab88b984be3433f357763c11f63246b8df4190a54c997688562110751b3dfdeee810a8947c984f2d4a2116592037a543910cdcb452198be7624e49ad77bd031ae07a23f5c434aaa4491402090ac506792629f88f571921fc0db276aa8238f53adf667d4892f68e61f44cca735cbbda2f64fb895fedd5680a97abd80f01a8524eddde511c61c4dc38ca980e8e017d4888d456990c32d308f442050f9d9fb01305cb620fe246621c67ac67188376a9fa4437a62469c2cd83ccf9d48da3864b543c26442668f69bcd2c4796e612d80da260e40b3f8caec9a39150728863d5d969b961370f1bc3e20b24367315263c9d1618bbbb654352ae06d7985f4fe8d54cd42e89f4489211d373e8e8a637f9819e0dc135c6ab68b063b6bfe937bd3217686e0b88e3a7f00e3fbd483c054029c7f8327b825f9b88f3d28cb22d7b8de8bd1eefcb5c54d5a83d5b5f75e41e2024d07ab80ca0a8e8dbf11705650842ae7f5ac1a82c49eff064b09054465b63b2b6d72ff8a39f2f43a596de3a59073351be832b99acd042873eb55a76d105e9332d4d42d7fd7480fd6ac300135ddb2a5b21a360df8b179a10b20af2a1eb9f8abc8fee283e785b1284baac31770c7376f14ee0a6bfe683e652f93e86d6672db73b3d191dd16b69b73674c0134c35b858000e901294269b7e558bd12795e424d1aa09209ed5271eec0bdf41b15d3b5127ceedbedb51679472a6cb318391e09b05863bfa72cb3ce98f0a598f55751a01c006e265f126d77632cb164b6d3150f6ecf0ca3920a1d3352309c28e77742e4b4af504eaf508896b56197aeba4c3ff159c685072280e10f9956eb491cdbdc2dd5be2f27466f763955a2da60f250a5ddc4553a4b1a179886ed9953cfe2619ab686bd8cef4d41ee0b347c4bf3de50b857b1d8d71f5286f2ab9acf6da574042d81f4e97aaea505cb7779875c19e6da45c72dd3366e6a9da06b50f2968cb2beeae9e15353ec8e3621edfd85b16b13b936c583ee94e09bad624e20c463fcfa7906e1206c63de66c6baf4abad497389c4c16cdc6e6028cd89b687d358a885fd91bd8ea336f49ba34a3a0892dce51425d1909a26aaa4596b820880db8db6998b5508ab528a80d864faff28110f700f45c81bcb1e7d2def007510be3b6bf7adfeffe81c37f50c5a4a3d9030b443ecda59a9caba1617031a1010ec344d09a6b29f17c5b5e65853e9d4656970442277f8805b6a5681455649081282c2a41c2de09c6e4f4949a786b0d1fac026c16caa37cbb6f55b0a895a0c62650a03f4fcfb792ca97380009064a90e4f4cb7f8f543435b7b627f640726824a35dfd605f7367d8a4d3ad9f205c8d278fd623f6a574daf820714a1251cb0c6dc087024e237df1f4ec959ba0a9fc6c7aa267a666694afb9a457896574533137fbd69e030472497974cfa274028e88a626b63b2028ee8957a00c5ba62a6c25d72f9acfeb30de87b83b9698c7f94b88bec559fa46f60b11aef6f1c7e41f165c22b58bb18a9b784b81440913a15b1f563f1842eed89384190a175d422536d89706379caf8f01624807e02d6edd2704e2f0df368a235eb9cccefbad21760e5a07fb1698340260e9bb6d5fd20b7666ff7bb55b7599e5ff6570e4b3b17dbe08564b28baff3e12575d9591bf0eabaa0a6ad7f96cfb0bbf758cabb5c55c9add5695a78739ff4ee60ed43e601f2799483d933e7cf1c07f3578e05838ce301b0f3f3c50e2ea11745fc8be1720111cbdab5eb20bfe18ba03a4a12e3bbd7007111b92d1bf195e9cd20525d43a23cdd1e98e4efef1e64dc74e178a508c3053ca96c04748ece33"}, @NL80211_ATTR_PROBE_RESP={0x7f4, 0x91, "c069af64d098e58a40d4178cd60e2499b71626c1ca68e3c246c27a81b0b59f80c180dd2e84082e4b2e970705d37d4fbd5460565e01fbb3823b8cecac2314c1a06abd4dbe56c2b743a406195325bf6766dd970b79587db6e4e82d7b765b115535813f45884008f227cf605b04511e0f8f1257bad19e394ee7c3a7c23c541e7037fd4abcda5a304b085565b2fe2564437ef3b79b8c1c10d74e81a493f48c91c4f3add8b027125aa7f7bfc936f930886dcbecb798e2a9d83ec468f74932341a6c0f4970d7964a6b5ed22edba4835bc62e5d2e70677c824b8ce7e6312cdf8a19c975856e39721abf78acd68ab54dafa7917859f20414d8575714c2c2dad540ec0de168d9e9488c6101b65e0a5f68be3507efd432b3c2b59ba5524bc7d766af54ff19854cb2c66bc7d55d64ad68e0ebfbb03ac63a173573b81bae099877374df815e7094e879787e98516ee9f3eef3a0ba93ca13077b065191f293c5105cd610e3aeb2047248b0e1109a23a88d1ebd60d2c44a49dbd8779a6cb1e7f8a7905bbd5d624cfa391cf82949c3f6cf1954b7596af11acd26d1048e4a0ae82205da2144ae4c180caa56efd6a40e541e947c8e0295eb3ae7fef110db3da5960420a5d08cc3f43c90c6eff51a093937bc295a9288b28b74a614bb81cae1dea8121bdcaf9341f494e182b07222fcb22b696ed243854d526ca4f1c0edb7438eb4bcb78163bf38d926bd38787ee0c3e2631c9b53163457099c46a8adc3c526f3058754f5cf3a0a80801a00c69add55b86deeb022178930fd61af65d6bf487b96a4732cdba3d2e9eec18e4d2fb2463d6808a7e7aefdd55bc1b23b2bb8c0b16b8b95360b8001c31bf6aa5519447494aa460fe54dddbdb86a7f2014609eff3f1d34f64b40a82a0768eeec582cc428fa7f2fab587904c820a932b84260293cb3616d8cb599eb95f37371acefa91c3d2ff2745b59c7483617cb0c2598c43fdecb34f2913bd60a3da355edff3f408301affdba9b9bc475b7c185c519a84dd0c38a088563b3dffeac798c32602073ba6e867b772503320e22e3cb31300eaa54718fa7e4cc7498b7ab6fc4882fe7a772f69836bf8b581c4a99fa9bf794a04b630602cd0a71d7bfbe94ccf55ba0a9b01d4489b249d0bfcf9ab2222fdd679681c8fb439bc42b70bcb8c3b420895455368782b6d338ff4fd7f7d61cfa7f7df1cf9ab527b7899426453badcea3624f50dfb48ee0dcc16c4b3c877362320939d591349e3ee9def27d5ba8d30dba02d3fb40c75b6c84f38fdcc95f57e50b05428dcb740faaa55fb932cbfdd4598f19c7a0cbe897c514d04770a48d8c40873d84a46abf6ddf2286496ba69d5929c67d00a7d17510ff55689b1e5a836b1077a027db17b81d6e51e5b3433c10331533c2bf52c5360a1d4dff548d189748077aa70f86f17838a89163993aed6352d13fe34dda658a3b158dfc0360f126ba314b0f701ee8b84e244dccc3bbfdfcd75deec8886b80308d1f4c04b6ab324237574879f1b56531d836585a6bfc8c6f3e0426b4cefa4703ebf7f5b72d8a52f04e11068d2e5626244ec64587e5a6d13ba70ef6113cb66a4e7b791a2a962f796b6004c83fa8e7fea379a5d3d248c140fbb17de2c2133aac2c11f3e747cdb2af633203fb1ba249d1f00fc6f33966acb87d2231c3dc938fbd8dca4d12be07a0d1c9c3301b4154f3599ca9f350ba164300a65098473182ade8df441815227b97496445c3a8f6916146c0b43e245ba3ebb6749ac3ff540854af30a29c9dfd3e2c580430dc47ec052f8bf1f97b7acab4ee68ae9abb791786a8932ea83b2cfcbd5073238b1ddd658c021a445560081f27d96b2eca001f3a4eb091ea584beee9688821b5be5d130860c64c53ba85a4bfc89699decbc389a89a656fc3c853bd8d6dae0abf52f93556c3695eb88383dcc23bc631fe5012992664d5c91cbc7575c0e001f16b2632f69ab17819705148738c0245ee1e28655068e96905432d3bffb492186bf32de15b5a58a503977fadb802c87a7b6317529d5f70d8d154b6d2ffe2893ea48e9a1cb141ce531a62b571c6a6d44cdc7f8866a26a9224a7d87d76c4ccf542da741882a1710723d2871e2df717afc7402c61ffc67ce1d238923d3921b4287d3b1e6995d941d1c3d8aeeb57fc572ffa1a3c5dcff60f9cd11813c70e5bc24b697bf4ef21f90dcbf168010dcac1765863eddc4d519ade0d5d773b33bad8a33d726cc63f41b047156668bf58ba21922c949854cae21fd25b260c46610874f93cd12de1e6366a893f8beda87c69b746b84b115d8082ec733128e389de117fd0232cecfc2f9b2209454d8e17410a42397cedfec8c9150b8ef641a8969f9d5d3a273498256570df522e4eaadd8985965bb11e779a0754961a549fa8ef8f7564e59d1b7ab9741defbba5a70d101afc6ae5995a7a5b8d803dee0828a195ebcfac5cd64db84c8450a64b5290d8218e51591d8e364e9bf1fb44b4bba34fe47af575b4ca4f3a72306d1b78c6b3d2485920728850d0fa6d403d626cd18f5192ec0e05f3f7f1c3ed6c79015b02e66db21717b862155c0fcc9d26537baba4c0ac2912fd3d0d91d8339fe6483c4f442e2b6968067c8ee3f6f79a3e95b89bb4a71b4bf6a75fce8498d93102de2501e717f5c1ebd339e7a57fb8ad5f5df131d2ba85e3a95674a72b6e9c7b6de868755b6d48f9e620a7b98e5bb70c3ed560b9e737e6533fe3bab19e93ad25dc1d6c553295631c344d15d0c11353f8ef2979c78e1263213702f409bbddca833cab6973a3583c736c37a0abdf19cacc1d4444817ec3c99590bd5ae78ac5a09e841aff5621a902ee6f5baea2c45be0b1e4c98fb457d3f55d7e05eb35ea397c7d4d55ad6"}, @NL80211_ATTR_IE={0x192, 0x2a, [@ext_channel_switch={0x3c, 0x4, {0x0, 0x5, 0x5a, 0x61}}, @measure_req={0x26, 0xa5, {0x4, 0xfb, 0x39, "366632a0e77d65b648b1c3ef9ba02609d7380678c64638273384dd759d8b0f69937126af62a0adef41dae1e93539a6eda966d19e299d3b850a51faee894f7bbfe064bf5c5fc86a0f3c2896e2a26549af8bc75fac72296809084c2105f59f36e9f35be68925188f66b913d89f70ea2f98a537858f5a5369edce88dcb3f1b195e5d7fbfec92673d264df33c5acd98cb3965ee1689921f8614c3e7ca2a38e6538eb59a0"}}, @ht={0x2d, 0x1a, {0x8, 0x0, 0x1, 0x0, {0x5, 0x5, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, 0x1, 0x5, 0x3f}}, @random_vendor={0xdd, 0xc3, "dd6b10f8b37f920f5acfa5a363457cc4d3c820962f3e38bc213a3f362fdef72a6d44fd504fc4ecfeea73eef29edd0b03f8be7136d0fe417429e0fd051f6de075f80793c45c92dc61d7f9a82155163dc11f6bc7fc36aa32027853e0208ceb3360cdb5de22d40b0c8979236328b39f427f0090a4f1852112deec98e6511bf6e3de28747e48094e82324616d5ac04fba574ae23edb152f66b74058e844aa3bb03b1a38335d24f6ada784bc35d835380fa0271c6e9af5e9194fd7784b5ed060da05d944a79"}]}, @NL80211_ATTR_IE={0x92, 0x2a, [@preq={0x82, 0x78, {{0x0, 0x0, 0x1, 0x0, 0x1}, 0xb, 0x9, 0x2, @broadcast, 0x401, @value=@device_b, 0x3, 0x8, 0x8, [{{0x1}, @device_a, 0x80000001}, {{0x0, 0x0, 0x1}, @device_b, 0x7}, {{0x1}, @device_a, 0xc}, {{0x0, 0x0, 0x1}, @broadcast, 0x2}, {{0x0, 0x0, 0x1}, @broadcast, 0x9}, {{0x1, 0x0, 0x1}, @device_b, 0x2}, {{0x0, 0x0, 0x1}, @broadcast, 0x7}, {{0x1}, @device_b, 0x9144}]}}, @link_id={0x65, 0x12, {@random="622f0a11ac51", @broadcast, @broadcast}}]}, @NL80211_ATTR_PROBE_RESP={0xce, 0x91, "a995b58905d6e68c9c591d6b5f237340f788bcf57e245c9fe59959af83bae31cea0a3f9a5dcc52c3db44883fe3615f2f76aa66e06b7e1e5bc2b22bf193b98b9ccccdd75aa774878f6f0193628d400a3bc8f9f4f125916ee9c25c5872d591f329acb8d1562b7756d4facdaa96a3d9b1a570bdc257e5d09fc8a9aa7798440e854614b24abd6b542ed49553b74115e685db375c81d950966ecd16e210c67238e6fc0f2e41c0281e7be39e5004925c5fe8f7a09df61a73b392bb35c9d5943a49a21cfc6bbcd11c09b764b302"}, @NL80211_ATTR_BEACON_TAIL={0x53, 0xf, [@ibss={0x6, 0x2, 0x200}, @rann={0x7e, 0x15, {{0x1, 0x7}, 0x40, 0x8, @device_a, 0x3, 0x20000000, 0x7}}, @challenge={0x10, 0x1, 0x67}, @channel_switch={0x25, 0x3, {0x0, 0x95, 0x4}}, @peer_mgmt={0x75, 0x16, {0x0, 0x7, @void, @val=0x1a, @val="9beb9ae38be2ed64a2c7dc6e90fe5843"}}, @link_id={0x65, 0x12, {@initial, @broadcast, @broadcast}}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x6, 0xbb, [0x9]}, @beacon_params=[@NL80211_ATTR_BEACON_HEAD={0x350, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0xff}, @broadcast, @device_a, @random="04073b80a15d", {0x7, 0x4}, @value=@ver_80211n={0x0, 0x1, 0x0, 0x0, 0x0, 0x2}}, 0xfffffffffffffffd, @default, 0x800, @void, @val={0x1, 0x4, [{0x6}, {0xc, 0x1}, {0x1b}, {0x3, 0x1}]}, @val={0x3, 0x1, 0x34}, @val={0x4, 0x6, {0xe, 0x81, 0xde, 0xd}}, @void, @val={0x5, 0x46, {0x0, 0x72, 0x4, "61df1348b9ec86a6688e4b8a58afb2cfbe2d9d5a49984b68dc43522d6398fa194ff7939f3db7a6b71fd0702cd085797589a45bb7c7a2959d497f022017e93f13c2e868"}}, @void, @void, @void, @val={0x2d, 0x1a, {0x40, 0x3, 0x0, 0x0, {0x8, 0x3, 0x0, 0x7, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x300, 0x181, 0x2}}, @void, @void, @void, [{0xdd, 0x67, "73ba9efc201b2a31ea608a6518b83bb528945b9f03995622e9a8fb380d8cf692caf1c4728642a6008f698851bef2c089c08393435f80dae92e1dd5afe0183ed3c5f4cc9ecefc51c521df8ddbee7bacbda937fb159748ba23bfbf6d2db007ed3cdb77b138cf9993"}, {0xdd, 0x65, "31682b2342a8dc4b5b48f7ac608cfebf4ad7b4e6b007fa59fb4a81532e43ec1960499ac50669677293a70630d4df63b175905a77f6271a9c015360fac2bb136ef3b5f5ce2ca2b64cbbd2b1fb3a971208a4059c5bd79d841109e8a1a67c0c163b99a138b060"}, {0xdd, 0x98, "5ed2ff6172c19d9722f7a425c64489331c0a161dfa1f6bdb4ac712b8d443794d7f893d40a07996dac8fee1e7924e43be75bdefab0bc841331a26e7fb1b4d0ee7873f8a2ae32bcf8214ba7694a900c022ff4ea278296ecf1aa40925790921563fed0dd495635cf6b87b767ddb717b8f4a8b7e14d1d13a6dd80427b2e41f79546752359e0e53f8c4e92b793f49fccc91bacc93d758a42214bc"}, {0xdd, 0xd5, "51ac4c92643a97875d536bdc5ed16c565eb74ee54cb00e784a37a5b0082ea55230c6d433d17e4d24ae2ffe4c81f32aac9a04ea36a87488aae8daadc6b42a20fcbd02d76b8555b8d6e2bf49062fac9d99f9f21bedbf88e17d06135c944050594cca44d9f3ebd1fbc9a1fe718c36975b8c10942bc2345bcc7d645aa349db9b976fa91037018fb54d728cf8509fa12680b43b7f42261e45847fc55cc5aa3d47988896ea94a27407468b251ef0b2ccddece8b27bbf71803d98a09bb2a9079bc35819aaf08c979fcddb04707700"/213}, {0xdd, 0x6c, "8f5307cccefe786fe9934d03e8976fad6e8206fc50b261231bca9233f3647250c8403d584e4f43327afe2560ed59cf2c2d7a8dca0ff5128c25e3773e57d6c1da2d5de2d564b08f5f16e778d1798f108e533466c385b70ebd91038cc8ff6f4d49757450ddda5ce1a65957ad21"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x184, 0x7f, [@fast_bss_trans={0x37, 0xad, {0x3, 0x5, "f9de4e1dbd2451692af60838e7b50bf9", "dd649cc390389c5944c9cfd36f8fdcd7015edee76f9346662a8e73b8f23b633b", "bc0a76be3d852585392b83e61a65ae04439d57aadd9cc62dd0bb5704be47cb02", [{0x1, 0xe, "91cf446651ba53afc32f8ccd52d4"}, {0x3, 0x10, "8a80d4736397478122d3b8bdbf2595e3"}, {0x2, 0x18, "01910f9108eae295cde0600137d70b78a5861bb936c43a17"}, {0x1, 0x6, "ee9d34f40fbf"}, {0x3, 0x15, "48559c4aa86f191a8c95473ab72b65aa563d8a539a"}]}}, @perr={0x84, 0xcf, {0xfc, 0xd, [{{0x0, 0x1}, @device_b, 0x4, @value=@device_b, 0x2a}, {{0x0, 0x1}, @device_a, 0x10, @value=@device_b, 0xa}, {{0x0, 0x1}, @device_a, 0xffffffff, @value=@device_b, 0x3}, {{0x0, 0x1}, @device_b, 0x7, @value=@device_b, 0x1a}, {{0x0, 0x1}, @broadcast, 0x6, @value=@broadcast, 0x3b}, {{}, @device_b, 0x4, @void, 0x3c}, {{0x0, 0x1}, @device_b, 0x24ebe042, @value, 0x1e}, {{}, @device_b, 0x3, @void, 0x12}, {{}, @device_b, 0x0, @void, 0x21}, {{}, @device_a, 0x80, @void, 0x8}, {{}, @device_a, 0x6f1, @void, 0x24}, {{}, @device_b, 0x2c, @void, 0x24}, {{}, @broadcast, 0x8, @void, 0x22}]}}]}, @NL80211_ATTR_PROBE_RESP={0x373, 0x91, "a16f463a3407b8e86899b7b20bfa553aaa45572299c94a17fe1f956059cda41264668bf2f129d086bd703f4b578e85d69cd9c6878a4c861729c886d6c1bdf2c3df02512f4b84c0360f4c74e3194a8f72e087aa6c05680454fc3b19e63c657a311b61f86e5d96a6ad03270cc21da298f801684bba253bfb93656bfea4cabc8db56a3025725442cd0b3d1a500c29956fee11f9ee95101d907692b4bab78400238be7d6cefa4fa7a0b3f7404aeb7bcc4bf54bf16d498210db6bd9b2d9a3a792cc31fe2f09364430cfd3414adf4b2b7b4536b267e2299b59c703aba1a5e419a52a7e75230123ef033ee108ee13cd7837759d226304fc3c9d0cc06fa47412e75b823e6c149d7afee277d1859250cf2fb08e6ca365643bf2d3572df9bdeba6b39c0ae6439527edef79294c4ed62a0e05e0e95d4928a1a26a8c860fef96eafa7e462bb9cbac99339050246392e80fe712bd06485f29aac1486611557d4a03a048c4a1cdfd3421fa4733d3d5e773fe77dde047dabfbda0c01ac78a83b85c1a27f72bfe34653aa3540ec1659eb94ed3ec695f20023b8a8797a6646ea142c95ddac16e1714c4184ec83a4e3153beff600fa361e71ec0d07b56e46ca73bf7baeda03bfd5962632bbac69ebc1d98484bbe8860f8f263ea3ca271dc66740cd630b64f69b062481d0f904aad18651b1885c10844145364f42ca9d9f0336ba254f20b0130feee20a44057a11fb43b5a5edea590220ee3f20a1c334811a6a1da956b0fc7d0c70b4b71303b90323927f514960b8e3555549a2c87ff4ba9db9e0ece4c0afc31e8af9e9e16d8715c562e29d97d8d55687e12b5d6713718121a5395e0a95a004fea7da7b7a664dfc8014e79ef35fc0f9a9efe4b125456bbc4924ad1f47dd3584582f2ab414baf92eaeb4d48f4f7a772b67c029b0e2bc12da194d88f66402594aa5c23ff058dbad21c669b7eeeb7ad772550e0f79b6e8453303fa32d8fd8e59c741e920280b93ed8ed8a19ab62037d0b43d3f55acbafe5df019950820346ef8944eead5d940faef6b3a971b126273ce0e4d89f73420ca5a1673e8ef7cfd23d4508679f3b3ac227f88190e762e29fde86cd7cf33a121189d9b1fa1f150c37814d22ef40e12113527779e17ae32575b73a4315febdb25459d6e9f93cd397b97b243360d4c9bd2daaef4fe7bca7fce1198233a786d101a312140e68169dce4e9074b1eabd7ec973ec36fb89ebd927307889b0de56"}, @NL80211_ATTR_BEACON_HEAD={0x59c, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1}, {}, @device_a, @device_a, @initial, {0x7, 0x5}}, 0x7, @random, 0x481, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x40, 0x2, 0x5, 0x0, {0x13, 0x1ffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x300, 0x7fff, 0xff}}, @void, @val={0x71, 0x7, {0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x6}}, @void, [{0xdd, 0xb1, "079a23bb89119a08e34a8122c72b12594531c84ac3747b74deb38394ddc79bfcbcfddc9d64814437f84850bb29c85148ab1490da1543dd41681105003fb1c8e085eb21d3fbaee6b21cbdc1e8cd7e53ac534a704c9ad4ba6b345aa5cc960c3e7ec0716bd15bd814d2767722cf575b288d8f170487a6ab4ec501f2943912303282782d5fd2d50a0874e6954570673a9e6fb36445edc002caafefe1f139dd1787559ca58879f69e49f66bddb50c65f676a2ee"}, {0xdd, 0x7b, "a1396b28fc264f2ff388d111e3052094c62224dccc56ff39f2061a4a8e06967ed52de19adb83ed7a81aa054aacdac1e65297ae505504d0f372e73accbb38d74f9f147751bca9f98a1aa02772e507457c46e427969dca27d8c2fe8b1c60882b0a1d6cb0798eb1c6755dda3d9c32f62ce85fd0abfdc101a2c376ffda"}, {0xdd, 0x71, "de56808af6fb713c5e4e79db1daa1e950eccadacfc58669b71d9cafdde73cfd5d2de7af88fff34506548b9cf2165c062b386ea69234be0e545624b60802bb4bbfb57aa83098c5b275579f064770ae4423833cedd852975ae97197bf36a74c9ac1a3e6c7d2a944e1fc424ac3c1d8c89d1d5"}, {0xdd, 0x88, "e1bcd6a8c3270624bee6a71a6c7fe46e14712ebd8d5a8e8ea7c5a527f177106a2cc21e37ec6d0d1f453add6b08351f67b0749f4912f88cb22694a42e7ea451dcaa0d0e12c5f5d61619093d4d41f9f0236ee1aa3e6ac2dc5a02e221165b23031a98784f0ba5e6eea630fc53d5a0d7c83d14097744baad39cdb4a427c5b2f7e93a3cf19313d8a5ccc2"}, {0xdd, 0xb6, "c8c6c050c19c6bdf0716f5ee94c35e1c5123cca79566bb1c5de2bd6a461fbdb10de423220605be189f2235a1bf64e60ef3905cef1500734ab6732c73cb28669789ac77fb66dd01fe637a2329e65c3d2891585fd9efba01d5ace37e4241ad221f741c4e76ac1fee3b7aafd6cb44d4ef5feb8016ec522f4652100892a3ffe871d7fa1e7014e50a16177b755a3345a37f5813ecc857f8408be8518de5b5b71c36dca9ae97225e302db5b271ff9d3fa1be673c3dde3f28dc"}, {0xdd, 0xfc, "b979322a22d9f9e91c3ea71c8c9aeeff4ba20c5d6cb5afc6c638983919d9be604acfb952fcf1a6dd0efc5d6f42949f9e3a986ebfb71401736966f9ed1ae05f767eadb3541842abbe448725cbd41874808d5a50d10c53ef86af1857fe12f170b0fa89dd29617e96f3a0c2e01ee6236415e8fd5e91b904c4f6892b07499ca3883f78e4342cdcc46e3afeaec8a08e8f24112bd007b0675b5dc4720c47a7639f03a127f02203d3d07207e8d9e9cfeb2c3e34fb5c5a5feccbb82d40cafa7304858aac5479d3a9b7a4c532c9fb0f7c516496b758c161c465a9d38a8008d93731eafc5dddc0bab470583a536a964b60859cb33dcb7d4a2cc2007814dd7d74a8"}, {0xdd, 0xee, "4cccecf208b46b6b827ba95c6abd2ab7ce0966b550b6acabce2947dd89d96343b12652c7cb4413d01c45aaa7acab48974bbad95e6017a11897551e67893261cc8c0c47b8b4fa95800aa989cea961ba2a726e0a5fd9e8bc7129639564d0d8e32a3a76637069db4aa031809f3bc6e0bc2fdb72d6e3df0c8395f117a4dd7997352e09fbd6a38f8d0cda64cd52681b5313e843ecb2b2e8d1048a2031e7e8049122a2fcb7f792aec62c232385c2cde41243a61a961685e662ef2296d38f6e508b078921f165a3791d9dd89d5063d100311d24ace2f6393890c597558fb91010ef9c1b09e4cb8d892bfd337f027c6fb639"}, {0xdd, 0x7a, "8007a617f199e993b3438606625a4896bb0dbff74fe174956253299396c3218b239730c7f81456eb9968fb8cb0103abf60ac669ec18da6c93e3d2de79ff0deb80c5a986a4a9d27bce49da3e838939a24306f907a96f44bc72e777d97b7e7143d8ba9875a7262d2bde8e9b2aa416b9ee4eba13581b3e2a68d680a"}]}}, @NL80211_ATTR_BEACON_HEAD={0x1f5, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x30d3}, @device_a, @device_b, @from_mac, {0xf, 0x8b6}, @value=@ver_80211n={0x0, 0x3, 0x2, 0x2, 0x0, 0x2, 0x1, 0x0, 0x1}}, 0x80000000, @default, 0x44, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @void, @void, @val={0x5, 0xa7, {0x2, 0xa1, 0x3, "58ac6da3ba5c9d91162315fdfeff950357599fa013ad47d9ec7cf5e489c2a58b4a23d3563cd07667a30a7ae764a1d16c9d137132a18e43f3166dabc3070eb55f5dc62d19216f7504f741e86bbd461fe6a8e44df147c79280c271cb48951827d218745ed29b4ebc79c60f08c285f1915230fe2884ebd065a27b9c537a0f092844a320053e9333e02a7eb23bc5dee54d6745536fd5f83aa84aa1f2eb2d5fb0cfd545938a54"}}, @val={0x25, 0x3, {0x0, 0xb9, 0x6}}, @val={0x2a, 0x1}, @val={0x3c, 0x4, {0x0, 0x6, 0x8c, 0x6}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x2, 0x9, 0x20}}, @void, [{0xdd, 0xf7, "352d458aa3f91848c2df8569574562b5317400818bfd494f43fff41a871f317cec5ceac14310643f6b9a422108ad4767592e3616fc56678dec896d6a09fa7561dbee9f78bcc280a8978f8a499ca55f18305df84b3ecd526c3d2fd1ae0213d5d8f7b9d4e90c50ac5e0e4c9dc97b141ba341cfad8d2011cec41fdd01a2ac18a4d5d9376183cd828c736172ec34efa46b7c6d37b7c85f1e57775b45aa4f1bc97eb663d2047f0fb89b55b040b379d428ef0c022c337b32678564610f99a317ab8df4b5fafe17395c1b46e5832235cdb0782d3fedb42d95184d8a37b591f4c3e282128044b20ddc0b119aa6d12dd12e2a0e3015fd925284be1e"}]}}]]}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x2b84}, 0x1, 0x0, 0x0, 0x24000084}, 0x4050) 6.108804925s ago: executing program 5 (id=1622): keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0xfffffffffffffffc) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f0000000040), &(0x7f0000000000), &(0x7f0000000340)="f9326dee1b", 0x5, 0xfffffffffffffffe) keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55) 6.05076039s ago: executing program 7 (id=1623): ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000540)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f09"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000d40)={0x44, &(0x7f0000000380)=ANY=[@ANYBLOB="2d2c2f34fb91b66efe5157decc9b926e5b4087c1c9e88f629557ca81bc84a9b4c59dfa17269c21745f56f7370ca3a74dcdc64ca607947f86cee4a056f751ad6807b53d35eea8757513e601600d50c870f45c150e1e6ff452dbf5768ec967e7ad00e8240059fa1216340a9f299dffbb10ac114927488d1eaa08e4a4085a6fa7af3a8e727ad31f34eb98af5cb899e9431aae7226664a4866c364fc41a96c9719a9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.926374993s ago: executing program 5 (id=1624): openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x400040042, 0x129) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073010a000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/66}, 0x20) 5.907474691s ago: executing program 5 (id=1625): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000000001018510000007", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 5.68607803s ago: executing program 5 (id=1627): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000407d1ed4300000000000010902240001000050b90904220900"/41], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="d444c00cc4952551efb10e693dd15f9a99b87360328b69e35d01300ab6a243df0811d0923fa004a10d07ec92f8f0d47794e89f9a0640d90e7adb143f21", @ANYRESHEX=r0, @ANYRESHEX=r0, @ANYRES8=0x0], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRESHEX=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000002640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x31, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x23, 0x0, 0x2, 0x1, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0xf, 0x0, @gue={{0x1, 0x0, 0x1, 0xfd, 0x100, @void}, "36a8c7"}}}}}}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() openat$rfkill(0xffffffffffffff9c, 0x0, 0x200, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syz_io_uring_setup(0x8006447, 0x0, &(0x7f0000000040), 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x2000002, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0x10, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @ringbuf_query]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009003610ef171e7206de01020301090212000100000000090400000002060000"], 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x3, &(0x7f0000000080)=[{0x2, 0x7, 0x0, 0x2}, {0x30e, 0x81, 0x5}, {0x4, 0x1, 0x2, 0x9}]}) 5.638849612s ago: executing program 6 (id=1629): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_sctp(0x2, 0x1, 0x84) listen(r3, 0xfff) accept4(r3, 0x0, 0x0, 0x0) 4.485407928s ago: executing program 6 (id=1631): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="000000000000010185100000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e", 0xc2}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 3.492452616s ago: executing program 6 (id=1633): syz_usb_connect(0x0, 0x4, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_procs(r0, 0x0, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r3], 0x50}, 0x1, 0xba01}, 0x0) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) 2.735586287s ago: executing program 7 (id=1637): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000000001018510000007", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.631035225s ago: executing program 7 (id=1639): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000000001018510000007", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.485336971s ago: executing program 7 (id=1641): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_sctp(0x2, 0x1, 0x84) listen(r3, 0xfff) accept4(r3, 0x0, 0x0, 0x0) 1.818227329s ago: executing program 6 (id=1642): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) execve(0x0, 0x0, 0x0) memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) getresgid(0x0, 0x0, &(0x7f0000002b00)) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0xc084, &(0x7f00000002c0)={0xa, 0x0, 0xfffffffe, @private0}, 0x1c) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9}}, './file0\x00'}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000180)=ANY=[@ANYRESOCT=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000100)='io_uring_register\x00', r5}, 0x10) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r6}, 0x10) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, 0x0, 0x0) 1.813985702s ago: executing program 1 (id=1643): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = semget$private(0x0, 0x7, 0x100) semctl$GETALL(r2, 0x0, 0xd, &(0x7f00000044c0)=""/105) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001d00070f000000000000000400000000000000b172b1b9642eb1d6fd42502b9fb48108a3c466860801429f063035a973", @ANYRES32=r3, @ANYBLOB="080067000800040068050000"], 0x24}}, 0x0) sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="0a012a20", @ANYRES16=0x0, @ANYBLOB="e60f000901008b00005d33cdc96be58bd5b3274e000f", @ANYRES32, @ANYBLOB="0c001a804800030001"], 0x2c}}, 0x0) r4 = socket(0x10, 0x3, 0x0) write(r4, &(0x7f0000000240)="aefc00001a0025f01d85bc04fef7681d020b49ff708800008003280008021000ac0a1410bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000008c0)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000d00000295"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$unix(0x1, 0x5, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) r7 = socket$unix(0x1, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0xee01, r8, 0xffffffffffffffff) setreuid(r6, r8) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) r12 = dup(r11) ioctl$KVM_SET_MSRS(r12, 0x4048aecb, &(0x7f00000000c0)=ANY=[@ANYRES64=r9, @ANYRES64]) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@ipv4_newroute={0x38, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x2}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x3}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, @LWTUNNEL_IP_OPT_GENEVE_TYPE={0x5}}}}]}, 0x38}}, 0x0) 1.799581s ago: executing program 5 (id=1644): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0xc0040, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000300)=0x7e) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x0, 0x0, 0x32314247, 0x0, 0x0, 0x0, 0x5}}) setsockopt(r1, 0x84, 0x7f, &(0x7f0000000080)="020000000d800000", 0x8) socket$inet6_sctp(0xa, 0x1, 0x84) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)) read$dsp(r0, &(0x7f00000002c0)=""/58, 0x17a) ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000000)) 1.72229063s ago: executing program 4 (id=1645): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000000001018510000007", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.104249121s ago: executing program 4 (id=1646): openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x400040042, 0x129) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000073010a000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/66}, 0x20) 956.820927ms ago: executing program 7 (id=1647): r0 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) pause() r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}, 0xd0}], 0x1, 0x32, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r2, 0xffffffffffffffff, 0x0) 298.313543ms ago: executing program 5 (id=1648): ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000540)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f09"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000d40)={0x44, &(0x7f0000000380)=ANY=[@ANYBLOB="2d2c2f34fb91b66efe5157decc9b926e5b4087c1c9e88f629557ca81bc84a9b4c59dfa17269c21745f56f7370ca3a74dcdc64ca607947f86cee4a056f751ad6807b53d35eea8757513e601600d50c870f45c150e1e6ff452dbf5768ec967e7ad00e8240059fa1216340a9f299dffbb10ac114927488d1eaa08e4a4085a6fa7af3a8e727ad31f34eb98af5cb899e9431aae7226664a4866c364fc41a96c9719a9"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 297.529094ms ago: executing program 4 (id=1649): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000000001018510000007", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 206.153827ms ago: executing program 6 (id=1650): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0) (async) r1 = socket$inet6(0xa, 0x2, 0x3a) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @private2, 0x101}, 0x1c) (async, rerun: 64) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000001c0)) (async, rerun: 64) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) (async) read(r1, &(0x7f0000000200)=""/4096, 0x1000) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001740)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x2e8, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @redir={{0xa}, @void}}, {0x10, 0x1, 0x0, 0x1, @redir={{0xa}, @void}}]}, @NFTA_RULE_EXPRESSIONS={0x2a4, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x5a}]}}}, {0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_NG_MODULUS={0x8}, @NFTA_NG_TYPE={0x8}]}}}, {0x54, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x10}, @NFTA_SOCKET_KEY={0x8}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x17}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x60}, @NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x2}]}}}, {0x38, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_FIB_FLAGS={0x8}, @NFTA_FIB_RESULT={0x8}, @NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x21}, @NFTA_FIB_RESULT={0x8}, @NFTA_FIB_FLAGS={0x8}]}}}, {0x174, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x168, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x34, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}]}]}, @NFTA_CMP_DATA={0x24, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}]}, @NFTA_CMP_DATA={0x10c, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}, @NFTA_DATA_VALUE={0x96, 0x1, "4c9de7ddc0afbb2d8b9a156298c1346f67a1b864c2df863314736ab9c31e637723c1cfa7fa7e895ec2990d740fd535ff3a071fad464aa5171c9c4d5365056b97273cd5899cff3b37194fec560c6c201ab1fb7636283563fc885596b86bddcad439e35910b2e1dbfe0627abe42b0324bc742e4abaca451949bf41874f1b8905b8a6ca3947df419169dba3926a224e346a2a28"}, @NFTA_DATA_VERDICT={0x20, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}]}, @NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}, @NFTA_DATA_VERDICT={0x38, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}]}]}}}, {0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x64}, @NFTA_EXTHDR_FLAGS={0x8}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x1a}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xa9}]}}}, {0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x368}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 64) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) (async) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x0, 0x40010143, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001440)={0x6, 0x4, &(0x7f0000001500)=ANY=[@ANYBLOB="180000000000000000000000000000000705009f4cf1e4dbd2f7a793652102080000009500000000000000"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe, @void, @value}, 0x94) (async) add_key(0x0, &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe) (async, rerun: 32) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 32) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) (async) ioctl$KVM_XEN_HVM_CONFIG(r7, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000105, 0x0, 0x0}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000008f080000000000000400000002000000"]) (async, rerun: 64) ioctl$PPPIOCGIDLE64(r0, 0x8010743f, &(0x7f0000000000)) (rerun: 64) 175.161665ms ago: executing program 4 (id=1651): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000000001018510000007", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000540)={0xffffffffffffffff, 0x0, 0x0}, 0x20) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46", 0xb5}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 148.768779ms ago: executing program 1 (id=1652): syz_usb_connect(0x0, 0x4, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f0000000040)) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_procs(r0, 0x0, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32], 0x50}, 0x1, 0xba01}, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) 36.762428ms ago: executing program 4 (id=1653): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000200000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c0016800800", @ANYRES64=r0], 0x38}}, 0x10) 29.126427ms ago: executing program 6 (id=1654): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000407d1ed4300000000000010902240001000050b90904220900"/41], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="d444c00cc4952551efb10e693dd15f9a99b87360328b69e35d01300ab6a243df0811d0923fa004a10d07ec92f8f0d47794e89f9a0640d90e7adb143f21", @ANYRESHEX=r0, @ANYRESHEX=r0, @ANYRES8=0x0], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRESHEX=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000002640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x31, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x23, 0x0, 0x2, 0x1, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0xf, 0x0, @gue={{0x1, 0x0, 0x1, 0xfd, 0x100, @void}, "36a8c7"}}}}}}, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() openat$rfkill(0xffffffffffffff9c, 0x0, 0x200, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syz_io_uring_setup(0x8006447, 0x0, &(0x7f0000000040), 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x2000002, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0x10, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @ringbuf_query]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009003610ef171e7206de01020301090212000100000000090400000002060000"], 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x3, &(0x7f0000000080)=[{0x2, 0x7, 0x0, 0x2}, {0x30e, 0x81, 0x5}, {0x4, 0x1, 0x2, 0x9}]}) 0s ago: executing program 4 (id=1655): r0 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000900), 0x2, 0x0) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000004c0)={0x7, 0x8, 0xfa00, {0xffffffffffffffff, 0xd4}}, 0x10) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40186f40, 0x0) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="5c00000013006bcc9e3be35c6e17b9310400876c1d0000007ea60864160af36514001ac00400020004000400eab5", 0x2e}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x24008880) kernel console output (not intermixed with test programs): 2867][T10064] netlink: 192 bytes leftover after parsing attributes in process `syz.5.1211'. [ 454.300432][T10064] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1211'. [ 455.028277][ T9] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 455.043954][ T9] cm6533_jd 0003:0D8C:0022.000A: unknown main item tag 0x0 [ 455.057209][ T9] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.000A/input/input31 [ 455.129324][T10063] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 455.137905][T10063] F2FS-fs (loop15): Can't find valid F2FS filesystem in 1th superblock [ 455.146455][T10063] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 455.154684][T10063] F2FS-fs (loop15): Can't find valid F2FS filesystem in 2th superblock [ 455.203338][ T47] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 455.226975][ T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.403810][ T9] cm6533_jd 0003:0D8C:0022.000A: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 455.521940][ T9] usb 2-1: USB disconnect, device number 34 [ 455.619218][ T47] usb 5-1: Product: syz [ 455.623691][ T47] usb 5-1: Manufacturer: syz [ 455.628466][ T47] usb 5-1: SerialNumber: syz [ 455.759931][ T47] usb 5-1: config 0 descriptor?? [ 455.988623][ T47] hso 5-1:0.0: Failed to find BULK IN ep [ 456.023382][ T47] usb-storage 5-1:0.0: USB Mass Storage device detected [ 456.325385][T10047] ufs: Invalid option: "ü" or missing value [ 456.366427][T10047] ufs: wrong mount options [ 456.396783][ T47] usb 5-1: USB disconnect, device number 33 [ 456.672173][ T30] kauditd_printk_skb: 108 callbacks suppressed [ 456.672193][ T30] audit: type=1326 audit(1745250776.654:4776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10086 comm="syz.1.1218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 459.070046][ T30] audit: type=1326 audit(1745250778.890:4777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10100 comm="syz.5.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 459.157462][ T30] audit: type=1326 audit(1745250778.918:4778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10100 comm="syz.5.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 459.241933][ T30] audit: type=1326 audit(1745250778.918:4779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10100 comm="syz.5.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 459.437080][ T30] audit: type=1326 audit(1745250778.918:4780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10100 comm="syz.5.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 459.470406][ T30] audit: type=1326 audit(1745250778.918:4781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10100 comm="syz.5.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 460.321099][ T30] audit: type=1326 audit(1745250778.918:4782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10100 comm="syz.5.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 460.343322][ T30] audit: type=1326 audit(1745250778.918:4783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10100 comm="syz.5.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 460.365440][ T30] audit: type=1326 audit(1745250778.918:4784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10100 comm="syz.5.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f07e8b90087 code=0x7ffc0000 [ 460.513796][ T30] audit: type=1326 audit(1745250778.918:4785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10100 comm="syz.5.1222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f07e8b8fffc code=0x7ffc0000 [ 461.394982][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 461.402176][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 462.124772][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 462.124828][ T30] audit: type=1800 audit(1745250781.743:4811): pid=10129 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.7.1232" name="bus" dev="overlay" ino=102 res=0 errno=0 [ 462.155316][ T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 463.160839][ T30] audit: type=1326 audit(1745250782.697:4812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10130 comm="syz.5.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 463.182536][ C1] vkms_vblank_simulate: vblank timer overrun [ 463.210181][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 463.236479][ T9] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 463.245036][ T30] audit: type=1326 audit(1745250782.697:4813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10130 comm="syz.5.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 463.257724][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.304754][ T9] usb 2-1: config 0 descriptor?? [ 463.354088][ T9] pwc: Askey VC010 type 2 USB webcam detected. [ 463.369003][ T30] audit: type=1326 audit(1745250782.697:4814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10130 comm="syz.5.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 463.434161][ T30] audit: type=1326 audit(1745250782.697:4815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10130 comm="syz.5.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 463.461017][T10138] syz.6.1235: attempt to access beyond end of device [ 463.461017][T10138] nbd6: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 463.475030][T10138] SQUASHFS error: Failed to read block 0x0: -5 [ 463.482864][T10138] unable to read squashfs_super_block [ 463.598038][ T30] audit: type=1326 audit(1745250782.697:4816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10130 comm="syz.5.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 463.732373][ T30] audit: type=1326 audit(1745250782.697:4817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10130 comm="syz.5.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f07e8b90087 code=0x7ffc0000 [ 463.754055][ C1] vkms_vblank_simulate: vblank timer overrun [ 463.846632][ T30] audit: type=1326 audit(1745250782.697:4818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10130 comm="syz.5.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f07e8b8fffc code=0x7ffc0000 [ 463.869084][ T9] pwc: recv_control_msg error -32 req 02 val 2b00 [ 463.875910][ T30] audit: type=1326 audit(1745250782.697:4819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10130 comm="syz.5.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f07e8b8ff34 code=0x7ffc0000 [ 463.898024][ T30] audit: type=1326 audit(1745250782.697:4820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10130 comm="syz.5.1233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f07e8b8ff34 code=0x7ffc0000 [ 463.920521][ T9] pwc: recv_control_msg error -32 req 02 val 2700 [ 463.928269][ T9] pwc: recv_control_msg error -32 req 02 val 2c00 [ 463.951308][ T9] pwc: recv_control_msg error -32 req 04 val 1000 [ 463.963680][ T9] pwc: recv_control_msg error -32 req 04 val 1300 [ 463.979022][ T9] pwc: recv_control_msg error -32 req 04 val 1400 [ 464.254649][ T9] pwc: recv_control_msg error -32 req 02 val 2000 [ 464.367713][T10145] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 464.376037][T10145] F2FS-fs (loop15): Can't find valid F2FS filesystem in 1th superblock [ 464.386721][T10145] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 464.394727][T10145] F2FS-fs (loop15): Can't find valid F2FS filesystem in 2th superblock [ 464.656391][ T9] pwc: recv_control_msg error -71 req 04 val 1500 [ 464.707200][ T9] pwc: recv_control_msg error -71 req 02 val 2500 [ 464.810983][ T9] pwc: recv_control_msg error -71 req 02 val 2400 [ 464.840202][ T9] pwc: recv_control_msg error -71 req 02 val 2600 [ 464.849810][ T9] pwc: recv_control_msg error -71 req 02 val 2900 [ 464.870201][ T9] pwc: recv_control_msg error -71 req 02 val 2800 [ 465.017060][ T9] pwc: recv_control_msg error -71 req 04 val 1100 [ 465.042153][ T9] pwc: recv_control_msg error -71 req 04 val 1200 [ 465.137936][ T9] pwc: Registered as video103. [ 465.147558][ T9] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input32 [ 465.191616][ T9] usb 2-1: USB disconnect, device number 35 [ 466.316181][T10148] block nbd6: shutting down sockets [ 468.052984][ T30] kauditd_printk_skb: 57 callbacks suppressed [ 468.053001][ T30] audit: type=1326 audit(1745250787.290:4878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10173 comm="syz.4.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 468.115676][T10160] block nbd7: shutting down sockets [ 468.174179][ T30] audit: type=1326 audit(1745250787.336:4879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10173 comm="syz.4.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 468.227359][ T30] audit: type=1326 audit(1745250787.336:4880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10173 comm="syz.4.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 468.475609][ T30] audit: type=1326 audit(1745250787.336:4881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10173 comm="syz.4.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 469.409680][ T30] audit: type=1326 audit(1745250787.336:4882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10173 comm="syz.4.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 469.835566][ T30] audit: type=1326 audit(1745250787.336:4883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10173 comm="syz.4.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 469.857749][ T30] audit: type=1326 audit(1745250787.336:4884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10173 comm="syz.4.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 469.938856][ T30] audit: type=1326 audit(1745250787.336:4885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10173 comm="syz.4.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdc4ed90087 code=0x7ffc0000 [ 470.001001][ T30] audit: type=1326 audit(1745250787.336:4886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10173 comm="syz.4.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fdc4ed8fffc code=0x7ffc0000 [ 470.062887][ T30] audit: type=1326 audit(1745250787.336:4887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10173 comm="syz.4.1247" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fdc4ed8ff34 code=0x7ffc0000 [ 470.354787][ T5884] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 470.532770][ T5884] usb 7-1: Using ep0 maxpacket: 32 [ 470.588701][ T5884] usb 7-1: config 0 has an invalid interface number: 78 but max is 0 [ 470.608354][ T5884] usb 7-1: config 0 has no interface number 0 [ 470.623776][ T5884] usb 7-1: config 0 interface 78 has no altsetting 0 [ 470.675704][ T9] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 471.471903][ T5884] usb 7-1: New USB device found, idVendor=0e41, idProduct=4250, bcdDevice=60.11 [ 471.492148][ T5884] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 471.509393][ T5884] usb 7-1: Product: syz [ 471.520160][ T5884] usb 7-1: Manufacturer: syz [ 471.525061][ T5884] usb 7-1: SerialNumber: syz [ 471.532973][ T5884] usb 7-1: config 0 descriptor?? [ 471.543316][ T5884] snd_usb_pod 7-1:0.78: Line 6 BassPODxt found [ 471.733964][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 471.752452][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 471.763144][ T5884] snd_usb_pod 7-1:0.78: endpoint not available, using fallback values [ 471.777456][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 471.804194][ T9] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 471.844773][ T9] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 471.872467][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.924379][ T9] usb 8-1: config 0 descriptor?? [ 471.990840][ T5884] snd_usb_pod 7-1:0.78: invalid control EP [ 471.996731][ T5884] snd_usb_pod 7-1:0.78: cannot start listening: -22 [ 472.033483][ T5884] snd_usb_pod 7-1:0.78: Line 6 BassPODxt now disconnected [ 472.049864][T10211] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1258'. [ 472.078538][ T5884] snd_usb_pod 7-1:0.78: probe with driver snd_usb_pod failed with error -22 [ 472.148290][T10215] netlink: 788 bytes leftover after parsing attributes in process `syz.4.1257'. [ 472.579100][ T1214] usb 5-1: new full-speed USB device number 34 using dummy_hcd [ 473.104365][ T1214] usb 5-1: config 0 has an invalid interface number: 39 but max is 0 [ 473.104399][ T1214] usb 5-1: config 0 has no interface number 0 [ 473.104459][ T1214] usb 5-1: config 0 interface 39 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 473.107373][ T1214] usb 5-1: New USB device found, idVendor=0499, idProduct=4d3f, bcdDevice=d2.2a [ 473.107421][ T1214] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.107437][ T1214] usb 5-1: Product: syz [ 473.107453][ T1214] usb 5-1: Manufacturer: syz [ 473.107465][ T1214] usb 5-1: SerialNumber: syz [ 473.110173][ T1214] usb 5-1: config 0 descriptor?? [ 473.180949][ T5897] usb 7-1: USB disconnect, device number 24 [ 474.056218][T10223] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 474.056299][T10223] F2FS-fs (loop13): Can't find valid F2FS filesystem in 1th superblock [ 474.056528][T10223] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 474.056549][T10223] F2FS-fs (loop13): Can't find valid F2FS filesystem in 2th superblock [ 475.970955][ T1214] usb 5-1: USB disconnect, device number 34 [ 476.078092][T10229] FAULT_INJECTION: forcing a failure. [ 476.078092][T10229] name failslab, interval 1, probability 0, space 0, times 0 [ 476.127450][T10229] CPU: 1 UID: 0 PID: 10229 Comm: syz.6.1262 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 476.127488][T10229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 476.127508][T10229] Call Trace: [ 476.127519][T10229] [ 476.127530][T10229] dump_stack_lvl+0x241/0x360 [ 476.127566][T10229] ? __pfx_dump_stack_lvl+0x10/0x10 [ 476.127595][T10229] ? __pfx__printk+0x10/0x10 [ 476.127620][T10229] ? bpf_trace_run2+0x39f/0x550 [ 476.127646][T10229] ? __pfx___might_resched+0x10/0x10 [ 476.127682][T10229] should_fail_ex+0x424/0x570 [ 476.127720][T10229] should_failslab+0xac/0x100 [ 476.127749][T10229] __kmalloc_noprof+0xdf/0x4d0 [ 476.127775][T10229] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 476.127806][T10229] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 476.127845][T10229] tomoyo_realpath_from_path+0xcf/0x5e0 [ 476.127889][T10229] tomoyo_path_number_perm+0x245/0x790 [ 476.127919][T10229] ? tomoyo_path_number_perm+0x215/0x790 [ 476.127946][T10229] ? __seccomp_filter+0x8dd/0x1f20 [ 476.127976][T10229] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 476.128023][T10229] ? __lock_acquire+0xad5/0xd80 [ 476.128073][T10229] ? __fget_files+0x2a/0x420 [ 476.128099][T10229] ? __fget_files+0x2a/0x420 [ 476.128127][T10229] ? __fget_files+0x2a/0x420 [ 476.128158][T10229] security_file_ioctl+0xc6/0x2a0 [ 476.128188][T10229] __se_sys_ioctl+0x46/0x160 [ 476.128224][T10229] do_syscall_64+0xf3/0x210 [ 476.128248][T10229] ? clear_bhb_loop+0x45/0xa0 [ 476.128274][T10229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.128295][T10229] RIP: 0033:0x7fd33678e169 [ 476.128314][T10229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.128333][T10229] RSP: 002b:00007fd337584038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 476.128356][T10229] RAX: ffffffffffffffda RBX: 00007fd3369b5fa0 RCX: 00007fd33678e169 [ 476.128372][T10229] RDX: 0000200000000100 RSI: 00000000c0184800 RDI: 0000000000000005 [ 476.128386][T10229] RBP: 00007fd337584090 R08: 0000000000000000 R09: 0000000000000000 [ 476.128399][T10229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 476.128411][T10229] R13: 0000000000000000 R14: 00007fd3369b5fa0 R15: 00007ffc79868328 [ 476.128444][T10229] [ 476.398598][T10229] ERROR: Out of memory at tomoyo_realpath_from_path. [ 476.421930][ T9] usbhid 8-1:0.0: can't add hid device: -71 [ 476.430265][ T9] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 476.456337][ T9] usb 8-1: USB disconnect, device number 5 [ 477.750272][T10246] FAULT_INJECTION: forcing a failure. [ 477.750272][T10246] name failslab, interval 1, probability 0, space 0, times 0 [ 477.763933][T10246] CPU: 0 UID: 0 PID: 10246 Comm: syz.5.1269 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 477.763965][T10246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 477.763979][T10246] Call Trace: [ 477.763987][T10246] [ 477.763996][T10246] dump_stack_lvl+0x241/0x360 [ 477.764032][T10246] ? __pfx_dump_stack_lvl+0x10/0x10 [ 477.764061][T10246] ? __pfx__printk+0x10/0x10 [ 477.764093][T10246] ? __pfx___might_resched+0x10/0x10 [ 477.764131][T10246] should_fail_ex+0x424/0x570 [ 477.764168][T10246] should_failslab+0xac/0x100 [ 477.764197][T10246] kmem_cache_alloc_noprof+0x78/0x390 [ 477.764223][T10246] ? copy_fs_struct+0x4e/0x270 [ 477.764276][T10246] copy_fs_struct+0x4e/0x270 [ 477.764321][T10246] ksys_unshare+0x46c/0xad0 [ 477.764353][T10246] ? __pfx_ksys_unshare+0x10/0x10 [ 477.764396][T10246] __x64_sys_unshare+0x38/0x40 [ 477.764417][T10246] do_syscall_64+0xf3/0x210 [ 477.764440][T10246] ? clear_bhb_loop+0x45/0xa0 [ 477.764465][T10246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.764485][T10246] RIP: 0033:0x7f07e8b8e169 [ 477.764504][T10246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.764521][T10246] RSP: 002b:00007f07e99b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 477.764543][T10246] RAX: ffffffffffffffda RBX: 00007f07e8db6080 RCX: 00007f07e8b8e169 [ 477.764558][T10246] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002c020400 [ 477.764571][T10246] RBP: 00007f07e99b5090 R08: 0000000000000000 R09: 0000000000000000 [ 477.764583][T10246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 477.764595][T10246] R13: 0000000000000000 R14: 00007f07e8db6080 R15: 00007ffc676ce348 [ 477.764627][T10246] [ 478.308559][ T9] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 479.125342][ T9] usb 7-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 479.176759][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.184828][ T9] usb 7-1: Product: syz [ 479.246926][ T9] usb 7-1: Manufacturer: syz [ 479.268230][ T9] usb 7-1: SerialNumber: syz [ 479.305739][ T9] usb 7-1: config 0 descriptor?? [ 479.353218][T10267] sp0: Synchronizing with TNC [ 479.555464][ T9] hso 7-1:0.0: Failed to find BULK IN ep [ 479.574614][ T9] usb-storage 7-1:0.0: USB Mass Storage device detected [ 479.593265][ T1214] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 479.655744][ T5886] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 479.775056][T10243] netlink: 1010 bytes leftover after parsing attributes in process `syz.6.1268'. [ 479.782468][ T1214] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 479.800374][ T1214] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.805258][T10243] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 479.809124][ T1214] usb 6-1: Product: syz [ 479.827916][T10271] sp1: Synchronizing with TNC [ 479.829797][ T5886] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 479.837016][ T1214] usb 6-1: Manufacturer: syz [ 479.847832][T10271] FAULT_INJECTION: forcing a failure. [ 479.847832][T10271] name failslab, interval 1, probability 0, space 0, times 0 [ 479.852995][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.879277][ T9] usb 7-1: USB disconnect, device number 25 [ 479.887895][ T1214] usb 6-1: SerialNumber: syz [ 479.898750][ T1214] usb 6-1: config 0 descriptor?? [ 479.905558][T10271] CPU: 0 UID: 0 PID: 10271 Comm: syz.4.1277 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 479.905589][T10271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 479.905603][T10271] Call Trace: [ 479.905611][T10271] [ 479.905620][T10271] dump_stack_lvl+0x241/0x360 [ 479.905658][T10271] ? __pfx_dump_stack_lvl+0x10/0x10 [ 479.905687][T10271] ? __pfx__printk+0x10/0x10 [ 479.905720][T10271] ? __pfx___might_resched+0x10/0x10 [ 479.905755][T10271] should_fail_ex+0x424/0x570 [ 479.905793][T10271] should_failslab+0xac/0x100 [ 479.905822][T10271] __kmalloc_noprof+0xdf/0x4d0 [ 479.905847][T10271] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 479.905877][T10271] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 479.905911][T10271] tomoyo_realpath_from_path+0xcf/0x5e0 [ 479.905955][T10271] tomoyo_path_number_perm+0x245/0x790 [ 479.905985][T10271] ? tomoyo_path_number_perm+0x215/0x790 [ 479.906013][T10271] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 479.906045][T10271] ? ksys_write+0x24e/0x2d0 [ 479.906073][T10271] ? __lock_acquire+0xad5/0xd80 [ 479.906119][T10271] ? __fget_files+0x2a/0x420 [ 479.906143][T10271] ? __fget_files+0x2a/0x420 [ 479.906169][T10271] ? __fget_files+0x2a/0x420 [ 479.906198][T10271] security_file_ioctl+0xc6/0x2a0 [ 479.906235][T10271] __se_sys_ioctl+0x46/0x160 [ 479.906269][T10271] do_syscall_64+0xf3/0x210 [ 479.906290][T10271] ? clear_bhb_loop+0x45/0xa0 [ 479.906314][T10271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.906335][T10271] RIP: 0033:0x7fdc4ed8e169 [ 479.906353][T10271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 479.906371][T10271] RSP: 002b:00007fdc4fc87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 479.906394][T10271] RAX: ffffffffffffffda RBX: 00007fdc4efb5fa0 RCX: 00007fdc4ed8e169 [ 479.906409][T10271] RDX: 0000000000000000 RSI: 0000000000005437 RDI: 0000000000000003 [ 479.906422][T10271] RBP: 00007fdc4fc87090 R08: 0000000000000000 R09: 0000000000000000 [ 479.906435][T10271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 479.906441][ T5886] usb 2-1: config 0 descriptor?? [ 479.906447][T10271] R13: 0000000000000000 R14: 00007fdc4efb5fa0 R15: 00007ffcaeca2d08 [ 479.906479][T10271] [ 479.906487][T10271] ERROR: Out of memory at tomoyo_realpath_from_path. [ 480.434624][ T5886] creative-sb0540 0003:041E:3100.000B: No inputs registered, leaving [ 480.436616][ T1214] hso 6-1:0.0: Failed to find BULK IN ep [ 480.453789][ T1214] usb-storage 6-1:0.0: USB Mass Storage device detected [ 480.465114][ T5886] creative-sb0540 0003:041E:3100.000B: hidraw0: USB HID v1.01 Device [HID 041e:3100] on usb-dummy_hcd.1-1/input0 [ 480.591042][T10280] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1280'. [ 480.600347][T10280] bridge_slave_1: left allmulticast mode [ 480.606038][T10280] bridge_slave_1: left promiscuous mode [ 480.612380][T10280] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.640481][T10280] bridge_slave_0: left allmulticast mode [ 480.647849][T10280] bridge_slave_0: left promiscuous mode [ 480.667833][T10280] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.855841][T10283] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1281'. [ 481.016664][T10284] ufs: Invalid option: "ü" or missing value [ 481.068233][T10284] ufs: wrong mount options [ 481.413270][T10265] netlink: 1010 bytes leftover after parsing attributes in process `syz.5.1275'. [ 481.431715][ T5886] usb 6-1: USB disconnect, device number 19 [ 481.598448][T10267] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 481.624340][T10267] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 481.640783][T10267] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 481.647989][T10267] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 481.672107][T10267] vhci_hcd vhci_hcd.0: Device attached [ 481.684544][T10292] vhci_hcd: connection closed [ 481.686737][ T5884] usb 2-1: USB disconnect, device number 36 [ 481.697870][ T1081] vhci_hcd: stop threads [ 481.702721][ T1081] vhci_hcd: release socket [ 481.717011][ T1081] vhci_hcd: disconnect device [ 481.735271][ T30] kauditd_printk_skb: 88 callbacks suppressed [ 481.735293][ T30] audit: type=1326 audit(1745250800.095:4976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10294 comm="syz.6.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 481.778676][ T30] audit: type=1326 audit(1745250800.095:4977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10294 comm="syz.6.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 481.803746][ T30] audit: type=1326 audit(1745250800.095:4978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10294 comm="syz.6.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 481.832524][ T30] audit: type=1326 audit(1745250800.095:4979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10294 comm="syz.6.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 481.861223][ T30] audit: type=1326 audit(1745250800.095:4980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10294 comm="syz.6.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 481.884472][ T30] audit: type=1326 audit(1745250800.095:4981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10294 comm="syz.6.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd336790087 code=0x7ffc0000 [ 481.951890][ T30] audit: type=1326 audit(1745250800.095:4982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10294 comm="syz.6.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fd33678fffc code=0x7ffc0000 [ 482.016279][ T30] audit: type=1326 audit(1745250800.095:4983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10294 comm="syz.6.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd33678ff34 code=0x7ffc0000 [ 482.052244][ T30] audit: type=1326 audit(1745250800.095:4984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10294 comm="syz.6.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd33678ff34 code=0x7ffc0000 [ 482.079927][ T30] audit: type=1326 audit(1745250800.095:4985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10294 comm="syz.6.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd33678cdca code=0x7ffc0000 [ 483.336445][T10312] netlink: 'syz.5.1289': attribute type 6 has an invalid length. [ 483.348899][ T5884] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 483.558235][ T5884] usb 8-1: Using ep0 maxpacket: 8 [ 483.602692][ T5884] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 483.714060][ T5884] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 483.877898][ T5884] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 483.986342][ T5883] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 484.038257][ T5884] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 484.051253][ T5884] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 484.063638][ T5884] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 484.081511][ T5884] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 484.095173][ T5884] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 484.107287][ T5884] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 484.121589][ T5884] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 484.136334][ T5884] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 484.143841][ T5884] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 484.177846][ T5884] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 484.187372][ T5883] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 484.205174][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.210333][ T5884] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 484.214668][ T5883] usb 5-1: Product: syz [ 484.240064][ T5883] usb 5-1: Manufacturer: syz [ 484.243560][ T5884] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 484.247883][ T5883] usb 5-1: SerialNumber: syz [ 484.268929][ T5883] usb 5-1: config 0 descriptor?? [ 484.278970][ T5884] usb 8-1: string descriptor 0 read error: -22 [ 484.290797][ T5884] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 484.295440][ T9] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 484.311092][ T5884] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.334591][ T5884] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 484.512874][ T9] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 484.596746][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.604877][ T9] usb 2-1: Product: syz [ 484.625685][ T9] usb 2-1: Manufacturer: syz [ 484.631236][ T5883] hso 5-1:0.0: Failed to find BULK IN ep [ 484.637028][ T9] usb 2-1: SerialNumber: syz [ 484.979832][T10307] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.1290'. [ 484.980041][ T5883] usb-storage 5-1:0.0: USB Mass Storage device detected [ 484.999288][ T9] usb 2-1: config 0 descriptor?? [ 485.015486][T10307] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 485.028710][T10307] ufs: Invalid option: "ü" or missing value [ 485.035426][T10307] ufs: wrong mount options [ 485.269667][ T9] hso 2-1:0.0: Failed to find BULK IN ep [ 485.547397][T10316] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.1292'. [ 485.971675][ T5883] usb 5-1: USB disconnect, device number 35 [ 485.980555][ T9] usb-storage 2-1:0.0: USB Mass Storage device detected [ 485.991012][T10316] ufs: Invalid option: "ü" or missing value [ 486.004306][T10316] ufs: wrong mount options [ 486.139226][ T9] usb 2-1: USB disconnect, device number 37 [ 486.398642][T10334] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1296'. [ 487.008917][T10340] FAULT_INJECTION: forcing a failure. [ 487.008917][T10340] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 487.034245][T10340] CPU: 0 UID: 0 PID: 10340 Comm: syz.1.1299 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 487.034287][T10340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 487.034299][T10340] Call Trace: [ 487.034307][T10340] [ 487.034316][T10340] dump_stack_lvl+0x241/0x360 [ 487.034351][T10340] ? __pfx_dump_stack_lvl+0x10/0x10 [ 487.034378][T10340] ? __pfx__printk+0x10/0x10 [ 487.034417][T10340] should_fail_ex+0x424/0x570 [ 487.034454][T10340] _copy_from_user+0x2d/0xb0 [ 487.034481][T10340] __sys_bpf+0x1c5/0x8b0 [ 487.034509][T10340] ? __pfx___sys_bpf+0x10/0x10 [ 487.034548][T10340] ? ksys_write+0x275/0x2d0 [ 487.034583][T10340] __x64_sys_bpf+0x7c/0x90 [ 487.034607][T10340] do_syscall_64+0xf3/0x210 [ 487.034629][T10340] ? clear_bhb_loop+0x45/0xa0 [ 487.034653][T10340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.034677][T10340] RIP: 0033:0x7fd86bb8e169 [ 487.034695][T10340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.034712][T10340] RSP: 002b:00007fd86c97b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 487.034734][T10340] RAX: ffffffffffffffda RBX: 00007fd86bdb5fa0 RCX: 00007fd86bb8e169 [ 487.034748][T10340] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 487.034761][T10340] RBP: 00007fd86c97b090 R08: 0000000000000000 R09: 0000000000000000 [ 487.034772][T10340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 487.034783][T10340] R13: 0000000000000001 R14: 00007fd86bdb5fa0 R15: 00007fff762918a8 [ 487.034815][T10340] [ 487.813356][ T9] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 488.155461][ T9] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 488.191636][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.257342][ T9] usb 2-1: Product: syz [ 488.272733][ T9] usb 2-1: Manufacturer: syz [ 488.288040][ T5886] usb 8-1: USB disconnect, device number 6 [ 488.311405][ T9] usb 2-1: SerialNumber: syz [ 488.361308][ T9] usb 2-1: config 0 descriptor?? [ 488.604003][ T9] hso 2-1:0.0: Failed to find BULK IN ep [ 488.635105][ T9] usb-storage 2-1:0.0: USB Mass Storage device detected [ 488.689193][ T5908] usb 7-1: new full-speed USB device number 26 using dummy_hcd [ 488.892529][T10368] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1310'. [ 488.905020][ T5908] usb 7-1: config 0 has an invalid interface number: 189 but max is 0 [ 488.937643][ T5883] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 488.955892][ T5908] usb 7-1: config 0 has no interface number 0 [ 489.018497][ T5908] usb 7-1: config 0 interface 189 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 489.083252][ T5908] usb 7-1: config 0 interface 189 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 489.144765][T10350] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.1303'. [ 489.154437][ T5908] usb 7-1: config 0 interface 189 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 64 [ 489.181377][ T5908] usb 7-1: config 0 interface 189 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 489.208221][T10350] ufs: Invalid option: "ü" or missing value [ 489.214991][ T5908] usb 7-1: config 0 interface 189 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 489.237819][T10350] ufs: wrong mount options [ 489.318926][ T5886] usb 2-1: USB disconnect, device number 38 [ 489.327927][ T5883] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 489.339497][ T5883] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.341300][ T5908] usb 7-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02 [ 489.368409][ T5908] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.379223][ T5908] usb 7-1: Product: syz [ 489.383438][ T5908] usb 7-1: Manufacturer: syz [ 489.390074][ T5908] usb 7-1: SerialNumber: syz [ 489.390880][ T5883] usb 6-1: Product: syz [ 489.398154][ T5908] usb 7-1: config 0 descriptor?? [ 489.426442][T10356] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 489.444587][ T5883] usb 6-1: Manufacturer: syz [ 489.459061][ T5883] usb 6-1: SerialNumber: syz [ 489.466664][ T5908] ums-alauda 7-1:0.189: USB Mass Storage device detected [ 489.467005][ T5883] usb 6-1: config 0 descriptor?? [ 489.518284][ T5908] scsi host1: usb-storage 7-1:0.189 [ 489.685310][ T5908] usb 7-1: USB disconnect, device number 26 [ 489.776011][ T5883] hso 6-1:0.0: Failed to find BULK IN ep [ 489.791844][ T5883] usb-storage 6-1:0.0: USB Mass Storage device detected [ 489.945812][T10363] netlink: 1010 bytes leftover after parsing attributes in process `syz.5.1309'. [ 489.960806][T10363] ufs: Invalid option: "ü" or missing value [ 489.968693][T10363] ufs: wrong mount options [ 489.986112][ T5883] usb 6-1: USB disconnect, device number 20 [ 491.388323][T10392] sp0: Synchronizing with TNC [ 491.760812][T10404] netlink: 'syz.1.1321': attribute type 4 has an invalid length. [ 493.635562][ T30] kauditd_printk_skb: 42 callbacks suppressed [ 493.635583][ T30] audit: type=1326 audit(1745250811.226:5028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10419 comm="syz.6.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 493.842301][ T5883] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 493.859426][ T30] audit: type=1326 audit(1745250811.226:5029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10419 comm="syz.6.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 494.053283][ T30] audit: type=1326 audit(1745250811.226:5030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10419 comm="syz.6.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 494.214590][ T30] audit: type=1326 audit(1745250811.226:5031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10419 comm="syz.6.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 494.304098][ T5883] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 494.320107][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.353463][ T30] audit: type=1326 audit(1745250811.226:5032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10419 comm="syz.6.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 494.365779][ T5883] usb 5-1: Product: syz [ 494.434174][ T5883] usb 5-1: Manufacturer: syz [ 494.463868][ T5883] usb 5-1: SerialNumber: syz [ 494.463864][ T30] audit: type=1326 audit(1745250811.226:5033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10419 comm="syz.6.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 494.463925][ T30] audit: type=1326 audit(1745250811.245:5034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10419 comm="syz.6.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 494.517840][T10427] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1329'. [ 494.531816][ T30] audit: type=1326 audit(1745250811.245:5035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10419 comm="syz.6.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd336790087 code=0x7ffc0000 [ 494.537911][ T5883] usb 5-1: config 0 descriptor?? [ 494.553987][ T30] audit: type=1326 audit(1745250811.245:5036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10419 comm="syz.6.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fd33678fffc code=0x7ffc0000 [ 494.600312][T10427] bridge_slave_1: left allmulticast mode [ 494.611834][T10427] bridge_slave_1: left promiscuous mode [ 494.626784][T10427] bridge0: port 2(bridge_slave_1) entered disabled state [ 494.648680][ T30] audit: type=1326 audit(1745250811.245:5037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10419 comm="syz.6.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd33678ff34 code=0x7ffc0000 [ 494.694516][T10427] bridge_slave_0: left allmulticast mode [ 494.727413][T10427] bridge_slave_0: left promiscuous mode [ 494.745674][T10427] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.944097][ T5883] hso 5-1:0.0: Failed to find BULK IN ep [ 495.118572][ T5883] usb-storage 5-1:0.0: USB Mass Storage device detected [ 495.155969][T10412] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.1324'. [ 495.175577][T10412] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 495.240986][T10412] ufs: Invalid option: "ü" or missing value [ 495.263886][T10412] ufs: wrong mount options [ 495.281284][ T5883] usb 5-1: USB disconnect, device number 36 [ 495.804589][T10447] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 495.812585][T10447] F2FS-fs (loop15): Can't find valid F2FS filesystem in 1th superblock [ 495.821800][T10447] F2FS-fs (loop15): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 495.829759][T10447] F2FS-fs (loop15): Can't find valid F2FS filesystem in 2th superblock [ 497.071879][T10449] netlink: 'syz.7.1336': attribute type 4 has an invalid length. [ 501.029515][T10487] netlink: 'syz.7.1349': attribute type 4 has an invalid length. [ 501.152207][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 501.152226][ T30] audit: type=1326 audit(1745250818.251:5085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10492 comm="syz.7.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 501.224010][ T30] audit: type=1326 audit(1745250818.251:5086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10492 comm="syz.7.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 501.288065][ T30] audit: type=1326 audit(1745250818.251:5087): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10492 comm="syz.7.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 501.341626][ T30] audit: type=1326 audit(1745250818.251:5088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10492 comm="syz.7.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 501.407335][ T30] audit: type=1326 audit(1745250818.251:5089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10492 comm="syz.7.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 501.429469][ T5886] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 501.459680][ T30] audit: type=1326 audit(1745250818.251:5090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10492 comm="syz.7.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 501.526213][ T30] audit: type=1326 audit(1745250818.251:5091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10492 comm="syz.7.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8814990087 code=0x7ffc0000 [ 501.579971][ T30] audit: type=1326 audit(1745250818.251:5092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10492 comm="syz.7.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f881498fffc code=0x7ffc0000 [ 501.657254][ T5886] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 501.666375][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.688534][ T30] audit: type=1326 audit(1745250818.251:5093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10492 comm="syz.7.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f881498ff34 code=0x7ffc0000 [ 501.710502][ T5886] usb 5-1: Product: syz [ 501.714710][ T5886] usb 5-1: Manufacturer: syz [ 501.719345][ T5886] usb 5-1: SerialNumber: syz [ 501.725973][ T30] audit: type=1326 audit(1745250818.251:5094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10492 comm="syz.7.1353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f881498ff34 code=0x7ffc0000 [ 501.749043][ T5886] usb 5-1: config 0 descriptor?? [ 501.967576][T10508] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1358'. [ 502.119547][ T5886] hso 5-1:0.0: Failed to find BULK IN ep [ 502.138150][ T5886] usb-storage 5-1:0.0: USB Mass Storage device detected [ 502.262126][T10489] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.1350'. [ 502.273228][T10489] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 502.515914][T10489] ufs: Invalid option: "ü" or missing value [ 502.598179][T10489] ufs: wrong mount options [ 502.943364][ T5886] usb 5-1: USB disconnect, device number 37 [ 503.245712][T10524] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1360'. [ 503.273034][T10525] netlink: 'syz.6.1363': attribute type 4 has an invalid length. [ 505.796373][T10557] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1373'. [ 506.184630][ T5883] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 506.874741][T10562] FAULT_INJECTION: forcing a failure. [ 506.874741][T10562] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 506.886227][ T5883] usb 5-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 506.913325][T10562] CPU: 0 UID: 0 PID: 10562 Comm: syz.7.1374 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 506.913359][T10562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 506.913372][T10562] Call Trace: [ 506.913380][T10562] [ 506.913390][T10562] dump_stack_lvl+0x241/0x360 [ 506.913430][T10562] ? __pfx_dump_stack_lvl+0x10/0x10 [ 506.913459][T10562] ? __pfx__printk+0x10/0x10 [ 506.913503][T10562] should_fail_ex+0x424/0x570 [ 506.913540][T10562] _copy_from_user+0x2d/0xb0 [ 506.913568][T10562] quota_setinfo+0xc5/0x5d0 [ 506.913603][T10562] ? __pfx_quota_setinfo+0x10/0x10 [ 506.913643][T10562] ? security_capable+0x7e/0x2d0 [ 506.913674][T10562] ? bpf_lsm_quotactl+0x9/0x10 [ 506.913708][T10562] ? do_quotactl+0x59c/0x870 [ 506.913749][T10562] __se_sys_quotactl_fd+0x261/0x420 [ 506.913788][T10562] do_syscall_64+0xf3/0x210 [ 506.913811][T10562] ? clear_bhb_loop+0x45/0xa0 [ 506.913837][T10562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.913857][T10562] RIP: 0033:0x7f881498e169 [ 506.913874][T10562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 506.913892][T10562] RSP: 002b:00007f8815842038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bb [ 506.913915][T10562] RAX: ffffffffffffffda RBX: 00007f8814bb5fa0 RCX: 00007f881498e169 [ 506.913931][T10562] RDX: 000000000000ee01 RSI: ffffffff80000600 RDI: 0000000000000003 [ 506.913944][T10562] RBP: 00007f8815842090 R08: 0000000000000000 R09: 0000000000000000 [ 506.913957][T10562] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 506.913971][T10562] R13: 0000000000000000 R14: 00007f8814bb5fa0 R15: 00007ffd642e0778 [ 506.914004][T10562] [ 506.915194][ T5883] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 507.205234][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 507.205258][ T30] audit: type=1326 audit(1745250823.892:5155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.6.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 507.219935][ T5883] usb 5-1: New USB device strings: Mfr=32, Product=0, SerialNumber=9 [ 507.244790][ T5883] usb 5-1: Manufacturer: syz [ 507.249501][ T5883] usb 5-1: SerialNumber: syz [ 507.261121][ T5883] usb 5-1: config 0 descriptor?? [ 507.275817][ T5883] usb 5-1: Found UVC 0.00 device (046d:08c1) [ 507.288285][ T5883] usb 5-1: No valid video chain found. [ 507.298215][ T30] audit: type=1326 audit(1745250823.892:5156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.6.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 507.319922][ C0] vkms_vblank_simulate: vblank timer overrun [ 507.358224][ T30] audit: type=1326 audit(1745250823.892:5157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.6.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 507.386571][ T30] audit: type=1326 audit(1745250823.892:5158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.6.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 507.408562][ C0] vkms_vblank_simulate: vblank timer overrun [ 507.437269][T10569] netlink: 'syz.6.1379': attribute type 4 has an invalid length. [ 507.468309][ T30] audit: type=1326 audit(1745250823.892:5159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.6.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 507.531349][ T30] audit: type=1326 audit(1745250823.892:5160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.6.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 507.552938][ C0] vkms_vblank_simulate: vblank timer overrun [ 507.569914][ T47] usb 5-1: USB disconnect, device number 38 [ 507.620435][ T30] audit: type=1326 audit(1745250823.892:5161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.6.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 507.649117][ T30] audit: type=1326 audit(1745250823.892:5162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.6.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd336790087 code=0x7ffc0000 [ 507.675642][ T5886] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 507.685351][ T30] audit: type=1326 audit(1745250823.892:5163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.6.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fd33678fffc code=0x7ffc0000 [ 507.715887][ T30] audit: type=1326 audit(1745250823.892:5164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10564 comm="syz.6.1377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd33678ff34 code=0x7ffc0000 [ 507.889828][ T5886] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 507.909297][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.917970][ T5886] usb 2-1: Product: syz [ 507.932247][ T5886] usb 2-1: Manufacturer: syz [ 507.940853][ T5886] usb 2-1: SerialNumber: syz [ 507.961348][ T5886] usb 2-1: config 0 descriptor?? [ 508.521625][T10567] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.1378'. [ 508.747145][T10567] ufs: Invalid option: "ü" or missing value [ 508.753122][T10567] ufs: wrong mount options [ 508.835057][ T5886] hso 2-1:0.0: Failed to find BULK IN ep [ 508.843892][ T5886] usb-storage 2-1:0.0: USB Mass Storage device detected [ 508.945297][ T5886] usb 2-1: USB disconnect, device number 39 [ 508.993916][T10601] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1388'. [ 509.015982][T10604] FAULT_INJECTION: forcing a failure. [ 509.015982][T10604] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 509.084942][T10604] CPU: 1 UID: 0 PID: 10604 Comm: syz.4.1387 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 509.084975][T10604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 509.084990][T10604] Call Trace: [ 509.084998][T10604] [ 509.085007][T10604] dump_stack_lvl+0x241/0x360 [ 509.085044][T10604] ? __pfx_dump_stack_lvl+0x10/0x10 [ 509.085073][T10604] ? __pfx__printk+0x10/0x10 [ 509.085112][T10604] should_fail_ex+0x424/0x570 [ 509.085150][T10604] prepare_alloc_pages+0x220/0x610 [ 509.085192][T10604] __alloc_frozen_pages_noprof+0x162/0x5b0 [ 509.085218][T10604] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 509.085248][T10604] ? cgroup_rstat_updated+0x144/0xc40 [ 509.085291][T10604] alloc_pages_mpol+0x339/0x690 [ 509.085323][T10604] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 509.085361][T10604] alloc_migration_target_by_mpol+0x33e/0x5e0 [ 509.085403][T10604] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 509.085435][T10604] ? __pfx___might_resched+0x10/0x10 [ 509.085475][T10604] migrate_pages_batch+0x8e8/0x30b0 [ 509.085522][T10604] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 509.085569][T10604] ? __pfx_migrate_pages_batch+0x10/0x10 [ 509.085609][T10604] ? walk_pgd_range+0x1704/0x17e0 [ 509.085639][T10604] ? mt_find+0x699/0x8f0 [ 509.085677][T10604] migrate_pages+0x2028/0x36c0 [ 509.085731][T10604] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 509.085768][T10604] ? __pfx_migrate_pages+0x10/0x10 [ 509.085813][T10604] ? __se_sys_mbind+0x1434/0x1950 [ 509.085852][T10604] ? __pfx_up_write+0x10/0x10 [ 509.085883][T10604] __se_sys_mbind+0x148d/0x1950 [ 509.085926][T10604] ? __pfx___se_sys_mbind+0x10/0x10 [ 509.085957][T10604] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 509.085983][T10604] ? __fget_files+0x2a/0x420 [ 509.086040][T10604] ? __x64_sys_mbind+0x21/0xf0 [ 509.086066][T10604] do_syscall_64+0xf3/0x210 [ 509.086089][T10604] ? clear_bhb_loop+0x45/0xa0 [ 509.086113][T10604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 509.086133][T10604] RIP: 0033:0x7fdc4ed8e169 [ 509.086151][T10604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 509.086169][T10604] RSP: 002b:00007fdc4fc66038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 509.086192][T10604] RAX: ffffffffffffffda RBX: 00007fdc4efb6080 RCX: 00007fdc4ed8e169 [ 509.086207][T10604] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000001000 [ 509.086220][T10604] RBP: 00007fdc4fc66090 R08: 0000000000000000 R09: 0000000000000002 [ 509.086232][T10604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 509.086245][T10604] R13: 0000000000000001 R14: 00007fdc4efb6080 R15: 00007ffcaeca2d08 [ 509.086276][T10604] [ 509.592814][T10614] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1390'. [ 509.645978][T10613] netlink: 'syz.4.1391': attribute type 4 has an invalid length. [ 510.078924][T10620] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1393'. [ 512.967859][ T5883] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 513.545478][ T30] kauditd_printk_skb: 44 callbacks suppressed [ 513.545498][ T30] audit: type=1326 audit(1745250829.850:5209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10645 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 513.651150][ T30] audit: type=1326 audit(1745250829.850:5210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10645 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 513.653948][T10648] netlink: 'syz.6.1402': attribute type 4 has an invalid length. [ 513.688678][ T5883] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 513.705514][ T5883] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.735539][ T5883] usb 6-1: Product: syz [ 513.759128][ T30] audit: type=1326 audit(1745250829.888:5211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10645 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 513.789930][ T5883] usb 6-1: Manufacturer: syz [ 513.807087][ T5883] usb 6-1: SerialNumber: syz [ 513.826199][ T5883] usb 6-1: config 0 descriptor?? [ 513.839870][ T30] audit: type=1326 audit(1745250829.888:5212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10645 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 513.883234][ T30] audit: type=1326 audit(1745250829.888:5213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10645 comm="syz.7.1403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 514.098881][T10642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 514.133012][ T5915] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 515.064548][T10642] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 515.182335][ T5883] hso 6-1:0.0: Failed to find INT IN ep [ 515.193691][ T5883] usb-storage 6-1:0.0: USB Mass Storage device detected [ 515.229022][T10662] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1408'. [ 515.352699][ T5915] usb 7-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 515.428145][ T5915] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.457367][ T5915] usb 7-1: Product: syz [ 515.497067][ T5915] usb 7-1: Manufacturer: syz [ 515.536313][T10642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 515.567387][ T5915] usb 7-1: SerialNumber: syz [ 515.579577][T10642] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 515.651566][ T5915] usb 7-1: config 0 descriptor?? [ 515.663700][ T5886] usb 6-1: USB disconnect, device number 21 [ 515.677171][T10669] sp0: Synchronizing with TNC [ 515.876279][ T5915] hso 7-1:0.0: Failed to find BULK IN ep [ 515.884331][ T5915] usb-storage 7-1:0.0: USB Mass Storage device detected [ 515.982623][ T5883] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 516.097617][T10655] netlink: 1010 bytes leftover after parsing attributes in process `syz.6.1405'. [ 516.137645][ T1214] usb 7-1: USB disconnect, device number 27 [ 516.162059][ T5883] usb 5-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 516.181114][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.205597][ T5883] usb 5-1: config 0 descriptor?? [ 516.245411][T10679] FAULT_INJECTION: forcing a failure. [ 516.245411][T10679] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 516.260331][T10679] CPU: 1 UID: 0 PID: 10679 Comm: syz.1.1412 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 516.260362][T10679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 516.260377][T10679] Call Trace: [ 516.260384][T10679] [ 516.260393][T10679] dump_stack_lvl+0x241/0x360 [ 516.260430][T10679] ? __pfx_dump_stack_lvl+0x10/0x10 [ 516.260459][T10679] ? __pfx__printk+0x10/0x10 [ 516.260502][T10679] should_fail_ex+0x424/0x570 [ 516.260539][T10679] _copy_from_user+0x2d/0xb0 [ 516.260568][T10679] __sys_bpf+0x1c5/0x8b0 [ 516.260595][T10679] ? __pfx___sys_bpf+0x10/0x10 [ 516.260636][T10679] ? ksys_write+0x275/0x2d0 [ 516.260673][T10679] __x64_sys_bpf+0x7c/0x90 [ 516.260696][T10679] do_syscall_64+0xf3/0x210 [ 516.260719][T10679] ? clear_bhb_loop+0x45/0xa0 [ 516.260743][T10679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.260763][T10679] RIP: 0033:0x7fd86bb8e169 [ 516.260783][T10679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 516.260801][T10679] RSP: 002b:00007fd86c95a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 516.260823][T10679] RAX: ffffffffffffffda RBX: 00007fd86bdb6080 RCX: 00007fd86bb8e169 [ 516.260839][T10679] RDX: 0000000000000090 RSI: 0000200000000840 RDI: 0000000000000005 [ 516.260852][T10679] RBP: 00007fd86c95a090 R08: 0000000000000000 R09: 0000000000000000 [ 516.260865][T10679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 516.260877][T10679] R13: 0000000000000000 R14: 00007fd86bdb6080 R15: 00007fff762918a8 [ 516.260910][T10679] [ 516.659690][ T5883] creative-sb0540 0003:041E:3100.000C: No inputs registered, leaving [ 516.675751][ T5883] creative-sb0540 0003:041E:3100.000C: hidraw0: USB HID v1.01 Device [HID 041e:3100] on usb-dummy_hcd.4-1/input0 [ 516.832833][ T30] audit: type=1326 audit(1745250832.928:5214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.5.1416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 516.880720][ T30] audit: type=1326 audit(1745250832.946:5215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.5.1416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 517.002022][ T30] audit: type=1326 audit(1745250832.946:5216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.5.1416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 517.029696][ T30] audit: type=1326 audit(1745250832.946:5217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.5.1416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 517.082896][ T30] audit: type=1326 audit(1745250832.946:5218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10687 comm="syz.5.1416" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 517.176067][T10696] netlink: 'syz.5.1417': attribute type 4 has an invalid length. [ 518.122432][T10704] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1420'. [ 518.670227][T10706] random: crng reseeded on system resumption [ 519.126113][T10702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 519.145711][T10702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 519.174097][T10669] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12) [ 519.180775][T10669] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 519.207398][T10669] vhci_hcd vhci_hcd.0: Device attached [ 519.223788][T10712] vhci_hcd: connection closed [ 519.235531][ T8697] vhci_hcd: stop threads [ 519.245261][ T8697] vhci_hcd: release socket [ 519.249786][ T8697] vhci_hcd: disconnect device [ 519.257110][ T5884] usb 5-1: USB disconnect, device number 39 [ 521.926937][T10737] netlink: 'syz.7.1431': attribute type 4 has an invalid length. [ 522.195971][ T5886] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 522.477762][ T5886] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 522.518644][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.546490][ T5886] usb 5-1: Product: syz [ 522.550834][ T5886] usb 5-1: Manufacturer: syz [ 522.556737][ T5886] usb 5-1: SerialNumber: syz [ 522.584448][T10741] netlink: 'syz.5.1433': attribute type 32 has an invalid length. [ 522.606798][T10741] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1433'. [ 522.606883][ T5886] usb 5-1: config 0 descriptor?? [ 522.728593][ T1214] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 522.890407][ T1214] usb 7-1: config 0 has an invalid interface number: 255 but max is 0 [ 522.913627][ T1214] usb 7-1: config 0 has no interface number 0 [ 522.923264][ T1214] usb 7-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 522.938348][ T5886] hso 5-1:0.0: Failed to find BULK IN ep [ 522.950673][ T1214] usb 7-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 523.038013][ T24] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 523.091961][ T5886] usb-storage 5-1:0.0: USB Mass Storage device detected [ 523.163432][T10733] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.1429'. [ 523.228139][T10733] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 523.248805][ T24] usb 6-1: config 0 has an invalid interface number: 170 but max is 0 [ 523.292317][ T24] usb 6-1: config 0 has no interface number 0 [ 523.378485][T10751] ufs: Invalid option: "ü" or missing value [ 523.400370][ T24] usb 6-1: New USB device found, idVendor=0421, idProduct=0419, bcdDevice=28.0c [ 523.446975][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.456568][T10751] ufs: wrong mount options [ 523.474026][ T24] usb 6-1: Product: syz [ 523.561603][ T1214] usb 7-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79 [ 523.582548][ T1214] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.603658][ T5897] usb 5-1: USB disconnect, device number 40 [ 523.638619][ T1214] usb 7-1: Product: syz [ 523.645241][T10752] netlink: 280 bytes leftover after parsing attributes in process `syz.1.1435'. [ 523.657712][ T24] usb 6-1: Manufacturer: syz [ 523.662525][ T1214] usb 7-1: Manufacturer: syz [ 523.662645][ T24] usb 6-1: SerialNumber: syz [ 523.675306][ T24] usb 6-1: config 0 descriptor?? [ 523.686117][ T1214] usb 7-1: SerialNumber: syz [ 523.707811][ T1214] usb 7-1: config 0 descriptor?? [ 523.737582][ T1214] vmk80xx 7-1:0.255: driver 'vmk80xx' failed to auto-configure device. [ 523.759604][ T1214] vmk80xx 7-1:0.255: probe with driver vmk80xx failed with error -22 [ 523.898676][ T24] usb 6-1: bad CDC descriptors [ 523.906619][ T24] cdc_acm 6-1:0.170: Zero length descriptor references [ 523.913884][ T24] cdc_acm 6-1:0.170: probe with driver cdc_acm failed with error -22 [ 523.943902][ T24] usb 6-1: USB disconnect, device number 22 [ 523.966485][ T5833] Bluetooth: hci5: unexpected event for opcode 0x2062 [ 523.968958][ T5897] usb 7-1: USB disconnect, device number 28 [ 524.054605][ T5883] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 524.225774][ T5883] usb 8-1: Using ep0 maxpacket: 16 [ 524.233657][ T5883] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 524.245421][ T5883] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 524.255726][ T5883] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 524.270983][ T5883] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 524.289936][ T5883] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.306334][ T5883] usb 8-1: config 0 descriptor?? [ 524.374821][T10760] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1439'. [ 524.383877][T10760] bridge_slave_1: left allmulticast mode [ 524.390777][T10760] bridge_slave_1: left promiscuous mode [ 524.397840][T10760] bridge0: port 2(bridge_slave_1) entered disabled state [ 524.413429][T10760] bridge_slave_0: left allmulticast mode [ 524.419324][T10760] bridge_slave_0: left promiscuous mode [ 524.425119][T10760] bridge0: port 1(bridge_slave_0) entered disabled state [ 524.468515][ T24] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 524.549260][ T5883] usbhid 8-1:0.0: can't add hid device: -71 [ 524.562189][ T5883] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 524.590083][ T5883] usb 8-1: USB disconnect, device number 7 [ 524.806886][ T24] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 524.816606][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.824855][ T24] usb 2-1: Product: syz [ 524.829219][ T24] usb 2-1: Manufacturer: syz [ 524.834007][ T24] usb 2-1: SerialNumber: syz [ 525.755146][ T24] usb 2-1: config 0 descriptor?? [ 526.205249][T10756] [U] W!TÁÍ—Ž}Ý©ÏS…L^Ï=ÍÝ [ 526.457569][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 526.464187][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 526.513104][ T24] usb 2-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 526.521156][ T24] usb 2-1: Firmware version (0.0) predates our first public release. [ 526.538674][ T24] usb 2-1: Please update to version 0.2 or newer [ 526.916052][T10777] netlink: 'syz.5.1444': attribute type 4 has an invalid length. [ 527.366473][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 527.366497][ T30] audit: type=1326 audit(1745250842.768:5231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10774 comm="syz.4.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 527.446026][ T30] audit: type=1326 audit(1745250842.768:5232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10774 comm="syz.4.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 527.471659][ T30] audit: type=1326 audit(1745250842.777:5233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10774 comm="syz.4.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 527.515129][ T30] audit: type=1326 audit(1745250842.777:5234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10774 comm="syz.4.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 527.522470][T10782] sp0: Synchronizing with TNC [ 527.565028][ T24] usb 2-1: USB disconnect, device number 40 [ 527.601470][ T30] audit: type=1326 audit(1745250842.777:5235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10774 comm="syz.4.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 527.638175][ T30] audit: type=1326 audit(1745250842.777:5236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10774 comm="syz.4.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdc4ed90087 code=0x7ffc0000 [ 527.669760][T10782] trusted_key: encrypted_key: key user:syz not found [ 527.703665][ T30] audit: type=1326 audit(1745250842.777:5237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10774 comm="syz.4.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fdc4ed8fffc code=0x7ffc0000 [ 527.740158][ T30] audit: type=1326 audit(1745250842.777:5238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10774 comm="syz.4.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fdc4ed8ff34 code=0x7ffc0000 [ 527.791180][ T30] audit: type=1326 audit(1745250842.777:5239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10774 comm="syz.4.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fdc4ed8ff34 code=0x7ffc0000 [ 527.821910][ T30] audit: type=1326 audit(1745250842.777:5240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10774 comm="syz.4.1445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fdc4ed8cdca code=0x7ffc0000 [ 527.998680][ T5884] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 528.030785][ T5886] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 528.279563][T10797] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 528.288353][T10797] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 528.297202][T10797] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 528.305155][T10797] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 528.374457][ T5833] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 528.384989][ T5833] Bluetooth: hci5: Injecting HCI hardware error event [ 528.396906][ T5833] Bluetooth: hci5: hardware error 0x00 [ 528.725553][ T5884] usb 7-1: Using ep0 maxpacket: 16 [ 528.733945][ T5884] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 528.750606][ T5886] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 528.759965][ T5884] usb 7-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 528.778969][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.787172][ T5886] usb 5-1: Product: syz [ 528.792892][ T5884] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.804683][ T5886] usb 5-1: Manufacturer: syz [ 528.809345][ T5886] usb 5-1: SerialNumber: syz [ 528.819348][ T5884] usb 7-1: config 0 descriptor?? [ 528.838420][ T5886] usb 5-1: config 0 descriptor?? [ 529.217951][ T5886] hso 5-1:0.0: Failed to find BULK IN ep [ 529.226978][ T5886] usb-storage 5-1:0.0: USB Mass Storage device detected [ 529.235778][T10789] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1449'. [ 529.414157][T10789] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 529.423565][T10789] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 529.432575][T10789] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 529.441332][T10789] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 529.853853][T10800] block nbd7: shutting down sockets [ 530.004180][T10813] ufs: Invalid option: "ü" or missing value [ 530.019531][T10813] ufs: wrong mount options [ 530.027862][T10789] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 530.038291][T10789] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 530.049683][T10789] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 530.059031][T10789] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 530.145544][T10788] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.1448'. [ 530.182311][T10792] usb 5-1: USB disconnect, device number 41 [ 530.565928][ T5833] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 530.692819][ T5884] usbhid 7-1:0.0: can't add hid device: -71 [ 530.700707][ T5884] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 530.840480][ T5884] usb 7-1: USB disconnect, device number 29 [ 531.227261][T10792] usb 8-1: new full-speed USB device number 8 using dummy_hcd [ 531.277303][T10830] sp0: Synchronizing with TNC [ 531.395669][T10792] usb 8-1: config 0 has an invalid interface number: 34 but max is 0 [ 531.414426][T10792] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 531.664966][T10792] usb 8-1: config 0 has no interface number 0 [ 531.673755][T10792] usb 8-1: config 0 interface 34 has no altsetting 0 [ 531.683999][T10792] usb 8-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 531.695614][T10792] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.708338][ T5886] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 531.719965][T10792] usb 8-1: config 0 descriptor?? [ 531.923039][ T5886] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 532.194365][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.499916][T10840] block nbd5: shutting down sockets [ 532.534625][ T5886] usb 2-1: config 0 descriptor?? [ 532.585581][T10822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 532.605663][T10822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 533.407094][ T5915] usb 8-1: USB disconnect, device number 8 [ 533.508676][ T30] kauditd_printk_skb: 96 callbacks suppressed [ 533.508697][ T30] audit: type=1326 audit(1745250848.521:5337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10855 comm="syz.6.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 533.539441][ T30] audit: type=1326 audit(1745250848.558:5338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10855 comm="syz.6.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 533.605583][ T5886] creative-sb0540 0003:041E:3100.000D: No inputs registered, leaving [ 533.630546][ T30] audit: type=1326 audit(1745250848.577:5339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10855 comm="syz.6.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 533.668977][ T5886] creative-sb0540 0003:041E:3100.000D: hidraw0: USB HID v1.01 Device [HID 041e:3100] on usb-dummy_hcd.1-1/input0 [ 533.688160][ T30] audit: type=1326 audit(1745250848.577:5340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10855 comm="syz.6.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 533.711904][ T30] audit: type=1326 audit(1745250848.577:5341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10855 comm="syz.6.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 533.734194][ T30] audit: type=1326 audit(1745250848.577:5342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10855 comm="syz.6.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 533.973930][ T30] audit: type=1326 audit(1745250848.577:5343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10855 comm="syz.6.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 533.996719][ T30] audit: type=1326 audit(1745250848.577:5344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10855 comm="syz.6.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd336790087 code=0x7ffc0000 [ 534.040417][ T30] audit: type=1326 audit(1745250848.577:5345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10855 comm="syz.6.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fd33678fffc code=0x7ffc0000 [ 534.328821][ T30] audit: type=1326 audit(1745250848.577:5346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10855 comm="syz.6.1469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd33678ff34 code=0x7ffc0000 [ 534.898300][T10871] netlink: 'syz.6.1474': attribute type 4 has an invalid length. [ 535.573007][T10868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 535.589389][T10868] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 535.653020][ T5915] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 535.727096][T10830] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12) [ 535.733784][T10830] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 535.780510][T10830] vhci_hcd vhci_hcd.0: Device attached [ 535.790013][T10882] vhci_hcd: connection closed [ 535.790305][ T36] vhci_hcd: stop threads [ 535.805899][T10792] usb 2-1: USB disconnect, device number 41 [ 535.902411][ T36] vhci_hcd: release socket [ 536.259040][ T36] vhci_hcd: disconnect device [ 536.482171][T10879] block nbd6: shutting down sockets [ 536.632379][ T5915] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 536.661565][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.681182][ T5915] usb 5-1: Product: syz [ 536.685417][ T5915] usb 5-1: Manufacturer: syz [ 536.690503][ T5915] usb 5-1: SerialNumber: syz [ 536.715142][ T5915] usb 5-1: config 0 descriptor?? [ 537.322872][T10874] netlink: 1010 bytes leftover after parsing attributes in process `syz.4.1475'. [ 537.335508][ T5915] hso 5-1:0.0: Failed to find BULK IN ep [ 537.478061][ T5915] usb-storage 5-1:0.0: USB Mass Storage device detected [ 537.505076][T10874] ufs: Invalid option: "ü" or missing value [ 537.558188][T10874] ufs: wrong mount options [ 537.613395][ T5915] usb 5-1: USB disconnect, device number 42 [ 538.146574][ T5915] usb 2-1: new full-speed USB device number 42 using dummy_hcd [ 538.310484][ T1214] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 538.718962][ T5915] usb 2-1: config 0 has an invalid interface number: 34 but max is 0 [ 538.728859][ T1214] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 538.758766][ T5915] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 538.785729][ T1214] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 538.801338][ T5915] usb 2-1: config 0 has no interface number 0 [ 538.834127][ T1214] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 538.844390][ T5915] usb 2-1: config 0 interface 34 has no altsetting 0 [ 539.144835][ T36] Bluetooth: (null): Invalid header checksum [ 539.154534][ T5915] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 539.164724][ T1214] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.390407][ T36] Bluetooth: (null): Invalid header checksum [ 540.015695][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.028570][ T1214] usb 6-1: config 0 descriptor?? [ 540.035267][ T36] Bluetooth: (null): Invalid header checksum [ 540.042457][ T5915] usb 2-1: config 0 descriptor?? [ 540.057201][ T36] Bluetooth: (null): Invalid header checksum [ 540.073903][ T36] Bluetooth: (null): Invalid header checksum [ 540.081080][ T36] Bluetooth: (null): Invalid header checksum [ 540.087243][ T36] Bluetooth: (null): Invalid header checksum [ 540.093890][ T36] Bluetooth: (null): Invalid header checksum [ 540.100029][ T36] Bluetooth: (null): Invalid header checksum [ 540.126458][ T36] Bluetooth: (null): Invalid header checksum [ 540.146053][ T36] Bluetooth: (null): Invalid header checksum [ 540.588498][T10927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 540.603598][T10927] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 540.867048][ T5886] usb 2-1: USB disconnect, device number 42 [ 541.207714][ T1214] cm6533_jd 0003:0D8C:0022.000E: unknown main item tag 0x0 [ 541.216079][ T1214] cm6533_jd 0003:0D8C:0022.000E: unknown main item tag 0x0 [ 541.243697][ T1214] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0D8C:0022.000E/input/input33 [ 541.282877][ T1214] cm6533_jd 0003:0D8C:0022.000E: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.5-1/input0 [ 541.348412][ T1214] usb 6-1: USB disconnect, device number 23 [ 541.356333][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 541.356354][ T30] audit: type=1326 audit(1745250855.864:5377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 541.417432][ T30] audit: type=1326 audit(1745250855.864:5378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 541.478401][ T30] audit: type=1326 audit(1745250855.864:5379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 541.543575][ T30] audit: type=1326 audit(1745250855.864:5380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 541.597260][ T30] audit: type=1326 audit(1745250855.864:5381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 541.629295][ T30] audit: type=1326 audit(1745250855.892:5382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 541.703786][ T30] audit: type=1326 audit(1745250855.892:5383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 541.776948][ T30] audit: type=1326 audit(1745250855.892:5384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdc4ed90087 code=0x7ffc0000 [ 541.817834][ T30] audit: type=1326 audit(1745250855.892:5385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fdc4ed8fffc code=0x7ffc0000 [ 541.839767][ T30] audit: type=1326 audit(1745250855.892:5386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10929 comm="syz.4.1491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fdc4ed8ff34 code=0x7ffc0000 [ 541.969983][ T5884] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 542.210584][ T5884] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 542.281980][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.383354][ T5884] usb 2-1: Product: syz [ 542.525596][ T5884] usb 2-1: Manufacturer: syz [ 542.536398][ T5884] usb 2-1: SerialNumber: syz [ 542.564473][ T5884] usb 2-1: config 0 descriptor?? [ 542.941495][ T5884] hso 2-1:0.0: Failed to find BULK IN ep [ 542.951271][ T5884] usb-storage 2-1:0.0: USB Mass Storage device detected [ 542.987873][T10792] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 543.042455][T10936] netlink: 1010 bytes leftover after parsing attributes in process `syz.1.1494'. [ 543.280004][T10792] usb 8-1: Using ep0 maxpacket: 16 [ 543.402211][T10792] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 543.553732][T10936] ufs: Invalid option: "ü" or missing value [ 543.584226][T10936] ufs: wrong mount options [ 543.593948][ T5897] usb 2-1: USB disconnect, device number 43 [ 543.715400][T10792] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 543.726244][T10792] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 543.740028][T10792] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 543.753440][T10792] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.779013][T10792] usb 8-1: config 0 descriptor?? [ 544.142190][T10792] usbhid 8-1:0.0: can't add hid device: -71 [ 544.148233][T10792] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 544.158972][T10792] usb 8-1: USB disconnect, device number 9 [ 546.023040][T10979] FAULT_INJECTION: forcing a failure. [ 546.023040][T10979] name failslab, interval 1, probability 0, space 0, times 0 [ 546.035920][T10979] CPU: 1 UID: 0 PID: 10979 Comm: syz.5.1504 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 546.035951][T10979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 546.035965][T10979] Call Trace: [ 546.035974][T10979] [ 546.035984][T10979] dump_stack_lvl+0x241/0x360 [ 546.036021][T10979] ? __pfx_dump_stack_lvl+0x10/0x10 [ 546.036050][T10979] ? __pfx__printk+0x10/0x10 [ 546.036083][T10979] ? __pfx___might_resched+0x10/0x10 [ 546.036120][T10979] should_fail_ex+0x424/0x570 [ 546.036158][T10979] should_failslab+0xac/0x100 [ 546.036187][T10979] __kmalloc_noprof+0xdf/0x4d0 [ 546.036213][T10979] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 546.036244][T10979] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 546.036283][T10979] tomoyo_realpath_from_path+0xcf/0x5e0 [ 546.036329][T10979] tomoyo_path_perm+0x2be/0x640 [ 546.036360][T10979] ? tomoyo_path_perm+0x28c/0x640 [ 546.036386][T10979] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 546.036411][T10979] ? rcu_read_lock_any_held+0xbb/0x160 [ 546.036469][T10979] ? __lock_acquire+0xad5/0xd80 [ 546.036514][T10979] security_file_truncate+0xac/0x250 [ 546.036551][T10979] do_ftruncate+0x275/0x5a0 [ 546.036572][T10979] ? __fget_files+0x2a/0x420 [ 546.036603][T10979] ? __pfx_do_ftruncate+0x10/0x10 [ 546.036624][T10979] ? __fget_files+0x2a/0x420 [ 546.036659][T10979] __x64_sys_ftruncate+0x93/0xf0 [ 546.036684][T10979] do_syscall_64+0xf3/0x210 [ 546.036708][T10979] ? clear_bhb_loop+0x45/0xa0 [ 546.036734][T10979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 546.036756][T10979] RIP: 0033:0x7f07e8b8e169 [ 546.036775][T10979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 546.036794][T10979] RSP: 002b:00007f07e9994038 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 546.036817][T10979] RAX: ffffffffffffffda RBX: 00007f07e8db6160 RCX: 00007f07e8b8e169 [ 546.036833][T10979] RDX: 0000000000000000 RSI: 000000000000ffff RDI: 0000000000000005 [ 546.036847][T10979] RBP: 00007f07e9994090 R08: 0000000000000000 R09: 0000000000000000 [ 546.036861][T10979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 546.036874][T10979] R13: 0000000000000000 R14: 00007f07e8db6160 R15: 00007ffc676ce348 [ 546.036907][T10979] [ 546.036941][T10979] ERROR: Out of memory at tomoyo_realpath_from_path. [ 546.271994][T10792] usb 7-1: new full-speed USB device number 30 using dummy_hcd [ 546.324914][T10982] netlink: 'syz.4.1508': attribute type 39 has an invalid length. [ 546.464405][T10792] usb 7-1: config 0 has an invalid interface number: 34 but max is 0 [ 546.486594][T10792] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 546.519906][T10792] usb 7-1: config 0 has no interface number 0 [ 546.755217][T10792] usb 7-1: config 0 interface 34 has no altsetting 0 [ 546.762724][T10792] usb 7-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 546.772066][T10792] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.784316][T10792] usb 7-1: config 0 descriptor?? [ 546.915031][T10995] netlink: 280 bytes leftover after parsing attributes in process `syz.1.1511'. [ 547.724608][T11000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 547.734383][T11000] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 548.338994][T10792] usb 7-1: USB disconnect, device number 30 [ 548.677466][ T30] kauditd_printk_skb: 109 callbacks suppressed [ 548.677487][ T30] audit: type=1326 audit(1745250862.711:5496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10999 comm="syz.1.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 548.753333][ T30] audit: type=1326 audit(1745250862.748:5497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10999 comm="syz.1.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 548.867847][ T30] audit: type=1326 audit(1745250862.748:5498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10999 comm="syz.1.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 549.030105][ T30] audit: type=1326 audit(1745250862.748:5499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10999 comm="syz.1.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 549.061797][ T30] audit: type=1326 audit(1745250862.748:5500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10999 comm="syz.1.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 549.122147][ T30] audit: type=1326 audit(1745250862.748:5501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10999 comm="syz.1.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 549.167792][T11014] FAULT_INJECTION: forcing a failure. [ 549.167792][T11014] name failslab, interval 1, probability 0, space 0, times 0 [ 549.190852][ T30] audit: type=1326 audit(1745250862.758:5502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10999 comm="syz.1.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 549.214902][ T30] audit: type=1326 audit(1745250862.758:5503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10999 comm="syz.1.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd86bb90087 code=0x7ffc0000 [ 549.237428][ T30] audit: type=1326 audit(1745250862.758:5504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10999 comm="syz.1.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fd86bb8fffc code=0x7ffc0000 [ 549.259987][T11014] CPU: 0 UID: 0 PID: 11014 Comm: syz.6.1519 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 549.260020][T11014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 549.260034][T11014] Call Trace: [ 549.260042][T11014] [ 549.260051][T11014] dump_stack_lvl+0x241/0x360 [ 549.260090][T11014] ? __pfx_dump_stack_lvl+0x10/0x10 [ 549.260120][T11014] ? __pfx__printk+0x10/0x10 [ 549.260154][T11014] ? __pfx___might_resched+0x10/0x10 [ 549.260191][T11014] should_fail_ex+0x424/0x570 [ 549.260230][T11014] should_failslab+0xac/0x100 [ 549.260260][T11014] __kmalloc_noprof+0xdf/0x4d0 [ 549.260295][T11014] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 549.260327][T11014] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 549.260364][T11014] tomoyo_realpath_from_path+0xcf/0x5e0 [ 549.260410][T11014] tomoyo_path_number_perm+0x245/0x790 [ 549.260443][T11014] ? tomoyo_path_number_perm+0x215/0x790 [ 549.260473][T11014] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 549.260508][T11014] ? ksys_write+0x24e/0x2d0 [ 549.260538][T11014] ? __lock_acquire+0xad5/0xd80 [ 549.260588][T11014] ? __fget_files+0x2a/0x420 [ 549.260613][T11014] ? __fget_files+0x2a/0x420 [ 549.260642][T11014] ? __fget_files+0x2a/0x420 [ 549.260673][T11014] security_file_ioctl+0xc6/0x2a0 [ 549.260704][T11014] __se_sys_ioctl+0x46/0x160 [ 549.260740][T11014] do_syscall_64+0xf3/0x210 [ 549.260763][T11014] ? clear_bhb_loop+0x45/0xa0 [ 549.260790][T11014] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.260812][T11014] RIP: 0033:0x7fd33678e169 [ 549.260831][T11014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 549.260849][T11014] RSP: 002b:00007fd337584038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 549.260873][T11014] RAX: ffffffffffffffda RBX: 00007fd3369b5fa0 RCX: 00007fd33678e169 [ 549.260888][T11014] RDX: 0000200000000440 RSI: 0000000000008922 RDI: 0000000000000003 [ 549.260902][T11014] RBP: 00007fd337584090 R08: 0000000000000000 R09: 0000000000000000 [ 549.260915][T11014] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 549.260928][T11014] R13: 0000000000000000 R14: 00007fd3369b5fa0 R15: 00007ffc79868328 [ 549.260960][T11014] [ 549.260971][T11014] ERROR: Out of memory at tomoyo_realpath_from_path. [ 549.476062][ T30] audit: type=1326 audit(1745250862.758:5505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10999 comm="syz.1.1515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd86bb8ff34 code=0x7ffc0000 [ 549.967897][T10792] usb 2-1: new full-speed USB device number 44 using dummy_hcd [ 550.115614][T11039] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1527'. [ 550.173343][T10792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 65535, setting to 64 [ 550.234392][T10792] usb 2-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00 [ 550.326022][T10792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.524803][T10792] usb 2-1: config 0 descriptor?? [ 550.575590][T11029] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 550.738237][T10792] rc_core: IR keymap rc-xbox-dvd not found [ 550.744156][T10792] Registered IR keymap rc-empty [ 550.770620][T10792] rc rc0: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 550.804694][T10792] input: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input34 [ 550.876500][ T5886] usb 5-1: new full-speed USB device number 43 using dummy_hcd [ 550.909224][T10792] usb 2-1: USB disconnect, device number 44 [ 550.915259][ C1] xbox_remote 2-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 551.058242][ T5886] usb 5-1: config 0 has an invalid interface number: 34 but max is 0 [ 551.070885][ T5886] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 551.112543][ T5886] usb 5-1: config 0 has no interface number 0 [ 551.132980][ T5886] usb 5-1: config 0 interface 34 has no altsetting 0 [ 551.139770][ T5886] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 551.172312][ T5886] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.235303][ T5886] usb 5-1: config 0 descriptor?? [ 551.476152][T10792] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 551.602323][T11056] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 551.612439][T11056] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 551.627052][T11055] FAULT_INJECTION: forcing a failure. [ 551.627052][T11055] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 551.657745][T11055] CPU: 0 UID: 0 PID: 11055 Comm: syz.1.1534 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 551.657780][T11055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 551.657794][T11055] Call Trace: [ 551.657803][T11055] [ 551.657813][T11055] dump_stack_lvl+0x241/0x360 [ 551.657851][T11055] ? __pfx_dump_stack_lvl+0x10/0x10 [ 551.657881][T11055] ? __pfx__printk+0x10/0x10 [ 551.657925][T11055] should_fail_ex+0x424/0x570 [ 551.657963][T11055] _copy_from_user+0x2d/0xb0 [ 551.657993][T11055] core_sys_select+0x542/0xab0 [ 551.658030][T11055] ? __pfx_core_sys_select+0x10/0x10 [ 551.658050][T11055] ? rcu_read_lock_any_held+0xbb/0x160 [ 551.658086][T11055] ? vfs_write+0xb29/0xd10 [ 551.658136][T11055] ? __pfx_set_user_sigmask+0x10/0x10 [ 551.658180][T11055] __se_sys_pselect6+0x356/0x3e0 [ 551.658214][T11055] ? __pfx___se_sys_pselect6+0x10/0x10 [ 551.658246][T11055] ? trace_irq_enable+0x2c/0x120 [ 551.658268][T11055] ? __x64_sys_pselect6+0x21/0xf0 [ 551.658295][T11055] do_syscall_64+0xf3/0x210 [ 551.658318][T11055] ? clear_bhb_loop+0x45/0xa0 [ 551.658343][T11055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.658364][T11055] RIP: 0033:0x7fd86bb8e169 [ 551.658383][T11055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 551.658400][T11055] RSP: 002b:00007fd86c97b038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 551.658422][T11055] RAX: ffffffffffffffda RBX: 00007fd86bdb5fa0 RCX: 00007fd86bb8e169 [ 551.658438][T11055] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000040 [ 551.658452][T11055] RBP: 00007fd86c97b090 R08: 0000000000000000 R09: 0000000000000000 [ 551.658466][T11055] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 551.658479][T11055] R13: 0000000000000000 R14: 00007fd86bdb5fa0 R15: 00007fff762918a8 [ 551.658516][T11055] [ 551.675646][T10792] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 551.892809][T10792] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 551.902157][T10792] usb 6-1: Product: syz [ 551.906723][T10792] usb 6-1: Manufacturer: syz [ 551.911616][T10792] usb 6-1: SerialNumber: syz [ 551.941692][T10792] usb 6-1: config 0 descriptor?? [ 552.297338][T10792] hso 6-1:0.0: Failed to find BULK IN ep [ 552.297681][ T1214] usb 5-1: USB disconnect, device number 43 [ 552.313623][T10792] usb-storage 6-1:0.0: USB Mass Storage device detected [ 552.690579][T11077] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1541'. [ 552.694417][T11052] netlink: 1010 bytes leftover after parsing attributes in process `syz.5.1533'. [ 552.713407][ T5915] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 553.081387][ T5915] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 553.566218][T11079] ufs: Invalid option: "ü" or missing value [ 553.570426][ T5915] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 553.600386][ T5915] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 553.617824][ T5915] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.626253][T11079] ufs: wrong mount options [ 553.635080][ T1214] usb 6-1: USB disconnect, device number 24 [ 553.665786][ T5915] usb 8-1: config 0 descriptor?? [ 553.760100][T11084] sp0: Synchronizing with TNC [ 554.099392][ T30] kauditd_printk_skb: 252 callbacks suppressed [ 554.099412][ T30] audit: type=1326 audit(1745250867.781:5758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11091 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 554.205902][ T30] audit: type=1326 audit(1745250867.818:5759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11091 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 554.228099][ T30] audit: type=1326 audit(1745250867.818:5760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11091 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 554.251480][ T30] audit: type=1326 audit(1745250867.818:5761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11091 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 554.273559][ T30] audit: type=1326 audit(1745250867.818:5762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11091 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc4ed8e169 code=0x7ffc0000 [ 554.295803][ T30] audit: type=1326 audit(1745250867.818:5763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11091 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdc4ed90087 code=0x7ffc0000 [ 554.350147][ T30] audit: type=1326 audit(1745250867.818:5764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11091 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fdc4ed8fffc code=0x7ffc0000 [ 554.440845][ T30] audit: type=1326 audit(1745250867.818:5765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11091 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fdc4ed8ff34 code=0x7ffc0000 [ 554.486432][ T30] audit: type=1326 audit(1745250867.818:5766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11091 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fdc4ed8ff34 code=0x7ffc0000 [ 554.529378][ T30] audit: type=1326 audit(1745250867.818:5767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11091 comm="syz.4.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fdc4ed8cdca code=0x7ffc0000 [ 554.790170][ T5915] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 555.666002][T11115] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1554'. [ 555.778410][ T5915] usb 2-1: config 0 has an invalid interface number: 34 but max is 0 [ 556.021278][ T5915] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 556.186879][ T5915] usb 2-1: config 0 has no interface number 0 [ 556.200626][ T5915] usb 2-1: config 0 interface 34 has no altsetting 0 [ 556.215358][T10792] usb 8-1: USB disconnect, device number 10 [ 556.250803][ T5915] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 556.275234][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.321070][ T5915] usb 2-1: config 0 descriptor?? [ 557.463529][T11131] FAULT_INJECTION: forcing a failure. [ 557.463529][T11131] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 557.477271][T11131] CPU: 0 UID: 0 PID: 11131 Comm: syz.5.1558 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 557.477303][T11131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 557.477317][T11131] Call Trace: [ 557.477327][T11131] [ 557.477337][T11131] dump_stack_lvl+0x241/0x360 [ 557.477381][T11131] ? __pfx_dump_stack_lvl+0x10/0x10 [ 557.477411][T11131] ? __pfx__printk+0x10/0x10 [ 557.477453][T11131] should_fail_ex+0x424/0x570 [ 557.477491][T11131] strncpy_from_user+0x36/0x280 [ 557.477527][T11131] __se_sys_add_key+0xe2/0x4b0 [ 557.477557][T11131] ? __pfx___se_sys_add_key+0x10/0x10 [ 557.477594][T11131] ? __x64_sys_add_key+0x20/0xc0 [ 557.477623][T11131] do_syscall_64+0xf3/0x210 [ 557.477647][T11131] ? clear_bhb_loop+0x45/0xa0 [ 557.477674][T11131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.477696][T11131] RIP: 0033:0x7f07e8b8e169 [ 557.477715][T11131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.477733][T11131] RSP: 002b:00007f07e9994038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 557.477756][T11131] RAX: ffffffffffffffda RBX: 00007f07e8db6160 RCX: 00007f07e8b8e169 [ 557.477772][T11131] RDX: 0000200000000340 RSI: 0000000000000000 RDI: 0000200000000040 [ 557.477786][T11131] RBP: 00007f07e9994090 R08: 0000000035834eff R09: 0000000000000000 [ 557.477800][T11131] R10: 000000000000001b R11: 0000000000000246 R12: 0000000000000001 [ 557.477813][T11131] R13: 0000000000000000 R14: 00007f07e8db6160 R15: 00007ffc676ce348 [ 557.477846][T11131] [ 558.056575][T11134] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 558.067293][T11134] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 558.317492][ T5915] usb 2-1: USB disconnect, device number 45 [ 559.275137][T11159] F2FS-fs (loop11): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 559.283198][T11159] F2FS-fs (loop11): Can't find valid F2FS filesystem in 1th superblock [ 559.293046][T11159] F2FS-fs (loop11): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 559.301884][T11159] F2FS-fs (loop11): Can't find valid F2FS filesystem in 2th superblock [ 559.935336][ T30] kauditd_printk_skb: 164 callbacks suppressed [ 559.935359][ T30] audit: type=1326 audit(1745250872.542:5932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11152 comm="syz.1.1567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 560.057378][ T30] audit: type=1326 audit(1745250872.551:5933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11152 comm="syz.1.1567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 560.145174][T11163] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1568'. [ 560.155561][ T30] audit: type=1326 audit(1745250873.234:5934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11152 comm="syz.1.1567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd86bb90087 code=0x7ffc0000 [ 560.551760][ T30] audit: type=1326 audit(1745250873.234:5935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11152 comm="syz.1.1567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fd86bb8fffc code=0x7ffc0000 [ 560.794682][ T30] audit: type=1326 audit(1745250873.281:5936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11152 comm="syz.1.1567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd86bb8ff34 code=0x7ffc0000 [ 560.858285][ T30] audit: type=1326 audit(1745250873.281:5937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11152 comm="syz.1.1567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd86bb8ff34 code=0x7ffc0000 [ 560.982266][T11173] netlink: 264 bytes leftover after parsing attributes in process `syz.1.1570'. [ 562.184147][ T30] audit: type=1326 audit(1745250873.281:5938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11152 comm="syz.1.1567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd86bb8cdca code=0x7ffc0000 [ 562.280428][ T30] audit: type=1326 audit(1745250873.356:5939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11152 comm="syz.1.1567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 562.365261][ T30] audit: type=1326 audit(1745250873.356:5940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11152 comm="syz.1.1567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd86bb8e169 code=0x7ffc0000 [ 562.371782][T11183] netlink: 504 bytes leftover after parsing attributes in process `syz.6.1573'. [ 562.450866][ T30] audit: type=1326 audit(1745250875.563:5941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11184 comm="syz.5.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f07e8b8e169 code=0x7ffc0000 [ 562.637432][T11195] sp0: Synchronizing with TNC [ 562.754785][ T5915] usb 5-1: new full-speed USB device number 44 using dummy_hcd [ 562.936601][ T1214] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 562.953655][ T5915] usb 5-1: config 0 has an invalid interface number: 34 but max is 0 [ 562.998514][ T5915] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 563.174245][ T1214] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 563.195415][ T5915] usb 5-1: config 0 has no interface number 0 [ 563.286331][ T5915] usb 5-1: config 0 interface 34 has no altsetting 0 [ 563.303789][ T1214] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.393018][ T5915] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 563.428088][ T1214] usb 2-1: config 0 descriptor?? [ 563.444081][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.583306][ T5915] usb 5-1: config 0 descriptor?? [ 563.905795][T11212] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 563.916272][T11212] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 564.126407][ T1214] creative-sb0540 0003:041E:3100.000F: No inputs registered, leaving [ 564.207670][ T1214] creative-sb0540 0003:041E:3100.000F: hidraw0: USB HID v1.01 Device [HID 041e:3100] on usb-dummy_hcd.1-1/input0 [ 564.437629][ T1214] usb 5-1: USB disconnect, device number 44 [ 565.335369][ T5915] usb 2-1: USB disconnect, device number 46 [ 565.496903][T11230] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1589'. [ 565.527424][ T30] kauditd_printk_skb: 111 callbacks suppressed [ 565.527465][ T30] audit: type=1326 audit(1745250878.472:6053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.7.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 565.598145][ T30] audit: type=1326 audit(1745250878.472:6054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.7.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 565.662047][ T30] audit: type=1326 audit(1745250878.472:6055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.7.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 565.727753][ T30] audit: type=1326 audit(1745250878.472:6056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.7.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 565.796753][ T30] audit: type=1326 audit(1745250878.472:6057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.7.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 565.873135][ T30] audit: type=1326 audit(1745250878.482:6058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.7.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 565.959438][ T30] audit: type=1326 audit(1745250878.482:6059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.7.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f881498e169 code=0x7ffc0000 [ 565.997167][ T30] audit: type=1326 audit(1745250878.482:6060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.7.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8814990087 code=0x7ffc0000 [ 566.069299][ T30] audit: type=1326 audit(1745250878.482:6061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.7.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f881498fffc code=0x7ffc0000 [ 566.090980][ C0] vkms_vblank_simulate: vblank timer overrun [ 566.121851][T11246] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1594'. [ 566.159497][ T30] audit: type=1326 audit(1745250878.482:6062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.7.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f881498ff34 code=0x7ffc0000 [ 566.181542][ C0] vkms_vblank_simulate: vblank timer overrun [ 566.315081][T11251] trusted_key: encrypted_key: insufficient parameters specified [ 567.380060][ T1214] usb 5-1: new full-speed USB device number 45 using dummy_hcd [ 567.455687][T11270] syz.5.1605: attempt to access beyond end of device [ 567.455687][T11270] nbd5: rw=0, sector=64, nr_sectors = 2 limit=0 [ 567.493070][T11270] syz.5.1605: attempt to access beyond end of device [ 567.493070][T11270] nbd5: rw=0, sector=512, nr_sectors = 2 limit=0 [ 567.552191][T11270] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 567.567866][T11270] syz.5.1605: attempt to access beyond end of device [ 567.567866][T11270] nbd5: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 567.581420][T11270] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 567.619878][T11270] syz.5.1605: attempt to access beyond end of device [ 567.619878][T11270] nbd5: rw=0, sector=64, nr_sectors = 4 limit=0 [ 567.633927][T11270] syz.5.1605: attempt to access beyond end of device [ 567.633927][T11270] nbd5: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 567.683393][ T1214] usb 5-1: config 0 has an invalid interface number: 34 but max is 0 [ 567.691544][ T1214] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 567.722625][T11270] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 567.740374][ T1214] usb 5-1: config 0 has no interface number 0 [ 567.767897][ T1214] usb 5-1: config 0 interface 34 has no altsetting 0 [ 567.774944][T11270] syz.5.1605: attempt to access beyond end of device [ 567.774944][T11270] nbd5: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 567.788545][ T1214] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 567.810597][ T1214] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.853205][T11270] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 567.864483][T11270] syz.5.1605: attempt to access beyond end of device [ 567.864483][T11270] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0 [ 567.878732][ T1214] usb 5-1: config 0 descriptor?? [ 567.899633][T11270] syz.5.1605: attempt to access beyond end of device [ 567.899633][T11270] nbd5: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 567.935058][T11270] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256 [ 567.960141][T11270] syz.5.1605: attempt to access beyond end of device [ 567.960141][T11270] nbd5: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 567.981588][T11270] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512 [ 568.004155][T11270] UDF-fs: warning (device nbd5): udf_fill_super: No partition found (1) [ 568.087914][T11288] trusted_key: encrypted_key: insufficient parameters specified [ 568.109877][ T5915] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 568.133257][T11289] netlink: 'syz.6.1610': attribute type 1 has an invalid length. [ 568.183867][T11289] netlink: 216 bytes leftover after parsing attributes in process `syz.6.1610'. [ 568.185237][T11290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 568.203289][T11290] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 568.260498][ T5915] usb 6-1: device descriptor read/64, error -71 [ 568.544174][ T5915] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 568.696838][ T1214] usb 5-1: USB disconnect, device number 45 [ 568.797482][ T5915] usb 6-1: device descriptor read/64, error -71 [ 569.022109][ T5915] usb usb6-port1: attempt power cycle [ 569.271501][T11306] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1616'. [ 569.331349][T11309] FAULT_INJECTION: forcing a failure. [ 569.331349][T11309] name failslab, interval 1, probability 0, space 0, times 0 [ 569.360469][T11309] CPU: 1 UID: 0 PID: 11309 Comm: syz.4.1617 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 569.360504][T11309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 569.360519][T11309] Call Trace: [ 569.360529][T11309] [ 569.360539][T11309] dump_stack_lvl+0x241/0x360 [ 569.360578][T11309] ? __pfx_dump_stack_lvl+0x10/0x10 [ 569.360607][T11309] ? __pfx__printk+0x10/0x10 [ 569.360640][T11309] ? __pfx___might_resched+0x10/0x10 [ 569.360677][T11309] should_fail_ex+0x424/0x570 [ 569.360716][T11309] should_failslab+0xac/0x100 [ 569.360745][T11309] kmem_cache_alloc_noprof+0x78/0x390 [ 569.360773][T11309] ? do_timer_create+0x21c/0x13a0 [ 569.360806][T11309] do_timer_create+0x21c/0x13a0 [ 569.360836][T11309] ? __mutex_unlock_slowpath+0x229/0x800 [ 569.360870][T11309] ? __pfx_do_timer_create+0x10/0x10 [ 569.360895][T11309] ? __fget_files+0x2a/0x420 [ 569.360924][T11309] ? __fget_files+0x2a/0x420 [ 569.360953][T11309] __x64_sys_timer_create+0x146/0x190 [ 569.360981][T11309] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 569.361004][T11309] ? ksys_write+0x275/0x2d0 [ 569.361038][T11309] ? do_syscall_64+0xb6/0x210 [ 569.361063][T11309] do_syscall_64+0xf3/0x210 [ 569.361084][T11309] ? clear_bhb_loop+0x45/0xa0 [ 569.361110][T11309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.361131][T11309] RIP: 0033:0x7fdc4ed8e169 [ 569.361150][T11309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.361168][T11309] RSP: 002b:00007fdc4fc87038 EFLAGS: 00000246 ORIG_RAX: 00000000000000de [ 569.361191][T11309] RAX: ffffffffffffffda RBX: 00007fdc4efb5fa0 RCX: 00007fdc4ed8e169 [ 569.361207][T11309] RDX: 0000200000000280 RSI: 0000000000000000 RDI: 0000000000000003 [ 569.361220][T11309] RBP: 00007fdc4fc87090 R08: 0000000000000000 R09: 0000000000000000 [ 569.361234][T11309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 569.361256][T11309] R13: 0000000000000000 R14: 00007fdc4efb5fa0 R15: 00007ffcaeca2d08 [ 569.361288][T11309] [ 569.586092][ T5915] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 569.642758][ T5915] usb 6-1: device descriptor read/8, error -71 [ 569.895266][ T1214] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 569.942402][ T5915] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 569.983500][T11319] sp0: Synchronizing with TNC [ 570.020457][ T5915] usb 6-1: device descriptor read/8, error -71 [ 570.071709][ T1214] usb 5-1: config 0 has an invalid interface number: 4 but max is 0 [ 570.087909][ T1214] usb 5-1: config 0 has no interface number 0 [ 570.103968][ T1214] usb 5-1: New USB device found, idVendor=05c6, idProduct=9035, bcdDevice=26.4c [ 570.118838][ T1214] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.134703][ T1214] usb 5-1: Product: syz [ 570.139160][ T1214] usb 5-1: Manufacturer: syz [ 570.146053][ T5915] usb usb6-port1: unable to enumerate USB device [ 570.159083][ T1214] usb 5-1: SerialNumber: syz [ 570.169269][ T1214] usb 5-1: config 0 descriptor?? [ 570.255640][T11321] trusted_key: encrypted_key: insufficient parameters specified [ 570.263801][ T5897] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 570.430489][ T1214] kernel write not supported for file task/987/attr/current (pid: 1214 comm: kworker/0:2) [ 570.444820][ T5897] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 570.463367][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.478471][ T5897] usb 2-1: config 0 descriptor?? [ 570.484300][ T1214] usb 5-1: USB disconnect, device number 46 [ 570.547947][T10792] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 570.878974][ T5915] usb 6-1: new full-speed USB device number 29 using dummy_hcd [ 570.905958][T10792] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 570.916282][T10792] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 570.925959][T10792] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 570.935221][T10792] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.946394][T10792] usb 8-1: config 0 descriptor?? [ 570.947462][ T5897] creative-sb0540 0003:041E:3100.0010: No inputs registered, leaving [ 571.094062][ T5915] usb 6-1: config 0 has an invalid interface number: 34 but max is 0 [ 571.106482][ T5897] creative-sb0540 0003:041E:3100.0010: hidraw0: USB HID v1.01 Device [HID 041e:3100] on usb-dummy_hcd.1-1/input0 [ 571.198922][ T5915] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 571.368216][ T5915] usb 6-1: config 0 has no interface number 0 [ 571.504174][ T5915] usb 6-1: config 0 interface 34 has no altsetting 0 [ 571.543938][ T5915] usb 6-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 571.565727][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.705195][ T5915] usb 6-1: config 0 descriptor?? [ 571.896905][ T30] kauditd_printk_skb: 254 callbacks suppressed [ 571.896926][ T30] audit: type=1326 audit(1745250884.422:6317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11343 comm="syz.6.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 571.944729][T11319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 572.138225][T11319] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 572.296345][ T30] audit: type=1326 audit(1745250884.422:6318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11343 comm="syz.6.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 572.528622][ T5886] usb 2-1: USB disconnect, device number 47 [ 572.606033][ T30] audit: type=1326 audit(1745250884.422:6319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11343 comm="syz.6.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 572.767380][T11350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 572.776661][T11350] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 572.813669][ T30] audit: type=1326 audit(1745250884.422:6320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11343 comm="syz.6.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 573.063408][ T30] audit: type=1326 audit(1745250884.422:6321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11343 comm="syz.6.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 573.243634][ T5897] usb 6-1: USB disconnect, device number 29 [ 573.252239][ T30] audit: type=1326 audit(1745250884.422:6322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11343 comm="syz.6.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd33678e169 code=0x7ffc0000 [ 573.273902][ C0] vkms_vblank_simulate: vblank timer overrun [ 573.283057][ T30] audit: type=1326 audit(1745250884.422:6323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11343 comm="syz.6.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd336790087 code=0x7ffc0000 [ 573.343753][ T30] audit: type=1326 audit(1745250884.431:6324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11343 comm="syz.6.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fd33678fffc code=0x7ffc0000 [ 573.371745][T11357] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1633'. [ 573.400467][ T30] audit: type=1326 audit(1745250884.431:6325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11343 comm="syz.6.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd33678ff34 code=0x7ffc0000 [ 573.424331][ T30] audit: type=1326 audit(1745250884.431:6326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11343 comm="syz.6.1631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fd33678ff34 code=0x7ffc0000 [ 573.546583][ T5886] usb 8-1: USB disconnect, device number 11 [ 575.441347][T11390] netlink: 'syz.1.1643': attribute type 16 has an invalid length. [ 575.525623][T11390] netlink: 'syz.1.1643': attribute type 3 has an invalid length. [ 575.905062][T11390] netlink: 64066 bytes leftover after parsing attributes in process `syz.1.1643'. [ 576.228991][T11411] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1652'. [ 576.523952][ T5915] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 576.536399][ T31] INFO: task syz.2.1010:9479 blocked for more than 143 seconds. [ 576.547775][ T31] Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 [ 576.556174][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 576.565861][ T31] task:syz.2.1010 state:D stack:24424 pid:9479 tgid:9478 ppid:5840 task_flags:0x400740 flags:0x00004006 [ 576.579473][ T5886] usb 7-1: new full-speed USB device number 31 using dummy_hcd [ 576.618258][ T31] Call Trace: [ 576.622732][ T31] [ 576.626452][ T31] __schedule+0x1b33/0x51f0 [ 576.632007][ T31] ? schedule+0x163/0x360 [ 576.637755][ T31] ? __pfx___schedule+0x10/0x10 [ 576.643598][ T31] ? register_lock_class+0x54/0x330 [ 576.653724][ T31] ? schedule+0x90/0x360 [ 576.658697][ T31] ? schedule+0x90/0x360 [ 576.666180][ T31] schedule+0x163/0x360 [ 576.671095][ T31] schedule_timeout+0xb1/0x2b0 [ 576.680334][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 576.695085][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 576.701606][ T31] ? lockdep_hardirqs_on+0x9d/0x150 [ 576.707602][ T31] __wait_for_common+0x403/0x730 [ 576.714124][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 576.720373][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 576.728014][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 576.734201][ T31] wait_for_completion_state+0x1c/0x40 [ 576.734852][ T5915] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 576.740259][ T31] do_coredump+0xa2a/0x3260 [ 576.756910][ T31] ? __pfx_do_coredump+0x10/0x10 [ 576.789052][ T5915] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 576.842635][ T5886] usb 7-1: config 0 has an invalid interface number: 34 but max is 0 [ 576.862867][ T31] ? proc_coredump_connector+0x1fe/0x6a0 [ 576.896229][ T5886] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 576.910971][ T31] ? __pfx_proc_coredump_connector+0x10/0x10 [ 576.915663][ T5915] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 576.926333][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 576.926409][ T31] ? lockdep_hardirqs_on+0x9d/0x150 [ 576.926511][ T31] get_signal+0x13ed/0x1730 [ 576.926701][ T31] ? __pfx_get_signal+0x10/0x10 [ 576.926854][ T31] arch_do_signal_or_restart+0x98/0x810 [ 576.926984][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 576.960546][ T5886] usb 7-1: config 0 has no interface number 0 [ 576.967384][ T5886] usb 7-1: config 0 interface 34 has no altsetting 0 [ 576.976342][ T5886] usb 7-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 576.986865][ T5886] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.995922][ T31] ? syscall_exit_to_user_mode+0xa3/0x340 [ 577.018751][ T31] syscall_exit_to_user_mode+0xce/0x340 [ 577.055033][ T31] do_syscall_64+0x100/0x210 [ 577.123070][ T5886] usb 7-1: config 0 descriptor?? [ 577.131881][ T31] ? clear_bhb_loop+0x45/0xa0 [ 577.142900][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 577.155691][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.156728][ T31] RIP: 0033:0x7eff73e4f750 [ 577.186098][ T31] RSP: 002b:00007eff74df24b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000120 [ 577.194792][ T31] RAX: 0000000000000000 RBX: 00007eff741b5fa0 RCX: 00007eff73f8e169 [ 577.195659][ T5915] usb 6-1: config 0 descriptor?? [ 577.203037][ T31] RDX: 00007eff74df24c0 RSI: 00007eff74df25f0 RDI: 000000000000000b [ 577.216381][ T31] RBP: 00007eff74010a68 R08: 0000000000000000 R09: 0000000000000000 [ 577.224863][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 577.233176][ T31] R13: 0000000000000000 R14: 00007eff741b5fa0 R15: 00007ffee67bcc28 [ 577.244891][ T31] [ 577.247970][ T31] [ 577.247970][ T31] Showing all locks held in the system: [ 577.258781][ T31] 1 lock held by khungtaskd/31: [ 577.264171][ T31] #0: ffffffff8ed3df20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180 [ 577.274623][ T31] 3 locks held by kworker/u8:6/1316: [ 577.279962][ T31] 2 locks held by getty/5586: [ 577.284787][ T31] #0: ffff8880357fa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 577.294681][ T31] #1: ffffc900033462f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x5bb/0x1700 [ 577.305224][ T31] [ 577.307575][ T31] ============================================= [ 577.307575][ T31] [ 577.319781][ T31] NMI backtrace for cpu 0 [ 577.319804][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 577.319831][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 577.319845][ T31] Call Trace: [ 577.319854][ T31] [ 577.319863][ T31] dump_stack_lvl+0x241/0x360 [ 577.319901][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 577.319929][ T31] ? __pfx__printk+0x10/0x10 [ 577.319958][ T31] nmi_cpu_backtrace+0x4ab/0x4e0 [ 577.319987][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 577.320007][ T31] ? _printk+0xd5/0x120 [ 577.320026][ T31] ? __wake_up_klogd+0xcc/0x110 [ 577.320046][ T31] ? __pfx__printk+0x10/0x10 [ 577.320068][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 577.320091][ T31] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 577.320116][ T31] watchdog+0x1058/0x10a0 [ 577.320136][ T31] ? watchdog+0x1ea/0x10a0 [ 577.320158][ T31] ? __pfx_watchdog+0x10/0x10 [ 577.320176][ T31] kthread+0x7b7/0x940 [ 577.320194][ T31] ? __pfx_watchdog+0x10/0x10 [ 577.320213][ T31] ? __pfx_kthread+0x10/0x10 [ 577.320227][ T31] ? __pfx_kthread+0x10/0x10 [ 577.320242][ T31] ? __pfx_kthread+0x10/0x10 [ 577.320258][ T31] ? __pfx_kthread+0x10/0x10 [ 577.320273][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 577.320295][ T31] ? lockdep_hardirqs_on+0x9d/0x150 [ 577.320309][ T31] ? __pfx_kthread+0x10/0x10 [ 577.320326][ T31] ret_from_fork+0x4b/0x80 [ 577.320338][ T31] ? __pfx_kthread+0x10/0x10 [ 577.320355][ T31] ret_from_fork_asm+0x1a/0x30 [ 577.320390][ T31] [ 577.320396][ T31] Sending NMI from CPU 0 to CPUs 1: [ 577.484804][ C1] NMI backtrace for cpu 1 [ 577.484826][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 577.484852][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 577.484864][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 577.484898][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 53 6e 20 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 577.484915][ C1] RSP: 0018:ffffc90000197dc0 EFLAGS: 000002c6 [ 577.484932][ C1] RAX: 0ca4b517fd823500 RBX: ffffffff8197267e RCX: ffffffff8c27c89c [ 577.484946][ C1] RDX: 0000000000000001 RSI: ffffffff8e635648 RDI: ffffffff8ca0e280 [ 577.484960][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732b5b R09: 1ffff110170e656b [ 577.484974][ C1] R10: dffffc0000000000 R11: ffffed10170e656c R12: 1ffff92000032fd2 [ 577.484987][ C1] R13: 1ffff11003adab40 R14: 0000000000000001 R15: dffffc0000000000 [ 577.485000][ C1] FS: 0000000000000000(0000) GS:ffff8881250cf000(0000) knlGS:0000000000000000 [ 577.485014][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 577.485026][ C1] CR2: 0000001b2ef1cff8 CR3: 000000003351c000 CR4: 00000000003526f0 [ 577.485042][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 577.485053][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 577.485064][ C1] Call Trace: [ 577.485073][ C1] [ 577.485080][ C1] default_idle+0x13/0x20 [ 577.485100][ C1] default_idle_call+0x74/0xb0 [ 577.485122][ C1] do_idle+0x22e/0x5d0 [ 577.485156][ C1] ? __pfx_do_idle+0x10/0x10 [ 577.485194][ C1] cpu_startup_entry+0x42/0x60 [ 577.485222][ C1] start_secondary+0xfe/0x100 [ 577.485248][ C1] common_startup_64+0x13e/0x147 [ 577.485280][ C1] [ 577.486163][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 577.486187][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 577.486218][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 577.486233][ T31] Call Trace: [ 577.486243][ T31] [ 577.486255][ T31] dump_stack_lvl+0x241/0x360 [ 577.486294][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 577.486328][ T31] ? __pfx__printk+0x10/0x10 [ 577.486366][ T31] ? vscnprintf+0x5d/0x90 [ 577.486400][ T31] panic+0x349/0x880 [ 577.486443][ T31] ? __pfx_preempt_schedule+0x10/0x10 [ 577.486482][ T31] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 577.486517][ T31] ? __pfx_panic+0x10/0x10 [ 577.486542][ T31] ? tick_nohz_tick_stopped+0x82/0xb0 [ 577.486587][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 577.486614][ T31] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 577.486645][ T31] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 577.486681][ T31] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 577.486718][ T31] watchdog+0x1097/0x10a0 [ 577.486749][ T31] ? watchdog+0x1ea/0x10a0 [ 577.486783][ T31] ? __pfx_watchdog+0x10/0x10 [ 577.486813][ T31] kthread+0x7b7/0x940 [ 577.486843][ T31] ? __pfx_watchdog+0x10/0x10 [ 577.486881][ T31] ? __pfx_kthread+0x10/0x10 [ 577.486906][ T31] ? __pfx_kthread+0x10/0x10 [ 577.486930][ T31] ? __pfx_kthread+0x10/0x10 [ 577.486955][ T31] ? __pfx_kthread+0x10/0x10 [ 577.486980][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 577.487012][ T31] ? lockdep_hardirqs_on+0x9d/0x150 [ 577.487035][ T31] ? __pfx_kthread+0x10/0x10 [ 577.487062][ T31] ret_from_fork+0x4b/0x80 [ 577.487082][ T31] ? __pfx_kthread+0x10/0x10 [ 577.487109][ T31] ret_from_fork_asm+0x1a/0x30 [ 577.487161][ T31] [ 577.839047][ T31] Kernel Offset: disabled [ 577.843381][ T31] Rebooting in 86400 seconds..