last executing test programs: 7m42.371783449s ago: executing program 0 (id=931): syz_emit_ethernet(0x134, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0086dd6002000800fe2c00fe8000000000000000000000000000bbff020000ffea0000000000000000000132"], 0x0) 7m42.264691124s ago: executing program 0 (id=932): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="ef00000000000000140012800b0001006970766c616e0000", @ANYRES32, @ANYBLOB="08000400", @ANYRES32], 0x4c}}, 0x0) 7m41.560570296s ago: executing program 0 (id=938): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0) tkill(0x0, 0x12) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = creat(0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="78010000170001000000000000000000fc80ffffff00000000000000000000000000000000000000fe8000000000000000000000000000bbfc0000000000000000000000000000002001000000000000000000000000000100"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff010000000000000000000000000001ffffffff00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0015005d073500e39a000044001000fc020000000000000000000000000000003c00000000800000e000000200000000000000000000000000000000000000000000000000000000000000006a725960679f4f"], 0x178}}, 0x0) write$qrtrtun(r2, &(0x7f0000000c40), 0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000", @ANYRES16, @ANYBLOB="01000000000000000000010000000800010000000000d5e1a8a578664566b005a8c9ddfd5504499803e9e843c4702ba37fb76c58941705df0a4cf04740c76cda0e2104e9cf0624b0925cd137ba47c965a7cf88355e8c5d2269c0ffff307a2dab8a72bfa7287edb07083d045294c3b5e8427e8937c61fafb97785266dd78dccb9bc68b354c7ad06c02044f21ec102af3045ccb888adc307e4ac11d59a7018d734ee825fe505d3"], 0x1c}}, 0x0) 7m38.617277929s ago: executing program 0 (id=945): sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="8400000019001fb2", 0x8, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x344e, &(0x7f0000000480)={0x0, 0x843c, 0x0, 0xfffffffb, 0x2f0}, &(0x7f0000000240)=0x0, &(0x7f0000000500)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r1, 0x0, 0x0, 0x0, 0x2001, 0x1, {0x1}}) io_uring_enter(r2, 0xe85, 0x0, 0x0, 0x0, 0x0) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r5, &(0x7f0000000300)={{0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48) r6 = openat(0xffffffffffffffff, &(0x7f0000000040)='./cgroup\x00', 0x101000, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)=ANY=[@ANYRES32=r6, @ANYRES32, @ANYBLOB="1b00000000000000000000009df087d9fbe019ac7613093e51c4b90dd9b16aca482011ec892cafbbf866014510352c72f80c8a83ffd3b6f1c302648707e343d2767460a830a2c993548fae243f0316a256b342e2f0747bfd7a58d69e433730c84dce2b06d4da2f8ba5de799058d10c9d18d32317ca73517c5b34439789ca6226472438b4e69f3017dedb0b918083b6996b3eb1f18cc08743d10ed2075011529fb7c697fafd6cf456403d0582f430423905e82b35696a6489025d", @ANYRES32=0x0, @ANYBLOB, @ANYRES64=0x0], 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x2000014, &(0x7f00000001c0)=ANY=[@ANYBLOB="6e725f696e6f6465733d2c68756765d1ec94e6aec6e7b0"]) sendto$netrom(r5, 0x0, 0x0, 0x0, &(0x7f0000000000)={{0x2, @rose}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null]}, 0x48) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) connect$inet6(r7, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x6b) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000080)='./file0\x00') r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) getdents64(r8, 0x0, 0x0) 7m38.274999646s ago: executing program 0 (id=951): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000000340)=""/196, 0xc4}, {&(0x7f00000006c0)=""/171, 0xab}], 0x4}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000004c40)=""/4098, 0x1002}, {&(0x7f0000000440)=""/163, 0xa3}, {&(0x7f0000000540)=""/216, 0xd8}, {&(0x7f0000000100)=""/119, 0x77}, {&(0x7f00000000c0)=""/23, 0x17}, {&(0x7f0000003c40)=""/4092, 0xffc}, {&(0x7f0000001840)=""/105, 0x69}, {&(0x7f00000018c0)=""/147, 0x93}], 0x8}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x5}], 0x5, 0x40008062, 0x0) 7m25.790998067s ago: executing program 0 (id=986): r0 = socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getpid() r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x3f00) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) get_robust_list(0x0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000fdffffff0000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a4d930000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030069705f767469300000000000000000000900010073797a31000000002c000000050a01020000000000000000010000000c00024000000000000000010900010073797a310000000014000000110001"], 0xc8}}, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000240)) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="fdffffff080000000000000001000000ffffffff", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3, r5, 0xf6466a61131948ab}, 0x38) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}], 0x1c) sendmmsg$inet6(r1, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newtaction={0x11c, 0x30, 0x0, 0x70bd2d, 0x0, {}, [{0x108, 0x1, [@m_mirred={0xa4, 0x10, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0xa, 0x12, 0xffffffffffffffff, 0x3, 0xa}, 0x1}}]}, {0x57, 0x6, "073a0210667b409e956fe744fbe74346ce982ac7e2a7ed2323d83c1df25113b0371f824c1514a1baa9d77889a75705125713b0227ad8b70275683472cf9c764f9a82073f909c6c48cf38e2b859af5c1902ef79"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_gact={0x60, 0x1, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xb, 0x3, 0x0, 0x0, 0x20000000}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x1dbc, 0x10000000}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1667}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x11c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) socket$packet(0x11, 0x3, 0x300) 7m25.498987845s ago: executing program 32 (id=986): r0 = socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x2, 0x0) getpid() r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x3f00) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) get_robust_list(0x0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000fdffffff0000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a4d930000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030069705f767469300000000000000000000900010073797a31000000002c000000050a01020000000000000000010000000c00024000000000000000010900010073797a310000000014000000110001"], 0xc8}}, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000240)) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="fdffffff080000000000000001000000ffffffff", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x3, r5, 0xf6466a61131948ab}, 0x38) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}], 0x1c) sendmmsg$inet6(r1, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@newtaction={0x11c, 0x30, 0x0, 0x70bd2d, 0x0, {}, [{0x108, 0x1, [@m_mirred={0xa4, 0x10, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0xa, 0x12, 0xffffffffffffffff, 0x3, 0xa}, 0x1}}]}, {0x57, 0x6, "073a0210667b409e956fe744fbe74346ce982ac7e2a7ed2323d83c1df25113b0371f824c1514a1baa9d77889a75705125713b0227ad8b70275683472cf9c764f9a82073f909c6c48cf38e2b859af5c1902ef79"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_gact={0x60, 0x1, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xb, 0x3, 0x0, 0x0, 0x20000000}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x1dbc, 0x10000000}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1667}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x11c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) socket$packet(0x11, 0x3, 0x300) 7m0.243673234s ago: executing program 4 (id=1087): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="cf000000000068df170101c0", @ANYRES8=r1]) 6m59.375523232s ago: executing program 4 (id=1090): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800200, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) madvise(&(0x7f0000fee000/0x4000)=nil, 0x4000, 0x9) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_emit_ethernet(0x66, &(0x7f0000000180)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd6012000800303a00fe8000000000000000000000000000bbfe8000000000000b40e578e46b9714dd0000000000000000aa080290780055000000600008100010110000000000000000000000ffff00000000fc0200"/112], 0x0) keyctl$restrict_keyring(0xa, 0xfffffffffffffffc, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='id:cb2e') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000340)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xa64}}, '\x00'}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0xa, 0x0, 0x0, 0x0, 0x1, 0x10, 0x0, 0x0, 0x40, 0x9, 0x0, 0x0, 0x0, 0x4, 0x0, 0xff, 0xff}) ioctl$KVM_RUN(r2, 0xae80, 0x0) epoll_create1(0x0) 6m58.910710156s ago: executing program 4 (id=1093): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="020000000400000008000000010000", @ANYRES32, @ANYBLOB="0010000000000300"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/11], 0x50) r1 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil) shmat(r1, &(0x7f0000ff9000/0x1000)=nil, 0x5000) shmctl$SHM_LOCK(r1, 0xb) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa10000000000000701", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x30, r4, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4}]}]}, 0x30}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) r5 = socket$rds(0x15, 0x5, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r5}, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="140100002d00010000000000fffd0000030100800c0000000000000000000000140001000000000000000000000000000000000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8c00348179c46c4a41b55ed8c1506f6f6c8ae1938f8e7094ff66e37c3e9f0cd2f64f9db84fe224895e0304eaedb85a5368052652aec9b4b11c9d51e1ada8117d61d89643b14fde623398ee56d30f7f331d98992a76fd98c64666fef56a0f9cd395aafb08d3360294e84042282f00eaafaeb32250a60cf3ff81af40239e79608fc1f212ca20a1e2d97717842fd9ad3b147607f1d8e9d6d0549cc9a8d8d1d10e7dd90d851f4d2baa5c3617d4211a26b915c079fd71a4eecbc131997c8862071b1b8c3d4c89"], 0x114}], 0x1}, 0x0) 6m58.511676965s ago: executing program 4 (id=1095): r0 = syz_open_dev$vim2m(&(0x7f0000000300), 0x101, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x11, 0x1, 0x0, "08000054c10785000000000000fdfd0000000000000000000000000000000010", 0x31384142}) 6m58.350483557s ago: executing program 4 (id=1097): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet6(r0, &(0x7f0000000580)={&(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)=' ', 0x1}], 0x1}, 0x0) shutdown(r0, 0x1) setsockopt(r0, 0x84, 0x7f, &(0x7f00000001c0)="020000000980ffff", 0x8) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000003, 0x6031, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x1, &(0x7f0000002600)=[&(0x7f0000ffc000/0x1000)=nil], &(0x7f0000002640)=[0x1], &(0x7f0000000000), 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) (async) sendmsg$inet6(r0, &(0x7f0000000580)={&(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)=' ', 0x1}], 0x1}, 0x0) (async) shutdown(r0, 0x1) (async) setsockopt(r0, 0x84, 0x7f, &(0x7f00000001c0)="020000000980ffff", 0x8) (async) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000003, 0x6031, 0xffffffffffffffff, 0x0) (async) move_pages(0x0, 0x1, &(0x7f0000002600)=[&(0x7f0000ffc000/0x1000)=nil], &(0x7f0000002640)=[0x1], &(0x7f0000000000), 0x0) (async) 6m55.630831924s ago: executing program 4 (id=1109): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) r2 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x16, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) r3 = syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r3, 0x810c5701, &(0x7f0000000180)) write$binfmt_script(r2, &(0x7f0000000140)={'#! ', './file0', [{0x20, 'Xwatl'}, {0x20, '.\\^]!\'\xa8'}, {0x20, 'rwatl'}, {0x20, '!,'}]}, 0x22) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000280)={'pimreg\x00', 0x5dcf70ef8daa5d0e}) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x30, 0xfe, 0x0, 0xfffff008}, {0x6, 0x5b, 0x2, 0x4}]}) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000d000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r8, 0x0, 0xe, 0x0, &(0x7f0000000000)="77844923fbde9d724bbda199f4d6", 0x0, 0x8000, 0x0, 0x0, 0xc0, 0x0, &(0x7f0000000440)="340b76235e542388314c94ffb092fe45f73f8c986973c4976cfb5e6d1d8c82244df1f513a1c1fbfa9a9f0b95aeb353c71ce43ab84de2d842a33e91ce88d884ec2a248e85b886f115b686136aaf601bbff88abe474a8494073ad74fa9adc48bb0577ba007c034067d35226a6049c20b62fef3bad5f9e53c8ea5682c0073eec76929c6d3362325fe1144dcc97ff2c5aa59dde347555cd214a311db3942deef1b9143089b894379762ff8b5e92db6ab7ff6e4fe98137ee709c44a9353840f906e9a"}, 0x50) 6m40.4142937s ago: executing program 33 (id=1109): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) r2 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x16, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) r3 = syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r3, 0x810c5701, &(0x7f0000000180)) write$binfmt_script(r2, &(0x7f0000000140)={'#! ', './file0', [{0x20, 'Xwatl'}, {0x20, '.\\^]!\'\xa8'}, {0x20, 'rwatl'}, {0x20, '!,'}]}, 0x22) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000280)={'pimreg\x00', 0x5dcf70ef8daa5d0e}) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x30, 0xfe, 0x0, 0xfffff008}, {0x6, 0x5b, 0x2, 0x4}]}) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000d000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r8, 0x0, 0xe, 0x0, &(0x7f0000000000)="77844923fbde9d724bbda199f4d6", 0x0, 0x8000, 0x0, 0x0, 0xc0, 0x0, &(0x7f0000000440)="340b76235e542388314c94ffb092fe45f73f8c986973c4976cfb5e6d1d8c82244df1f513a1c1fbfa9a9f0b95aeb353c71ce43ab84de2d842a33e91ce88d884ec2a248e85b886f115b686136aaf601bbff88abe474a8494073ad74fa9adc48bb0577ba007c034067d35226a6049c20b62fef3bad5f9e53c8ea5682c0073eec76929c6d3362325fe1144dcc97ff2c5aa59dde347555cd214a311db3942deef1b9143089b894379762ff8b5e92db6ab7ff6e4fe98137ee709c44a9353840f906e9a"}, 0x50) 16.510202849s ago: executing program 5 (id=2271): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x417, 0x4) connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x101}]}, 0x10) write$binfmt_misc(r0, &(0x7f0000000080), 0x3a7) writev(r0, &(0x7f0000000380)=[{&(0x7f0000000180)='~', 0x1}], 0x1) sendto$inet(r0, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x1d4c, 0x0, 0x24) 14.095305536s ago: executing program 5 (id=2272): creat(&(0x7f00000001c0)='./file0\x00', 0x5) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYRES16=r0], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0), 0x10400, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chmod(&(0x7f0000000140)='./file0\x00', 0x0) open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0xffffffffffffffff, 0x5, &(0x7f0000000080)=0x4000) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000540)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x20, 0x4000010) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYRES64=r4, @ANYRES32=r5, @ANYBLOB='\x00'/20, @ANYBLOB="439db9e13cc925c49dc709ff5d0fe4ae7a5162f99060d780548c5e127b27a71296c8186b4700b7c665b95d96c47fa7163ebc22fe3bd017c53e8d676f2f998d3345a77c", @ANYBLOB="408b37902f652c9fcfe91396f0aa836641a08fa70987c010c4b40c692ba0e9f462e4ab102e14b7499c784d0923298d7e16c9bea54fafe1c16ee97fbee705750f1e68fb08603963967fca03fc0190878da18704ab8615257218ad35966c329062d8871e1b8d775622ac50894ec20271c4cdb567f94e0e5037ce6720604e864d479c3684c0da389b7aaccfb039e91200b9327df50ec6ce5973c062d4d9d1579df8d7f5600d30bef965b9714bc4bc788532da6f9fa1779062065f4f1831316120473d551d35c926291e44a91c1ac5e94dba9811d210394c692fa546489bb5ac7545b2ca64aba9594da76c337810ff7b5d12535b71e243175ff39d91c29beef3", @ANYRES16=r3], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10) socket$nl_route(0x10, 0x3, 0x0) 13.391353696s ago: executing program 1 (id=2277): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000000000402505a8a440002d3f030109021b0001"], 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0xc0282, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x0, 0x1, 0x2}}, 0x2e) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e1310a10f0031d58b776010203010902240001000000000904310002ff0107ff09058a02100000fa0009058202"], 0x0) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x608, 0x0, 0x11, 0x148, 0x0, 0x10, 0x570, 0x2a8, 0x2a8, 0x570, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x2f8, 0x360, 0x1c, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gretap0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x8}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x19, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ip={@multicast1, @rand_addr, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'team_slave_0\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev, 'macsec0\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x668) syz_usb_disconnect(r0) ioctl$EVIOCGMASK(r5, 0x604, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x400002, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') r8 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) add_key$user(&(0x7f0000000480), &(0x7f0000000280)={'syz', 0x0}, &(0x7f0000000a00)="c218b8fb", 0x4, r8) add_key$user(&(0x7f0000000380), &(0x7f0000000000), 0x0, 0x0, 0xfffffffffffffffe) 10.987506934s ago: executing program 5 (id=2284): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-intel\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000180)='proc\x00', 0x0, 0x0) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x10000, 0x0) getdents64(r7, &(0x7f0000000f80)=""/4085, 0xff5) sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="963cad22", @ANYRES16=0x0, @ANYBLOB="200022bd7000fbdbdf250000000008000500ac14140d"], 0x1c}, 0x1, 0x0, 0x0, 0x44010}, 0xc0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="0100000007000000612200000200000000000000", @ANYRES32, @ANYBLOB="00000018000000000000000000000000000c0000", @ANYRES32=r8], 0x50) 9.351592796s ago: executing program 5 (id=2290): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) syz_emit_vhci(0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000b4940c74ccd31efeca728350cce105f80a5f57ae6df1720cd3c8e8ac225fd54df4e41ef275b56f971236588549eb32e939c0a6077c754db0d8d183ab720ac3cf3420d1da82e1fff58bb77261f619c982b270a76b30c5e0908c7584b3adf016ea07389ffe4e0df1a638c71c3aba9efd77ca555ada38cf6ecee9abd91efbec7f44ae2156f1348b48cee4d74765d6d02bff71cff6802c297cd10db8f0cf6ca0615a1c3cf27412a130cbde5b7016c9ac61e2fe01db9755680cc925ca96679c9b1615b63fb8666e6af86c1b51e41707b45ace0bdc44c2bee724937611cf46e87cc19dff5937a4920f6d15f3d249c71c95fefd90fc9879208fcf2291bf9a560a4e12c52e71446841578ca5e3eb8b00"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r3 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) read$FUSE(r3, 0x0, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r4) sendmsg$NFC_CMD_GET_SE(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r5, 0xf15}, 0x14}}, 0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r6, &(0x7f0000000000)={0x27}, 0x74) bind$ax25(0xffffffffffffffff, 0x0, 0x0) 6.904590083s ago: executing program 1 (id=2293): socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000000)={r1, 0xa001}, 0x8) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r2, 0x0, 0x0, 0x20004041, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0xcc15, @dev, 0x7}, 0x1c) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESDEC=r0, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}}, 0x0) 6.526204803s ago: executing program 3 (id=2295): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x18, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x40004}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0x0, 0x8}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x617}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 6.525663571s ago: executing program 6 (id=2296): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000080)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, &(0x7f0000000000)) (async) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000c68000/0x3000)=nil, 0x7fffffff, 0x0, 0x0, 0x8, 0x0, 0x2, 0x1}) 5.667403611s ago: executing program 5 (id=2297): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setresgid(0x0, 0xffffffffffffffff, 0x0) setfsgid(0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x20) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000010000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000140000fbb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 5.526745413s ago: executing program 1 (id=2298): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x901) syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r0) (async) close_range(r0, r0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r0, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000180)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xd3, &(0x7f0000000240)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0x87, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x20, 0x6, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfe000000, 0x0, 0x0, 0x0, 0xc}, [@map_fd={0x18, 0x6, 0x1, 0x0, r0}, @alu={0x4, 0x1, 0x5, 0xa, 0x4, 0xffffffffffffffff, 0x8}]}, &(0x7f00000000c0)='GPL\x00', 0x46, 0x3f, &(0x7f0000000100)=""/63, 0x41100, 0x69, '\x00', 0x0, @netfilter=0x2d, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000140)={0x3, 0xf, 0x800, 0x1}, 0x10, r2, 0xffffffffffffffff, 0x4, &(0x7f0000000480)=[r0, r0, r0, r0, r0, r0], &(0x7f00000004c0)=[{0x2, 0x4, 0x1, 0xf}, {0x0, 0x2, 0xc, 0x2}, {0x0, 0x8, 0x0, 0x7}, {0x0, 0x1, 0xa}], 0x10, 0x8, @void, @value}, 0x94) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@bloom_filter={0x1e, 0x7, 0x7, 0x1efbd3aa, 0x80, r0, 0xfffffffd, '\x00', r1, r0, 0x1, 0x3, 0x0, 0x4, @void, @value, @void, @value}, 0x50) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x5, 0x1010, r4, 0x8d72b000) (async) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000640)={0x1}) (async) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async) r5 = syz_genetlink_get_family_id$team(&(0x7f00000006c0), r0) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000700)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000740)={'batadv0\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000ac0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000780)={0x2d4, r5, 0x200, 0x70bd28, 0x25dfdbff, {}, [{{0x8, 0x1, r6}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}]}}, {{0x8, 0x1, r1}, {0x26c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xd}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xe}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r1}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x40}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x101}}, {0x8, 0x6, r7}}}]}}]}, 0x2d4}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) (async) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000b00)={{{@in=@dev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@multicast1}}, &(0x7f0000000c00)=0xe8) (async) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000cc0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000d80)={&(0x7f0000000d00)={0x70, r9, 0x8, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x0, 0x54}}}}, [@NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "f9460a0ffd8733a445adab9997"}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x70}, 0x1, 0x0, 0x0, 0x20004000}, 0x40000) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, &(0x7f0000000f00)={&(0x7f0000000e00)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x30, r9, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x7}}}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x2a}]}, 0x30}, 0x1, 0x0, 0x0, 0x80000}, 0x2) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f40), 0xffffffffffffffff) (async) sendmsg$nl_route_sched(r0, &(0x7f0000001040)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)=@getqdisc={0x30, 0x26, 0x2, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x1, 0xfff7}, {0x5, 0xb}, {0xd, 0xfff1}}, [{0x4}, {0x4}, {0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x90}, 0x4000001) (async) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000010c0), r0) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f0000001180)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x20, r12, 0x4, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_BSSID={0xa, 0xf5, @random="52f826fcbb6d"}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004014}, 0x8000000) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001200)={&(0x7f00000011c0)='xen_mmu_release_ptpage\x00', r3, 0x0, 0xa29f}, 0x18) (async) recvmmsg(r0, &(0x7f0000003800)=[{{&(0x7f0000001240)=@ax25={{0x3, @null}, [@bcast, @netrom, @bcast, @null, @rose, @bcast, @remote, @default]}, 0x80, &(0x7f0000001440)=[{&(0x7f00000012c0)=""/203, 0xcb}, {&(0x7f00000013c0)=""/69, 0x45}], 0x2, &(0x7f0000001480)=""/34, 0x22}, 0x9}, {{&(0x7f00000014c0)=@generic, 0x80, &(0x7f0000001700)=[{&(0x7f0000001540)=""/28, 0x1c}, {&(0x7f0000001580)=""/179, 0xb3}, {&(0x7f0000001640)=""/34, 0x22}, {&(0x7f0000001680)=""/76, 0x4c}], 0x4}, 0x5}, {{&(0x7f0000001740)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000001a80)=[{&(0x7f00000017c0)=""/112, 0x70}, {&(0x7f0000001840)=""/34, 0x22}, {&(0x7f0000001880)=""/227, 0xe3}, {&(0x7f0000001980)=""/201, 0xc9}], 0x4}, 0x7}, {{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001ac0)=""/88, 0x58}], 0x1, &(0x7f0000001b80)=""/159, 0x9f}, 0x17b}, {{&(0x7f0000001c40)=@in, 0x80, &(0x7f0000001e80)=[{&(0x7f0000001cc0)=""/109, 0x6d}, {&(0x7f0000001d40)=""/155, 0x9b}, {&(0x7f0000001e00)=""/110, 0x6e}], 0x3, &(0x7f0000001ec0)=""/235, 0xeb}, 0xff}, {{0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000001fc0)=""/104, 0x68}], 0x1, &(0x7f0000002080)=""/54, 0x36}, 0x3}, {{&(0x7f00000020c0)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000002280)=[{&(0x7f0000002140)=""/203, 0xcb}, {&(0x7f0000002240)=""/29, 0x1d}], 0x2, &(0x7f00000022c0)=""/4096, 0x1000}, 0x1ff}, {{0x0, 0x0, &(0x7f0000003700)=[{&(0x7f00000032c0)=""/247, 0xf7}, {&(0x7f00000033c0)=""/231, 0xe7}, {&(0x7f00000034c0)=""/190, 0xbe}, {&(0x7f0000003580)=""/80, 0x50}, {&(0x7f0000003600)=""/231, 0xe7}], 0x5, &(0x7f0000003780)=""/94, 0x5e}}], 0x8, 0x6dfc38b25074a701, &(0x7f0000003a00)={0x77359400}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000003a40)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1}) sendmsg$nl_route_sched_retired(r0, &(0x7f0000003c00)={&(0x7f0000003a80)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000003bc0)={&(0x7f0000003ac0)=@newqdisc={0xcc, 0x24, 0x1, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {0xc, 0x4}, {0x1, 0xe}, {0xfff1, 0xfff3}}, [@q_dsmark={{0xb}, {0x18, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xa}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x1}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0x18, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xffff}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8}]}}, @q_dsmark={{0xb}, {0x30, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8000}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0xa}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x5}]}}, @q_dsmark={{0xb}, {0x18, 0x2, [@TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}]}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4040004}, 0x4044014) (async) socket$kcm(0x29, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000008a80)={0x0, 0x0}) recvmmsg(r0, &(0x7f00000089c0)=[{{&(0x7f0000003c40)=@caif=@dbg, 0x80, &(0x7f0000006080)=[{&(0x7f0000003cc0)=""/235, 0xeb}, {&(0x7f0000003dc0)=""/58, 0x3a}, {&(0x7f0000003e00)=""/4096, 0x1000}, {&(0x7f0000004e00)=""/108, 0x6c}, {&(0x7f0000004e80)=""/255, 0xff}, {&(0x7f0000004f80)=""/4096, 0x1000}, {&(0x7f0000005f80)=""/254, 0xfe}], 0x7, &(0x7f0000006100)=""/116, 0x74}}, {{0x0, 0x0, &(0x7f00000063c0)=[{&(0x7f0000006180)=""/207, 0xcf}, {&(0x7f0000006280)=""/23, 0x17}, {&(0x7f00000062c0)=""/208, 0xd0}], 0x3, &(0x7f0000006400)=""/132, 0x84}, 0x8}, {{&(0x7f00000064c0)=@can, 0x80, &(0x7f0000008840)=[{&(0x7f0000006540)=""/4096, 0x1000}, {&(0x7f0000007540)=""/34, 0x22}, {&(0x7f0000007580)=""/176, 0xb0}, {&(0x7f0000007640)=""/221, 0xdd}, {&(0x7f0000007740)=""/79, 0x4f}, {&(0x7f00000077c0)=""/64, 0x40}, {&(0x7f0000007800)=""/4096, 0x1000}, {&(0x7f0000008800)=""/48, 0x30}], 0x8, &(0x7f00000088c0)=""/222, 0xde}, 0x4}], 0x3, 0x100, &(0x7f0000008ac0)={r13, r14+10000000}) 5.526315504s ago: executing program 6 (id=2299): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000700)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7a}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000340)="d2ff03076003008cb89e08f088a8", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25000000}, 0x50) 5.477086116s ago: executing program 1 (id=2300): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0xb, 0xfffffffffffffff8}, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0) r1 = fsopen(&(0x7f0000000080)='omfs\x00', 0x1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) r4 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x0, 0x10100, 0x0, 0x3b9}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x2def, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f00000000c0)=ANY=[], 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) 5.207621338s ago: executing program 6 (id=2302): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14, 0x10, 0x1, 0x0, 0x9df86da}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x38, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x9df86da}]}]}], {0x14}}, 0xc0}}, 0x0) 4.870500485s ago: executing program 3 (id=2303): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ad8000000060a0104000000000000000002000000c4000480100001800c0001007061796c6f616400580001800e000100636f6e6e6c696d6974000000440002800800014000005000080001400000058f0800024000000001080001400000000432000140000080010800024000000000080002400000000008001a40000007ff0c00018008000100636d70004c0001800b00010065787468647200003c0002800800074000000011080007400000001608000640000000030800014000000001010006400000000308000440000000d2080001400000000e140000001100010000000000000000000000000a"], 0x100}, 0x1, 0x0, 0x0, 0x39b19689a0cf3a67}, 0x0) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r2, 0x0, 0x3, &(0x7f00000000c0)=0x1f, 0x4) sendto$inet(r2, &(0x7f0000000100)="1ce0", 0xffeb, 0x900, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10) socket(0x2, 0x1, 0x0) r3 = fsmount(r0, 0x1, 0x0) fchdir(r3) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000040)=0xe0000000) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) 4.312144778s ago: executing program 3 (id=2304): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0xe0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0xa1, 0x0, 0x0, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x91, 0x8, 0x8, &(0x7f0000000300)}}, 0x10) r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0xb8, &(0x7f0000000080), 0x0) syz_io_uring_complete(0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0) write$binfmt_aout(r1, 0x0, 0xff2e) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8042, 0x0) write$P9_RSTATu(r2, &(0x7f0000000580)={0x239, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {0x0, 0x0, 0xf7ff}, 0x0, 0x0, 0x2000, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\x00\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x90, 0x1b, "00bf46f8bbde7047bcd4a280000400"}) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x17) 4.311859451s ago: executing program 6 (id=2305): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3a00}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) 4.1874772s ago: executing program 1 (id=2306): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, 0x0, 0x0}, 0x20) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x1, 0xeeee0000, 0x0, 0xffffffffffffffff, 0x4}) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendto$packet(r1, &(0x7f0000000080)="a99c383d33c9c607b1b9d49688a8834a88a8", 0x1000e, 0x0, &(0x7f0000000000)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fchmodat(0xffffffffffffffff, 0x0, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a000000"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r6) getpid() sendmsg$IEEE802154_START_REQ(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="7d2948b30e59188ba57ba9d9aaf3d9d2775f5ec9ef108e91619388b9f1fa3fb32cb04fbc1f303d73fd04b7282fcb3c79c8d7e82fd96e762d6ff418ea5efb113ee7c989bf9c7b0e77d5cb52267f5b9f882f8a2d3c838e803d97a2339bc0501a517943309549f79c029157e39dd08f4ff2730b5bd12302bc8b04aed453dfabc6ecfb2cc59b307e4165be16f52a24f5cbc16d972d9bc5182590129ea1fd46f9c084d43e813c5d0bf58ace40168e26952c732ee14e82da1f1cbccf6f6190f51552d9a46ae48301b500"/224, @ANYRES16=r7, @ANYBLOB="010000000000000000000d000000"], 0x14}, 0x1, 0x0, 0x0, 0x18000}, 0x0) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_TARGET={0x8, 0x3, 0x20}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xe0ec}]}}]}, 0x44}}, 0x0) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008040) 4.18700069s ago: executing program 2 (id=2307): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) syz_emit_vhci(0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000b4940c74ccd31efeca728350cce105f80a5f57ae6df1720cd3c8e8ac225fd54df4e41ef275b56f971236588549eb32e939c0a6077c754db0d8d183ab720ac3cf3420d1da82e1fff58bb77261f619c982b270a76b30c5e0908c7584b3adf016ea07389ffe4e0df1a638c71c3aba9efd77ca555ada38cf6ecee9abd91efbec7f44ae2156f1348b48cee4d74765d6d02bff71cff6802c297cd10db8f0cf6ca0615a1c3cf27412a130cbde5b7016c9ac61e2fe01db9755680cc925ca96679c9b1615b63fb8666e6af86c1b51e41707b45ace0bdc44c2bee724937611cf46e87cc19dff5937a4920f6d15f3d249c71c95fefd90fc9879208fcf2291bf9a560a4e12c52e71446841578ca5e3eb8b00"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r3 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) read$FUSE(r3, 0x0, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nfc(&(0x7f0000000500), r4) sendmsg$NFC_CMD_GET_SE(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r5, 0xf15}, 0x14}}, 0x0) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r6, &(0x7f0000000000)={0x27}, 0x74) bind$ax25(0xffffffffffffffff, 0x0, 0x0) 4.136981516s ago: executing program 3 (id=2308): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x4d0, 0x2e0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x400, 0x3d8, 0x3d8, 0x400, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2e0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x200000, 0x0, 0x1, 0x0, 'syz1\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0xb3c738a26429eda, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x80, 0x0}, 'virt_wifi0\x00', {0x6dbf}}}}, {{@uncond, 0x0, 0xf0, 0x120, 0x0, {0x60030000}, [@common=@dst={{0x48}, {0x0, 0x0, 0x1, [0xc1, 0x3ff, 0x1000, 0x9, 0x9, 0x6, 0x7ff, 0x8, 0x945, 0x1, 0x6, 0x9, 0x632, 0x8, 0x3], 0x5}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x0, 0x4, 0x1}, {0xffffffffffffffff, 0x3, 0x6}, 0x5, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x530) 4.107159091s ago: executing program 6 (id=2309): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x3e, &(0x7f00000016c0)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x8, 0x3a, 0x0, @dev, @local, {[], @echo_request}}}}}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000025342610ac05dfab493d010203010902120001000000000904000100fffd01"], 0x0) 2.770633424s ago: executing program 2 (id=2310): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000120000fc000a20000000000a09000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a400000e6ff0900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c00038028000080080003"], 0xec}}, 0x0) 2.658071449s ago: executing program 3 (id=2311): syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a843500140600fe8000000000500000000000000000bbfc00"], 0x0) 2.612728306s ago: executing program 2 (id=2312): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x1a, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, {}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x40}, @ringbuf_query, @generic={0x4, 0x9, 0x8}, @map_fd={0x18, 0x5}, @func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_idx={0x18, 0x1, 0x5, 0x0, 0xb}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xffffffffffffff4a) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = socket(0x10, 0x80002, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b24, &(0x7f0000000000)={'wlan0\x00'}) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r5, 0x1, 0x44, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r6, 0x40309410, &(0x7f0000000300)={0xffffffffbea26ac3, 0xfffffffffffffff8, 0x2, 0x9, 0x3, [0x7, 0x4, 0x3, 0x5]}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0xe4428, &(0x7f0000000080)=ANY=[@ANYBLOB="f0"]) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001740)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x3, [@struct={0x0, 0x0, 0x0, 0x4, 0x0, 0x43000000}, @enum64={0x8, 0x3, 0x0, 0x13, 0x1, 0xd, [{0x1, 0x0, 0x6}, {0x5, 0xb2e, 0x800}, {0xa, 0x3ff, 0x4}]}]}, {0x0, [0x0]}}, 0x0, 0x57, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000700)=ANY=[@ANYRES64=r3], 0x64}}, 0x88) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r7, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4) 1.465829046s ago: executing program 3 (id=2313): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x2, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) socket$inet6_udplite(0xa, 0x2, 0x88) r0 = socket$inet(0xa, 0x801, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r2, @ANYBLOB="01000000000000000000010000000c000500ff000000000000000c0002000000020000000000040007800c000800000000000000000008000a00000000004400078008000100", @ANYRES32, @ANYBLOB="38000100", @ANYRES32=r3, @ANYBLOB="64800400", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r0], 0x90}}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r4}, 0x10) 1.407590764s ago: executing program 2 (id=2314): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r0, &(0x7f0000000340)={0x230, 0x7d, 0x40, {{0x500, 0xf0, 0x0, 0xb000000, {0x0, 0x2, 0x7}, 0x11000000, 0x0, 0xe803, 0x5, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x14, '\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1h\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\b\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x230) 1.361314745s ago: executing program 5 (id=2315): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]}) inotify_init() bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r3, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f0308000000000000e2ff", 0x1b}], 0x1}, 0x0) syz_emit_ethernet(0x5a, &(0x7f0000000240)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x24, 0x6, 0x0, @remote, @local, {[], {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x9, 0x2, 0x0, 0x0, 0x0, {[@mptcp=@syn={0x1e, 0xc, 0x7, 0x1, 0xfb, 0x800, 0x7}, @window={0x3, 0x3, 0xf9}]}}}}}}}}, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f00000000c0)="0fc73c50c4c3e16a5200ddc4e3c568ce00eac66682323c97c4c17572e100c4c2419c5a49d87f00360f070f01c4b9f2030000b800000000ba008000000f30", 0x3e}], 0x1, 0x40, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.170169289s ago: executing program 2 (id=2316): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) r5 = socket$l2tp(0x2, 0x2, 0x73) r6 = socket$unix(0x1, 0x5, 0x0) r7 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r7, &(0x7f00000000c0)={0x1d, r8}, 0x10) sendmsg$can_bcm(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab08", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r6, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) sendmsg$can_bcm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r5, 0x0, 0x0) 1.059347032s ago: executing program 1 (id=2317): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[], 0x1c}}, 0x4000000) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x78c111751c9e8d6) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001d80)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000002b000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e6185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfd8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f659cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b32a0080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c61a137462c7f2539479f49d4eb2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc16e7c337642d3e5a815232f5e16b089f37b3591a15c0a9be6eb18208404c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c0977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6040099d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663dd472021d202eedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe3594d4a3f2239cfe00000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed180d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35f267632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e80339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd52364600000000000000000000000000000000000000000000dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000a5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f3390343c12a851810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f314001a62863f6e04b4506ac2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab79e609c57a2a7332f4d8764c302ccd5aac114482b619fca4d97a0ae75ccf11e29a854380e2b4bb9905a1517ec40bb3fa44f9959bad67ccaba76408da35e9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff17320adda5867947257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a927de6f4c09f4b742e037381c85d2ec7bb2a8152f0d6a99a0370e0cbd65744eb2efd7b65f04aa7e72588757b9612bb4253a63bb303c0c68a07f115d104f2007237a4f771416741bfd63fdfe3ae6f8bea755d8b7202c2bbae137dc1c3cf40db74a4c1c219d8ddec8f91dae2cdea1353fe062830fa1d233296e99d8317872257e154665485e7f31cdbfbf435517faf93015b57417d84b8bc8662e097d5ba55000048e150695ffae3a676555b10da11751865126d19336116a1e58ab727dda6b343cc97f9479136a66f552abf8fe3d134f6d69df1cf7800b4bda4db5e68aaccf44d24e09f8a769e3ae7bf246673f15e3d1adae4384bdb7cd30a33e30466b421feb96006c810fd3830a1c75af2580727ffc699d2b04f476acc21419fad9b1baec88974da2db29b80859bde08b85c8086e4b7f1fd568042ad5396d3179c71b1dc43291e450ce9b8d7d80fcb44966d7ad4691a37870000000000000000000000000000000000000000000000000000000000000000000083a5765d06da91165d24bc316607e2d69344aa1c07ff7cd7bc3d17f122478b6e81077782b9c298edc2546045feff90e7aa7dc1a869fa5551b873e2c838e979e033b7707df75b93cf5b8d25242741a88f2d54a7107375b25911aa11efa3a4f87fc14f180e353615b3cb9a5cf5ea843014a277c3694a5a83266f73ef039dd739187923715548d58ff43be997e357e0cbed29faef19c0082e26fb867bf0ff0000000000000000000000a0616252abda1102c3eee13eddef0275f21752ee474e32d790ae1f3df77e303ae1968c2a4419d1ca13b97b2c3123ab5b8473b880644e6acfe1d346d1528262c6e91f38029ec24eeb4fe5c1b3726bcfd386ba153fed11692170e5a09432bd02fa9dba861ecad4dbf61a93733a21aeff5f541b8f78bccbf1ac0000000000000000000000145aaaa62ff74b216b2977e7b9261824f663cea60ec6e0fa03bd596cec6d12316c8ed147d4cdd140857444c27c1946b1afcd4ec260694cb71e421744cf1f860840b0decf9be35aeb02d1bf6137b3189edb2d21557e6804ed52305e7deace8b97cd2b423cb79c541762097e29c386634a4bcc3ee91266d808706aadbc4650183d71bf5341edfe4c815d3a87c05d75da20b260d39cdd8559292000cb06faf9972683d379565dcd932fbc6bfb13f938a693252fc3af8088fcf8e06a"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe, 0x6000002c, &(0x7f0000000100)="b9ff03316844268cb89e14f0080048e0050000000000008877fbac141516e0000001440404feb180008903040000845013f2325f003901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0103461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014c0000c0adc043084617d7ecf41effff38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d7da058f6efa6d1f5f7ff400"/254, 0x0, 0x14, 0x60000000, 0x0, 0xfffffffe}, 0x2c) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000007c0)=ANY=[@ANYBLOB="030000000000000040000000000000000000001c000000004f08004000000000060000000000008014020000000000003f07000000000000"]) close(0xffffffffffffffff) io_setup(0x1, 0x0) close(r1) r3 = socket$inet6(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) sendmsg$nl_route(r1, 0x0, 0x240640d4) prlimit64(0x0, 0xb, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c2", 0x17) r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r6, 0x7ab, &(0x7f0000000040)={0x0, 0x0, 0x7fffffff}) ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r6, 0x7ac, &(0x7f0000000200)={0x0, 0x0, 0x5}) r7 = accept4(r5, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r7) sendto$inet6(r3, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0) 97.536406ms ago: executing program 6 (id=2318): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9e, 0x17, 0x36, 0x10, 0x17ef, 0x721e, 0xde06, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6}}]}}]}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0x14, &(0x7f0000000780)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xb}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r2, 0x0, 0xe, 0x0, &(0x7f0000000000)="0000000000000000009dc9000000", 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) r4 = socket$nl_generic(0x10, 0x3, 0x10) bind$vsock_stream(r4, &(0x7f0000000000)={0x10}, 0x10) r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r5, &(0x7f0000000540)={{0x2, @bcast, 0x40}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x44) listen(r3, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="0000040000000b0f0667"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 2 (id=2319): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c00000019000100000000000000003f0a00000000000000000000001400053f000000000000000000000000000000000c00090008"], 0x3c}}, 0x0) kernel console output (not intermixed with test programs): 42] usb 2-1: New USB device found, idVendor=0458, idProduct=5005, bcdDevice= 0.00 [ 528.683951][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.737726][ T5842] usb 2-1: config 0 descriptor?? [ 528.885146][T10950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 528.911485][T10950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 528.930098][T10950] bond0 (unregistering): Released all slaves [ 529.097979][ T59] libceph: connect (1)[c::]:6789 error -101 [ 529.105396][ T59] libceph: mon0 (1)[c::]:6789 connect error [ 529.132419][T10965] ceph: No mds server is up or the cluster is laggy [ 529.178651][ T5842] kye 0003:0458:5005.000C: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 529.224010][ T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 529.403063][ T5885] libceph: connect (1)[c::]:6789 error -101 [ 529.471575][ T5885] libceph: mon0 (1)[c::]:6789 connect error [ 529.472006][ T5842] kye 0003:0458:5005.000C: hidraw0: USB HID v0.00 Device [HID 0458:5005] on usb-dummy_hcd.1-1/input0 [ 529.661577][ T5842] kye 0003:0458:5005.000C: tablet-enabling feature report not found [ 529.671609][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 529.686592][ T5842] kye 0003:0458:5005.000C: tablet enabling failed [ 529.768696][ T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 529.899089][ T9] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 529.919401][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.943399][ T5842] usb 2-1: USB disconnect, device number 34 [ 529.956766][ T9] usb 3-1: Product: syz [ 529.977917][ T9] usb 3-1: Manufacturer: syz [ 529.982794][ T9] usb 3-1: SerialNumber: syz [ 530.071192][ T9] usb 3-1: config 0 descriptor?? [ 530.088551][T10962] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 530.127385][ T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 530.332180][ T9] usb 3-1: USB disconnect, device number 18 [ 533.561076][T11006] binder: 10998:11006 ioctl c0306201 200001c0 returned -14 [ 534.197440][T11017] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (4864) [ 534.208727][T11017] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 534.737356][T11023] macsec1: entered allmulticast mode [ 535.156763][ T7227] usb 2-1: new full-speed USB device number 35 using dummy_hcd [ 535.716708][ T7227] usb 2-1: config 201 has an invalid interface number: 249 but max is 0 [ 535.727730][ T7227] usb 2-1: config 201 has no interface number 0 [ 535.818128][ T7227] usb 2-1: config 201 interface 249 altsetting 4 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 535.840536][ T7227] usb 2-1: config 201 interface 249 has no altsetting 0 [ 535.850371][ T7227] usb 2-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df [ 535.883814][ T7227] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.897288][ T7227] usb 2-1: Product: syz [ 535.905894][ T7227] usb 2-1: Manufacturer: syz [ 535.929656][ T7227] usb 2-1: SerialNumber: syz [ 537.724849][T11036] block device autoloading is deprecated and will be removed. [ 537.734903][T11036] syz.3.1416: attempt to access beyond end of device [ 537.734903][T11036] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 537.869941][T11038] xt_hashlimit: Unknown mode mask 2000, kernel too old? [ 538.736628][ T7227] ath6kl: Failed to submit usb control message: -71 [ 538.743906][ T7227] ath6kl: unable to send the bmi data to the device: -71 [ 538.751422][ T7227] ath6kl: Unable to send get target info: -71 [ 538.908224][ T7227] ath6kl: Failed to init ath6kl core: -71 [ 538.922271][ T7227] ath6kl_usb 2-1:201.249: probe with driver ath6kl_usb failed with error -71 [ 538.941112][ T7227] usb 2-1: USB disconnect, device number 35 [ 539.093331][T11065] xt_CT: You must specify a L4 protocol and not use inversions on it [ 539.096013][T11065] netlink: 'syz.6.1424': attribute type 10 has an invalid length. [ 539.463754][ T5842] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 539.623723][ T5842] usb 4-1: Using ep0 maxpacket: 8 [ 539.656952][ T5842] usb 4-1: config 1 interface 0 altsetting 253 bulk endpoint 0x82 has invalid maxpacket 8 [ 539.677114][ T5842] usb 4-1: config 1 interface 0 altsetting 253 bulk endpoint 0x3 has invalid maxpacket 1023 [ 539.983305][ T5842] usb 4-1: config 1 interface 0 has no altsetting 0 [ 540.518954][T11072] infiniband syz1: set active [ 540.567085][T11072] infiniband syz1: added team_slave_0 [ 540.594646][T11072] syz1: rxe_create_cq: returned err = -12 [ 540.605296][ T5842] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 540.614616][T11072] infiniband syz1: Couldn't create ib_mad CQ [ 540.614898][T11072] infiniband syz1: Couldn't open port 1 [ 540.622176][ T5842] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.635441][T11091] SET target dimension over the limit! [ 540.641686][ T5842] usb 4-1: Product: syz [ 540.663678][ T5842] usb 4-1: Manufacturer: syz [ 540.668359][ T5842] usb 4-1: SerialNumber: syz [ 540.687483][T11071] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 540.699177][T11071] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 540.739475][T11072] RDS/IB: syz1: added [ 540.764489][T11072] smc: adding ib device syz1 with port count 1 [ 540.770924][T11072] smc: ib device syz1 port 1 has pnetid [ 540.938546][ T5842] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 540.968537][ T5842] usb 4-1: USB disconnect, device number 27 [ 542.628194][T11104] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1436'. [ 548.695446][T11144] netlink: 'syz.3.1445': attribute type 11 has an invalid length. [ 549.658395][T11146] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1448'. [ 549.668289][T11146] netlink: 272 bytes leftover after parsing attributes in process `syz.1.1448'. [ 549.677871][T11146] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1448'. [ 553.317451][T11175] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 553.323791][T11175] [U] J"—e:ÀÆ" [ 553.327379][T11175] [U] [ 554.450543][T11178] befs: (nbd5): No write support. Marking filesystem read-only [ 554.460523][T11178] syz.5.1454: attempt to access beyond end of device [ 554.460523][T11178] nbd5: rw=0, sector=0, nr_sectors = 2 limit=0 [ 554.474070][T11178] befs: (nbd5): unable to read superblock [ 554.564535][ T5885] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 555.569267][T11190] fuse: Unknown parameter '' [ 555.646667][ T5885] usb 2-1: device descriptor read/64, error -71 [ 555.944538][T11200] tipc: Enabled bearer , priority 10 [ 556.074236][ T5885] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 556.224284][ T5885] usb 2-1: device descriptor read/64, error -71 [ 556.536419][ T5885] usb usb2-port1: attempt power cycle [ 556.552058][T11212] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1467'. [ 557.750254][T11222] xt_hashlimit: overflow, try lower: 5/0 [ 557.956545][ T5885] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 558.084581][T11229] tipc: Enabling of bearer rejected, media not registered [ 558.199649][ T5885] usb 2-1: device not accepting address 38, error -71 [ 558.254070][T11233] batadv1: entered promiscuous mode [ 558.260775][T11233] batadv1: entered allmulticast mode [ 558.270228][T11233] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 558.952262][T11237] netlink: 1788 bytes leftover after parsing attributes in process `syz.6.1475'. [ 561.024667][T11255] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1480'. [ 561.033932][T11255] netlink: 272 bytes leftover after parsing attributes in process `syz.1.1480'. [ 561.043263][T11255] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1480'. [ 564.108410][T11273] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1486'. [ 564.108525][T11273] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1486'. [ 564.184203][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.396664][T11283] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1488'. [ 564.636221][ T5842] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 565.269110][T11291] syz.1.1489: attempt to access beyond end of device [ 565.269110][T11291] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 565.287941][T11291] hpfs: hpfs_map_sector(): read error [ 565.580163][T11301] xt_bpf: check failed: parse error [ 566.472097][T11306] Invalid logical block size (63) [ 566.475088][ T75] Bluetooth: hci2: Frame reassembly failed (-84) [ 566.499713][ T75] Bluetooth: hci2: Frame reassembly failed (-84) [ 567.692216][T11321] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.839019][T11325] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1496'. [ 567.910439][T11321] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.033841][T11321] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.083884][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 568.083905][ T29] audit: type=1107 audit(1737226367.167:129): pid=11328 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 568.119840][T11321] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.049846][ T5851] Bluetooth: hci2: command 0xfc11 tx timeout [ 569.134082][ T5843] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 569.461933][T11321] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.535605][T11321] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.575171][T11321] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.714982][T11321] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 569.805061][T11344] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1503'. [ 570.753931][T11344] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1503'. [ 570.946306][T11352] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 571.001900][T11352] syzkaller0: entered promiscuous mode [ 571.056218][T11352] syzkaller0: entered allmulticast mode [ 572.215531][ T25] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 572.369049][T11365] overlayfs: conflicting lowerdir path [ 572.414315][ T25] usb 3-1: too many configurations: 114, using maximum allowed: 8 [ 572.434746][ T25] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 572.442455][ T25] usb 3-1: can't read configurations, error -61 [ 572.593867][ T25] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 572.844563][ T25] usb 3-1: too many configurations: 114, using maximum allowed: 8 [ 572.856882][ T25] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 572.872583][ T25] usb 3-1: can't read configurations, error -61 [ 572.881128][ T25] usb usb3-port1: attempt power cycle [ 574.063755][ T25] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 574.124808][T11373] SET target dimension over the limit! [ 574.268052][ C1] raw-gadget.0 gadget.2: ignoring, device is not running [ 574.276156][ T25] usb 3-1: device descriptor read/8, error -32 [ 575.122653][T11388] netlink: 84 bytes leftover after parsing attributes in process `syz.6.1517'. [ 575.363216][T11393] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1514'. [ 575.375771][T11393] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1514'. [ 577.124259][T11388] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1517'. [ 578.665858][ T5842] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 579.916211][ T5842] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 579.926860][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 579.945787][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 579.993798][ T5842] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 580.032925][ T5842] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 580.051210][ T5842] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.072948][ T5842] usb 3-1: config 0 descriptor?? [ 580.080997][T11403] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 581.957078][ T7227] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 582.047002][ T5842] plantronics 0003:047F:FFFF.000D: unknown main item tag 0xd [ 582.057361][ T5842] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving [ 582.110284][ T5842] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 582.326479][ T7227] usb 7-1: Using ep0 maxpacket: 16 [ 582.763286][ T7227] usb 7-1: config 5 has an invalid interface number: 168 but max is 0 [ 582.771721][ T7227] usb 7-1: config 5 has no interface number 0 [ 582.774748][ T5885] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 582.777959][ T7227] usb 7-1: config 5 interface 168 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 1023 [ 582.795625][ T7227] usb 7-1: config 5 interface 168 has no altsetting 0 [ 582.864093][T11423] ceph: No mds server is up or the cluster is laggy [ 582.866517][ T7227] usb 7-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 582.879931][ T7227] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.894121][ T7227] usb 7-1: Product: syz [ 582.898350][ T7227] usb 7-1: Manufacturer: syz [ 582.923821][ T7227] usb 7-1: SerialNumber: syz [ 582.937094][T11413] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 583.015135][ T5885] usb 4-1: Using ep0 maxpacket: 16 [ 583.084361][ T5885] usb 4-1: unable to get BOS descriptor or descriptor too short [ 583.112747][ T5885] usb 4-1: config 8 has an invalid interface number: 64 but max is 0 [ 583.137012][ T5885] usb 4-1: config 8 has no interface number 0 [ 583.183713][ T5885] usb 4-1: config 8 interface 64 altsetting 2 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 583.227835][ T7227] pn533_usb 7-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 583.272613][ T5885] usb 4-1: config 8 interface 64 has no altsetting 0 [ 583.273490][ T7227] usb 7-1: USB disconnect, device number 6 [ 583.290120][T11434] netlink: 1788 bytes leftover after parsing attributes in process `syz.1.1529'. [ 583.430131][ T5885] usb 4-1: New USB device found, idVendor=19d2, idProduct=64c6, bcdDevice= e.34 [ 583.463941][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.472011][ T5885] usb 4-1: Product: syz [ 583.476286][ T5885] usb 4-1: Manufacturer: syz [ 583.480914][ T5885] usb 4-1: SerialNumber: syz [ 583.836095][ T5885] cdc_ether 4-1:8.64: invalid descriptor buffer length [ 583.847196][ T5885] usb 4-1: bad CDC descriptors [ 584.183853][ T5885] usb 4-1: USB disconnect, device number 29 [ 584.288010][ T9] usb 3-1: USB disconnect, device number 23 [ 586.055935][T11464] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 586.074488][T11464] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 586.094118][T11464] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 586.102973][T11464] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 586.114753][T11464] geneve2: entered promiscuous mode [ 586.120012][T11464] geneve2: entered allmulticast mode [ 586.503985][T11468] netlink: 'syz.1.1539': attribute type 1 has an invalid length. [ 586.512260][T11468] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1539'. [ 586.894194][T11451] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 586.904533][ T5843] Bluetooth: hci4: command 0x0405 tx timeout [ 586.910941][T11451] Bluetooth: hci4: Opcode 0x0406 failed: -110 [ 587.441108][T11451] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 587.447464][T11451] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 587.458672][T11451] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 589.096437][ T5843] Bluetooth: hci5: command 0x0c1a tx timeout [ 589.104224][ T5843] Bluetooth: hci4: command 0x0405 tx timeout [ 589.428265][T11499] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1545'. [ 589.843746][T11508] netlink: 'syz.2.1547': attribute type 50 has an invalid length. [ 591.150636][ T5843] Bluetooth: hci5: command 0x0c1a tx timeout [ 591.731866][T11524] cgroup: none used incorrectly [ 592.028981][T11524] orangefs_mount: mount request failed with -4 [ 593.636983][ T5851] Bluetooth: hci5: command 0x0c1a tx timeout [ 593.897196][T11547] netlink: 'syz.3.1558': attribute type 3 has an invalid length. [ 595.005224][ T9] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 595.708703][ T9] usb 7-1: device descriptor read/64, error -71 [ 596.217302][ T5851] Bluetooth: hci5: command 0x0c1a tx timeout [ 596.545714][ T5842] usb 2-1: new full-speed USB device number 40 using dummy_hcd [ 597.070975][ T5885] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 597.189152][T11571] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1566'. [ 597.273995][ T5885] usb 3-1: Using ep0 maxpacket: 32 [ 597.293052][ T5885] usb 3-1: config 0 interface 0 has no altsetting 0 [ 597.554547][ T9] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 597.715082][ T5885] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 597.724468][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.732765][ T5885] usb 3-1: Product: syz [ 597.737072][ T5885] usb 3-1: Manufacturer: syz [ 597.741701][ T5885] usb 3-1: SerialNumber: syz [ 597.749002][ T5885] usb 3-1: config 0 descriptor?? [ 597.774609][T11571] bridge0: port 3(macsec1) entered blocking state [ 597.792779][T11571] bridge0: port 3(macsec1) entered disabled state [ 597.804123][T11571] macsec1: entered allmulticast mode [ 597.815403][ T5885] gs_usb 3-1:0.0: Required endpoints not found [ 597.867649][T11571] macsec1: left allmulticast mode [ 597.936598][ T5842] usb 2-1: device not accepting address 40, error -71 [ 598.859114][ T5885] usb 3-1: USB disconnect, device number 24 [ 598.956169][T11588] netlink: 'syz.5.1571': attribute type 10 has an invalid length. [ 600.164997][T11594] ptrace attach of ""[11598] was attempted by "./syz-executor exec"[11594] [ 600.311409][T11580] 9pnet_fd: Insufficient options for proto=fd [ 600.319689][T11580] lo speed is unknown, defaulting to 1000 [ 600.326144][T11580] lo speed is unknown, defaulting to 1000 [ 600.333325][T11580] lo speed is unknown, defaulting to 1000 [ 600.345981][T11580] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 600.362457][T11580] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 600.436881][T11605] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1576'. [ 601.059363][T11580] lo speed is unknown, defaulting to 1000 [ 601.066826][T11580] lo speed is unknown, defaulting to 1000 [ 601.080420][T11580] lo speed is unknown, defaulting to 1000 [ 601.106921][T11610] xt_CT: You must specify a L4 protocol and not use inversions on it [ 601.111342][T11580] lo speed is unknown, defaulting to 1000 [ 601.149127][T11580] lo speed is unknown, defaulting to 1000 [ 601.156171][T11580] lo speed is unknown, defaulting to 1000 [ 601.599212][ T9] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 601.882347][T11633] netlink: 'syz.5.1585': attribute type 29 has an invalid length. [ 601.902747][T11633] netlink: 'syz.5.1585': attribute type 29 has an invalid length. [ 601.922737][T11633] netlink: 508 bytes leftover after parsing attributes in process `syz.5.1585'. [ 601.967553][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 601.978851][T11638] SET target dimension over the limit! [ 601.978851][ T9] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 601.983017][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 602.013181][ T9] usb 2-1: New USB device strings: Mfr=45, Product=63, SerialNumber=3 [ 602.021827][ T9] usb 2-1: Product: syz [ 602.033760][ T9] usb 2-1: Manufacturer: syz [ 602.040815][ T9] usb 2-1: SerialNumber: syz [ 602.093148][ T9] usb 2-1: config 0 descriptor?? [ 602.296086][T11644] FAULT_INJECTION: forcing a failure. [ 602.296086][T11644] name failslab, interval 1, probability 0, space 0, times 0 [ 602.367430][T11644] CPU: 0 UID: 0 PID: 11644 Comm: syz.2.1592 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 602.378283][T11644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 602.388390][T11644] Call Trace: [ 602.391712][T11644] [ 602.394680][T11644] dump_stack_lvl+0x241/0x360 [ 602.399416][T11644] ? __pfx_dump_stack_lvl+0x10/0x10 [ 602.404671][T11644] ? __pfx__printk+0x10/0x10 [ 602.409323][T11644] should_fail_ex+0x3b0/0x4e0 [ 602.414047][T11644] should_failslab+0xac/0x100 [ 602.418778][T11644] ? dst_alloc+0x12b/0x190 [ 602.423247][T11644] kmem_cache_alloc_noprof+0x70/0x380 [ 602.428694][T11644] dst_alloc+0x12b/0x190 [ 602.432986][T11644] ip_route_output_key_hash_rcu+0x13cc/0x2390 [ 602.439115][T11644] ip_route_output_key_hash+0x193/0x2b0 [ 602.444716][T11644] ? ip_route_output_key_hash+0xdf/0x2b0 [ 602.450401][T11644] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 602.456527][T11644] ? __pfx_lock_release+0x10/0x10 [ 602.460329][T11652] Invalid logical block size (1101653259) [ 602.461575][T11644] ? tomoyo_check_acl+0x37e/0x3f0 [ 602.461629][T11644] ip_route_output_flow+0x29/0x140 [ 602.477530][T11644] raw_sendmsg+0x15d0/0x2430 [ 602.482201][T11644] ? __pfx_raw_sendmsg+0x10/0x10 [ 602.487197][T11644] ? smack_socket_sendmsg+0x40d/0x540 [ 602.492629][T11644] ? __pfx_lock_release+0x10/0x10 [ 602.497722][T11644] ? inet_sendmsg+0x330/0x390 [ 602.502454][T11644] __sock_sendmsg+0x1a6/0x270 [ 602.507193][T11644] __sys_sendto+0x363/0x4c0 [ 602.511751][T11644] ? __pfx___sys_sendto+0x10/0x10 [ 602.516825][T11644] ? __mutex_unlock_slowpath+0x21e/0x790 [ 602.522525][T11644] ? __fget_files+0x2a/0x410 [ 602.527169][T11644] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 602.533199][T11644] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 602.539578][T11644] __x64_sys_sendto+0xde/0x100 [ 602.544391][T11644] do_syscall_64+0xf3/0x230 [ 602.548934][T11644] ? clear_bhb_loop+0x35/0x90 [ 602.553656][T11644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.559695][T11644] RIP: 0033:0x7efd98385d29 [ 602.564153][T11644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 602.567089][T11657] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1596'. [ 602.583785][T11644] RSP: 002b:00007efd99181038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 602.583821][T11644] RAX: ffffffffffffffda RBX: 00007efd98575fa0 RCX: 00007efd98385d29 [ 602.583840][T11644] RDX: 000000000000ffeb RSI: 0000000020000040 RDI: 0000000000000003 [ 602.583856][T11644] RBP: 00007efd99181090 R08: 0000000020000340 R09: 0000000000000010 [ 602.583872][T11644] R10: 0000000000000b00 R11: 0000000000000246 R12: 0000000000000001 [ 602.583887][T11644] R13: 0000000000000000 R14: 00007efd98575fa0 R15: 00007ffd9916c728 [ 602.583922][T11644] [ 602.657327][T11657] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1596'. [ 602.983214][T11664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 602.992750][T11664] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 603.008642][T11664] xt_hashlimit: overflow, try lower: 0/0 [ 603.078113][ T5842] usb 2-1: USB disconnect, device number 42 [ 604.687815][T11675] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 605.361582][T11677] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1599'. [ 605.438206][T11677] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1599'. [ 605.447351][T11677] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1599'. [ 605.456467][T11677] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1599'. [ 605.541385][T11683] netlink: 112 bytes leftover after parsing attributes in process `syz.6.1601'. [ 606.164034][ T5842] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 606.350679][ T5842] usb 6-1: too many configurations: 151, using maximum allowed: 8 [ 608.962382][ T5842] usb 6-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 608.971565][ T5842] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 609.083799][ T5842] usb 6-1: Product: syz [ 609.088160][ T5842] usb 6-1: Manufacturer: syz [ 609.092804][ T5842] usb 6-1: SerialNumber: syz [ 609.099786][ T5842] usb 6-1: config 0 descriptor?? [ 609.185157][T11715] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1611'. [ 609.239712][T11716] netlink: 1788 bytes leftover after parsing attributes in process `syz.1.1610'. [ 609.634790][T11723] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 609.650144][T11723] sit1: entered promiscuous mode [ 609.784009][T11725] netlink: 92 bytes leftover after parsing attributes in process `syz.6.1613'. [ 610.747922][T11731] netlink: 'syz.6.1615': attribute type 3 has an invalid length. [ 610.809990][T11731] netlink: 201372 bytes leftover after parsing attributes in process `syz.6.1615'. [ 612.306601][T11736] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1617'. [ 612.427174][ T5842] usb 6-1: USB disconnect, device number 14 [ 612.621858][T11746] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1619'. [ 612.642285][T11746] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1619'. [ 612.961176][T11753] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1623'. [ 613.856770][T11753] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1623'. [ 613.893778][T11753] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1623'. [ 614.188895][ T5851] block nbd0: Receive control failed (result -107) [ 614.246192][T11770] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1626'. [ 614.255828][T11753] nbd0: detected capacity change from 0 to 256 [ 614.288172][T11773] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1624'. [ 614.676483][T11774] netlink: 'syz.6.1627': attribute type 10 has an invalid length. [ 615.090409][T11777] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1629'. [ 615.358279][T11782] FAULT_INJECTION: forcing a failure. [ 615.358279][T11782] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 615.879658][T11784] cgroup: none used incorrectly [ 617.273628][T11784] orangefs_mount: mount request failed with -4 [ 617.480037][T11782] CPU: 0 UID: 0 PID: 11782 Comm: syz.5.1631 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 617.490878][T11782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 617.500969][T11782] Call Trace: [ 617.504277][T11782] [ 617.507236][T11782] dump_stack_lvl+0x241/0x360 [ 617.511977][T11782] ? __pfx_dump_stack_lvl+0x10/0x10 [ 617.517215][T11782] ? __pfx__printk+0x10/0x10 [ 617.521847][T11782] ? __pfx_lock_release+0x10/0x10 [ 617.526917][T11782] should_fail_ex+0x3b0/0x4e0 [ 617.531634][T11782] _copy_from_user+0x2f/0xc0 [ 617.536270][T11782] __sys_bpf+0x1a4/0x810 [ 617.540556][T11782] ? __pfx___sys_bpf+0x10/0x10 [ 617.545371][T11782] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 617.551409][T11782] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 617.557778][T11782] ? do_syscall_64+0x100/0x230 [ 617.562577][T11782] __x64_sys_bpf+0x7c/0x90 [ 617.567149][T11782] do_syscall_64+0xf3/0x230 [ 617.571683][T11782] ? clear_bhb_loop+0x35/0x90 [ 617.576383][T11782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.582306][T11782] RIP: 0033:0x7ff971785d29 [ 617.586736][T11782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 617.606371][T11782] RSP: 002b:00007ff972603038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 617.614824][T11782] RAX: ffffffffffffffda RBX: 00007ff971975fa0 RCX: 00007ff971785d29 [ 617.622815][T11782] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 0000000000000000 [ 617.630897][T11782] RBP: 00007ff972603090 R08: 0000000000000000 R09: 0000000000000000 [ 617.638908][T11782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 617.646906][T11782] R13: 0000000000000000 R14: 00007ff971975fa0 R15: 00007ffcb9dca628 [ 617.654925][T11782] [ 620.259436][T11827] No such timeout policy "syz1" [ 620.325784][ T29] audit: type=1800 audit(1737226419.297:130): pid=11825 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1637" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 620.543870][ T52] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 620.703701][ T52] usb 3-1: Using ep0 maxpacket: 8 [ 620.722580][ T52] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 620.747200][ T52] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 620.781024][ T52] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 620.803872][ T25] usb 2-1: new full-speed USB device number 43 using dummy_hcd [ 620.859295][ T52] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 620.902753][ T52] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 620.912048][T11829] lo speed is unknown, defaulting to 1000 [ 621.025644][ T25] usb 2-1: config 7 has an invalid interface number: 109 but max is 0 [ 621.058875][ T52] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 621.083836][ T25] usb 2-1: config 7 has no interface number 0 [ 621.091618][ T25] usb 2-1: config 7 interface 109 has no altsetting 0 [ 621.123922][ T52] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.162303][ T25] usb 2-1: New USB device found, idVendor=1965, idProduct=0018, bcdDevice=d9.4d [ 621.179838][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 621.190387][ T25] usb 2-1: Product: syz [ 621.288284][ T25] usb 2-1: Manufacturer: syz [ 621.293297][ T25] usb 2-1: SerialNumber: syz [ 621.486314][ T52] usb 3-1: usb_control_msg returned -32 [ 621.512789][ T52] usbtmc 3-1:16.0: can't read capabilities [ 621.662211][ T25] usbhid 2-1:7.109: couldn't find an input interrupt endpoint [ 621.689562][ T25] usb 2-1: USB disconnect, device number 43 [ 622.974721][T11851] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1651'. [ 623.086500][ T5885] usb 3-1: USB disconnect, device number 26 [ 623.658385][T11870] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1656'. [ 624.579485][ T7227] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 624.671003][T11872] netlink: 'syz.5.1658': attribute type 12 has an invalid length. [ 624.688265][T11875] netlink: 'syz.1.1659': attribute type 29 has an invalid length. [ 624.709826][T11875] netlink: 'syz.1.1659': attribute type 29 has an invalid length. [ 624.721087][T11875] netlink: 508 bytes leftover after parsing attributes in process `syz.1.1659'. [ 624.746331][ T7227] usb 3-1: Using ep0 maxpacket: 32 [ 624.787168][ T7227] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 624.804002][ T7227] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.812068][ T7227] usb 3-1: Product: syz [ 624.823953][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 624.838128][ T7227] usb 3-1: Manufacturer: syz [ 624.842792][ T7227] usb 3-1: SerialNumber: syz [ 624.881121][ T7227] usb 3-1: config 0 descriptor?? [ 624.887433][T11881] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1662'. [ 624.921971][T11881] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1662'. [ 625.075536][ T8] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 625.240969][ T8] usb 7-1: Using ep0 maxpacket: 32 [ 625.274579][ T8] usb 7-1: New USB device found, idVendor=0d49, idProduct=7000, bcdDevice=26.2f [ 625.301402][ T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.334889][ T8] usb 7-1: Product: syz [ 625.339146][ T8] usb 7-1: Manufacturer: syz [ 625.383685][ T8] usb 7-1: SerialNumber: syz [ 625.426828][ T8] usb 7-1: config 0 descriptor?? [ 625.656317][ T8] ums-onetouch 7-1:0.0: USB Mass Storage device detected [ 625.757956][T11896] netlink: 1788 bytes leftover after parsing attributes in process `syz.3.1666'. [ 626.438814][ T7227] (unnamed net_device) (uninitialized): Assigned a random MAC address: ba:d5:34:64:ed:b3 [ 626.466737][ T7227] rtl8150 3-1:0.0: eth5: rtl8150 is detected [ 627.750061][ T9] usb 3-1: USB disconnect, device number 27 [ 628.476691][ T7227] usb 7-1: USB disconnect, device number 9 [ 631.740628][T11948] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1679'. [ 632.013761][ T5885] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 632.053793][ T25] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 632.173981][ T5885] usb 3-1: Using ep0 maxpacket: 32 [ 632.184405][ T5885] usb 3-1: no configurations [ 632.192505][ T5885] usb 3-1: can't read configurations, error -22 [ 632.213712][ T25] usb 4-1: Using ep0 maxpacket: 32 [ 632.228213][ T25] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 632.236677][ T25] usb 4-1: config 0 has no interface number 0 [ 632.250835][ T25] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 632.260150][ T52] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 632.268210][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.277788][ T25] usb 4-1: Product: syz [ 632.282077][ T25] usb 4-1: Manufacturer: syz [ 632.287029][ T25] usb 4-1: SerialNumber: syz [ 632.305722][ T25] usb 4-1: config 0 descriptor?? [ 632.319881][ T25] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 632.334045][ T5885] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 632.423768][ T52] usb 6-1: Using ep0 maxpacket: 8 [ 632.435385][ T52] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 632.444916][ T52] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.453038][ T52] usb 6-1: Product: syz [ 632.457494][ T52] usb 6-1: Manufacturer: syz [ 632.462238][ T52] usb 6-1: SerialNumber: syz [ 632.477360][ T52] usb 6-1: config 0 descriptor?? [ 632.483860][ T5885] usb 3-1: Using ep0 maxpacket: 32 [ 632.499867][ T5885] usb 3-1: no configurations [ 632.511549][ T5885] usb 3-1: can't read configurations, error -22 [ 632.523497][ T5885] usb usb3-port1: attempt power cycle [ 632.695754][ T52] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 632.863990][ T5885] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 632.892883][ T25] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 632.918119][ T5885] usb 3-1: Using ep0 maxpacket: 32 [ 632.935862][ T25] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 632.946245][ T5885] usb 3-1: no configurations [ 632.951370][ T5885] usb 3-1: can't read configurations, error -22 [ 633.103739][ T5885] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 633.105487][ T7227] usb 4-1: USB disconnect, device number 30 [ 633.111444][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 633.139295][ T5885] usb 3-1: Using ep0 maxpacket: 32 [ 633.144494][ T7227] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 633.157037][ T7227] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 633.157458][ T5885] usb 3-1: no configurations [ 633.173864][ T5885] usb 3-1: can't read configurations, error -22 [ 633.174497][ T9] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 633.180712][ T5885] usb usb3-port1: unable to enumerate USB device [ 633.204275][ T7227] quatech2 4-1:0.51: device disconnected [ 633.374008][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 633.390503][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 633.412980][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 633.423115][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.434682][ T9] usb 2-1: config 0 descriptor?? [ 633.451778][ T9] hub 2-1:0.0: USB hub found [ 633.549151][T11968] netlink: 'syz.6.1688': attribute type 4 has an invalid length. [ 633.650590][ T9] hub 2-1:0.0: 1 port detected [ 633.709129][T11970] ptrace attach of ""[11971] was attempted by "./syz-executor exec"[11970] [ 633.869390][ T9] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 633.884067][ T9] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 633.895058][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 633.895179][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 633.915646][ T9] usb 2-1: USB disconnect, device number 44 [ 634.016388][T11983] netlink: 'syz.3.1693': attribute type 5 has an invalid length. [ 634.025278][T11983] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1693'. [ 634.316794][ T52] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 634.328442][ T52] usb 6-1: USB disconnect, device number 15 [ 634.471872][T11985] netlink: 187320 bytes leftover after parsing attributes in process `syz.3.1693'. [ 634.481632][T11985] netlink: zone id is out of range [ 634.486972][T11985] netlink: zone id is out of range [ 635.777790][T11994] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1695'. [ 635.824229][T11994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1695'. [ 635.835139][T11994] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1695'. [ 635.924198][ T5851] block nbd1: Receive control failed (result -107) [ 635.954251][T11994] nbd1: detected capacity change from 0 to 256 [ 636.053734][ T5842] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 636.094653][ T9] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 636.153888][ T8524] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 636.207160][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 636.218815][ T5842] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 636.248336][ T5842] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 636.259068][ T5842] usb 3-1: New USB device strings: Mfr=45, Product=63, SerialNumber=3 [ 636.280141][ T9] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 636.293908][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.312436][ T5842] usb 3-1: Product: syz [ 636.321494][ T5842] usb 3-1: Manufacturer: syz [ 636.346945][ T9] usb 6-1: Product: syz [ 636.351187][ T9] usb 6-1: Manufacturer: syz [ 636.363676][ T5842] usb 3-1: SerialNumber: syz [ 636.374788][ T9] usb 6-1: SerialNumber: syz [ 636.405253][ T5842] usb 3-1: config 0 descriptor?? [ 636.421011][ T9] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 636.454312][ T7227] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 636.491377][ T8524] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 181, changing to 11 [ 636.503951][ T8524] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 50424, setting to 1024 [ 636.560326][ T8524] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 636.829908][T11999] 9pnet_fd: Insufficient options for proto=fd [ 636.878570][ T8524] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.185069][ T8524] usb 7-1: config 0 descriptor?? [ 637.211951][T11997] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 637.575924][ T5842] usb 6-1: USB disconnect, device number 16 [ 637.603716][ T5885] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 638.032883][T12010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 638.041499][T12010] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 638.051123][T12010] xt_hashlimit: overflow, try lower: 0/0 [ 638.067202][ T52] usb 3-1: USB disconnect, device number 32 [ 638.075367][ T8524] usb 7-1: string descriptor 0 read error: -22 [ 638.122181][ T5885] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 638.132307][ T5885] usb 2-1: config 0 has no interface number 0 [ 638.140193][ T5885] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 638.151447][ T5885] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 638.163511][ T5885] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 638.175824][ T5885] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 638.186074][ T5885] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 638.199522][ T5885] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 638.208974][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.221055][ T5885] usb 2-1: config 0 descriptor?? [ 638.241529][ T5885] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 638.289778][T12016] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1703'. [ 638.344126][ T7227] usb 6-1: Service connection timeout for: 256 [ 638.350496][ T7227] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services [ 638.365509][ T7227] ath9k_htc: Failed to initialize the device [ 638.373511][ T5842] usb 6-1: ath9k_htc: USB layer deinitialized [ 638.447152][ T8524] uclogic 0003:256C:006D.000E: failed retrieving string descriptor #100: -71 [ 638.462551][ T8524] uclogic 0003:256C:006D.000E: failed retrieving pen parameters: -71 [ 638.483603][ T8524] uclogic 0003:256C:006D.000E: failed probing pen v1 parameters: -71 [ 638.501323][ T8524] uclogic 0003:256C:006D.000E: failed probing parameters: -71 [ 638.517368][ T8524] uclogic 0003:256C:006D.000E: probe with driver uclogic failed with error -71 [ 638.563986][ T8524] usb 7-1: USB disconnect, device number 10 [ 638.658081][ T5885] usb 2-1: USB disconnect, device number 45 [ 638.676922][ T5885] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 638.983716][ T7227] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 639.340538][ T7227] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 639.345508][T12031] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 639.350431][ T7227] usb 6-1: New USB device found, idVendor=0458, idProduct=5005, bcdDevice= 0.00 [ 639.367268][ T7227] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.451292][ T52] kernel write not supported for file /1104/projid_map (pid: 52 comm: kworker/1:1) [ 639.508473][T12036] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1709'. [ 639.929900][ T7227] usb 6-1: config 0 descriptor?? [ 640.905570][T12043] netlink: 'syz.6.1713': attribute type 4 has an invalid length. [ 641.149275][ T7227] kye 0003:0458:5005.000F: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 641.162345][ T7227] kye 0003:0458:5005.000F: hidraw0: USB HID v0.00 Device [HID 0458:5005] on usb-dummy_hcd.5-1/input0 [ 641.183250][ T7227] kye 0003:0458:5005.000F: tablet-enabling feature report not found [ 641.199918][ T7227] kye 0003:0458:5005.000F: tablet enabling failed [ 641.436593][ T8] usb 6-1: USB disconnect, device number 17 [ 641.494601][T12061] netlink: 'syz.6.1717': attribute type 29 has an invalid length. [ 641.518627][T12061] netlink: 'syz.6.1717': attribute type 29 has an invalid length. [ 642.294840][T12061] netlink: 508 bytes leftover after parsing attributes in process `syz.6.1717'. [ 642.526692][T12062] Process accounting resumed [ 643.709699][T12082] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1724'. [ 643.840112][T12081] loop2: detected capacity change from 0 to 7 [ 643.859537][T12081] Dev loop2: unable to read RDB block 7 [ 643.868870][T12081] loop2: unable to read partition table [ 643.968853][T12093] batadv1: entered promiscuous mode [ 643.974304][T12093] batadv1: entered allmulticast mode [ 643.982883][T12093] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 644.669283][T12081] loop2: partition table beyond EOD, truncated [ 644.677508][ T11] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 644.688206][ T11] batman_adv: batadv1: adding TT local entry 01:00:5e:00:00:01 to non-existent VLAN -1 [ 644.698480][T12081] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 644.984047][ T7227] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 646.162302][ T7227] usb 6-1: Using ep0 maxpacket: 32 [ 646.169582][ T7227] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 646.177872][ T7227] usb 6-1: config 0 has no interface number 0 [ 646.186260][ T7227] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 646.195466][ T7227] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.440954][ T7227] usb 6-1: Product: syz [ 646.458155][ T7227] usb 6-1: Manufacturer: syz [ 646.471384][ T7227] usb 6-1: SerialNumber: syz [ 647.644519][ T7227] usb 6-1: config 0 descriptor?? [ 647.673890][ T7227] usb 6-1: can't set config #0, error -71 [ 647.730368][ T7227] usb 6-1: USB disconnect, device number 18 [ 647.767197][T12116] loop9: detected capacity change from 0 to 7 [ 647.808037][T12116] Dev loop9: unable to read RDB block 7 [ 647.820067][T12110] netlink: 216 bytes leftover after parsing attributes in process `syz.3.1731'. [ 647.836980][T12116] loop9: unable to read partition table [ 647.854168][T12116] loop9: partition table beyond EOD, truncated [ 647.864832][T12110] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1731'. [ 647.876484][T12116] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 647.897782][T12110] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1731'. [ 649.171219][T12132] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1737'. [ 649.227709][T12132] nbd: nbd0 already in use [ 649.277590][T12139] Invalid logical block size (1263748178) [ 649.705684][T12150] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1742'. [ 649.715178][T12150] netlink: 272 bytes leftover after parsing attributes in process `syz.6.1742'. [ 649.724639][T12150] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1742'. [ 651.069722][ T8] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 651.136137][T12167] xt_recent: Unsupported userspace flags (000000da) [ 651.235057][ T8] usb 2-1: device descriptor read/64, error -71 [ 651.537020][T12184] sctp: [Deprecated]: syz.2.1751 (pid 12184) Use of int in max_burst socket option. [ 651.537020][T12184] Use struct sctp_assoc_value instead [ 652.324058][ T8524] usb 7-1: new full-speed USB device number 11 using dummy_hcd [ 652.519819][ T8524] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDF, changing to 0x8F [ 652.554553][ T8524] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 652.663756][ T8524] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 652.683379][T12196] netlink: 'syz.5.1755': attribute type 3 has an invalid length. [ 652.693751][ T8] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 652.713742][T12196] netlink: 201372 bytes leftover after parsing attributes in process `syz.5.1755'. [ 652.735821][ T8524] usb 7-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1 [ 652.747256][ T8524] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.766016][ T8524] usb 7-1: Product: syz [ 652.772170][ T8524] usb 7-1: Manufacturer: syz [ 652.781957][ T8524] usb 7-1: SerialNumber: syz [ 652.797566][ T8524] usb 7-1: config 0 descriptor?? [ 652.833889][ T8] usb 2-1: device descriptor read/64, error -71 [ 652.897910][T12200] netlink: 'syz.5.1757': attribute type 12 has an invalid length. [ 652.960920][ T8] usb usb2-port1: attempt power cycle [ 653.022437][T12181] netlink: 277 bytes leftover after parsing attributes in process `syz.6.1752'. [ 653.034596][ T7227] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 653.045254][T12181] netlink: 'syz.6.1752': attribute type 21 has an invalid length. [ 653.053179][T12181] netlink: 128 bytes leftover after parsing attributes in process `syz.6.1752'. [ 653.065111][T12181] netlink: 'syz.6.1752': attribute type 5 has an invalid length. [ 653.073126][T12181] netlink: 'syz.6.1752': attribute type 6 has an invalid length. [ 653.104964][T12181] netlink: 3 bytes leftover after parsing attributes in process `syz.6.1752'. [ 653.146298][ T8524] powermate: Expected payload of 3--6 bytes, found 0 bytes! [ 653.163891][ T8524] powermate 7-1:0.0: probe with driver powermate failed with error -5 [ 653.185984][ T8524] usb 7-1: USB disconnect, device number 11 [ 653.203692][ T7227] usb 3-1: Using ep0 maxpacket: 8 [ 653.294423][ T7227] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 653.304130][ T7227] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 653.312174][ T7227] usb 3-1: Product: syz [ 653.316591][ T8] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 653.352038][ T7227] usb 3-1: Manufacturer: syz [ 653.364392][ T7227] usb 3-1: SerialNumber: syz [ 653.369533][ T8] usb 2-1: device descriptor read/8, error -71 [ 653.402355][ T7227] usb 3-1: config 0 descriptor?? [ 653.428467][ T7227] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 653.494560][T12208] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1759'. [ 653.506352][T12208] xt_connbytes: Forcing CT accounting to be enabled [ 653.554505][T12212] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1762'. [ 653.866307][T12221] sctp: [Deprecated]: syz.1.1764 (pid 12221) Use of int in max_burst socket option. [ 653.866307][T12221] Use struct sctp_assoc_value instead [ 654.751068][ T7227] gspca_sonixj: reg_r err -110 [ 654.891045][ T7227] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 655.282410][T12232] tmpfs: Bad value for 'mpol' [ 656.130088][T12249] __nla_validate_parse: 2 callbacks suppressed [ 656.130113][T12249] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1774'. [ 656.179171][T12249] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1774'. [ 656.544030][ T5842] usb 6-1: new low-speed USB device number 19 using dummy_hcd [ 656.693590][ T5842] usb 6-1: device descriptor read/64, error -71 [ 657.043828][ T5842] usb 6-1: new low-speed USB device number 20 using dummy_hcd [ 657.085987][ T8524] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 657.243867][ T8524] usb 2-1: device descriptor read/64, error -71 [ 657.335681][ T5842] usb 6-1: device descriptor read/64, error -71 [ 657.484477][ T8524] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 657.520557][ T5842] usb usb6-port1: attempt power cycle [ 657.656807][ T8524] usb 2-1: device descriptor read/64, error -71 [ 657.779724][ T25] usb 3-1: USB disconnect, device number 33 [ 657.810586][ T8524] usb usb2-port1: attempt power cycle [ 657.902685][T12262] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1778'. [ 658.290803][ T8524] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 658.324496][ T8524] usb 2-1: device descriptor read/8, error -71 [ 659.315175][ T5842] usb 6-1: new low-speed USB device number 21 using dummy_hcd [ 659.316076][T12272] cgroup: none used incorrectly [ 659.909369][ T8524] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 660.025011][T12272] orangefs_mount: mount request failed with -4 [ 660.112832][ T8524] usb 2-1: device descriptor read/8, error -71 [ 660.155355][ T5842] usb 6-1: device descriptor read/8, error -71 [ 660.279251][T12278] SET target dimension over the limit! [ 660.286505][ T8524] usb usb2-port1: unable to enumerate USB device [ 661.765452][ T25] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 661.820489][T12295] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1787'. [ 661.820520][T12295] netlink: 272 bytes leftover after parsing attributes in process `syz.1.1787'. [ 661.820557][T12295] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1787'. [ 661.923994][ T25] usb 4-1: Using ep0 maxpacket: 32 [ 661.928774][ T25] usb 4-1: unable to get BOS descriptor or descriptor too short [ 661.930468][ T25] usb 4-1: config 12 has an invalid interface number: 184 but max is 0 [ 661.930501][ T25] usb 4-1: config 12 has no interface number 0 [ 661.930538][ T25] usb 4-1: config 12 interface 184 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 16 [ 661.936020][ T25] usb 4-1: New USB device found, idVendor=0499, idProduct=100d, bcdDevice=84.a2 [ 661.936057][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.936084][ T25] usb 4-1: Product: syz [ 661.936104][ T25] usb 4-1: Manufacturer: syz [ 661.936124][ T25] usb 4-1: SerialNumber: syz [ 661.997256][T12279] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 662.638773][ T25] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 662.783682][ T5842] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 662.917647][ T25] usb 4-1: USB disconnect, device number 31 [ 662.975490][ T5842] usb 6-1: Using ep0 maxpacket: 16 [ 662.982713][ T5842] usb 6-1: config 0 has an invalid descriptor of length 244, skipping remainder of the config [ 663.010486][ T5842] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 663.042167][ T5842] usb 6-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00 [ 663.057943][ T5842] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.082224][ T5842] usb 6-1: config 0 descriptor?? [ 663.694972][ T5843] Bluetooth: hci5: command 0x0c1a tx timeout [ 663.916886][T12308] [U] ^C [ 664.266608][ T5842] usb 6-1: string descriptor 0 read error: -71 [ 664.274953][ T5842] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 664.284107][ T5842] usb 6-1: USB disconnect, device number 23 [ 664.425498][ T8524] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 664.670271][T12330] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1800'. [ 664.679614][T12330] netlink: 272 bytes leftover after parsing attributes in process `syz.6.1800'. [ 664.689201][T12330] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1800'. [ 664.774192][ T8524] usb 3-1: Using ep0 maxpacket: 16 [ 664.810048][T12333] batadv1: entered promiscuous mode [ 664.815694][T12333] batadv1: entered allmulticast mode [ 664.822295][T12333] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 664.900246][ T8524] usb 3-1: unable to get BOS descriptor or descriptor too short [ 664.965347][ T8524] usb 3-1: config 7 has an invalid interface number: 151 but max is 0 [ 665.003473][ T8524] usb 3-1: config 7 has no interface number 0 [ 665.034410][ T8524] usb 3-1: config 7 interface 151 has no altsetting 0 [ 665.085469][ T8524] usb 3-1: New USB device found, idVendor=0c45, idProduct=628e, bcdDevice=d9.8d [ 665.125251][ T8524] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 665.187297][ T8524] usb 3-1: Product: syz [ 665.210915][ T8524] usb 3-1: Manufacturer: syz [ 665.384579][ T8524] usb 3-1: SerialNumber: syz [ 665.636527][ T8524] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628e [ 665.665375][ T8524] gspca_sn9c20x: Write register 1000 failed -71 [ 665.746724][ T8524] gspca_sn9c20x: Device initialization failed [ 665.777089][ T8524] gspca_sn9c20x 3-1:7.151: probe with driver gspca_sn9c20x failed with error -71 [ 665.863676][ T8524] usb 3-1: USB disconnect, device number 34 [ 666.505103][T12339] tipc: Started in network mode [ 666.510065][T12339] tipc: Node identity ac14140f, cluster identity 4711 [ 666.543100][T12339] tipc: New replicast peer: 255.255.255.255 [ 666.573855][T12339] tipc: Enabled bearer , priority 10 [ 666.692796][T12351] netlink: 'syz.3.1807': attribute type 11 has an invalid length. [ 668.310692][ T8] tipc: Node number set to 2886997007 [ 670.285960][T12354] program syz.3.1807 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 670.297855][T12357] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1806'. [ 670.307585][T12357] netlink: 272 bytes leftover after parsing attributes in process `syz.1.1806'. [ 670.317151][T12357] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1806'. [ 674.515845][T12367] binder: BINDER_SET_CONTEXT_MGR already set [ 674.522020][T12367] binder: 12366:12367 ioctl 4018620d 20000040 returned -16 [ 675.549296][ T8524] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 675.770437][T12396] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1819'. [ 675.793681][ T8524] usb 7-1: Using ep0 maxpacket: 32 [ 675.798996][T12396] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1819'. [ 675.825604][ T8524] usb 7-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 675.851881][ T8524] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 675.879960][ T8524] usb 7-1: config 0 descriptor?? [ 675.898822][ T8524] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 675.976576][T12377] lo speed is unknown, defaulting to 1000 [ 676.036419][T12402] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1821'. [ 676.061375][T12402] nbd: nbd0 already in use [ 676.193905][ T5885] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 676.366234][ T5885] usb 4-1: unable to get BOS descriptor or descriptor too short [ 676.393293][ T5885] usb 4-1: not running at top speed; connect to a high speed hub [ 676.433929][ T5885] usb 4-1: config 0 has an invalid interface number: 93 but max is 0 [ 676.461430][ T5885] usb 4-1: config 0 has no interface number 0 [ 676.478204][ T5885] usb 4-1: config 0 interface 93 has no altsetting 0 [ 676.576098][T12407] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 676.720505][ T8524] gspca_nw80x: reg_r err -110 [ 676.726054][ T8524] nw80x 7-1:0.0: probe with driver nw80x failed with error -110 [ 676.761394][ T5885] usb 4-1: New USB device found, idVendor=2040, idProduct=721e, bcdDevice=5e.2b [ 676.893280][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 676.985070][ T5885] usb 4-1: Product: syz [ 677.412866][ T5885] usb 4-1: Manufacturer: syz [ 677.417827][ T5885] usb 4-1: SerialNumber: syz [ 677.431373][ T5885] usb 4-1: config 0 descriptor?? [ 677.645502][ T5885] usb 4-1: unknown interface protocol 0x1a, assuming v1 [ 677.652606][ T5885] usb 4-1: cannot find UAC_HEADER [ 677.812167][ T5885] snd-usb-audio 4-1:0.93: probe with driver snd-usb-audio failed with error -22 [ 677.852279][ T5885] usb 4-1: USB disconnect, device number 32 [ 677.993401][ T8524] usb 7-1: USB disconnect, device number 12 [ 678.450300][T12426] netlink: 'syz.2.1826': attribute type 1 has an invalid length. [ 679.569869][T12431] ptrace attach of ""[12437] was attempted by "./syz-executor exec"[12431] [ 679.715601][T12436] ptrace attach of ""[12440] was attempted by "./syz-executor exec"[12436] [ 679.727661][T12421] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1825'. [ 679.764647][T12442] sctp: [Deprecated]: syz.6.1831 (pid 12442) Use of int in max_burst socket option. [ 679.764647][T12442] Use struct sctp_assoc_value instead [ 680.217502][T12448] capability: warning: `syz.1.1833' uses 32-bit capabilities (legacy support in use) [ 680.255408][T12429] lo speed is unknown, defaulting to 1000 [ 680.834808][ T5842] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 681.005419][ T5842] usb 6-1: config index 0 descriptor too short (expected 10177, got 36) [ 681.031286][ T5842] usb 6-1: config 149 has too many interfaces: 137, using maximum allowed: 32 [ 681.061839][ T5842] usb 6-1: config 149 has an invalid descriptor of length 69, skipping remainder of the config [ 681.159702][ T5842] usb 6-1: config 149 has 0 interfaces, different from the descriptor's value: 137 [ 681.359819][ T5842] usb 6-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 681.532335][ T5842] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 682.274059][ T5842] usb 6-1: can't set config #149, error -71 [ 682.283155][ T5842] usb 6-1: USB disconnect, device number 24 [ 682.910426][T12469] batadv1: entered promiscuous mode [ 682.915933][T12469] batadv1: entered allmulticast mode [ 682.924886][T12469] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 683.784243][ T5842] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 683.955844][ T5842] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 683.973421][ T5842] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 683.993745][ T5842] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 684.013611][ T5842] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.283063][ T5842] usb 6-1: config 0 descriptor?? [ 684.310273][T12479] ptrace attach of ""[12481] was attempted by "./syz-executor exec"[12479] [ 684.644424][ T5842] usbhid 6-1:0.0: can't add hid device: -71 [ 684.650586][ T5842] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 684.660608][ T5842] usb 6-1: USB disconnect, device number 25 [ 684.750754][T12496] sctp: [Deprecated]: syz.6.1845 (pid 12496) Use of int in max_burst socket option. [ 684.750754][T12496] Use struct sctp_assoc_value instead [ 686.085865][T12515] netlink: 'syz.1.1849': attribute type 11 has an invalid length. [ 690.872290][T12543] sctp: [Deprecated]: syz.2.1857 (pid 12543) Use of int in max_burst socket option. [ 690.872290][T12543] Use struct sctp_assoc_value instead [ 691.821751][T12550] batadv1: entered promiscuous mode [ 691.827225][T12550] batadv1: entered allmulticast mode [ 691.835665][T12550] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 691.910286][T12551] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 692.344035][ T8524] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 693.340758][ T8524] usb 7-1: device descriptor read/64, error -71 [ 693.513901][ T8] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 693.803855][ T8524] usb 7-1: new full-speed USB device number 14 using dummy_hcd [ 694.115163][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 694.125518][ T8] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 694.149354][ T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 694.212759][ T8] usb 2-1: New USB device strings: Mfr=45, Product=63, SerialNumber=3 [ 694.223731][ T8] usb 2-1: Product: syz [ 694.227942][ T8] usb 2-1: Manufacturer: syz [ 694.232571][ T8] usb 2-1: SerialNumber: syz [ 694.267875][ T8] usb 2-1: config 0 descriptor?? [ 694.884065][T12570] FAULT_INJECTION: forcing a failure. [ 694.884065][T12570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 694.932915][T12570] CPU: 0 UID: 0 PID: 12570 Comm: syz.6.1866 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 694.943753][T12570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 694.953857][T12570] Call Trace: [ 694.957170][T12570] [ 694.960132][T12570] dump_stack_lvl+0x241/0x360 [ 694.964862][T12570] ? __pfx_dump_stack_lvl+0x10/0x10 [ 694.970110][T12570] ? __pfx__printk+0x10/0x10 [ 694.974755][T12570] should_fail_ex+0x3b0/0x4e0 [ 694.979488][T12570] _copy_from_user+0x2f/0xc0 [ 694.984123][T12570] memdup_user+0x64/0xc0 [ 694.988413][T12570] nvram_misc_write+0x82/0xd0 [ 694.990591][T12571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 694.993118][T12570] vfs_writev+0x5a9/0xba0 [ 695.001744][T12571] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 695.005769][T12570] ? __pfx_nvram_misc_write+0x10/0x10 [ 695.018894][T12570] ? __pfx_vfs_writev+0x10/0x10 [ 695.021858][T12571] xt_hashlimit: overflow, try lower: 0/0 [ 695.023760][T12570] ? vfs_write+0x730/0xd30 [ 695.023809][T12570] ? __fget_files+0x2a/0x410 [ 695.023835][T12570] ? __fget_files+0x395/0x410 [ 695.023856][T12570] ? __fget_files+0x2a/0x410 [ 695.023889][T12570] __x64_sys_pwritev+0x1b7/0x2d0 [ 695.045679][ T5884] usb 2-1: USB disconnect, device number 54 [ 695.047777][T12570] ? __pfx___x64_sys_pwritev+0x10/0x10 [ 695.064096][T12570] ? do_syscall_64+0x100/0x230 [ 695.068875][T12570] ? do_syscall_64+0xb6/0x230 [ 695.073566][T12570] do_syscall_64+0xf3/0x230 [ 695.078088][T12570] ? clear_bhb_loop+0x35/0x90 [ 695.082786][T12570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.088726][T12570] RIP: 0033:0x7f186e585d29 [ 695.093154][T12570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 695.112770][T12570] RSP: 002b:00007f186f392038 EFLAGS: 00000246 ORIG_RAX: 0000000000000128 [ 695.121196][T12570] RAX: ffffffffffffffda RBX: 00007f186e775fa0 RCX: 00007f186e585d29 [ 695.129174][T12570] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000003 [ 695.137157][T12570] RBP: 00007f186f392090 R08: 0000000000000000 R09: 0000000000000000 [ 695.145136][T12570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 695.153110][T12570] R13: 0000000000000000 R14: 00007f186e775fa0 R15: 00007ffee8c9bf68 [ 695.161100][T12570] [ 695.683692][ T8] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 696.759698][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 696.772423][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 696.783438][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 696.838916][ T8] usb 4-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 696.901174][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 696.985338][ T8] usb 4-1: config 0 descriptor?? [ 697.485597][ T8] hid-led 0003:1294:1320.0010: hidraw0: USB HID vff.fe Device [HID 1294:1320] on usb-dummy_hcd.3-1/input0 [ 697.504845][ T8] hid-led 0003:1294:1320.0010: Riso Kagaku Webmail Notifier initialized [ 697.818046][T12569] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 697.827287][T12569] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 698.651353][T12605] random: crng reseeded on system resumption [ 699.374421][T12621] sctp: [Deprecated]: syz.2.1878 (pid 12621) Use of int in max_burst socket option. [ 699.374421][T12621] Use struct sctp_assoc_value instead [ 700.022806][ T8524] usb 4-1: USB disconnect, device number 33 [ 700.054644][ T25] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 700.160369][ T3514] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38) [ 700.233860][ T3514] leds riso_kagaku0:green: Setting an LED's brightness failed (-38) [ 700.248254][ T3514] leds riso_kagaku0:red: Setting an LED's brightness failed (-38) [ 700.456385][ T25] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 700.467569][T12631] netlink: 'syz.3.1880': attribute type 11 has an invalid length. [ 700.903820][T12634] netlink: 'syz.6.1881': attribute type 1 has an invalid length. [ 701.176394][ T25] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 701.216090][ T25] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 701.225527][ T25] usb 6-1: New USB device strings: Mfr=45, Product=63, SerialNumber=3 [ 701.241039][T12638] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1882'. [ 702.224716][ T25] usb 6-1: Product: syz [ 702.229851][ T25] usb 6-1: Manufacturer: syz [ 702.234737][ T25] usb 6-1: SerialNumber: syz [ 702.324695][ T25] usb 6-1: config 0 descriptor?? [ 702.599066][ T8] usb 6-1: USB disconnect, device number 26 [ 702.818999][T12645] ptrace attach of ""[12650] was attempted by "./syz-executor exec"[12645] [ 702.878162][T12652] FAULT_INJECTION: forcing a failure. [ 702.878162][T12652] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 702.966509][T12652] CPU: 0 UID: 0 PID: 12652 Comm: syz.5.1886 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 702.977345][T12652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 702.987434][T12652] Call Trace: [ 702.990746][T12652] [ 702.993706][T12652] dump_stack_lvl+0x241/0x360 [ 702.998439][T12652] ? __pfx_dump_stack_lvl+0x10/0x10 [ 703.003677][T12652] ? __pfx__printk+0x10/0x10 [ 703.008329][T12652] should_fail_ex+0x3b0/0x4e0 [ 703.013046][T12652] _copy_from_user+0x2f/0xc0 [ 703.017683][T12652] move_addr_to_kernel+0x82/0x150 [ 703.022759][T12652] copy_msghdr_from_user+0x43e/0x680 [ 703.028096][T12652] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 703.033948][T12652] ? __fget_files+0x2a/0x410 [ 703.038573][T12652] ? __fget_files+0x2a/0x410 [ 703.043212][T12652] __sys_sendmmsg+0x32b/0x720 [ 703.047942][T12652] ? __pfx___sys_sendmmsg+0x10/0x10 [ 703.053198][T12652] ? __pfx_lock_release+0x10/0x10 [ 703.058257][T12652] ? kstrtouint_from_user+0x128/0x190 [ 703.063690][T12652] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 703.069639][T12652] ? ksys_write+0x22a/0x2b0 [ 703.074186][T12652] ? __pfx_lock_release+0x10/0x10 [ 703.079281][T12652] ? vfs_write+0x730/0xd30 [ 703.083753][T12652] ? __mutex_unlock_slowpath+0x21e/0x790 [ 703.089454][T12652] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 703.095472][T12652] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 703.101839][T12652] ? do_syscall_64+0x100/0x230 [ 703.106735][T12652] __x64_sys_sendmmsg+0xa0/0xb0 [ 703.111626][T12652] do_syscall_64+0xf3/0x230 [ 703.116165][T12652] ? clear_bhb_loop+0x35/0x90 [ 703.120880][T12652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 703.126825][T12652] RIP: 0033:0x7ff971785d29 [ 703.131272][T12652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.150916][T12652] RSP: 002b:00007ff972603038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 703.159369][T12652] RAX: ffffffffffffffda RBX: 00007ff971975fa0 RCX: 00007ff971785d29 [ 703.167375][T12652] RDX: 0000000000000002 RSI: 0000000020000040 RDI: 0000000000000003 [ 703.175379][T12652] RBP: 00007ff972603090 R08: 0000000000000000 R09: 0000000000000000 [ 703.183378][T12652] R10: 0000000004008040 R11: 0000000000000246 R12: 0000000000000001 [ 703.191374][T12652] R13: 0000000000000000 R14: 00007ff971975fa0 R15: 00007ffcb9dca628 [ 703.199390][T12652] [ 703.421661][ T25] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 703.966524][T12667] batadv1: entered promiscuous mode [ 703.973118][T12667] batadv1: entered allmulticast mode [ 703.987021][T12667] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 705.212607][ T1162] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 706.551284][T12683] netlink: 'syz.6.1895': attribute type 1 has an invalid length. [ 707.070081][T12691] overlayfs: missing 'workdir' [ 707.887065][ T5884] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 707.990816][T12704] dccp_v6_rcv: dropped packet with invalid checksum [ 708.074034][ T5884] usb 2-1: Using ep0 maxpacket: 8 [ 708.105532][ T5884] usb 2-1: config 0 has an invalid interface number: 186 but max is 0 [ 708.113796][ T5884] usb 2-1: config 0 has no interface number 0 [ 708.130276][ T5884] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 708.172460][ T5884] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 708.203596][ T5884] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 708.227288][ T5884] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 708.275894][ T5884] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 708.287318][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 708.344195][T12710] netlink: 216 bytes leftover after parsing attributes in process `syz.3.1904'. [ 708.357589][ T5884] usb 2-1: Product: syz [ 708.361915][ T5884] usb 2-1: Manufacturer: syz [ 708.366662][ T5884] usb 2-1: SerialNumber: syz [ 708.372310][T12710] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1904'. [ 708.422362][ T5884] usb 2-1: config 0 descriptor?? [ 708.433677][T12710] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1904'. [ 708.712717][ T5884] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0 [ 709.004594][T12717] netlink: 'syz.6.1905': attribute type 11 has an invalid length. [ 709.553068][T12701] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 709.600095][ T25] usb 2-1: USB disconnect, device number 56 [ 709.947578][T12724] batadv1: entered promiscuous mode [ 709.952994][T12724] batadv1: entered allmulticast mode [ 710.278752][T12724] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 710.792286][ T11] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 710.802170][ T11] batman_adv: batadv1: adding TT local entry 01:00:5e:00:00:01 to non-existent VLAN -1 [ 711.444040][T12747] netlink: 96 bytes leftover after parsing attributes in process `syz.5.1915'. [ 711.615003][ T5842] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 711.758348][ T5842] usb 4-1: device descriptor read/64, error -71 [ 712.015020][ T5842] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 712.038142][T12760] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 712.072553][T12762] program syz.5.1919 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 712.174169][ T5842] usb 4-1: device descriptor read/64, error -71 [ 712.290544][ T5842] usb usb4-port1: attempt power cycle [ 713.247139][T12772] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 713.845465][ T5842] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 714.047326][ T5842] usb 4-1: device descriptor read/8, error -71 [ 714.293693][ T5842] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 714.449072][ T5842] usb 4-1: device descriptor read/8, error -71 [ 715.460216][ T5842] usb usb4-port1: unable to enumerate USB device [ 715.461500][ T29] audit: type=1326 audit(1737226514.547:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12793 comm="syz.6.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186e585d29 code=0x7ffc0000 [ 715.564559][ T29] audit: type=1326 audit(1737226514.547:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12793 comm="syz.6.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186e585d29 code=0x7ffc0000 [ 715.644723][ T29] audit: type=1326 audit(1737226514.547:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12793 comm="syz.6.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f186e585d29 code=0x7ffc0000 [ 715.959272][ T29] audit: type=1326 audit(1737226514.547:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12793 comm="syz.6.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186e585d29 code=0x7ffc0000 [ 715.981300][ T29] audit: type=1326 audit(1737226514.547:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12793 comm="syz.6.1929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7f186e585d29 code=0x7ffc0000 [ 716.054706][T12800] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1931'. [ 716.271902][T12803] netlink: 'syz.5.1932': attribute type 8 has an invalid length. [ 717.043631][ T5842] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 717.221600][ T5842] usb 6-1: Using ep0 maxpacket: 16 [ 717.237850][ T5842] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 717.246471][ T5842] usb 6-1: config 0 has no interface number 0 [ 717.263713][ T5842] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 717.311884][ T5842] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 717.355602][ T5842] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 717.371679][ T5842] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 717.417516][ T5842] usb 6-1: Product: syz [ 717.433575][ T5842] usb 6-1: SerialNumber: syz [ 717.447118][T12829] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1940'. [ 717.453380][ T5842] usb 6-1: config 0 descriptor?? [ 717.458153][T12829] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1940'. [ 717.482845][ T5842] cm109 6-1:0.8: invalid payload size 0, expected 4 [ 717.503896][ T5842] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.8/input/input15 [ 717.650386][T12828] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1941'. [ 717.688221][T12807] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1933'. [ 717.725124][T12807] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1933'. [ 717.740577][T12810] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1933'. [ 717.763646][T12810] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1933'. [ 718.223544][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 718.224377][ T5884] usb 6-1: USB disconnect, device number 27 [ 718.230909][ C0] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 718.856591][T12851] program syz.1.1946 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 718.928899][ T5884] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 719.393091][T12864] netlink: 'syz.5.1951': attribute type 11 has an invalid length. [ 719.517109][T12867] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1949'. [ 720.732531][T12876] Process accounting resumed [ 723.530192][T12903] ptrace attach of ""[12910] was attempted by "./syz-executor exec"[12903] [ 723.629566][T12907] netlink: 'syz.1.1963': attribute type 11 has an invalid length. [ 723.639093][T12912] netlink: 'syz.3.1965': attribute type 11 has an invalid length. [ 725.723419][ T25] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 725.882290][T12921] 9pnet_fd: Insufficient options for proto=fd [ 725.893906][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 725.925047][ T25] usb 3-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 726.041435][ T25] usb 3-1: config 6 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 726.231821][ T25] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 726.281138][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 726.311843][ T25] usb 3-1: Product: syz [ 726.385382][ T25] usb 3-1: Manufacturer: syz [ 726.407641][ T25] usb 3-1: SerialNumber: syz [ 726.462508][ T25] hso 3-1:6.0: Can't find BULK IN endpoint [ 727.114737][ T8] usb 3-1: USB disconnect, device number 35 [ 729.263660][ T8] usb 3-1: new low-speed USB device number 36 using dummy_hcd [ 729.339808][T12954] FAULT_INJECTION: forcing a failure. [ 729.339808][T12954] name failslab, interval 1, probability 0, space 0, times 0 [ 729.353332][T12954] CPU: 0 UID: 0 PID: 12954 Comm: syz.5.1974 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 729.364142][T12954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 729.374235][T12954] Call Trace: [ 729.377543][T12954] [ 729.380502][T12954] dump_stack_lvl+0x241/0x360 [ 729.385229][T12954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 729.390474][T12954] ? __pfx__printk+0x10/0x10 [ 729.395116][T12954] ? sig_get_ucounts+0x26/0x450 [ 729.400018][T12954] should_fail_ex+0x3b0/0x4e0 [ 729.404737][T12954] should_failslab+0xac/0x100 [ 729.409464][T12954] ? __send_signal_locked+0x245/0xe90 [ 729.414877][T12954] kmem_cache_alloc_noprof+0x70/0x380 [ 729.420292][T12954] ? sig_get_ucounts+0x3d4/0x450 [ 729.425275][T12954] __send_signal_locked+0x245/0xe90 [ 729.430523][T12954] group_send_sig_info+0x292/0x310 [ 729.435682][T12954] ? __pfx_group_send_sig_info+0x10/0x10 [ 729.441364][T12954] bpf_send_signal_common+0x3c4/0x630 [ 729.446778][T12954] ? __pfx_bpf_send_signal_common+0x10/0x10 [ 729.452717][T12954] ? __pfx___cant_migrate+0x10/0x10 [ 729.457991][T12954] ? bpf_trace_run4+0x244/0x590 [ 729.462902][T12954] bpf_send_signal+0x1d/0x30 [ 729.467537][T12954] bpf_prog_9fbc3d1d47c9b36c+0x23/0x2a [ 729.473033][T12954] bpf_trace_run4+0x334/0x590 [ 729.477770][T12954] ? __pfx_bpf_trace_run4+0x10/0x10 [ 729.483027][T12954] ? get_mm_memcg_path+0x25a/0x350 [ 729.488191][T12954] __mmap_lock_do_trace_acquire_returned+0x2a3/0x300 [ 729.494917][T12954] ? __pfx_lock_acquire+0x10/0x10 [ 729.499977][T12954] ? __pfx___mmap_lock_do_trace_acquire_returned+0x10/0x10 [ 729.507254][T12954] ? __pfx_down_read_trylock+0x10/0x10 [ 729.512757][T12954] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 729.518777][T12954] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 729.525163][T12954] lock_mm_and_find_vma+0x213/0x2f0 [ 729.530414][T12954] exc_page_fault+0x1bf/0x8b0 [ 729.535168][T12954] asm_exc_page_fault+0x26/0x30 [ 729.540074][T12954] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 729.545922][T12954] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 729.565564][T12954] RSP: 0018:ffffc9000b15f6b8 EFLAGS: 00050202 [ 729.571681][T12954] RAX: ffffffff84b82501 RBX: ffff888044e60010 RCX: 000000000000f02b [ 729.579700][T12954] RDX: 0000000000000001 RSI: 0000000020001000 RDI: ffff888044e60fd0 [ 729.587701][T12954] RBP: ffffc9000b15f830 R08: ffff888044e6fffa R09: 1ffff110089cdfff [ 729.595706][T12954] R10: dffffc0000000000 R11: ffffed10089ce000 R12: ffffc9000b15fde8 [ 729.603714][T12954] R13: 1ffff9200162bfbb R14: 000000000000ffeb R15: 0000000020000040 [ 729.611731][T12954] ? _copy_from_iter+0x221/0x1c20 [ 729.616812][T12954] _copy_from_iter+0x268/0x1c20 [ 729.621709][T12954] ? __virt_addr_valid+0x183/0x530 [ 729.626880][T12954] ? __pfx__copy_from_iter+0x10/0x10 [ 729.632219][T12954] ? __virt_addr_valid+0x183/0x530 [ 729.637376][T12954] ? __virt_addr_valid+0x183/0x530 [ 729.642523][T12954] ? __virt_addr_valid+0x45f/0x530 [ 729.647684][T12954] ? __phys_addr_symbol+0x2f/0x70 [ 729.652752][T12954] ? __check_object_size+0x47a/0x730 [ 729.658080][T12954] raw_send_hdrinc+0x971/0x1660 [ 729.662955][T12954] ? __pfx_raw_send_hdrinc+0x10/0x10 [ 729.668259][T12954] raw_sendmsg+0x198e/0x2430 [ 729.672898][T12954] ? __pfx_raw_sendmsg+0x10/0x10 [ 729.677868][T12954] ? smack_socket_sendmsg+0x40d/0x540 [ 729.683263][T12954] ? __pfx_lock_release+0x10/0x10 [ 729.688317][T12954] ? inet_sendmsg+0x330/0x390 [ 729.693017][T12954] __sock_sendmsg+0x1a6/0x270 [ 729.697719][T12954] __sys_sendto+0x363/0x4c0 [ 729.702244][T12954] ? __pfx___sys_sendto+0x10/0x10 [ 729.707276][T12954] ? __mutex_unlock_slowpath+0x21e/0x790 [ 729.712937][T12954] ? __fget_files+0x2a/0x410 [ 729.717542][T12954] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 729.723543][T12954] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 729.729894][T12954] __x64_sys_sendto+0xde/0x100 [ 729.734673][T12954] do_syscall_64+0xf3/0x230 [ 729.739185][T12954] ? clear_bhb_loop+0x35/0x90 [ 729.743875][T12954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 729.749785][T12954] RIP: 0033:0x7ff971785d29 [ 729.754212][T12954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 729.773825][T12954] RSP: 002b:00007ff972603038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 729.782253][T12954] RAX: ffffffffffffffda RBX: 00007ff971975fa0 RCX: 00007ff971785d29 [ 729.790241][T12954] RDX: 000000000000ffeb RSI: 0000000020000040 RDI: 0000000000000003 [ 729.798226][T12954] RBP: 00007ff972603090 R08: 0000000020000340 R09: 0000000000000010 [ 729.806208][T12954] R10: 0000000000000b00 R11: 0000000000000246 R12: 0000000000000001 [ 729.814185][T12954] R13: 0000000000000000 R14: 00007ff971975fa0 R15: 00007ffcb9dca628 [ 729.822197][T12954] [ 729.883799][ T8] usb 3-1: Invalid ep0 maxpacket: 64 [ 729.884403][T12952] ptrace attach of ""[12958] was attempted by "./syz-executor exec"[12952] [ 729.941669][T12957] netlink: 'syz.1.1977': attribute type 11 has an invalid length. [ 730.753650][ T8] usb 3-1: new low-speed USB device number 37 using dummy_hcd [ 731.173937][T12968] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1980'. [ 731.324046][T12563] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 731.496759][T12563] usb 6-1: config 0 interface 0 has no altsetting 0 [ 731.526603][T12563] usb 6-1: New USB device found, idVendor=056a, idProduct=00ce, bcdDevice= 0.00 [ 731.562095][T12563] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 732.000389][ T9] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 732.161495][T12563] usb 6-1: config 0 descriptor?? [ 733.639877][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 733.668046][ T9] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 733.685364][ T9] usb 7-1: config 0 has no interface number 0 [ 733.754826][ T9] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 733.764181][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.772924][ T9] usb 7-1: Product: syz [ 733.777227][ T9] usb 7-1: Manufacturer: syz [ 733.781885][ T9] usb 7-1: SerialNumber: syz [ 733.802148][ T9] usb 7-1: config 0 descriptor?? [ 733.810103][ T9] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 734.002964][T12563] usb 6-1: USB disconnect, device number 28 [ 734.063707][T13001] ptrace attach of ""[13003] was attempted by "./syz-executor exec"[13001] [ 734.448436][ T9] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 734.464991][ T9] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 735.521331][ C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 735.523164][T12563] usb 7-1: USB disconnect, device number 15 [ 735.617835][T12563] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 735.683655][ T8] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 735.833835][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 735.860761][ T8] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 735.922640][T12563] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 735.934332][T12563] quatech2 7-1:0.51: device disconnected [ 735.934973][ T8] usb 4-1: config 0 has no interface number 0 [ 735.971316][ T8] usb 4-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 735.983149][ T8] usb 4-1: config 0 interface 1 has no altsetting 0 [ 736.241501][T13026] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 736.584829][ T8] usb 4-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 736.594139][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 736.602183][ T8] usb 4-1: Product: syz [ 736.606454][ T8] usb 4-1: Manufacturer: syz [ 736.611079][ T8] usb 4-1: SerialNumber: syz [ 736.617849][ T8] usb 4-1: config 0 descriptor?? [ 737.043125][ T8] cx231xx 4-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 737.056331][ T8] cx231xx 4-1:0.1: Failed to read PCB config [ 737.062457][ T8] cx231xx 4-1:0.1: probe with driver cx231xx failed with error -71 [ 737.085624][ T8] usb 4-1: USB disconnect, device number 38 [ 737.983724][ T8] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 738.170005][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 738.197145][ T8] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 738.216915][ T8] usb 4-1: config 0 has no interface number 0 [ 738.236012][ T8] usb 4-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 738.279881][ T8] usb 4-1: config 0 interface 1 has no altsetting 0 [ 738.313055][ T8] usb 4-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 738.333672][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 738.358501][T13050] ptrace attach of ""[13052] was attempted by "./syz-executor exec"[13050] [ 738.367448][ T8] usb 4-1: Product: syz [ 738.371652][ T8] usb 4-1: Manufacturer: syz [ 738.609645][ T8] usb 4-1: SerialNumber: syz [ 738.617184][ T8] usb 4-1: config 0 descriptor?? [ 738.895071][T13061] netlink: 1788 bytes leftover after parsing attributes in process `syz.5.2005'. [ 739.627702][T13064] netlink: 'syz.2.2006': attribute type 11 has an invalid length. [ 739.963382][T13063] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 740.356782][ T8] usb 4-1: can't set config #0, error -71 [ 740.364373][ T8] usb 4-1: USB disconnect, device number 39 [ 740.983639][ T8] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 741.064533][T13083] netlink: 'syz.1.2015': attribute type 10 has an invalid length. [ 741.123863][ T8] usb 4-1: device descriptor read/64, error -71 [ 742.181972][T13095] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 742.223755][ T8] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 742.373663][ T8] usb 4-1: device descriptor read/64, error -71 [ 742.484144][ T8] usb usb4-port1: attempt power cycle [ 742.659841][T13105] Invalid logical block size (1426063360) [ 742.863818][ T8] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 742.934563][ T8] usb 4-1: device descriptor read/8, error -71 [ 743.384156][ T8] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 743.649912][T13112] pimreg: entered allmulticast mode [ 743.687741][ T8] usb 4-1: device descriptor read/8, error -71 [ 743.823852][ T8] usb usb4-port1: unable to enumerate USB device [ 744.408810][T13121] netlink: 'syz.3.2027': attribute type 32 has an invalid length. [ 744.446004][T13121] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2027'. [ 744.493979][T13121] (unnamed net_device) (uninitialized): option coupled_control: invalid value (170) [ 744.736141][T13127] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 744.863722][ T5884] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 745.025479][ T5884] usb 4-1: Using ep0 maxpacket: 32 [ 745.128769][ T5884] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 745.160466][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 745.236141][ T5884] usb 4-1: config 0 descriptor?? [ 745.437822][T13144] Invalid source name [ 745.898444][ T5884] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 745.950356][ T5884] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 746.014680][ T5884] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 746.021898][ T5884] usb 4-1: media controller created [ 746.102269][ T5884] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 746.218609][T13152] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2039'. [ 746.218653][T13152] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2039'. [ 747.956328][ T5884] az6027: usb out operation failed. (-71) [ 747.962314][ T5884] stb0899_attach: Driver disabled by Kconfig [ 747.974456][ T5884] az6027: no front-end attached [ 747.974456][ T5884] [ 747.997346][ T5884] az6027: usb out operation failed. (-71) [ 748.020399][ T5884] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 748.054165][ T5884] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input16 [ 748.097742][T13170] 9pnet_fd: Insufficient options for proto=fd [ 748.109682][ T5884] dvb-usb: schedule remote query interval to 400 msecs. [ 748.135831][ T5884] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 748.174014][ T5884] usb 4-1: USB disconnect, device number 44 [ 748.279807][ T5884] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 749.811650][T13192] kvm: vcpu 0: requested 370 ns lapic timer period limited to 200000 ns [ 749.834889][T13192] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3991866543 (7983733086 ns) > initial count (4279149104 ns). Using initial count to start timer. [ 750.316018][T13201] netlink: 'syz.3.2054': attribute type 11 has an invalid length. [ 750.737944][T13206] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 751.284188][T13208] overlayfs: overlapping lowerdir path [ 753.101628][T13219] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 753.903849][ T8] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 754.063594][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 754.084014][ T8] usb 4-1: New USB device found, idVendor=0413, idProduct=6029, bcdDevice=b2.3d [ 754.115198][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.133580][ T8] usb 4-1: Product: syz [ 754.137865][ T8] usb 4-1: Manufacturer: syz [ 754.142489][ T8] usb 4-1: SerialNumber: syz [ 754.159729][ T8] usb 4-1: config 0 descriptor?? [ 754.213781][T13209] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 754.366642][T13209] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 754.747011][T13209] bond0 (unregistering): Released all slaves [ 754.832322][T13214] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2059'. [ 754.849237][T13214] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2059'. [ 754.860688][T13214] netlink: 'syz.3.2059': attribute type 6 has an invalid length. [ 754.922824][ T8] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 754.931143][ T8] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 754.954613][ T8] usb 4-1: USB disconnect, device number 45 [ 755.672551][T13235] ipt_rpfilter: unknown options [ 755.689329][T13235] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2063'. [ 756.276837][T13240] block nbd1: Dead connection, failed to find a fallback [ 756.277017][T13240] block nbd1: shutting down sockets [ 756.277142][T13240] blk_print_req_error: 48 callbacks suppressed [ 756.277184][T13240] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.277297][T13240] buffer_io_error: 40 callbacks suppressed [ 756.277337][T13240] Buffer I/O error on dev nbd1, logical block 0, async page read [ 756.278401][T13240] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.278486][T13240] Buffer I/O error on dev nbd1, logical block 0, async page read [ 756.279063][T13240] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.279174][T13240] Buffer I/O error on dev nbd1, logical block 0, async page read [ 756.281075][T13240] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.281161][T13240] Buffer I/O error on dev nbd1, logical block 0, async page read [ 756.281841][T13240] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.281953][T13240] Buffer I/O error on dev nbd1, logical block 0, async page read [ 756.282683][T13240] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.282766][T13240] Buffer I/O error on dev nbd1, logical block 0, async page read [ 756.283472][T13240] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.283678][T13240] Buffer I/O error on dev nbd1, logical block 0, async page read [ 756.284295][T13240] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.284378][T13240] Buffer I/O error on dev nbd1, logical block 0, async page read [ 756.284704][T13240] ldm_validate_partition_table(): Disk read failed. [ 756.285080][T13240] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.285166][T13240] Buffer I/O error on dev nbd1, logical block 0, async page read [ 756.285732][T13240] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 756.285818][T13240] Buffer I/O error on dev nbd1, logical block 0, async page read [ 756.287082][T13240] Dev nbd1: unable to read RDB block 0 [ 756.292247][T13240] nbd1: unable to read partition table [ 756.336048][T13240] netlink: 'syz.1.2065': attribute type 1 has an invalid length. [ 756.336147][T13240] netlink: 'syz.1.2065': attribute type 3 has an invalid length. [ 756.336190][T13240] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2065'. [ 757.537598][T13252] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2066'. [ 758.377601][T13249] netlink: 'syz.1.2069': attribute type 11 has an invalid length. [ 758.566787][T13259] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 758.669051][T12563] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 758.676817][T13259] IPv6: NLM_F_CREATE should be set when creating new route [ 758.761055][T13262] overlayfs: overlapping lowerdir path [ 758.877600][T13265] netlink: 'syz.6.2072': attribute type 11 has an invalid length. [ 759.238049][T12563] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 759.258863][T12563] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 759.420145][T12563] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 759.926811][T12563] usb 6-1: config 0 descriptor?? [ 760.647174][T12563] usbhid 6-1:0.0: can't add hid device: -71 [ 760.653396][T12563] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 760.672164][T12563] usb 6-1: USB disconnect, device number 29 [ 760.694646][T13269] SET target dimension over the limit! [ 761.866225][T13283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2077'. [ 761.888966][T13283] overlayfs: failed to create directory ./bus/work (errno: 1); mounting read-only [ 761.899510][T13283] overlayfs: NFS export requires an index dir, falling back to nfs_export=off. [ 762.391035][T13285] usb usb1: usbfs: process 13285 (syz.2.2078) did not claim interface 1 before use [ 762.492384][T13289] ip6t_REJECT: ECHOREPLY is not supported [ 764.364561][T13304] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 766.067021][T13319] netlink: 'syz.3.2087': attribute type 11 has an invalid length. [ 766.337846][T13324] overlayfs: overlapping lowerdir path [ 768.174174][ T29] audit: type=1326 audit(1737226567.087:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13336 comm="syz.3.2092" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b40585d29 code=0x0 [ 768.218079][ T29] audit: type=1326 audit(1737226567.097:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13336 comm="syz.3.2092" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1b40585d29 code=0x0 [ 768.239930][ T5843] Bluetooth: hci5: command 0x0c1a tx timeout [ 769.249283][T13357] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 771.232090][T13374] netlink: 'syz.3.2103': attribute type 11 has an invalid length. [ 772.351873][T13382] Invalid logical block size (301989888) [ 773.736026][T13400] x_tables: unsorted underflow at hook 3 [ 774.596547][T13404] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2113'. [ 774.623811][T13404] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2113'. [ 776.691004][T13425] dccp_v6_rcv: dropped packet with invalid checksum [ 776.982569][T13413] lo speed is unknown, defaulting to 1000 [ 777.201972][T13434] netlink: 'syz.5.2119': attribute type 11 has an invalid length. [ 778.790745][T13440] netlink: 6 bytes leftover after parsing attributes in process `syz.5.2121'. [ 779.169765][T13449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 779.211136][T13449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 779.414755][ T5884] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 779.512197][T13455] Process accounting resumed [ 779.533666][T13455] FAULT_INJECTION: forcing a failure. [ 779.533666][T13455] name failslab, interval 1, probability 0, space 0, times 0 [ 779.577850][T13455] CPU: 1 UID: 0 PID: 13455 Comm: syz.2.2124 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 779.588702][T13455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 779.598799][T13455] Call Trace: [ 779.602115][T13455] [ 779.605079][T13455] dump_stack_lvl+0x241/0x360 [ 779.609805][T13455] ? __pfx_dump_stack_lvl+0x10/0x10 [ 779.615072][T13455] ? __pfx__printk+0x10/0x10 [ 779.619712][T13455] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 779.625132][T13455] ? __pfx___might_resched+0x10/0x10 [ 779.630480][T13455] should_fail_ex+0x3b0/0x4e0 [ 779.635236][T13455] should_failslab+0xac/0x100 [ 779.639965][T13455] __kmalloc_node_noprof+0xe1/0x4d0 [ 779.645210][T13455] ? __kvmalloc_node_noprof+0x72/0x190 [ 779.650720][T13455] ? do_raw_spin_unlock+0x13c/0x8b0 [ 779.655982][T13455] __kvmalloc_node_noprof+0x72/0x190 [ 779.661344][T13455] proc_sys_call_handler+0x45f/0x920 [ 779.666684][T13455] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 779.672542][T13455] __kernel_write_iter+0x42a/0x940 [ 779.677700][T13455] ? __lock_acquire+0x1397/0x2100 [ 779.682768][T13455] ? __pfx_proc_sys_write+0x10/0x10 [ 779.687998][T13455] ? __pfx___kernel_write_iter+0x10/0x10 [ 779.693663][T13455] ? iov_iter_kvec+0x4e/0x180 [ 779.698370][T13455] __kernel_write+0x120/0x180 [ 779.703071][T13455] ? __pfx___kernel_write+0x10/0x10 [ 779.708289][T13455] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 779.714215][T13455] do_acct_process+0x11ff/0x1870 [ 779.719203][T13455] ? __pfx_do_acct_process+0x10/0x10 [ 779.724527][T13455] ? __pfx___mutex_lock+0x10/0x10 [ 779.729590][T13455] ? _raw_spin_lock_irq+0xdf/0x120 [ 779.734733][T13455] acct_pin_kill+0x2b/0x130 [ 779.739252][T13455] pin_kill+0x2e1/0x5e0 [ 779.743428][T13455] ? trace_sys_enter+0x74/0x120 [ 779.748298][T13455] ? __pfx_pin_kill+0x10/0x10 [ 779.752992][T13455] ? __pfx_autoremove_wake_function+0x10/0x10 [ 779.759093][T13455] ? safesetid_security_capable+0xb2/0x1d0 [ 779.764934][T13455] ? bpf_lsm_capable+0x9/0x10 [ 779.769625][T13455] __se_sys_acct+0x2d2/0x760 [ 779.774331][T13455] do_syscall_64+0xf3/0x230 [ 779.778852][T13455] ? clear_bhb_loop+0x35/0x90 [ 779.783551][T13455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.789480][T13455] RIP: 0033:0x7efd98385d29 [ 779.793914][T13455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 779.813556][T13455] RSP: 002b:00007efd99181038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 779.821994][T13455] RAX: ffffffffffffffda RBX: 00007efd98575fa0 RCX: 00007efd98385d29 [ 779.829984][T13455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 779.837983][T13455] RBP: 00007efd99181090 R08: 0000000000000000 R09: 0000000000000000 [ 779.845972][T13455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 779.853957][T13455] R13: 0000000000000000 R14: 00007efd98575fa0 R15: 00007ffd9916c728 [ 779.861957][T13455] [ 779.881463][T13458] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2126'. [ 779.905067][ T5884] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 779.914595][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 779.922625][ T5884] usb 4-1: Product: syz [ 779.937438][ T5884] usb 4-1: Manufacturer: syz [ 779.942095][ T5884] usb 4-1: SerialNumber: syz [ 779.970756][ T5884] usb 4-1: config 0 descriptor?? [ 780.005600][ T5884] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 047 [ 780.159574][T13462] No such timeout policy "syz0" [ 780.218625][T13472] netlink: 'syz.5.2131': attribute type 11 has an invalid length. [ 781.320566][T13486] Invalid logical block size (1437270015) [ 781.564207][T13484] ptrace attach of "./syz-executor exec"[13490] was attempted by "./syz-executor exec"[13484] [ 782.339296][T13507] netlink: 'syz.5.2143': attribute type 1 has an invalid length. [ 783.096197][T13515] netlink: 'syz.1.2144': attribute type 1 has an invalid length. [ 783.186502][T13507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 783.247362][ T5884] i2c i2c-1: failure reading functionality [ 783.354211][ T5884] i2c i2c-1: connected i2c-tiny-usb device [ 783.364159][ T5884] usb 4-1: USB disconnect, device number 47 [ 783.539681][T13527] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2146'. [ 783.548987][T13527] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2146'. [ 783.602981][T13529] netlink: 'syz.5.2147': attribute type 32 has an invalid length. [ 783.633710][T13529] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2147'. [ 783.684373][T13529] (unnamed net_device) (uninitialized): option coupled_control: invalid value (170) [ 784.594081][ T59] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 785.803615][ T59] usb 6-1: Using ep0 maxpacket: 16 [ 785.810687][ T59] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 785.824372][ T59] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 785.878433][ T59] usb 6-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 785.919644][ T59] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 786.169183][ T59] usb 6-1: config 0 descriptor?? [ 786.452034][T13568] netlink: 216 bytes leftover after parsing attributes in process `syz.6.2158'. [ 786.452088][T13568] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2158'. [ 786.452140][T13568] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2158'. [ 786.819654][ T59] usbhid 6-1:0.0: can't add hid device: -71 [ 786.825216][T13575] netlink: 104 bytes leftover after parsing attributes in process `syz.6.2161'. [ 786.837579][ T59] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 786.921100][ T59] usb 6-1: USB disconnect, device number 30 [ 786.938103][T13576] pimreg3: entered allmulticast mode [ 787.343963][ T5884] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 787.550151][ T5884] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 787.607874][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 787.623553][ T5884] usb 2-1: Product: syz [ 787.628194][ T5884] usb 2-1: Manufacturer: syz [ 787.683671][ T5884] usb 2-1: SerialNumber: syz [ 787.694840][ T5884] usb 2-1: config 0 descriptor?? [ 787.787883][ T8] usb 7-1: new full-speed USB device number 16 using dummy_hcd [ 787.809697][T13580] lo speed is unknown, defaulting to 1000 [ 787.927086][ T5884] usb 2-1: USB disconnect, device number 57 [ 788.094286][ T9] usb 6-1: new full-speed USB device number 31 using dummy_hcd [ 788.252483][T13581] lo speed is unknown, defaulting to 1000 [ 788.295135][ T9] usb 6-1: config 1 has an invalid interface number: 16 but max is 0 [ 788.334370][ T9] usb 6-1: config 1 has no interface number 0 [ 788.416672][ T9] usb 6-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=53.f1 [ 788.570644][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.773242][ T9] usb 6-1: Product: syz [ 788.790296][ T9] usb 6-1: Manufacturer: syz [ 788.818251][ T9] usb 6-1: SerialNumber: syz [ 788.922456][ T8] usb 7-1: unable to get BOS descriptor or descriptor too short [ 788.933968][ T8] usb 7-1: no configurations [ 788.938621][ T8] usb 7-1: can't read configurations, error -22 [ 789.116921][T13585] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2164'. [ 791.047916][T12563] usb 6-1: USB disconnect, device number 31 [ 791.239382][T13612] netlink: 'syz.6.2172': attribute type 1 has an invalid length. [ 791.267828][T13612] netlink: 224 bytes leftover after parsing attributes in process `syz.6.2172'. [ 791.939184][T13620] netlink: 92 bytes leftover after parsing attributes in process `syz.3.2171'. [ 792.051903][T13622] FAULT_INJECTION: forcing a failure. [ 792.051903][T13622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 792.078981][T13622] CPU: 1 UID: 0 PID: 13622 Comm: syz.1.2174 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 792.089808][T13622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 792.099895][T13622] Call Trace: [ 792.103200][T13622] [ 792.106158][T13622] dump_stack_lvl+0x241/0x360 [ 792.110878][T13622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 792.116114][T13622] ? __pfx__printk+0x10/0x10 [ 792.120742][T13622] ? __pfx_lock_release+0x10/0x10 [ 792.125803][T13622] ? __lock_acquire+0x1397/0x2100 [ 792.130868][T13622] should_fail_ex+0x3b0/0x4e0 [ 792.135579][T13622] _copy_from_user+0x2f/0xc0 [ 792.140227][T13622] kstrtouint_from_user+0xc6/0x190 [ 792.145405][T13622] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 792.151158][T13622] ? __pfx_lock_acquire+0x10/0x10 [ 792.156227][T13622] proc_fail_nth_write+0xaa/0x2d0 [ 792.161291][T13622] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 792.167224][T13622] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 792.172900][T13622] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 792.178578][T13622] vfs_write+0x2a3/0xd30 [ 792.182873][T13622] ? __pfx_vfs_write+0x10/0x10 [ 792.187693][T13622] ? __fget_files+0x2a/0x410 [ 792.192311][T13622] ? __fget_files+0x395/0x410 [ 792.197013][T13622] ? __fget_files+0x2a/0x410 [ 792.201638][T13622] ksys_write+0x18f/0x2b0 [ 792.206012][T13622] ? __pfx_ksys_write+0x10/0x10 [ 792.210895][T13622] ? do_syscall_64+0x100/0x230 [ 792.215696][T13622] ? do_syscall_64+0xb6/0x230 [ 792.220400][T13622] do_syscall_64+0xf3/0x230 [ 792.224929][T13622] ? clear_bhb_loop+0x35/0x90 [ 792.229675][T13622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.235608][T13622] RIP: 0033:0x7f80ca9847df [ 792.240054][T13622] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 792.259701][T13622] RSP: 002b:00007f80cb880030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 792.268159][T13622] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80ca9847df [ 792.276167][T13622] RDX: 0000000000000001 RSI: 00007f80cb8800a0 RDI: 0000000000000005 [ 792.284174][T13622] RBP: 00007f80cb880090 R08: 0000000000000000 R09: 0000000000000000 [ 792.292175][T13622] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 792.300175][T13622] R13: 0000000000000000 R14: 00007f80cab76080 R15: 00007ffc01355078 [ 792.308197][T13622] [ 795.129771][T13651] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2183'. [ 795.138890][T13651] netlink: 272 bytes leftover after parsing attributes in process `syz.3.2183'. [ 795.148086][T13651] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2183'. [ 795.446290][T13657] overlayfs: failed to resolve './file1': -2 [ 795.529791][T13657] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 795.854276][ T5884] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 796.054813][ T5884] usb 6-1: Using ep0 maxpacket: 8 [ 796.064998][ T5884] usb 6-1: unable to get BOS descriptor or descriptor too short [ 796.078395][ T5884] usb 6-1: config 7 has an invalid interface number: 244 but max is 0 [ 796.091552][ T5884] usb 6-1: config 7 has no interface number 0 [ 796.108309][ T5884] usb 6-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=2a.4e [ 796.118433][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 796.128151][ T5884] usb 6-1: Product: syz [ 796.136744][ T5884] usb 6-1: Manufacturer: syz [ 796.143626][ T5884] usb 6-1: SerialNumber: syz [ 796.405257][T13674] batadv1: entered promiscuous mode [ 796.410529][T13674] batadv1: entered allmulticast mode [ 796.417658][T13674] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 799.037956][T13682] netlink: 'syz.3.2193': attribute type 11 has an invalid length. [ 800.248075][ T5884] mdc800 6-1:7.244: probe fails -> wrong Interface [ 800.264756][ T5884] usb 6-1: USB disconnect, device number 32 [ 802.276741][T13710] netlink: 'syz.2.2198': attribute type 11 has an invalid length. [ 802.641450][T13717] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2202'. [ 802.854809][T13722] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2204'. [ 802.886700][ T8] usb 4-1: new full-speed USB device number 48 using dummy_hcd [ 802.919917][T13723] syz.5.2204: attempt to access beyond end of device [ 802.919917][T13723] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0 [ 802.934468][T13723] hpfs: hpfs_map_sector(): read error [ 802.985107][T13719] netlink: 'syz.1.2203': attribute type 11 has an invalid length. [ 804.550199][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 804.563711][ T8] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 804.573039][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 804.603376][ T8] usb 4-1: Product: syz [ 804.625474][ T8] usb 4-1: Manufacturer: syz [ 804.648172][ T8] usb 4-1: SerialNumber: syz [ 804.674893][ T8] usb 4-1: config 0 descriptor?? [ 804.774870][T13732] netlink: 'syz.2.2207': attribute type 11 has an invalid length. [ 805.393017][T13716] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2201'. [ 805.729060][T13716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 805.752694][T13743] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2209'. [ 805.762536][T13743] openvswitch: netlink: Unexpected mask (mask=8000040, allowed=10048) [ 805.932846][T13716] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 805.961908][T13744] usb usb1: usbfs: process 13744 (syz.5.2210) did not claim interface 0 before use [ 805.973345][T13744] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2210'. [ 805.982704][T13744] netlink: 108 bytes leftover after parsing attributes in process `syz.5.2210'. [ 805.992489][T13744] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2210'. [ 806.010214][T13744] netlink: 108 bytes leftover after parsing attributes in process `syz.5.2210'. [ 806.019945][T13744] netlink: 84 bytes leftover after parsing attributes in process `syz.5.2210'. [ 808.055079][T13760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2215'. [ 808.127268][T13760] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2215'. [ 808.152518][T13760] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2215'. [ 808.193683][T12563] usb 4-1: USB disconnect, device number 48 [ 808.258760][ T5843] block nbd2: Receive control failed (result -107) [ 808.305468][T13760] nbd2: detected capacity change from 0 to 256 [ 808.616477][T13769] netlink: 'syz.3.2217': attribute type 11 has an invalid length. [ 809.329127][T13759] sp0: Synchronizing with TNC [ 809.379224][T13780] netlink: 'syz.6.2221': attribute type 11 has an invalid length. [ 810.795484][T13787] tipc: Enabling of bearer rejected, already enabled [ 812.524079][T13814] team0: entered promiscuous mode [ 812.529752][T13814] team_slave_0: entered promiscuous mode [ 812.562092][T13814] team_slave_1: entered promiscuous mode [ 813.721465][T13827] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 813.993988][T13826] netlink: 'syz.6.2233': attribute type 11 has an invalid length. [ 813.998617][T13815] team0: left promiscuous mode [ 814.008522][T13815] team_slave_0: left promiscuous mode [ 814.015077][T13815] team_slave_1: left promiscuous mode [ 814.208340][T13827] VFS: Can't find a romfs filesystem on dev nullb0. [ 814.208340][T13827] [ 814.224436][T13831] netlink: 'syz.1.2234': attribute type 11 has an invalid length. [ 814.539703][T13827] Process accounting resumed [ 814.663901][ T5842] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 814.903953][ T5842] usb 6-1: Using ep0 maxpacket: 16 [ 814.911944][ T5842] usb 6-1: config 0 interface 0 has no altsetting 0 [ 814.919241][ T5842] usb 6-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 814.928862][ T5842] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 814.950567][ T5842] usb 6-1: config 0 descriptor?? [ 815.013620][ T9] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 815.032252][T13841] Invalid logical block size (1454112767) [ 815.174188][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 815.202824][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 815.243676][ T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 815.261884][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 815.291981][ T9] usb 3-1: Product: syz [ 815.306585][ T9] usb 3-1: Manufacturer: syz [ 815.323421][ T9] usb 3-1: SerialNumber: syz [ 815.714632][ T9] usb 3-1: 0:2 : does not exist [ 815.732311][ T9] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 815.793960][ T9] usb 3-1: USB disconnect, device number 38 [ 815.993707][ T7227] usb 7-1: new full-speed USB device number 18 using dummy_hcd [ 816.383964][ T7227] usb 7-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 816.396995][ T7227] usb 7-1: config 36 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 817.056360][ T7227] usb 7-1: config 36 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 817.224772][ T5842] usbhid 6-1:0.0: can't add hid device: -71 [ 817.243587][ T5842] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 817.253668][ T5842] usb 6-1: USB disconnect, device number 33 [ 817.487101][ T7227] usb 7-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 817.496327][ T7227] usb 7-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 817.505127][ T7227] usb 7-1: Manufacturer: syz [ 817.509771][ T7227] usb 7-1: SerialNumber: syz [ 819.061403][T13872] io-wq is not configured for unbound workers [ 820.236751][ T7227] yealink 7-1:36.0: invalid payload size 0, expected 16 [ 820.251169][ T7227] input: Yealink usb-p1k as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:36.0/input/input20 [ 820.271167][ C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71 [ 820.278256][ C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71 [ 820.285291][ C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71 [ 820.292295][ C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71 [ 820.299590][ C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71 [ 820.308910][ C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71 [ 820.315937][ C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71 [ 820.322918][ C0] yealink 7-1:36.0: urb_ctl_callback - urb status -71 [ 820.329723][ C0] yealink 7-1:36.0: urb_ctl_callback - usb_submit_urb failed -90 [ 820.390344][ T7227] usb 7-1: USB disconnect, device number 18 [ 824.780805][T13923] dccp_close: ABORT with 40 bytes unread [ 825.697413][T13935] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2264'. [ 826.778573][T13958] batadv1: entered promiscuous mode [ 826.783948][T13958] batadv1: entered allmulticast mode [ 826.790303][T13958] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 827.548407][ T3572] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 828.515179][ T3572] batman_adv: batadv1: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 829.232078][T13969] vlan2: entered allmulticast mode [ 829.251189][T13969] batadv0: entered allmulticast mode [ 829.274596][T13971] openvswitch: netlink: nsh attr 0 has unexpected len 16 expected 0 [ 829.294262][T13969] batadv0: left allmulticast mode [ 829.315070][T13971] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 829.544637][T13978] tap0: tun_chr_ioctl cmd 35111 [ 830.108873][ T8] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 830.224141][T13990] netlink: 'syz.3.2280': attribute type 1 has an invalid length. [ 830.278596][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 831.238697][ T8] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 831.730499][ T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 831.857697][ T8] usb 2-1: New USB device strings: Mfr=45, Product=63, SerialNumber=3 [ 831.866080][ T8] usb 2-1: Product: syz [ 831.871034][ T8] usb 2-1: Manufacturer: syz [ 831.875733][ T8] usb 2-1: SerialNumber: syz [ 831.894179][ T8] usb 2-1: config 0 descriptor?? [ 831.905545][T14003] SET target dimension over the limit! [ 831.977725][T14011] netlink: zone id is out of range [ 831.989490][T14011] netlink: del zone limit has 4 unknown bytes [ 833.585019][T14024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 833.594891][T14024] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 833.621729][T14024] xt_hashlimit: overflow, try lower: 0/0 [ 833.727920][ T5842] usb 2-1: USB disconnect, device number 58 [ 839.826742][T14099] lo speed is unknown, defaulting to 1000 [ 839.904048][T14100] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2306'. [ 839.913026][T14100] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2306'. [ 839.976817][T14101] xt_recent: Unsupported userspace flags (000000da) [ 840.167996][T14105] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2310'. [ 840.177501][T14105] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2310'. [ 840.223589][ T5842] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 841.395446][ T5842] usb 7-1: Using ep0 maxpacket: 16 [ 841.414216][ T5842] usb 7-1: config 0 interface 0 has no altsetting 0 [ 841.428718][ T5842] usb 7-1: New USB device found, idVendor=05ac, idProduct=abdf, bcdDevice=3d.49 [ 841.440859][ T5842] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 841.486612][ T5842] usb 7-1: Product: syz [ 841.503620][ T5842] usb 7-1: Manufacturer: syz [ 841.508285][ T5842] usb 7-1: SerialNumber: syz [ 841.532430][ T5842] usb 7-1: config 0 descriptor?? [ 841.553286][ T5842] ipheth 7-1:0.0: Unable to find endpoints [ 841.564039][T14114] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'. [ 841.700581][T14117] TCP: tcp_parse_options: Illegal window scaling value 249 > 14 received [ 841.938547][T14114] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2313'. [ 841.948022][T14114] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2313'. [ 842.713147][ T5843] block nbd3: Receive control failed (result -107) [ 842.728851][ T59] usb 7-1: USB disconnect, device number 19 [ 842.887753][T14114] [ 842.890139][T14114] ====================================================== [ 842.897178][T14114] WARNING: possible circular locking dependency detected [ 842.904194][T14114] 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 Not tainted [ 842.911296][T14114] ------------------------------------------------------ [ 842.918305][T14114] syz.3.2313/14114 is trying to acquire lock: [ 842.924367][T14114] ffff8881427e86f8 (&q->limits_lock){+.+.}-{4:4}, at: nbd_set_size+0x2e0/0x8f0 [ 842.933344][T14114] [ 842.933344][T14114] but task is already holding lock: [ 842.940705][T14114] ffff8881427e80a8 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: nbd_set_size+0xe0/0x8f0 [ 842.950567][T14114] [ 842.950567][T14114] which lock already depends on the new lock. [ 842.950567][T14114] [ 842.960988][T14114] [ 842.960988][T14114] the existing dependency chain (in reverse order) is: [ 842.970026][T14114] [ 842.970026][T14114] -> #5 (&q->q_usage_counter(io)#52){++++}-{0:0}: [ 842.978682][T14114] lock_acquire+0x1ed/0x550 [ 842.983736][T14114] blk_mq_submit_bio+0x1536/0x2390 [ 842.989385][T14114] __submit_bio+0x2c6/0x560 [ 842.994418][T14114] submit_bio_noacct_nocheck+0x4d3/0xe30 [ 843.000565][T14114] block_read_full_folio+0x9b3/0xae0 [ 843.006371][T14114] filemap_read_folio+0x148/0x3b0 [ 843.011910][T14114] filemap_get_pages+0x18ca/0x2080 [ 843.017545][T14114] filemap_read+0x452/0xf50 [ 843.022591][T14114] blkdev_read_iter+0x2d8/0x430 [ 843.027977][T14114] vfs_read+0x991/0xb70 [ 843.032658][T14114] ksys_read+0x18f/0x2b0 [ 843.037427][T14114] do_syscall_64+0xf3/0x230 [ 843.042447][T14114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.048866][T14114] [ 843.048866][T14114] -> #4 (mapping.invalidate_lock#2){++++}-{4:4}: [ 843.057388][T14114] lock_acquire+0x1ed/0x550 [ 843.062411][T14114] down_read+0xb1/0xa40 [ 843.067102][T14114] page_cache_ra_unbounded+0x142/0x720 [ 843.073082][T14114] filemap_fault+0x818/0x1490 [ 843.078271][T14114] __do_fault+0x135/0x390 [ 843.083134][T14114] handle_pte_fault+0x39eb/0x5ed0 [ 843.088678][T14114] handle_mm_fault+0x1053/0x1ad0 [ 843.094134][T14114] __get_user_pages+0x1c82/0x49e0 [ 843.099678][T14114] get_dump_page+0x155/0x2f0 [ 843.104811][T14114] dump_user_range+0x14d/0x970 [ 843.110108][T14114] elf_core_dump+0x3e9f/0x4790 [ 843.115409][T14114] do_coredump+0x229b/0x3100 [ 843.120531][T14114] get_signal+0x140b/0x1750 [ 843.125558][T14114] arch_do_signal_or_restart+0x96/0x860 [ 843.131631][T14114] syscall_exit_to_user_mode+0xce/0x340 [ 843.137721][T14114] do_syscall_64+0x100/0x230 [ 843.142824][T14114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.149243][T14114] [ 843.149243][T14114] -> #3 (&mm->mmap_lock){++++}-{4:4}: [ 843.156802][T14114] lock_acquire+0x1ed/0x550 [ 843.161822][T14114] __might_fault+0xc6/0x120 [ 843.166860][T14114] _copy_from_user+0x2a/0xc0 [ 843.171971][T14114] blk_trace_ioctl+0x1ad/0x9a0 [ 843.177250][T14114] blkdev_ioctl+0x40c/0x6a0 [ 843.182268][T14114] __se_sys_ioctl+0xf5/0x170 [ 843.187377][T14114] do_syscall_64+0xf3/0x230 [ 843.192395][T14114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.198817][T14114] [ 843.198817][T14114] -> #2 (&q->debugfs_mutex){+.+.}-{4:4}: [ 843.206666][T14114] lock_acquire+0x1ed/0x550 [ 843.211689][T14114] __mutex_lock+0x1ac/0xee0 [ 843.216738][T14114] blk_mq_init_sched+0x3fa/0x830 [ 843.222210][T14114] elevator_init_mq+0x20e/0x320 [ 843.227590][T14114] add_disk_fwnode+0x10d/0xf80 [ 843.232882][T14114] sd_probe+0xba6/0x1100 [ 843.237655][T14114] really_probe+0x2b8/0xad0 [ 843.242679][T14114] __driver_probe_device+0x1a2/0x390 [ 843.248484][T14114] driver_probe_device+0x50/0x430 [ 843.254056][T14114] __device_attach_driver+0x2d6/0x530 [ 843.259949][T14114] bus_for_each_drv+0x24e/0x2e0 [ 843.265324][T14114] __device_attach_async_helper+0x22d/0x300 [ 843.271767][T14114] async_run_entry_fn+0xa8/0x420 [ 843.277277][T14114] process_scheduled_works+0xa66/0x1840 [ 843.283365][T14114] worker_thread+0x870/0xd30 [ 843.288482][T14114] kthread+0x2f0/0x390 [ 843.293074][T14114] ret_from_fork+0x4b/0x80 [ 843.298016][T14114] ret_from_fork_asm+0x1a/0x30 [ 843.303334][T14114] [ 843.303334][T14114] -> #1 (&q->q_usage_counter(queue)#50){++++}-{0:0}: [ 843.312208][T14114] lock_acquire+0x1ed/0x550 [ 843.317254][T14114] blk_queue_enter+0xe1/0x600 [ 843.322478][T14114] blk_mq_alloc_request+0x4fa/0xaa0 [ 843.328229][T14114] scsi_execute_cmd+0x16c/0x10e0 [ 843.333693][T14114] read_capacity_16+0x2b4/0x1450 [ 843.339164][T14114] sd_revalidate_disk+0x1013/0xbce0 [ 843.344891][T14114] sd_probe+0x9fa/0x1100 [ 843.349654][T14114] really_probe+0x2b8/0xad0 [ 843.354676][T14114] __driver_probe_device+0x1a2/0x390 [ 843.360477][T14114] driver_probe_device+0x50/0x430 [ 843.366028][T14114] __device_attach_driver+0x2d6/0x530 [ 843.371933][T14114] bus_for_each_drv+0x24e/0x2e0 [ 843.377314][T14114] __device_attach_async_helper+0x22d/0x300 [ 843.383857][T14114] async_run_entry_fn+0xa8/0x420 [ 843.389327][T14114] process_scheduled_works+0xa66/0x1840 [ 843.395403][T14114] worker_thread+0x870/0xd30 [ 843.400513][T14114] kthread+0x2f0/0x390 [ 843.405128][T14114] ret_from_fork+0x4b/0x80 [ 843.410064][T14114] ret_from_fork_asm+0x1a/0x30 [ 843.415361][T14114] [ 843.415361][T14114] -> #0 (&q->limits_lock){+.+.}-{4:4}: [ 843.423010][T14114] validate_chain+0x18ef/0x5920 [ 843.428386][T14114] __lock_acquire+0x1397/0x2100 [ 843.433755][T14114] lock_acquire+0x1ed/0x550 [ 843.438785][T14114] __mutex_lock+0x1ac/0xee0 [ 843.443837][T14114] nbd_set_size+0x2e0/0x8f0 [ 843.448863][T14114] nbd_genl_connect+0x157c/0x1c80 [ 843.454413][T14114] genl_rcv_msg+0xb14/0xec0 [ 843.459440][T14114] netlink_rcv_skb+0x1e3/0x430 [ 843.464723][T14114] genl_rcv+0x28/0x40 [ 843.469237][T14114] netlink_unicast+0x7f6/0x990 [ 843.474527][T14114] netlink_sendmsg+0x8e4/0xcb0 [ 843.479813][T14114] __sock_sendmsg+0x221/0x270 [ 843.485017][T14114] ____sys_sendmsg+0x52a/0x7e0 [ 843.490305][T14114] __sys_sendmsg+0x269/0x350 [ 843.495417][T14114] do_syscall_64+0xf3/0x230 [ 843.500440][T14114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.506863][T14114] [ 843.506863][T14114] other info that might help us debug this: [ 843.506863][T14114] [ 843.517090][T14114] Chain exists of: [ 843.517090][T14114] &q->limits_lock --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#52 [ 843.517090][T14114] [ 843.531971][T14114] Possible unsafe locking scenario: [ 843.531971][T14114] [ 843.539425][T14114] CPU0 CPU1 [ 843.544789][T14114] ---- ---- [ 843.550152][T14114] lock(&q->q_usage_counter(io)#52); [ 843.555534][T14114] lock(mapping.invalidate_lock#2); [ 843.563348][T14114] lock(&q->q_usage_counter(io)#52); [ 843.571260][T14114] lock(&q->limits_lock); [ 843.575678][T14114] [ 843.575678][T14114] *** DEADLOCK *** [ 843.575678][T14114] [ 843.583829][T14114] 5 locks held by syz.3.2313/14114: [ 843.589015][T14114] #0: ffffffff8fd03730 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 843.597210][T14114] #1: ffffffff8fd035e8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x121/0xec0 [ 843.606186][T14114] #2: ffff88802594c198 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_connect+0xc26/0x1c80 [ 843.616217][T14114] #3: ffff8881427e80a8 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: nbd_set_size+0xe0/0x8f0 [ 843.626502][T14114] #4: ffff8881427e80e0 (&q->q_usage_counter(queue)#36){+.+.}-{0:0}, at: nbd_set_size+0xe0/0x8f0 [ 843.637048][T14114] [ 843.637048][T14114] stack backtrace: [ 843.642929][T14114] CPU: 1 UID: 0 PID: 14114 Comm: syz.3.2313 Not tainted 6.13.0-rc7-syzkaller-00189-g595523945be0 #0 [ 843.653688][T14114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 843.663759][T14114] Call Trace: [ 843.667032][T14114] [ 843.669968][T14114] dump_stack_lvl+0x241/0x360 [ 843.674685][T14114] ? __pfx_dump_stack_lvl+0x10/0x10 [ 843.679885][T14114] ? __pfx__printk+0x10/0x10 [ 843.684479][T14114] print_circular_bug+0x13a/0x1b0 [ 843.689508][T14114] check_noncircular+0x36a/0x4a0 [ 843.694454][T14114] ? is_bpf_text_address+0x26/0x2a0 [ 843.699667][T14114] ? __pfx_check_noncircular+0x10/0x10 [ 843.705128][T14114] ? lockdep_lock+0x123/0x2b0 [ 843.709809][T14114] validate_chain+0x18ef/0x5920 [ 843.714673][T14114] ? __pfx_validate_chain+0x10/0x10 [ 843.719904][T14114] ? mark_lock+0x9a/0x360 [ 843.724235][T14114] __lock_acquire+0x1397/0x2100 [ 843.729089][T14114] lock_acquire+0x1ed/0x550 [ 843.733593][T14114] ? nbd_set_size+0x2e0/0x8f0 [ 843.738272][T14114] ? __pfx_lock_acquire+0x10/0x10 [ 843.743290][T14114] ? mark_lock+0x9a/0x360 [ 843.747622][T14114] ? __pfx___might_resched+0x10/0x10 [ 843.752935][T14114] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 843.758912][T14114] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 843.765236][T14114] __mutex_lock+0x1ac/0xee0 [ 843.769742][T14114] ? nbd_set_size+0x2e0/0x8f0 [ 843.774425][T14114] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 843.780342][T14114] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 843.786671][T14114] ? finish_wait+0xd4/0x1e0 [ 843.791170][T14114] ? nbd_set_size+0x2e0/0x8f0 [ 843.795848][T14114] ? __pfx___mutex_lock+0x10/0x10 [ 843.800872][T14114] ? blk_mq_freeze_queue_wait+0x132/0x190 [ 843.806594][T14114] ? __pfx_blk_mq_freeze_queue_wait+0x10/0x10 [ 843.812664][T14114] ? percpu_ref_kill_and_confirm+0xa0/0x130 [ 843.818561][T14114] ? nbd_set_size+0xe0/0x8f0 [ 843.823154][T14114] nbd_set_size+0x2e0/0x8f0 [ 843.827657][T14114] ? queue_work_on+0x1e3/0x380 [ 843.832424][T14114] ? lockdep_hardirqs_on+0x99/0x150 [ 843.837629][T14114] ? __pfx_nbd_set_size+0x10/0x10 [ 843.842656][T14114] ? __pfx_queue_work_on+0x10/0x10 [ 843.847762][T14114] ? rcu_read_lock_any_held+0xb7/0x160 [ 843.853254][T14114] ? nbd_start_device+0x86f/0xaa0 [ 843.858286][T14114] nbd_genl_connect+0x157c/0x1c80 [ 843.863313][T14114] ? __pfx_nbd_genl_connect+0x10/0x10 [ 843.868689][T14114] ? __nla_parse+0x40/0x60 [ 843.873133][T14114] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 843.879474][T14114] genl_rcv_msg+0xb14/0xec0 [ 843.883985][T14114] ? __pfx_genl_rcv_msg+0x10/0x10 [ 843.889025][T14114] ? __pfx_lock_acquire+0x10/0x10 [ 843.894046][T14114] ? __pfx_nbd_genl_connect+0x10/0x10 [ 843.899436][T14114] ? __pfx___might_resched+0x10/0x10 [ 843.904728][T14114] netlink_rcv_skb+0x1e3/0x430 [ 843.909503][T14114] ? __pfx_genl_rcv_msg+0x10/0x10 [ 843.914527][T14114] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 843.919820][T14114] genl_rcv+0x28/0x40 [ 843.923821][T14114] netlink_unicast+0x7f6/0x990 [ 843.928583][T14114] ? __pfx_netlink_unicast+0x10/0x10 [ 843.933863][T14114] ? __virt_addr_valid+0x45f/0x530 [ 843.938987][T14114] ? __phys_addr_symbol+0x2f/0x70 [ 843.944023][T14114] ? __check_object_size+0x47a/0x730 [ 843.949314][T14114] netlink_sendmsg+0x8e4/0xcb0 [ 843.954085][T14114] ? __pfx_netlink_sendmsg+0x10/0x10 [ 843.959380][T14114] ? __pfx_netlink_sendmsg+0x10/0x10 [ 843.964666][T14114] __sock_sendmsg+0x221/0x270 [ 843.969349][T14114] ____sys_sendmsg+0x52a/0x7e0 [ 843.974121][T14114] ? __pfx_____sys_sendmsg+0x10/0x10 [ 843.979404][T14114] ? __fget_files+0x2a/0x410 [ 843.983990][T14114] ? __fget_files+0x2a/0x410 [ 843.988579][T14114] __sys_sendmsg+0x269/0x350 [ 843.993185][T14114] ? __pfx___sys_sendmsg+0x10/0x10 [ 843.998311][T14114] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 844.004657][T14114] ? do_syscall_64+0x100/0x230 [ 844.009414][T14114] ? do_syscall_64+0xb6/0x230 [ 844.014085][T14114] do_syscall_64+0xf3/0x230 [ 844.018589][T14114] ? clear_bhb_loop+0x35/0x90 [ 844.023266][T14114] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 844.029167][T14114] RIP: 0033:0x7f1b40585d29 [ 844.033579][T14114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 844.053195][T14114] RSP: 002b:00007f1b41366038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 844.061628][T14114] RAX: ffffffffffffffda RBX: 00007f1b40775fa0 RCX: 00007f1b40585d29 [ 844.069621][T14114] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 000000000000000a [ 844.077590][T14114] RBP: 00007f1b40601b08 R08: 0000000000000000 R09: 0000000000000000 [ 844.085569][T14114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 844.093570][T14114] R13: 0000000000000000 R14: 00007f1b40775fa0 R15: 00007ffe0b3562b8 [ 844.101555][T14114] [ 844.113578][T14114] nbd3: detected capacity change from 0 to 256 [ 844.463661][ T59] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 844.623656][ T59] usb 7-1: Using ep0 maxpacket: 16 [ 844.632004][ T59] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 844.641260][ T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 844.649336][ T59] usb 7-1: Product: syz [ 844.653569][ T59] usb 7-1: Manufacturer: syz [ 844.658175][ T59] usb 7-1: SerialNumber: syz [ 844.665172][ T59] r8152-cfgselector 7-1: Unknown version 0x0000 [ 844.672231][ T59] r8152-cfgselector 7-1: config 0 descriptor?? [ 845.108192][ T59] r8152-cfgselector 7-1: USB disconnect, device number 20