last executing test programs: 10m35.316571583s ago: executing program 0 (id=132): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e21, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x7f, 0x100}}}}}}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000080)={@empty, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x68, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0xffff, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x0, 0x6, 0x0, @void}}}}}}}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r2, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r4, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r5, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r7, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r8 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r8, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r8, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r9 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r9, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) bind$inet6(r9, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) r10 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r10, 0x1, 0xf, &(0x7f0000000000)=0x6, 0xa) 10m35.153313523s ago: executing program 0 (id=134): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000006340)='net/ptype\x00') pread64(r1, &(0x7f0000000000)=""/17, 0x11, 0x3) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r2 = syz_io_uring_setup(0x3aec, &(0x7f0000000240)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86}) io_uring_enter(r2, 0x7a98, 0x0, 0x0, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b000885000000060000009500040000000000"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x86, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "0000000108653904030405ffffff09c56a3000", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r5, 0x0, 0xcc0, 0x0, &(0x7f0000000000)="c1188e19b95d02ff4284860186dd", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/97, 0x1000000, 0x1000, 0x5, 0x1}, 0x20) unshare(0x28000600) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000140)={0x0, 0x1229000, 0x800, 0x5, 0x2}, 0x20) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x12a000, 0x0) 10m33.250555936s ago: executing program 0 (id=144): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000001c0)=ANY=[], 0x3e) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b708000002001e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff99, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x20}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x17, 0x4, &(0x7f0000000240)=ANY=[@ANYRESHEX=r5, @ANYRES32=r1], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13}, 0x94) socketpair(0x18, 0x0, 0x2, 0x0) 10m32.12827803s ago: executing program 0 (id=146): r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0xc0002009}) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0) r2 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x10100, 0x200, 0x1}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27}) io_uring_enter(r2, 0x567, 0x1000a387, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) 10m31.457023224s ago: executing program 0 (id=149): socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) r0 = fanotify_init(0x0, 0x0) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x641, 0x48001018, r1, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) utime(&(0x7f0000000000)='./file0\x00', 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) r2 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r2, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000300)=ANY=[@ANYBLOB], 0x10}], 0x1, 0x0, 0x0, 0x4000}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000840}, 0x81) read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000100000000100002000a00200000000000", @ANYRES32=0x0, @ANYRES32=0x0], 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000000)=0x14) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000180)=0xe) ioctl$TIOCVHANGUP(r8, 0x5437, 0x0) r9 = dup(r7) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r9, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'}) 10m30.408878064s ago: executing program 0 (id=154): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x4, &(0x7f0000000480)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="260150010203010902240001013fd00909f3ff04020301060100000020"], 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x92) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x5}, 0x38) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0xe, 0x7}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0) (fail_nth: 1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x83) readahead(r5, 0x7fffffff, 0x10000) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d", @ANYRESOCT=r0], 0xf8) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xd, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000006118b8000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000000140), 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, 0x3b) 10m29.226091183s ago: executing program 32 (id=154): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x4, &(0x7f0000000480)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="260150010203010902240001013fd00909f3ff04020301060100000020"], 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x92) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x5}, 0x38) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0xe, 0x7}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0) (fail_nth: 1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x83) readahead(r5, 0x7fffffff, 0x10000) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d", @ANYRESOCT=r0], 0xf8) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xd, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000006118b8000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pipe2$9p(&(0x7f0000000140), 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8}, 0x3b) 1m11.088008377s ago: executing program 5 (id=1877): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) vmsplice(r1, &(0x7f00000013c0)=[{&(0x7f0000000080)='4', 0x1}, {&(0x7f0000000100)="a7", 0x1}, {&(0x7f0000000880)="9f3846581b1b5159fa75b369536aed7fc089b18592fd1bd099864f1ed35c7046e78c84f4cf0e59594f6dac655efbe84343ff8c186af752f7691c612987b6c089fc2ac412de8edab1f67d0300a1acf9ef331f2b436ff4322adcde8648bcd1e193eb1cb83b0ff2de12d2", 0x69}, {&(0x7f0000000300)}], 0x4, 0x0) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000240)) ioctl$SNAPSHOT_S2RAM(r1, 0x330b) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="0203f30216000000000000000000000002001b0008000000e900000000000000030006000000000002000000000000000000000000000000010001"], 0xb0}, 0x1, 0x7}, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = shmget$private(0x0, 0x2000, 0x1000, &(0x7f0000665000/0x2000)=nil) shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000007c0)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x40000000c000000}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x0) 1m9.795596949s ago: executing program 5 (id=1880): syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x41, 0x3f, 0x5f, 0x20, 0x61d, 0xc150, 0xce6f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x33, 0x0, 0x1, 0x18, 0x70, 0xfd, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x4}}]}}]}}]}}, 0x0) r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x6}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f0000000100), 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f00000015c0)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x4, 0x4e20, 0x8}}}}}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000140)={0x2, 0x63}, 0x2) 1m5.395845064s ago: executing program 5 (id=1890): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340), &(0x7f0000000280)) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000) openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = socket(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{0x20, 0xf, 0xff, 0xfffff038}, {0x20, 0x1f, 0xf6, 0xfffff010}, {0x6, 0x80}]}, 0x10) 59.499444504s ago: executing program 1 (id=1915): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x2) (async) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000) (async) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'bridge_slave_0\x00', 0x401}) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_EEE_GET(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000008c0)={0x2c, r4, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000090}, 0x80) (async) r5 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r7, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="fe"]) (async) syz_usb_connect$uac1(0x2, 0xa6, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000106b1d01010000000003010902940003010040000904000000010100000a2401000000020102132406000006000000281ab0ab2c90619b3400000000000000000000092403000000000000092405009917211cfd0924030500000004000724050401"], 0x0) (async) ioctl$KVM_GET_CPUID2(r7, 0xc008ae91, &(0x7f0000000000)) (async) poll(&(0x7f0000000000)=[{r0, 0x202}], 0x1, 0xa0) 58.256020746s ago: executing program 1 (id=1921): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = getpgid(0xffffffffffffffff) fcntl$lock(r0, 0x24, &(0x7f0000000040)={0x1, 0xd9b8aee65e78b3bd, 0x7, 0x3, r1}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000080)={0x0, 0x0}) setpgid(r2, r1) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) pread64(r3, &(0x7f0000000100)=""/4096, 0x1000, 0x4) ioctl$KVM_SET_DEVICE_ATTR_vm(0xffffffffffffffff, 0x4018aee1, &(0x7f0000001140)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000001100)={0x6, 0x5a}}) r4 = getpgid(r2) sched_setaffinity(r4, 0x8, &(0x7f0000001180)=0x9) socketpair$tipc(0x1e, 0xf07041c874954c76, 0x0, &(0x7f00000011c0)) r5 = semget(0x1, 0x0, 0x0) semctl$SEM_STAT_ANY(r5, 0x2, 0x14, &(0x7f0000001200)=""/160) syz_open_dev$video(&(0x7f00000012c0), 0x8, 0x131081) syz_open_dev$sndmidi(&(0x7f0000001300), 0x6, 0x40040) semctl$IPC_STAT(r5, 0x0, 0x2, &(0x7f0000001340)=""/96) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000014c0)={&(0x7f00000013c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001440)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000001480)=[0x0, 0x0], 0x5, 0x6, 0x4, 0x2}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000001540)={&(0x7f0000001500)=[r6], 0x1, 0x80800, 0x0, 0xffffffffffffffff}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000001580)={@empty, 0x8, 0x2, 0x0, 0x3, 0x9, 0xd}, 0x20) r8 = accept$unix(r7, 0x0, &(0x7f00000015c0)) connect$unix(r8, &(0x7f0000001600)=@file={0x1, './file0\x00'}, 0x6e) pselect6(0x40, &(0x7f0000001680)={0x80, 0x0, 0xf, 0x8000000000000001, 0xa, 0x7, 0x3ff, 0x69}, &(0x7f00000016c0)={0x3, 0x9, 0x7, 0xae1, 0x4, 0x0, 0xffffffff, 0xfffffffffffffffb}, &(0x7f0000001700)={0x6, 0x6, 0x81, 0x2, 0x7, 0x3ff, 0xd, 0x2}, &(0x7f0000001740), &(0x7f00000017c0)={&(0x7f0000001780)={[0x1]}, 0x8}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000001880)={r7, 0x58, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000018c0)=@base={0x11, 0x89, 0xf6, 0x9, 0x20004, r3, 0x2, '\x00', r9, r7, 0x0, 0x5, 0x4}, 0x50) sched_setscheduler(r4, 0x6, &(0x7f0000001940)=0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f0000001980)={0xfff, 0x4, 0x1, 'queue1\x00', 0x4}) semctl$IPC_RMID(r5, 0x0, 0x0) semctl$SETVAL(r5, 0x1, 0x10, &(0x7f0000001a40)=0x1) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000001a80)={0x0, @in6={{0xa, 0x4e24, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9}}, 0x0, 0xe7, 0x62c8000, 0x491a, 0x30, 0x7, 0x2}, 0x9c) 58.105508936s ago: executing program 5 (id=1923): sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setitimer(0x0, 0x0, &(0x7f0000000200)) r1 = syz_open_dev$vbi(&(0x7f0000000240), 0x2, 0x2) ioctl$BTRFS_IOC_GET_DEV_STATS(r1, 0xc4089434, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2b, 0x4, {{@in6=@loopback, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x200000, 0x20000000, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x820000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@empty, 0x0, 0x3c}, 0x2, @in=@multicast1, 0x6, 0x4, 0x3}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) syz_clone(0x4220000, &(0x7f0000000640)="b70f018bb42dacad7d61ee4be76ebbca5557da0e92e3a46582aafff2a8a6c35f2806bd7e2938fafbc42da9546b85901d8e962661d2891e81e587f7c5f2e010a715903e1f833b7a2b45dc33c2714fea81b89f9b861e63b428f1def0d672f79eb1fe8e749c7b6d43626142", 0x6a, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000780)="e004000000bdf486ced3001ca3f9f64854cb678327ae5ae4bc624e15bf7a9fbeb5789d7cbb067c970fa1206231101ed9b7dfbd96ff6ed053d6d9b0247a8308000000d5dd6b6004802e406c97d60b8e50af7fc271c33e6fb1b5adda0b0ef284ac51b26989803514e81dd066b2b831f7d858139bc4d3013a0a1b71a1f995078cb60e4427e70ebb38ed1b596d94a241beb70cfb4861e72c7f8ea1e058167abeeff3f76300ba68afa022f287acf01a7f486e3f2fd67150b290c26cb45dfd9ae82e2a4407fd06f2c99892292a712186ba1c615c8d4f3357b83a42a8de84457b9e582e3d06eb5e0fc6336ba6725d0c7ae75ee2d06c26bc73e3ff20ad13a70c0dab9c50a8d2fc04c4b14eb7355c6d515f391cc1e48d6e12b48ef00f0dae1f5c6c9b5367adf0521b9c159545c7e675db8fb0c1294609b95cb668d5f767336aab8c3ce5b84ad29a291e3a6260b380ed09") ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000040)={0x1, 0x7f}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0xff97, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f8008000140000000000800034000000000080002"], 0x88}}, 0x0) 58.040222252s ago: executing program 1 (id=1924): r0 = socket$inet(0x2, 0x2, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) (fail_nth: 5) 57.882400573s ago: executing program 1 (id=1925): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) close(r5) socket$nl_xfrm(0x10, 0x3, 0x6) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VIDIOC_ENUMAUDOUT(r7, 0xc0345642, &(0x7f0000000140)={0x8, "6416ac8cdac02b48f71fbb94ad76b0f728ea6b8a673cea9837200f1593ffec73", 0x2, 0x1}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r6}, 0x18) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$ETHTOOL_MSG_DEBUG_SET(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000fedbdf25080000001800028014000380100001800400030008000100050000000c00018008000100", @ANYRES32=r10], 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x0) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r5, 0x4020aed2, &(0x7f0000000040)={0x0, 0x399000, 0x8}) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x34324142, 0x0, 0x0, [{}, {}, {}, {0x4}, {}, {0x6}, {0x0, 0x1}]}}) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nfc(&(0x7f0000000200), r11) sendmsg$NFC_CMD_DEACTIVATE_TARGET(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r12, 0x1, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x48800) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r5, 0x4020aed2, &(0x7f0000000080)={0x1000, 0x100000, 0x8}) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000000)) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) 56.887514636s ago: executing program 1 (id=1926): syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000049784c403a09232614b2010203010902120001000000000904650000de75f5009ef1457870922e160c8f1a18727032852f4126a0dc531bb923f813a5d98ae9a45ffe5861b69e47ade9953b158cc635d62c07d0e234384f2d4d8c6341e9756d3191389f046485c44f3536941474a2f96eaa65dd92d5d0ce24352cea47431c06edbce44278a871448f492c7c210a75c5ec8e0ef5b1d31478b05500af79fbd5c8e8e4a699c75c2f57c792eac51c817c8fc705edc47a8ebc722d4f49bbebdf7da73f07e21ede782721adcde6caf2675632ef883621171a149a2fbf8bf47b97bf124061a66d0ebff2b9195b7af0fa1b9a6dfd4f40c8796c4d5faa7a45cbf79b5222b203247b6763452190e5b9062fa542e80b7c7ecfd5ad5e527d1a5ef59a241bd7d45c141066a12863947e5547907562589479c829adee6bdadfd03606b647001d7e5bb1519e69d5c251fef1d04431ebb0962b7b143b87361246c7aaf8754f68f5a2a7a729dc9a53aa98513062fb5d2a60"], 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80, 0x121) openat(r0, &(0x7f0000000080)='./file0\x00', 0x80, 0x140) syz_clone(0x0, &(0x7f0000000140)="f5644dafc9073a7600309eec4e2da24956130b9ba8e7ad0baf06bcbea58c9d2d161fffba54cde1c3cd7ba082680622489492dc8fabc6ccb9bc22fb66c1bbe428c08f65bb1b4f88e5e8985558e0bace336b592ac4500ffddbbc6a72c46332aa79189aa2518ff2b0141cc6", 0x6a, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)="9a65bf478745bafafb80d06e2a536a8b42e709286ac862fb45806f389ba9e4e54b97d866b25670586be66474f8dac335f8ae56bb93118df6f9") mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, 0x0, 0x0) r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x1, 0x4) fchdir(r5) getsockopt$llc_int(r5, 0x10c, 0x8, &(0x7f00000000c0), &(0x7f0000000400)=0x4) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_CONTROL(r6, 0xc0105500, &(0x7f0000000000)={0x0, 0xb, 0x110, 0x2, 0x0, 0x10001, 0x0}) 53.420169516s ago: executing program 3 (id=1935): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000030000000000a70000000060a0b0400000000000000000200000044000480400001800a0001006d6174636800000030000280080002400000000118000300d67a8527f76ec11542b6fcd728b981a405106c720a0001006f776e65720000000900010073797a30000000000900020073797a32"], 0x98}, 0x1, 0x0, 0x0, 0x8000}, 0x4048010) 52.184265927s ago: executing program 3 (id=1939): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0700000000000000000005000000180003800800040000000000080002000900000004000100180001800000020800797a5f74756e000000000000140000fffda53faf0f22d16391f1224c173a7564bc6d143bd32d1dcd4c2f400b00000000000000f2573f9b3e99dc0ac22d0b627696789d4aa02722f521fb679c9a2a42e5ce0fb34334464d65dcf606ce12d8388fb90c2a4eb1e0cf7cf37f4c9ea1d0fd1977e4efbcf6100c2872ac889dd44d438cae8ee39b05aa21c63d8fbb7df5b679807f10a2d02f6d7b24ea7a0e48e1cd52f4ff98e896566d3f7a92fb5bae32f9f96805610f17"], 0x44}}, 0x0) 51.643098708s ago: executing program 3 (id=1940): socket$kcm(0x29, 0x2, 0x0) syz_open_dev$dri(0x0, 0x8, 0x2c2080) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setresuid(0xee01, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) timer_create(0x8, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) timer_settime(r3, 0x0, &(0x7f0000000040), &(0x7f0000000080)) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x1fff, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x30}}, 0x0) 51.052309036s ago: executing program 1 (id=1943): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x40, 0x2, 0x3, 0x3}, 0xfffffffffffffeea) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) r2 = creat(0x0, 0xecf86c37d53049cc) write$binfmt_script(r2, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x28) execve(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000300), 0x120) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r4, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)={@cgroup, 0xffffffffffffffff, 0x23, 0x1a, 0xffffffffffffffff, @void, @value=r5}, 0x20) mount(&(0x7f0000000100)=@md0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x10) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7) r7 = fanotify_init(0x200, 0x0) fanotify_mark(r7, 0x201, 0x4800003e, r6, 0x0) open(0x0, 0x101000, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="4401000010000100000000000000000000000000000000000000000000400000ac1414bb000000000000000000000000000000004e2300000000000016000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc000000000000000000000000000001000004d46c0000000a0101010000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001000000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000f000600000000000000"], 0x144}}, 0x0) socket$tipc(0x1e, 0x2, 0x0) 51.046285748s ago: executing program 5 (id=1944): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) userfaultfd(0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x20c0) socket$key(0xf, 0x3, 0x2) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13325790b55efbdc2dd99ed1", 0xbd}, {&(0x7f00000002c0)="9c812b37fa6bd3963cbc009f0a922658be630ec6041ed353d314e58721edf306c382ac611fe34479cb9e2585745ff3c61da74b060400000000000000178176dc533f123b66d04d51fb7421cdc9fed78e3e1c18fb67c1f75e", 0x58}, {&(0x7f0000000180)="3f82090ccda4f8ce11f43ea8b51b08afd200c6075794cdd2e0021e30a0f6267447162a2085457cf687e74d142e85e9c4ac6e", 0x32}], 0x3}}, {{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d393", 0x67}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db130420df295ea16aa3e841d50dc813025315eea3990c2de68e835c4fec57e2dd70f47b58472c2f915de1a58a32d021d9a26", 0xd5}, {&(0x7f0000000900)="5c3eb8799e8565193cf737e01055d298a4193e91d6dd89384d12d1da97e7e88852e279071ca7a9b536c7911d618feb48b66f1e17e130b7c2f27b77e2053065d05a00ae7bd353283ee3dcaf244ff26600e520af5091696d833f34518e53327718e7e3298de86f15e6a778f6008b96661a10be65c0a44b21b4c8724f61f6ca10d927a31e0c9f", 0x85}, {&(0x7f0000000500)="4c56c5661eb2897219a486044736a64f1a175ba083d2b3ef32bff4a0", 0x1c}, {&(0x7f00000009c0)="8e6487afea5aec79e9dd3278cbb24985e6724be49d1ae08bb9913a5a6d6d6c26d88eb3edece901ad9bfd123a88c27d6e6ea618a42a970bcac49fc3bf5b87b58ba3d1a7dc24d12855a6c54a36b5089658d9482bd0a9a1b9b0d4de13e864e592216f04f31decfaa9", 0x67}, {&(0x7f0000000a40)="71918a5d581601244a3d864d7c74a12529e10637660163c939c6e23c3e3bc3bcfc79d3e47b9d80fc8fc812a2ae2adf778cf426ff4d090e8ad2d1144acb5a392c984f3190aafff8b0f1c5852274bab67df6ce8641ebef383c1503c3c19e1e8b133206cc193d38b8ebf8f76678b320950e8741221069da77cd76e5ff56fce3f0eee2b1922024929b3128ed46411f05a167211c3adf5dea2ab84c4e8c7a20cd114dcc56307f6e4e44cc4d82bcc898edb1c125d4", 0xb2}, {&(0x7f0000000340)="2876a27ebfc4f1fc0466f3a791274633de5b2c6716219bebc16803453419b80818d51c9d56c0039d1bc7a796e12dd80936102f29a4819c4d4c6fda582cd913925b1395531530b9fcaa87e3", 0x4b}], 0x7}}], 0x2, 0x0) mlockall(0x2) r2 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil) shmat(r2, &(0x7f0000ffd000/0x1000)=nil, 0x7000) 50.858952566s ago: executing program 3 (id=1945): socket$kcm(0x29, 0x2, 0x0) syz_open_dev$dri(0x0, 0x8, 0x2c2080) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) setresuid(0xee01, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) timer_create(0x8, 0x0, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) timer_settime(r3, 0x0, &(0x7f0000000040), &(0x7f0000000080)) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r5, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x30}}, 0x0) (fail_nth: 5) 47.936269031s ago: executing program 3 (id=1947): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000) ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x0, 0x5001) socket$kcm(0x10, 0x2, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') r5 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r5, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) shutdown(r5, 0x1) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000000), &(0x7f0000000140)=0x8) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x3, r6, 0x0, &(0x7f00000001c0)="cd", 0x1, 0x7}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000440)={0x28, 0x7, r6, 0x0, &(0x7f0000000000)="b7", 0x1, 0x815}) ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000180)={0x18, r6, 0xc2, 0xffffffff}) 45.291223234s ago: executing program 5 (id=1949): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, 0x0, &(0x7f0000000280)) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000) openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = socket(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{0x20, 0xf, 0xff, 0xfffff038}, {0x20, 0x1f, 0xf6, 0xfffff010}, {0x6, 0x80}]}, 0x10) 43.001265379s ago: executing program 2 (id=1950): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc040564a, &(0x7f0000000140)={0x1, 0x1, @value=0x1012}) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x80000003) r1 = dup2(r0, r0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-256\x00'}, 0x2d) accept4$alg(r2, 0x0, 0x0, 0x0) read$FUSE(r1, &(0x7f00000063c0)={0x2020}, 0x2020) syz_fuse_handle_req(r1, &(0x7f0000000280)="0d1c409c14b8ddbbe2423ac75d732f3d0e9cd37b375b9673cb39c6b35cbb85c4ba83de9d23bbcdd53a9f0d7c92b66f6d872096b32f4bdac32a6136c86365cfd42c3b0a25fac76123b6d700d3ba70cc138bc435d3b1fcee2545c3a421119087bddbbfd0418488219343819cf0a6780d54166d2769a719b207136357ff3f505fc1d6144239ba630b15e7f8aeef7be5cb8c9e738faec0d1ab79d34b994e098323b94d32926bc3b0fd88c13cc781a0fc3da7c4d83fbaf3288fabe01685a3422570fa4cba7e840bd0a01e995c91c5aba51ca15461dc1916bde9e70c66f3aae48475e95aea1f8e6c6f10104d64f767b7f9b7909f5caa5fd61ec7bc7392bfb7fe4f1d1d0528601a87f9248693f31a0f2ea07a0f33e670bad3ba0c648266195c6d9a76cd973a9da6016d1f5e0d49122f64da8933cfcf6a970d11767279a9e8e37a30a007e6ea473e146069e72894fcd378e17d4fa761999c128492a0321c3153edf7b28d0cddd78758f5192a924fbe2e8c594cf35aeffc635b14903d134fc5f7857218f99266c64be16e5f4ad76a8b5f6d39ca2451afcdcb0cf42322a5166becc90621f99f28e42bb2cb610039c45e54cc4bb8e8210e612a3f1ac93366b7bd77410af8b4b3eb03085354c9f8d12cc62da82eff96a006dab656c10e1bf210124b0ed6841158ec70981a399ba7c406f3014bf77553be6197d79dc1d31ac4c598bdbd007578d50f00ce85810e0759e91505549c70005a5f923aba20d8e05d0b764680b9ea259c8fa71f1ee36b71da662b825019c07aade7db363662103887079dea43ca30c32e4f0d9ff043720541633157a3ff1dc055ac1db5b25765b7ef2e338c104db28b6be7fdae54f04075e26ce38ec71d35c029df580ee3ef68e46359031aea121d0776398d1f1e28e9cbdc20cb58adf5dfa01a2819f697bb3189ac0d32eec43c0ef75f5bd4c7926d18daf9a6e9265c961aadbed4fb9627a1f0a6c3dde66fe5530993a7f150e5b361ad0db403a864ef4f5e0f21db55aa22055bdc5b282b057d07efd6abe23f941a62d6f613a1ff8d31da632284e89a3069c6b26ef35e55fc846fb1c28651cc5a879a4994568c4639b9fba8395014c9f4f6152cee1ddf8d582bc496bcbad8e39e0a5a3e713deed021eb9d5b3f8679a8bddc08ca77d7cd101006c5021b65cc7648a646735d9d7f6e54e4fb5bcf1fd9aee4beb700e597011a2fa6c01d22e9b6c7a5afd7def8ab0a3e612d8a5ce571dba2d0696155c3dbfcc851293eebccfac6855a7b024d762e768867f57446ecd6e1d09a31959a6374c50445884dfcc68a62662e5701a25a1da8e0abd0428bb558f9f7e74c250d4af62afad71e0f23268a955c548b41cc83f6810c72c832476383a355abfa449fc05c7afa2ed70849f175e826361882503246e688983f472c418578ae4c893d847c0c7f8ec99352d3024a69134dfccbc6ec3351b321483c57d2d1e77c0c7551cdaf4c14038844b1b05c25541d1d48bf0dfd1ae40c35872a5b37c2958e3a60187531814f3adff870aeb42cf611c3f777b08f7dcacf5c087b19c17dfca413097a603823363c2c55597330de20a73465ccbe5acfad066fcb17c177827cf081c588b73c042150bf1a18aff97518fbc1b4d5d22f29077e186ae9b998b4d6fdbcbc8c3bd57dcc61cc322537743ce480c1dea39adcc6a51da745a60e5272a7181986bcb992895035f0f882cdf79c56a84cd88c9bf0b7dab9c1f453cf4c05e2a33f43f4252fdcf99cf785e639bd9d11c374d4e3107ce128d2a823b6a8631a8fdebdf14a0bfc3f79d44cd54d3e8b9c5a3f41b9a1187e23f5a5eb5fadff92d746ff3befec7189ca19c1987551d0fec321cc306d235f82b3f479f3d7a3c1d2377afe3f22a49c682646e9893d7700061a0229a99d360f89d281dc6bb95b92329cc7277b89a9e6a3edd3c753cbb93e9f1249572bae520fb7c46970f527fd93c445a8159d4992badc395c05313462d37c4f651afbdb04f9f42ad4433c5c765735731ed6d8c97e4ca9fd3a1885de6c051e652a1ea40230e9d854ec2145c78ef5574deac83e78df8932dde1d5c46862c9f808394dc7f064b5649cc7b2627a55683ed33f2712ad2d4f77ec7f2be200e01fca138b3d1f42916a54a66561916bcbd3109f6eacf5096e478442e56e5af61f7c32c681bd35bf94a429a52024a48f6002978594418b66c6eb0fa91dccc4fa83d48927349b8a7cbb70670bd78b8acbbcb554a219cdc6740de4bbfcad2250fc219436ba5db017c172d6e24eaedf29d169b8867fc84eb2e721b31b08604a6fbd8d5edd9bb0152346509619f4a0f41090228b10868f56cd7d7c025cccc8f2b4a7d85ab91862c65d5d578fd5c046928c5c8f999611dea07a1451357b4365b33bac0a2a842b84e2cd4f790dca74cc962000f72d821b093e271e63680c0e9019769f3abed377f51f2e0a373958dfe351a1db29da4b74f9ba1250a8a0b985ed86cd7a2a4ede57ce00dbe77f5c797e6b9896ccb978d3a01047f9ac7d66e820073193b6a3400ff41f2f8a98a44a0d2a608db3000571efdade9a44f278272e7ada101d275c589fed2ee0191801b7a2ea62dec117c9cfd96ccb73de7fa2eb4d60a7ce1170047a5266668da1aa8489c6e4ce564607a485afc6991ba262cd6f155c23fbb47610f555e0be090854ffa0d610ae4baa1dbd1f36249beb0510b8d96132b6396a6261214f3153bfc4f0dcfeb55046bcca5868aa913316a2e802f9bfb51caacfd0045d96b3983b883db123da07fc20d06c973e3dc74c53006c77361cfa9d3b2062da3f9740cc7335ec792d1b2c767e86417433fe047c8d9368c0c51373b5e5158503afa52ab08ef49616499ccb8dc829e343d25fc1fc2ea6c95933295ab397f07703d1d8defebeb44a2a9556bbd5414cf921abfa8df9bc5ea76922d728ef0024f516c9fd7a2927a68ba9a7dcc4f52c3d8b72909b2bde14408e476778a3221644dfa13794e365a9ebb670eaf691b3c2393adc441519c1125b960ff109ccab52294c6584d74b3084cfda3707f7153681c88a1578a77be9224a70ce400f4af3dd72452df147476abf2668c1801fe538be40042717b6c468fe1a33d1d597fb637396b8ebed9f64eee42e645bd8dc0e63fbd3a139bce3157ce7ed6f5f643ee26847908efaf61cd977627647bc0e4f119b924bb185664f1dcf2240b2697c89e8f569332d19ceec176642ebf0bf509bd3b9477272159d45b708510908e74cc5e0304104d5ed6e578b46dffcf64367fe9d274ab8f16f3154f3e83ce6d3ae92a2644ceeb8ec33e07f728319eb69dfa37bb70b40a1001ff0157173e33af633496062b17cfab8b5c06ef2fadfef280da4e1f70fbbac10981a0b35f3ada39733d7d31798e455f0dd1c530939f09df43b5aff342c39052a51d773b22acbc8c1525f3572ef469eefe66d1895a9ca3c637286e3f9acd29e890ffccbb313dd9da50aacce808d06d0b109a16a1c2bf69fc4b85b9b7cc9b9ba9e5d709c65fd0a879032caee38315eb049b12f11c4d485ef426fff3a4f91b4f1ad4c192c4074636787ff966f82c8d4fcad13a7b581718ee7318f6731da2eb1338c95c35f1f2e082bedea7f05b87d891876cfab51ddf2908ebb2bc153c20001ae9c142b35a3de474b732c5f629bd948ac9230067120671d296001cabe19e3d2302c1f32e4fcff1681ab2ef216309c21c6a5afc51ac500687a5140d015ee2bda5f3d8a15826a21a0a9495b36fe958fff32afe270f809f3a8f8cd2d8992a859e5de779bd8aa4dc6979807171282ef34502f1bf34f529cdad15671692f232a9f2dd2107f8198f7a9ea5883cbeb2a060ff1b13fc1a4df315dff940e8f013e8142c640acf51ebb2b2f878dafb6c12747cef3061f2235bccceacce4bf9829df24b9f9e9c5c259aafbe61ff6be827e492e2c03fa1e9f936196ff9acb28081f7ca74109d823c5c96b1e808bc2b8072763954ec5691f7935284e045c6d86c5c68d69b4502a5132b3c1cdc5e000ed1f6aa4bc0a9090a8923004ac05558e08827c71fd2e24f931f880244143a8d092dc8bb2b48317ff49fa0b494b3fea0741fbcac6cf780f93db42f47d23170a70619d06b0462f2fb04dabe2a0c94a1d97ecb159d426df47f0a1e13764e045d97ba75fd0eede9711d112581b4a2e66b10077aa92c98e30d6504f0c08c0c68015c88abbc991d5a799e588d1ee7492d699126627ace339c1bb024a59ccd9d3df0197c8e56219d76698b61ec94927f41ccc7bc80ab6f65380d31d58f796e7e697b28e371ecd9ccf6b58e9cf32daee54c5228268446677f600ca8d091b6a4774749d40d6d4d6a009ae12bae1c530e6961420507a13a2a32c4f0863c790159a26588bed9f50b4ffbfc8649adc8144779653b4226fed5ab93570fb3edcc1be70780f6ddc8d9ef1ff39d22bd20cd8ae0195d02ada60fa0d65e065b7a3950d5a2b77546ad8f1c1018344589085638793d26fb4a5c59c23f1c9b148ddcbc478e1867e109590c44c14f5ad6e8cda21a75358cbfe6f397c711eead2b1c73df1453d184a44e85c2f6ac0c266b0f67b001426cec02efb66085bd1b8bcaf06d6709d545895337fe36e9d26417238f36be5ba51d5cd7cd7cec452780b72bc441052f67496ed8bb4d393db8da52aa3b0ef10a74a33c2b7ee24f76642f83bfc3e686951cbd1983f1ea54d536f6c86e8b20a4eaefb9ca57308abcfd81357e3d0eebeb0ff805c151ea1d0063c3bea7120562886fc4ce284f33d4a85c830d8b9b9b1295c352c3f5db54973a5ed3788e5396a1add7022546f13db95e4ad1a994142aa4f98d644cd822192e3e1875da3b4a6cfd61cca36a82fd4c1f09db84f6b379483e2b81749609750b493e406c8add341d8855ef47d8e8cd49e9d1340be1223d268bed3a2cc949b74cf01160723d26de9b11138fd8e8957354c2a58fa30903b7544d2bdf49249e5ca9f5d030f0c17e7ec605482523d1da3b3ca6c94c8724c20b929954c1c1f321ba7f77e2e954056a2838e57696e40a2fc9f8c2b7e25a41cd500f4fffb196810b3d77f79dfc1f7179fd4e2c63957c65da8325185cdfa37a82d42ebfc631a87ce7ba60ad09132f1eabe7b870c88fa277578e19a6adabd328e6b453dae201ce4327a378174695264ff4411a3815c362480058038b1b70b652e89b0c7743548b897c80c53b16aba4d244753fd8c14c8bcdbe2a2710df7842a8af2bd0a966632655c01bbc2604151b80e349b2f5f63fc8fdfb34c7223803fc0fd1dcf7fb5471c65f59ef9b02c3c0440f7e44fa4759782a46165c64e2ffc246d0438248c461e932806ddc20d3eeb597d74e9cbfba85951c601fd8b903c80f5d8bd5fc5b824cd63d9bc2d38438eb8a8bd1fbbad944b3ca074eb318ae074ef4d7f12076ac1809ca6868be7e5fcbb953ee70bcccb7cf51422e8293faf3e88d4b179b4c7a6ab53638eb05c902715c023f33ba9e121aed0b7b5f0544b5275cf22093e64a7038cda03fc9014002cb52d4568625d321b344e566b50a7e9695c79daab4aa0fc82790cd32708bdc0242686052677eb163cba152231e45d0ad1b8238a7d1230f43612ae8b9525d1f98372774a326e9baa48e69093b215ea503e054729722a71c7e6c58b958f3cec95fdbf1811b7c8a53787e95d266a70d408798e94d9579e813a8e9e3d4bdb4f2682f7aa30b659c722aa07faa911543c57db9fb3abf73ac5b4096cadb4bfa2b25e51b11e754348a2abff384a16194af26590ccd657cf76bae1f1246b67ee0834105f008cf77b1320ecfcb87bfa7d2b2fdec1330f54b6c6cf2280119e39e9a66ccef3df0c4297e1c861a027fa2ea5a1ab530f5b94a98895405c620bb6faecd7e80bfb42d1a4646360e0e8355af548439f8db48d583352ea84385e271b3067bf7b047e69e23c3bd2c3ea74df48b3649985b0ef12a9f3803ccfa52e01381d30a9005f0415a149557b67d0ac7c439ba8b20a9eb293ee4d357cc1d9e1e7f707ad77e58f22d2b26f9a8e726e826b6722c2b910416dcdaf772476e55256fefb1fa5de0139e15c2bf84e267be5d5381bb30607b731c8f305a1b4e1e4bae0b59e61dc77b13d129dfff4fdaf48f95038cc11b14e8266aac4d59fb40346c07a7fee92327e40905e40f8135b0f6e9e31969902e9926a99d7ae30891be917581189ff998ea5310da0cf72faae333ab8ee7cb9f78bb0a8695a841b8d37709e2826594cc8927f5dd98c53ea4c5246b5fc09f756f29b61c21996dcb6c0f1e476674aa9b6f69ccfcf8672b048ee723af55104da1c2f5250e8bbb3bdf2b7edb4878a902032ab4115f516d804d2cde7bce6b0c6dcd1f0d321fe4bb279e4c45294df0fd33956469839c70bcb68c033b597daf3f515354e72fd1ecff87e4b8d1ae52e6ef0fc773a49ca76d0659454b59e9c62fc8e10131e50893c0c0a997fb5766157701ce8e6a6482bd8b0b53a6b4fd4227d8e02c6453114f161017b18e52867282010df15c361a0ed3b17636adce6567ca97d4864dc15fca353490aecd5d26af991a92dcfd3e4dd38b8ed9181dee7e2e20cc2600c3211eecafd0dac537a693573e843259c30789a3d0ef91b78f95ed5da1c9e61716f651284e4eea663aab9c30d28a620745e44fbcf71221a23d332d411d17220c5a43321cbae90ba8104ffb4415d7563a21406d6be1fdc9abfff8998b51628b28b4ed84ded6804726cae5b62281949bb7cd7bec7bb2dfa8d831d4928b274c7452d2e9f8a37c67c98239b121d3acf381a10469d0dee019d38dbba865fdecfa34e39b0dcd4cf7a66e30f87d4f26d4190fdc62d44c850e94121ace3d531de3204ed5f838f5953c98b44a387a0cc95fc5e76facdf3a9f98183d32d887fb7d997a37b4737861bb12ea8e412e1015d3cceff7b448381f3fedd35a535e524f9e6df67e14882d9ec956a81e1972392c8c79cec77fe6d0f88a00710aaab4878187d6c387cf1ade1c61ca3b9bef117ad621c9a971d4f04a2e45314422f9f7606c932ab593db97747d7666948d04aacee1ceb6ae2fb205f32d953d94e5f2c7cb332eefa4bf11c999fb67e287960b64c36fa37de3c81fe53e057abc6f5575cb900a117242340126f721f8ad4c3d744440f2d9e1abf71fb24ca6f5abd392ce1110d4d138cd312373f99eef5a9b55a2a92a73be76860c380e5f2f1c9e5526ab5dc6f91d81d086dcfb70165c69b9bba0670366910ed053d43a61bc8215e95f304d73d38a689f174ac4940f1c7c87a011fbaa364e54887a0f38281509282943c38c77f9dbf385d0f8f62d30b300ae7ce24eb5b855057fc4fc8efcb05c4451fbc4de6f8b545559fb2bd2f8200eaa2822990d4afa0398e4c4d40534ece023306239bd86e2a0b9ae2fbfa640046379c1e2f0471e0005bdbd929119e54808f53fbc9ae318fd128aecaee2e314efcd76085a1da95b1261a321fe8229434dcc57844f15914221116d53faef06466643b996d5802167c0dcabe44979e576b4290aceee7aa771820fe113b85162e45961dea78ba31e0c54faa89ef75263d15580dd144745ab42b5d510f1beb115832df59ce57be19113f97aa21d984448e7fbc92c1291fd84f98e9ddd832336be330528e9df7b88f17f47708dfa401ba49562ef3650155bca61a81348896c151d05651caf865a3c40dbaecde5036233dd42a23f5712c93b2fa1c3ab754445bd258491fcf508ac344eeb38db1a4cb9980b1d97b826d76b0b10f8b8937dd0a9385c66ffffdab1819049c35aaf90b15267f7c58ff236c425414286bc7dfc3bd22abea8aeaeb113592ed41fa566d1426c85c3db9ef04e70b31ea52ae2f9352ae1195035b517f7e36350906773fabaef38fb29348b9797ec90cce08e0afb923fcfe0fe62ed2abd97d39949993048ae10c5be54808986f6c4aa437e413b449f57b0b0fc6f393808631fac191af623b8e90193ef2b0dda64f26b4771ab256bccd61ebf4b7ad099156986d64e77d37039d4a2e5836528a10c8c9d9ca9c640804dbf2db4154384cd8a8c02ce863e102ea944c17a643c120361d631b7f349f920ae6bd06db3e3af1bf902c3204e8632d27bd928701ee206a7d64448f9a81265a17a31878e3c1a2a044fc6f956b557471d1bf7dfe160716028191e851e18439f4e3561aa589528889090a3b673f70aebc1edb12861277f04f300acd8278e5f640ac0dc7e4f8df3ea39186119b0599f3e7bedfa0ee65e4d25d8586a2d10e773182d98ea9eef3b3d9805697adce7daf083b8a934c0d9c6467be25a6a22b6b246abcb355d03b8c3345dff9f40e253ae80a2de668dd9da044a2b90bc5788b0fe3a2c6387b3c817ea456eb7713a728caf4287d15006500435ff93eb6803e42e57c087c483e23605d9dcd6f758883fbb990eb0f91f351191956ac451e1c1d1ae113c03311057f5e70d8231bef8edb7c2cbecc4ab3e46b02945afbcdb2e8b005819dd141055af1fd6a3240af08751cd3a78ff92e39bba4d3c23aef960646512b3b86d6a8fa6880cfce6d58e1fbe734ac5f9b7018451a7a5879b3767dfb359eee615bab65116237e5de5b96bf9fbacd11702c73a8e478a64895d15ac0110737c3ab91222bc4c87326b5d5e3cf089da0a76d43222a8eeeb5286a4cb2fced98ebc2f6e876e8ff48b6f8f8264e52cf5b38906d657bd8d0d91e2d7846224ac60526f878e8189d80957a73a0fb95223842fb819286234d742c0aee14c75ed069411f7631aaa3e2a011fe75e67131a51733b9d2dc7981935d559a08a965363cdbc02dbadfcc4435040cff61df0cea2dcc5017deab9076fcc1a11ebe5020b6c96a16425397df15881815cf60b942648c234a5614ecffd4d5de50884934bdbd5177d24ee76f0c97fd0a2b97e527fa86c73ec672398f1d88c03d467f2712908d8fff5e02b4e1fe2d7bff02205597b3a5360e2767a3d7c488d222a3ea39d3fec61423e349689297868a4bfcf08a0938729fbc819ca2181f03f4ea42c7892dccd76560f1ef812ba7380681a8943e7bf2d6bb0729002a33a4a595c411cec870e8757e5d9cddb17563a627e598bd170cb6eab4d0d8a02c926bd0d67d2084df5873591ba8da1309f9c309fcdb1e1afea2ed48b467170f9d2539e62e75ed1e9ad94e2f574bba5e25f7473534e82e91263cef442f31e9e568a3eafa2b9de2a99fa681c6f6f245db26c24d56ae77fe239c63a70c2edd113f0d48bf5c2a887e1512bfb2801a0c628d3b91f57b1d1401b0e5e6012d32dafacd08775b1b28f15c44b03cd340a4e45be0534c4f5099c5bda5ef0035ab7d1ddbdb2e73ad49e15f6a04b5b09280581ebe2ce940a8058e2d14a0556c14adce8a40b6f0f78cc6bf46f0d0b2c4f9ce79e60eadd828eec8fd5c6b1196f685add24c959d4f1c9cbf7d21fb010df2f26fd1f1a5186186de0ab6f7fbf7ac2406a815382aad4edde90c8aa08ce053e86777fcbb089b4cbeb596949ff04739b53c4262b84881814c1cee97eb9147854b54ea354d53d906869c21e5772be517c127a0feb3844acb8b721f060e065b096d5f390b3557e25d50bb887ac018564a9b3ca3fe38eec76dace59bcadb81ed3764c177766ffc8770b7eca1fd3c87f3fc84f157974dc6356ab41388d973ae0a5a4a1d3d08f207b4add5bb902034f0be23bd27010cf5fb3a8ce4c34b123be47bf50fb6ff1593602e720d893561f72fcabdf7141ea4a274d319e9157ee4deb55dd412296525a1d82726fc8e8ad1ebddd6f7ac4ac10d3f59473cf5b0ae0644db9224268415ad314e4a7f4e4a17be80425198c097287ef95948ef260eb02d59e235caabeb1bcbf8829240e5637358879016ea8b5b06337d58aab36bc1a981d7667974068ca1a353a8caad2885236f407fcfc277210ff15f4d7d0caa2b31e5f745f455ff36a5fd9a9036c02f319a049ecb1d67c057130ae3d68374c82191059b44f8aebdf4574cd84cf7c031b6e177e8f5808f25ac76df8d7f9aada99e1a16ea5b22cc4bb349a352aceb2cb1ea47710704d446498f4d6ff2d8705797cfe62e03de9064a5831df451d021fcd93a71c3105f81df9d1ce5dc27d26d77326ab4bedf0c428a70772f2b0630b0640f643292e68e9b44d53f5c401f6ee09f8217b77b2d308e13cbedefa56920ad948b464a74c3e9ca9259d10132880d7dbd2c972c772985f7022a41ef473c254289982b9cde41f937a1de59b9a50caf728accac23ba485842dae35ad4ed412a31d2a134bf05ede9fc70fab45fee38f1f7e749e803446b418cc1b5e7f2019777ae03eab5e129e1eef2195ca84cde2848df14a93bbc3a917f1e06ce3753cf127f2241295fb630f6e27eadeaff570f955ace44dd204dcc082f7bcbe310e2c33267852049cb839142d072e3f3ebb1fc289c78769fd0f05578630e42a5829b82c6d535c012204aa74659282ba0498156e2183ecee174054d45fd97e5a0159255d8af432563d367f045d209c67cc70f7cf13b9a6578983ea640f0e8e66113484f48d41cb65b1338eb6cec534b3acdf9e5a1a3ac9157d75986583edfda4958e79593b6808b4762f823a6f442ee1749e592bc103f2b9e16107b939ece49cb447e5a7d34d66f18567d0e981f4fef25a467144689662783503a03e1800d22f40f61903d8270453161a68386bdd94d59dd66eb5ae067d4129be23a0b17b89d0478734460bb88c5771d9444caa769aa62d56bd128bc328e03d2e18d966f5784398ca2aab86007f7ca00908d4bd7f2f3ecf3024110b073304c7bb17bd73725721a99e94c8d5e5da7a839d58f2196cace99b98d7f584a49fee2a426e6ec3f08e520f7965aa2dad97084c2ebed43c58dbc9116f420d4735decc47dea514b689f5479c56b6128dd684c4fbf0945aa15363276af833b27b82cb48541413bc9fc51f9ce57c14bb6c39f86cbc99b69e5d91e7cf72f340f67012eb2f5fb21d830e97eb3664674ecc36c754f90d1a8f6092fe3a48827849ec95ed35887cfd2ab3f26331bdc154ad034f31ef26ecec5feedac1367f4f642e99ebb409ddd5dd8d0087ebf048e4924a2119c69ff00af79233443b897f7bd1d80f4d34555719bd8dd9c0d824d0437c2adfc598fd4c2c2d8cf7693e05238987bdb9bb04751dfcd44fbced899a7dadef499b9bfb45ee52ea59369c950821a667712946c7207e36473660f3f9c9906ed889ffe7a8c735e98d41cc96aecf3e577072cb4711eb690d28ff41dbe9070cd73da26875994a7b8480f2d21bd4b92402bc293fea154071c401581a9b858dcb4113149105d793fd4d0e98894f228f24250ada364f49180fbd116e0677cbfbe928a840dbfab2791865cec67ab39affa7b76c266285ed2ede7ce77e9e6f21545b8d177cc73e5142e6bbfbb3e9793716de8d6faeb74e18475cac7541e3ccd875cc0dc8bd5a01e468700d5817fc44b6dd64d74dbe0b351c80815102a0dc2038c83dc75189bb4ca425eabeeaa70fcebfda8f16c4b083762811325fdc6b94f84b6d4629929b85d0cf678b28651cab8a825f28440ca4e7a2193c6f9c769b0aa226754fa8eabd7cd1d31ea2478a83e0d79eaff6f72bfb05c31098f4640256b8c21ef25808821c08cbc68e8b6205fdbcb10b17d63cfb5ead7fb8ae1", 0x2000, &(0x7f0000002cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (fail_nth: 2) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) 42.19486357s ago: executing program 3 (id=1951): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_GET_FPEXC(0xb, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x12b900, 0x0) r5 = socket(0x11, 0x2, 0x0) ioctl$FBIOBLANK(r4, 0x4611, 0x0) syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c80, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x2042, 0xfffffffd}, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000340)={0x0, 0x1, 0x7, 0x8, @vifc_lcl_ifindex=r7, @multicast1}, 0x10) 37.052158485s ago: executing program 2 (id=1953): openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0) syz_io_uring_setup(0x1d85, &(0x7f00000003c0)={0x0, 0x3ebf, 0x20, 0x1, 0xb8}, &(0x7f0000000040), &(0x7f0000000140)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) mkdirat(r0, &(0x7f0000000240)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f0000000280)='./file1\x00', 0x20) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) mprotect(&(0x7f00003b1000/0x1000)=nil, 0x1000, 0x4) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d00000004000000070000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0xc) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x402000, 0x0) r6 = socket$inet6(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000001c00)=@raw={'raw\x00', 0x3c1, 0x3, 0x360, 0x1c0, 0x12, 0x60d, 0x1c0, 0x202, 0x290, 0x2e8, 0x2e8, 0x290, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth1_to_bond\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1c0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "000000000000000617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x2, 0x2}}, @common=@inet=@socket2={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3c0) 26.542626273s ago: executing program 33 (id=1943): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x40, 0x2, 0x3, 0x3}, 0xfffffffffffffeea) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) r2 = creat(0x0, 0xecf86c37d53049cc) write$binfmt_script(r2, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x28) execve(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000300), 0x120) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r4, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)={@cgroup, 0xffffffffffffffff, 0x23, 0x1a, 0xffffffffffffffff, @void, @value=r5}, 0x20) mount(&(0x7f0000000100)=@md0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='virtiofs\x00', 0x5, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x10) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7) r7 = fanotify_init(0x200, 0x0) fanotify_mark(r7, 0x201, 0x4800003e, r6, 0x0) open(0x0, 0x101000, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="4401000010000100000000000000000000000000000000000000000000400000ac1414bb000000000000000000000000000000004e2300000000000016000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc000000000000000000000000000001000004d46c0000000a0101010000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001000000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000f000600000000000000"], 0x144}}, 0x0) socket$tipc(0x1e, 0x2, 0x0) 26.347193939s ago: executing program 34 (id=1949): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, 0x0, &(0x7f0000000280)) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000) openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r2 = socket(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{0x20, 0xf, 0xff, 0xfffff038}, {0x20, 0x1f, 0xf6, 0xfffff010}, {0x6, 0x80}]}, 0x10) 26.335313163s ago: executing program 2 (id=1956): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r4, 0xffffffffffffffff}, 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1f, 0x1d, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000008280), r7) sendmsg$DEVLINK_CMD_SB_POOL_GET(r7, &(0x7f00000084c0)={0x0, 0x0, &(0x7f0000008480)={&(0x7f00000082c0)={0x44, r8, 0x1, 0x70bd26, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xfffffffffffffe51, 0xb, 0x8001}, {0x6, 0x11, 0x40}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000084}, 0x40080) r9 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r9, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) listen(r9, 0x0) r10 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r10, &(0x7f0000000080), 0x10) recvmsg$can_bcm(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}, 0x20000100) shutdown(r10, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002900)={0x2020}, 0x2020) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) 26.233172003s ago: executing program 35 (id=1951): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_GET_FPEXC(0xb, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x12b900, 0x0) r5 = socket(0x11, 0x2, 0x0) ioctl$FBIOBLANK(r4, 0x4611, 0x0) syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0x7c80, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x2042, 0xfffffffd}, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000000340)={0x0, 0x1, 0x7, 0x8, @vifc_lcl_ifindex=r7, @multicast1}, 0x10) 22.607480324s ago: executing program 4 (id=1961): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000) ptrace$ARCH_SHSTK_ENABLE(0x1e, r2, 0x0, 0x5001) socket$kcm(0x10, 0x2, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') r5 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r5, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) shutdown(r5, 0x1) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000000), &(0x7f0000000140)=0x8) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x3, r6, 0x0, &(0x7f00000001c0)="cd", 0x1, 0x7}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000440)={0x28, 0x7, r6, 0x0, &(0x7f0000000000)="b7", 0x1, 0x815}) ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000180)={0x18, r6, 0xc2, 0xffffffff}) 21.44955067s ago: executing program 4 (id=1962): syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x41, 0x3f, 0x5f, 0x20, 0x61d, 0xc150, 0xce6f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x33, 0x0, 0x1, 0x18, 0x70, 0xfd, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x4}}]}}]}}]}}, 0x0) r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x6}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f0000000100), 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f00000015c0)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x4, 0x4e20, 0x8}}}}}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000140)={0x2, 0x63}, 0x2) 17.96605914s ago: executing program 4 (id=1963): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[], 0x64}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00'}, 0x10) r2 = socket$inet(0x2, 0x2, 0x1) shutdown(r2, 0x0) ioctl$SIOCX25SCAUSEDIAG(0xffffffffffffffff, 0x89ec, 0xfffffffffffffffd) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x29a83a768e447add) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x20000000, {0x0, 0x0, 0x0, r1, {0x5, 0x2}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x0, 0x1}}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x10000000) 17.832924438s ago: executing program 4 (id=1964): syz_open_procfs$pagemap(0x0, &(0x7f0000000140)) symlinkat(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=0x0, @ANYRES16=r0], 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0xc8000, 0x0) ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f0000000080)=0x7e73) 17.460224719s ago: executing program 2 (id=1965): r0 = syz_open_dev$MSR(&(0x7f0000000000), 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0xf7bd, 0x400) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r1, 0xc06c4124, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) (async) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x9, 0x480000) (async) setrlimit(0xe, &(0x7f0000000140)={0xba, 0x1}) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000180)=0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f00000001c0)=0x0) tgkill(r4, r5, 0x39) (async) set_mempolicy(0x3, &(0x7f0000000200)=0x22b, 0xffffffffffffd90a) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1}, 0x50) (async) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r3, {0x5, 0x6e5dadd}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}) (async) r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001600)={&(0x7f00000014c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x4, [@restrict={0x7, 0x0, 0x0, 0xb, 0x4}, @union={0x1, 0x3, 0x0, 0x5, 0x0, 0x8, [{0x3, 0x2, 0x7}, {0x3, 0x1, 0x5}, {0xa, 0x5, 0x1}]}]}, {0x0, [0x2e, 0x30]}}, &(0x7f0000001540)=""/183, 0x58, 0xb7, 0x0, 0x4}, 0x28) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000001680)={0x2, 0x0}, 0x8) (async) r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000016c0), 0x4) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x11, 0x11, &(0x7f0000001300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@map_fd={0x18, 0x0, 0x1, 0x0, r7}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}}}, &(0x7f00000013c0)='GPL\x00', 0x8a4, 0xae, &(0x7f0000001400)=""/174, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, r8, 0x8, 0x0, 0x0, 0x10, &(0x7f0000001640)={0x3, 0xe, 0x4, 0x6}, 0x10, r9, r10, 0x4, &(0x7f0000001700)=[0xffffffffffffffff], &(0x7f0000001740)=[{0x3, 0x1, 0x10}, {0x5, 0x5, 0x3, 0x2}, {0x1, 0x3, 0x1, 0x7}, {0x4, 0x5, 0x1, 0xa}], 0x10, 0x9}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) (async) fgetxattr(r11, &(0x7f0000001840)=@known='system.posix_acl_default\x00', &(0x7f0000001880)=""/186, 0xba) (async) prlimit64(r5, 0x6, &(0x7f0000001940)={0x0, 0x4}, &(0x7f0000001980)) (async) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000019c0)={0x5}, 0x8) openat$binderfs(0xffffffffffffff9c, &(0x7f0000001a00)='./binderfs/custom1\x00', 0x0, 0x0) (async) read$msr(r0, &(0x7f0000001a40)=""/109, 0x6d) (async) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x18000, &(0x7f0000001ac0)=0x90, 0x7, 0x2) (async) syz_open_dev$sndmidi(&(0x7f0000001b00), 0x4, 0x400203) ioctl$BTRFS_IOC_START_SYNC(r7, 0x80089418, &(0x7f0000001b40)=0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r8, 0x50009418, &(0x7f0000001b80)={{r2}, r12, 0x6, @unused=[0x6, 0x1, 0x5a], @subvolid=0xe}) (async) ioctl$PIO_UNIMAP(r7, 0x4b67, &(0x7f0000002bc0)={0x6, &(0x7f0000002b80)=[{0xe3d, 0xff}, {0xe, 0x1}, {0x7, 0x8}, {0x0, 0x3}, {0xc42, 0x2d}, {0xffff, 0x7}]}) (async) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000002c40)={&(0x7f0000002c00)=[0x0, 0x0], 0x2}) (async) r13 = dup3(r6, r6, 0x80000) write$UHID_CREATE2(r13, &(0x7f0000002c80)={0xb, {'syz0\x00', 'syz1\x00', 'syz0\x00', 0xd2, 0x9, 0x0, 0x8, 0x4d8, 0x2, "a0aefea801178723500c9601f763a465deb37e56a978e0228d0e431048edb8eabb6f1f48a566bebf8b51037e2e0434099556627c1deb31e9a680ba308bccf2728ffc1419bd85240342cc9f4d700fca3b994067135dc238e7c692c88c372daccd3f7a2e91fb1f57739d132103f537324207c6f67a32127f0cfd360b1a84110ae97dba4ec694f21c861758078851eecb715d14229272e7da13bacd6bdc0e17a74cc0a7f5326b21368c62103fa66cf3be8b6c33f36451972096e45c30a20b037eefa493f4f28aacc4c91ef1aa43097bc2697629"}}, 0x1ea) 17.340223166s ago: executing program 2 (id=1966): socket(0x1, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r2 = getpid() getpriority(0x2, r2) 17.182658658s ago: executing program 2 (id=1967): syz_open_dev$dri(0x0, 0x1, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000540)={0xffffeffe, 0x1, 0x2}) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000000)={0x1f, 0x1, 0x4}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES64=r0, @ANYRES64, @ANYRESHEX, @ANYRESHEX, @ANYRESOCT=r1, @ANYRESHEX, @ANYRESDEC=r1, @ANYRESHEX], 0x48) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/clear_refs\x00', 0x1, 0x0) write$sysctl(r3, &(0x7f0000000180)='4\x00', 0x2) 16.212865947s ago: executing program 4 (id=1968): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) 15.991645494s ago: executing program 4 (id=1969): r0 = syz_open_dev$video4linux(&(0x7f0000000cc0), 0x407fffffff, 0x8a840) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0xc) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000040)={0x1, 0x0, 0x2, 0x6, {0x7, 0x4, 0x9, 0xfffffff8}}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x38, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4a030753}]}]}], {0x14}}, 0x80}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x14}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="400100001000010000000000000000000a010102000000000000100000000000ac1414bb00000000000000000000000000000a00002016000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001000004d26c000000ac1414aa000000000000000000000000000000000000000003000000000000000000000000000000010000000000000000000000000000000000000000000000000001000400000000000000000000000000000000000000feffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000a0001002000000000000000480003006c7a6a6800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080016"], 0x140}}, 0x0) r6 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000200), 0x20) r7 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r7, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setscheduler(0x0, 0x2, 0x0) timer_create(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) 2.025723903s ago: executing program 36 (id=1967): syz_open_dev$dri(0x0, 0x1, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000540)={0xffffeffe, 0x1, 0x2}) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000000)={0x1f, 0x1, 0x4}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES64=r0, @ANYRES64, @ANYRESHEX, @ANYRESHEX, @ANYRESOCT=r1, @ANYRESHEX, @ANYRESDEC=r1, @ANYRESHEX], 0x48) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/clear_refs\x00', 0x1, 0x0) write$sysctl(r3, &(0x7f0000000180)='4\x00', 0x2) 0s ago: executing program 37 (id=1969): r0 = syz_open_dev$video4linux(&(0x7f0000000cc0), 0x407fffffff, 0x8a840) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0xc) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000040)={0x1, 0x0, 0x2, 0x6, {0x7, 0x4, 0x9, 0xfffffff8}}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELCHAIN={0x38, 0x5, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0xc, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4a030753}]}]}], {0x14}}, 0x80}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x14}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="400100001000010000000000000000000a010102000000000000100000000000ac1414bb00000000000000000000000000000a00002016000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001000004d26c000000ac1414aa000000000000000000000000000000000000000003000000000000000000000000000000010000000000000000000000000000000000000000000000000001000400000000000000000000000000000000000000feffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000a0001002000000000000000480003006c7a6a6800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080016"], 0x140}}, 0x0) r6 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000200), 0x20) r7 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r7, 0x0, 0x23, &(0x7f0000000100)={@multicast2, @loopback}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setscheduler(0x0, 0x2, 0x0) timer_create(0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) kernel console output (not intermixed with test programs): T8632] netlink: 'syz.1.659': attribute type 63 has an invalid length. [ 293.099603][ T121] usb 6-1: string descriptor 0 read error: -71 [ 293.255196][ T121] usb 6-1: USB disconnect, device number 19 [ 293.446428][ T8640] input: syz1 as /devices/virtual/input/input6 [ 294.550078][ T30] audit: type=1800 audit(1752615469.424:80): pid=8652 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.664" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0 [ 296.229449][ T8655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 296.856193][ T10] usb 6-1: new full-speed USB device number 20 using dummy_hcd [ 297.052478][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 297.194831][ T10] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 297.583275][ T10] usb 6-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 297.639775][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.687616][ T10] usb 6-1: config 0 descriptor?? [ 298.324088][ T8702] netlink: 15 bytes leftover after parsing attributes in process `syz.2.673'. [ 298.829351][ T5853] Bluetooth: hci1: command 0x0406 tx timeout [ 300.710600][ T10] usb 6-1: string descriptor 0 read error: -71 [ 300.792214][ T10] usb 6-1: USB disconnect, device number 20 [ 304.701074][ T8756] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 304.759542][ T8756] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 304.768059][ T8756] overlayfs: missing 'lowerdir' [ 305.069668][ T8765] netlink: 'syz.5.691': attribute type 9 has an invalid length. [ 305.088333][ T8765] netlink: 212160 bytes leftover after parsing attributes in process `syz.5.691'. [ 305.378930][ T48] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 306.514575][ T48] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 306.559378][ T48] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 306.578580][ T8774] syzkaller0: entered promiscuous mode [ 306.601769][ T8774] syzkaller0: entered allmulticast mode [ 306.607486][ T48] usb 5-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 306.624986][ T48] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.960150][ T48] usb 5-1: config 0 descriptor?? [ 308.488552][ T48] usb 5-1: string descriptor 0 read error: -71 [ 309.372644][ T48] usb 5-1: USB disconnect, device number 19 [ 309.632293][ T8801] netlink: 36 bytes leftover after parsing attributes in process `syz.3.699'. [ 311.250544][ T8822] netlink: 68 bytes leftover after parsing attributes in process `syz.1.702'. [ 314.329532][ T5899] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 314.421015][ T8845] netlink: 104 bytes leftover after parsing attributes in process `syz.5.710'. [ 314.521179][ T5899] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 314.539759][ T5899] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 314.703456][ T5899] usb 5-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 314.739898][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.250391][ T5899] usb 5-1: config 0 descriptor?? [ 315.262506][ T5899] usb 5-1: can't set config #0, error -71 [ 315.284689][ T5899] usb 5-1: USB disconnect, device number 20 [ 315.751367][ T8869] hfsplus: unable to find HFS+ superblock [ 316.293119][ T8865] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 316.303996][ T8865] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 316.313718][ T8865] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 316.322531][ T8865] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 317.232592][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.450013][ T10] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 318.021630][ T10] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 318.037504][ T10] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 318.078603][ T10] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 318.115748][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.142727][ T10] usb 6-1: Product: syz [ 318.151212][ T10] usb 6-1: Manufacturer: syz [ 318.164636][ T10] usb 6-1: SerialNumber: syz [ 318.189034][ T10] cdc_mbim 6-1:1.0: skipping garbage [ 318.821979][ T8893] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 320.341721][ T10] cdc_mbim 6-1:1.0: bind() failure [ 320.529814][ T10] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71 [ 320.596951][ T10] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71 [ 320.610358][ T10] usbtest 6-1:1.1: probe with driver usbtest failed with error -71 [ 320.634585][ T10] usb 6-1: USB disconnect, device number 21 [ 320.971062][ T30] audit: type=1800 audit(1752615495.824:81): pid=8918 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.728" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 322.902462][ T8920] netlink: 15 bytes leftover after parsing attributes in process `syz.4.729'. [ 326.037025][ T30] audit: type=1800 audit(1752615500.894:82): pid=8969 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.741" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 328.799382][ T48] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 328.962320][ T48] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 329.054897][ T48] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 329.225111][ T48] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 329.339223][ T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.363402][ T48] usb 2-1: config 0 descriptor?? [ 330.233777][ T8985] FAULT_INJECTION: forcing a failure. [ 330.233777][ T8985] name failslab, interval 1, probability 0, space 0, times 0 [ 330.249600][ T8985] CPU: 0 UID: 0 PID: 8985 Comm: syz.3.747 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 330.249629][ T8985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 330.249651][ T8985] Call Trace: [ 330.249660][ T8985] [ 330.249668][ T8985] dump_stack_lvl+0x189/0x250 [ 330.249693][ T8985] ? __pfx____ratelimit+0x10/0x10 [ 330.249718][ T8985] ? __pfx_dump_stack_lvl+0x10/0x10 [ 330.249737][ T8985] ? __pfx__printk+0x10/0x10 [ 330.249765][ T8985] ? __pfx___might_resched+0x10/0x10 [ 330.249789][ T8985] should_fail_ex+0x414/0x560 [ 330.249818][ T8985] should_failslab+0xa8/0x100 [ 330.249845][ T8985] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 330.249869][ T8985] ? __alloc_skb+0x112/0x2d0 [ 330.249893][ T8985] __alloc_skb+0x112/0x2d0 [ 330.249916][ T8985] mac80211_hwsim_del_radio+0xad/0x460 [ 330.249942][ T8985] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 330.249975][ T8985] hwsim_del_radio_nl+0x54e/0x5a0 [ 330.250003][ T8985] genl_family_rcv_msg_doit+0x215/0x300 [ 330.250034][ T8985] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 330.250073][ T8985] ? bpf_lsm_capable+0x9/0x20 [ 330.250090][ T8985] ? security_capable+0x7e/0x2e0 [ 330.250116][ T8985] genl_rcv_msg+0x60e/0x790 [ 330.250147][ T8985] ? __pfx_genl_rcv_msg+0x10/0x10 [ 330.250169][ T8985] ? __pfx_hwsim_del_radio_nl+0x10/0x10 [ 330.250204][ T8985] netlink_rcv_skb+0x208/0x470 [ 330.250226][ T8985] ? __pfx_genl_rcv_msg+0x10/0x10 [ 330.250250][ T8985] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 330.250287][ T8985] ? down_read+0x1ad/0x2e0 [ 330.250307][ T8985] genl_rcv+0x28/0x40 [ 330.250327][ T8985] netlink_unicast+0x75c/0x8e0 [ 330.250362][ T8985] netlink_sendmsg+0x805/0xb30 [ 330.250398][ T8985] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.250427][ T8985] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 330.250449][ T8985] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.250470][ T8985] __sock_sendmsg+0x219/0x270 [ 330.250498][ T8985] ____sys_sendmsg+0x505/0x830 [ 330.250526][ T8985] ? __pfx_____sys_sendmsg+0x10/0x10 [ 330.250557][ T8985] ? import_iovec+0x74/0xa0 [ 330.250580][ T8985] ___sys_sendmsg+0x21f/0x2a0 [ 330.250604][ T8985] ? __pfx____sys_sendmsg+0x10/0x10 [ 330.250662][ T8985] ? __fget_files+0x2a/0x420 [ 330.250678][ T8985] ? __fget_files+0x3a0/0x420 [ 330.250705][ T8985] __x64_sys_sendmsg+0x19b/0x260 [ 330.250729][ T8985] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 330.250762][ T8985] ? __pfx_ksys_write+0x10/0x10 [ 330.250781][ T8985] ? rcu_is_watching+0x15/0xb0 [ 330.250805][ T8985] ? do_syscall_64+0xbe/0x3b0 [ 330.250826][ T8985] do_syscall_64+0xfa/0x3b0 [ 330.250844][ T8985] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.250860][ T8985] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 330.250876][ T8985] ? clear_bhb_loop+0x60/0xb0 [ 330.250897][ T8985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.250914][ T8985] RIP: 0033:0x7f950058e929 [ 330.250930][ T8985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.250944][ T8985] RSP: 002b:00007f9501478038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 330.250963][ T8985] RAX: ffffffffffffffda RBX: 00007f95007b5fa0 RCX: 00007f950058e929 [ 330.250976][ T8985] RDX: 0000000020000086 RSI: 0000200000000100 RDI: 0000000000000009 [ 330.250987][ T8985] RBP: 00007f9501478090 R08: 0000000000000000 R09: 0000000000000000 [ 330.250998][ T8985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 330.251008][ T8985] R13: 0000000000000000 R14: 00007f95007b5fa0 R15: 00007ffd95658418 [ 330.251039][ T8985] [ 331.149483][ T5953] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 331.227868][ T48] usb 2-1: string descriptor 0 read error: -71 [ 331.447838][ T9018] autofs: Unknown parameter '’Óô‡šÍÈ¢Ñ?³ôEú绣A¿ãsñw™Ó妵µÞ$‡g(`Ë bÃÆÃ~³NsO‘rÀqOsÓÅ塇èˆu½†¸ã' [ 331.483629][ T9018] block device autoloading is deprecated and will be removed. [ 331.512624][ T48] usb 2-1: USB disconnect, device number 9 [ 331.529671][ T5953] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 331.543282][ T5953] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 331.572088][ T5953] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 331.612383][ T5953] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.637798][ T5953] usb 6-1: Product: syz [ 331.712489][ T30] audit: type=1800 audit(1752615506.584:83): pid=9022 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.755" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 331.748613][ T5953] usb 6-1: Manufacturer: syz [ 331.766329][ T5953] usb 6-1: SerialNumber: syz [ 331.907755][ T5953] cdc_mbim 6-1:1.0: skipping garbage [ 332.489344][ T9037] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 333.109684][ T10] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 333.692278][ T5900] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 333.792410][ T10] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 333.813705][ T10] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 333.843839][ T9052] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 333.844282][ T10] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 333.894397][ T5900] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 333.923525][ T5900] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 333.942640][ T10] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 334.001355][ T10] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 334.005774][ T5953] cdc_mbim 6-1:1.0: bind() failure [ 334.034973][ T5953] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71 [ 334.041040][ T5900] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 334.043861][ T5953] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71 [ 334.113320][ T5900] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 334.131718][ T10] usb 5-1: config 0 interface 0 has no altsetting 0 [ 334.144509][ T5953] usbtest 6-1:1.1: probe with driver usbtest failed with error -71 [ 334.162699][ T10] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 334.178423][ T5900] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 334.189542][ T5953] usb 6-1: USB disconnect, device number 22 [ 334.192608][ T10] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 334.223058][ T5900] usb 2-1: config 0 interface 0 has no altsetting 0 [ 334.239665][ T10] usb 5-1: Product: syz [ 334.246783][ T10] usb 5-1: Manufacturer: syz [ 334.270557][ T5900] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 334.288354][ T10] usb 5-1: SerialNumber: syz [ 334.298427][ T5900] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 334.332871][ T10] usb 5-1: config 0 descriptor?? [ 334.344626][ T5900] usb 2-1: Product: syz [ 334.352277][ T9041] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 334.364952][ T5900] usb 2-1: Manufacturer: syz [ 334.373762][ T10] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 334.395295][ T5900] usb 2-1: SerialNumber: syz [ 334.427348][ T5900] usb 2-1: config 0 descriptor?? [ 334.433241][ T10] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 334.451181][ T9045] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 334.464006][ T5900] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 334.481833][ T5900] ldusb 2-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 334.626569][ T9041] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.758'. [ 334.645324][ T5900] usb 5-1: USB disconnect, device number 21 [ 334.657063][ T5900] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 334.680270][ T9045] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.760'. [ 334.691639][ T10] usb 2-1: USB disconnect, device number 10 [ 334.703719][ T10] ldusb 2-1:0.0: LD USB Device #1 now disconnected [ 335.010940][ T30] audit: type=1800 audit(1752615509.884:84): pid=9081 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.767" name="SYSV00000000" dev="tmpfs" ino=4 res=0 errno=0 [ 335.069625][ T5900] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 335.244902][ T5900] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 335.281596][ T5900] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 335.499744][ T5900] usb 4-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 335.525609][ T5953] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 335.538064][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.331752][ T9085] sp0: Synchronizing with TNC [ 336.521039][ T5900] usb 4-1: config 0 descriptor?? [ 336.839112][ T9094] binder: 9089:9094 ioctl 4018620d 0 returned -22 [ 336.859528][ T5953] usb 6-1: Using ep0 maxpacket: 32 [ 336.878828][ T5953] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 337.040627][ T9086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 337.107954][ T5953] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 337.119386][ T5953] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 337.130587][ T5953] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 337.143860][ T5953] usb 6-1: config 0 interface 0 has no altsetting 0 [ 337.383018][ T5953] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 337.397952][ T5953] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 337.406579][ T5900] usb 4-1: string descriptor 0 read error: -71 [ 337.423875][ T5953] usb 6-1: Product: syz [ 337.425109][ T5900] usb 4-1: USB disconnect, device number 16 [ 337.428070][ T5953] usb 6-1: Manufacturer: syz [ 337.428086][ T5953] usb 6-1: SerialNumber: syz [ 337.595444][ T5953] usb 6-1: config 0 descriptor?? [ 338.539367][ T5953] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 338.570374][ T5953] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 338.775766][ T5953] usb 6-1: USB disconnect, device number 23 [ 338.803663][ T5953] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 340.967511][ T5892] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 341.144247][ T5892] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 341.187100][ T5892] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 341.244663][ T5892] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 341.343018][ T5892] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 341.399271][ T5892] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 341.459659][ T5892] usb 4-1: config 0 interface 0 has no altsetting 0 [ 341.595163][ T5892] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 341.610833][ T9150] netlink: 24 bytes leftover after parsing attributes in process `syz.5.786'. [ 341.714316][ T30] audit: type=1326 audit(1752615516.334:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000 [ 341.756579][ T5892] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 342.138227][ T9159] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.787'. [ 342.149586][ T5892] usb 4-1: Product: syz [ 342.153796][ T5892] usb 4-1: Manufacturer: syz [ 342.158410][ T5892] usb 4-1: SerialNumber: syz [ 342.199734][ T30] audit: type=1326 audit(1752615516.504:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd46f78d290 code=0x7ffc0000 [ 342.263235][ T5892] usb 4-1: config 0 descriptor?? [ 342.281957][ T9131] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 342.306796][ T30] audit: type=1326 audit(1752615516.504:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000 [ 342.328145][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.347863][ T5892] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 342.431836][ T5892] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 342.598966][ T30] audit: type=1326 audit(1752615516.504:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000 [ 342.762122][ T30] audit: type=1326 audit(1752615516.504:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000 [ 342.785447][ T9165] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.781'. [ 342.801635][ C1] ldusb 4-1:0.0: usb_submit_urb failed (-1) [ 342.810186][ T5950] usb 4-1: USB disconnect, device number 17 [ 342.866854][ T5950] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 342.940180][ T30] audit: type=1326 audit(1752615516.504:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000 [ 343.516857][ T30] audit: type=1326 audit(1752615516.504:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000 [ 343.540790][ T30] audit: type=1326 audit(1752615516.504:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000 [ 343.948625][ T30] audit: type=1326 audit(1752615516.504:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9151 comm="syz.2.787" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd46f78e929 code=0x7ffc0000 [ 345.148548][ T9188] netlink: 'syz.2.796': attribute type 3 has an invalid length. [ 345.160861][ T9188] netlink: 'syz.2.796': attribute type 3 has an invalid length. [ 345.280169][ T9188] veth2: entered allmulticast mode [ 345.465174][ T30] audit: type=1800 audit(1752615520.324:94): pid=9196 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.798" name="SYSV00000000" dev="tmpfs" ino=5 res=0 errno=0 [ 347.669701][ T5900] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 347.776362][ T9236] hfsplus: unable to find HFS+ superblock [ 347.959937][ T5953] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 348.320544][ T9238] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 348.361481][ T5900] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 348.373326][ T5900] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 348.407285][ T5900] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 348.417047][ T30] audit: type=1800 audit(1752615523.264:95): pid=9240 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.816" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 348.441997][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.526699][ T5900] usb 2-1: Product: syz [ 348.532803][ T5900] usb 2-1: Manufacturer: syz [ 348.541453][ T5900] usb 2-1: SerialNumber: syz [ 348.557331][ T5900] cdc_mbim 2-1:1.0: skipping garbage [ 348.641375][ T5953] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 348.741794][ T5953] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 348.757877][ T5953] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 348.767503][ T5953] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.928213][ T5953] usb 4-1: Product: syz [ 348.934594][ T5953] usb 4-1: Manufacturer: syz [ 348.941958][ T5953] usb 4-1: SerialNumber: syz [ 349.750504][ T5953] cdc_mbim 4-1:1.0: skipping garbage [ 349.800249][ T9245] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 350.932686][ T9256] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 351.419033][ T5900] cdc_mbim 2-1:1.0: bind() failure [ 351.437590][ T5900] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 351.465335][ T5900] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 351.522846][ T5900] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 351.627036][ T5900] usb 2-1: USB disconnect, device number 11 [ 352.573132][ T5953] cdc_mbim 4-1:1.0: bind() failure [ 352.599544][ T5953] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 352.652079][ T5953] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 352.718803][ T5953] usbtest 4-1:1.1: probe with driver usbtest failed with error -71 [ 352.795922][ T5953] usb 4-1: USB disconnect, device number 18 [ 353.759664][ T9278] netlink: 256 bytes leftover after parsing attributes in process `syz.3.824'. [ 353.768650][ T9278] netlink: 72 bytes leftover after parsing attributes in process `syz.3.824'. [ 354.617764][ T30] audit: type=1800 audit(1752615529.484:96): pid=9288 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.827" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 356.559636][ T5900] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 357.070093][ T5900] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 357.102084][ T5900] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 357.128407][ T9309] netlink: 24 bytes leftover after parsing attributes in process `syz.4.834'. [ 357.141831][ T5900] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 357.160307][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.168350][ T5900] usb 2-1: Product: syz [ 357.177001][ T5900] usb 2-1: Manufacturer: syz [ 357.196856][ T5900] usb 2-1: SerialNumber: syz [ 357.247372][ T5900] cdc_mbim 2-1:1.0: skipping garbage [ 357.830129][ T9323] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 358.291687][ T9325] xt_socket: unknown flags 0x8 [ 358.931092][ T9331] tipc: New replicast peer: 255.255.255.255 [ 358.937533][ T9331] tipc: Enabled bearer , priority 10 [ 359.391170][ T5900] cdc_mbim 2-1:1.0: bind() failure [ 359.433563][ T5900] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 359.478641][ T5900] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 359.528774][ T5900] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 359.580146][ T5900] usb 2-1: USB disconnect, device number 12 [ 359.610210][ T5950] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 359.872750][ T5950] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 359.885259][ T5950] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 359.896848][ T5950] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 359.915312][ T5950] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 359.973442][ T5950] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 360.037313][ T5950] usb 5-1: config 0 interface 0 has no altsetting 0 [ 360.069722][ T30] audit: type=1800 audit(1752615534.904:97): pid=9350 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.847" name="SYSV00000000" dev="tmpfs" ino=6 res=0 errno=0 [ 360.114018][ T5950] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 361.229816][ T5950] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 361.238299][ T5950] usb 5-1: Product: syz [ 361.300072][ T5950] usb 5-1: Manufacturer: syz [ 361.304725][ T5950] usb 5-1: SerialNumber: syz [ 361.361401][ T5950] usb 5-1: config 0 descriptor?? [ 361.368076][ T9343] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 361.398246][ T5950] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 361.446558][ T5950] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 361.886282][ T9343] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.845'. [ 362.016620][ T5950] usb 5-1: USB disconnect, device number 22 [ 362.047216][ T5950] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 362.136324][ T9373] tipc: Started in network mode [ 362.143544][ T9373] tipc: Node identity ac14140f, cluster identity 4711 [ 362.153824][ T9373] tipc: New replicast peer: 255.255.255.255 [ 362.314173][ T9373] tipc: Enabled bearer , priority 10 [ 364.003020][ T24] tipc: Node number set to 2886997007 [ 364.567711][ T5900] IPVS: starting estimator thread 0... [ 364.682826][ T9380] IPVS: using max 25 ests per chain, 60000 per kthread [ 366.784499][ T9402] sock: sock_timestamping_bind_phc: sock not bind to device [ 367.549961][ T10] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 367.722234][ T121] usb 6-1: new full-speed USB device number 24 using dummy_hcd [ 368.588248][ T121] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 368.610362][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 368.649094][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.679568][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 368.684894][ T121] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 368.703631][ T10] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice= 0.00 [ 368.703660][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.706291][ T10] usb 5-1: config 0 descriptor?? [ 368.868277][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.1.871'. [ 368.878249][ T121] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 368.952677][ T121] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 369.009671][ T9428] tipc: Enabling of bearer rejected, already enabled [ 369.047053][ T121] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 369.141501][ T121] usb 6-1: config 0 interface 0 has no altsetting 0 [ 369.210924][ T121] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 369.728938][ T121] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 369.751932][ T121] usb 6-1: Product: syz [ 369.753818][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 369.756118][ T121] usb 6-1: Manufacturer: syz [ 369.766656][ T121] usb 6-1: SerialNumber: syz [ 369.774146][ T121] usb 6-1: config 0 descriptor?? [ 369.932939][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 369.991595][ T9418] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 370.035324][ T10] usb 5-1: USB disconnect, device number 23 [ 370.189969][ T121] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 370.427458][ T121] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 370.500121][ T10] usb 6-1: USB disconnect, device number 24 [ 370.518125][ T10] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 371.121709][ T9464] netlink: 200 bytes leftover after parsing attributes in process `syz.4.882'. [ 375.083800][ T9488] netlink: 108 bytes leftover after parsing attributes in process `syz.2.888'. [ 375.284414][ T5900] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 375.585038][ T5900] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 375.610776][ T5900] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 375.638132][ T5900] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 375.721099][ T5900] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 375.755181][ T5900] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 375.793238][ T5900] usb 4-1: config 0 interface 0 has no altsetting 0 [ 375.812565][ T5900] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 375.837271][ T5900] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 375.858196][ T5900] usb 4-1: Product: syz [ 375.870625][ T5900] usb 4-1: Manufacturer: syz [ 375.877792][ T5900] usb 4-1: SerialNumber: syz [ 375.902091][ T5900] usb 4-1: config 0 descriptor?? [ 375.918244][ T9487] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 375.934074][ T5900] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 376.019775][ T5950] usb 6-1: new full-speed USB device number 25 using dummy_hcd [ 376.050025][ T5900] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 376.136706][ T9487] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.889'. [ 376.222382][ T5900] usb 4-1: USB disconnect, device number 19 [ 376.240442][ T5900] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 376.306187][ T5950] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 376.368454][ T5950] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 376.556754][ T5950] usb 6-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 376.706411][ T5950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.040123][ T5950] usb 6-1: config 0 descriptor?? [ 377.349270][ T5953] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 377.666862][ T5953] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.693234][ T5953] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 377.749698][ T5953] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 377.749728][ T5953] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.749747][ T5953] usb 2-1: Product: syz [ 377.749761][ T5953] usb 2-1: Manufacturer: syz [ 377.749775][ T5953] usb 2-1: SerialNumber: syz [ 377.770891][ T5953] cdc_mbim 2-1:1.0: skipping garbage [ 378.712137][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.799418][ T9526] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 378.998916][ T5950] usb 6-1: string descriptor 0 read error: -71 [ 379.004186][ T5950] usb 6-1: USB disconnect, device number 25 [ 380.322084][ T5953] cdc_mbim 2-1:1.0: bind() failure [ 380.379197][ T5953] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 380.457470][ T5953] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 380.652344][ T5953] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 381.288700][ T5953] usb 2-1: USB disconnect, device number 13 [ 382.030368][ T5928] Bluetooth: Error in BCSP hdr checksum [ 382.205178][ T9560] 9pnet_fd: Insufficient options for proto=fd [ 382.620666][ T9074] Bluetooth: Error in BCSP hdr checksum [ 382.675103][ T9074] Bluetooth: Error in BCSP hdr checksum [ 382.932282][ T6388] Bluetooth: Error in BCSP hdr checksum [ 383.194257][ T6388] Bluetooth: Error in BCSP hdr checksum [ 384.110057][ T5853] Bluetooth: hci5: command 0x1003 tx timeout [ 384.116440][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 384.400780][ T30] audit: type=1326 audit(1752615559.254:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7fc00000 [ 384.422088][ C0] vkms_vblank_simulate: vblank timer overrun [ 384.518423][ T30] audit: type=1326 audit(1752615559.254:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd46f78e929 code=0x7fc00000 [ 384.539775][ C0] vkms_vblank_simulate: vblank timer overrun [ 384.583934][ T30] audit: type=1326 audit(1752615559.254:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7fc00000 [ 384.605338][ C0] vkms_vblank_simulate: vblank timer overrun [ 384.769267][ T30] audit: type=1326 audit(1752615559.254:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7fc00000 [ 384.820115][ T30] audit: type=1326 audit(1752615559.254:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7fc00000 [ 384.899251][ T30] audit: type=1326 audit(1752615559.254:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9572 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd46f78e929 code=0x7fc00000 [ 385.837309][ T9598] netlink: 24 bytes leftover after parsing attributes in process `syz.4.923'. [ 392.929649][ T5900] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 393.131681][ T5900] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 393.189653][ T5949] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 393.208302][ T5900] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 393.295858][ T5900] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 393.321114][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.343922][ T5900] usb 6-1: Product: syz [ 393.353498][ T5900] usb 6-1: Manufacturer: syz [ 393.362454][ T5900] usb 6-1: SerialNumber: syz [ 393.414477][ T5900] cdc_mbim 6-1:1.0: skipping garbage [ 393.424454][ T5949] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 393.450918][ T5949] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 393.487443][ T5949] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 393.535462][ T5949] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 393.556311][ T5949] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.582913][ T5949] usb 5-1: Product: syz [ 393.596239][ T5949] usb 5-1: Manufacturer: syz [ 393.859727][ T5949] usb 5-1: SerialNumber: syz [ 393.884654][ T5949] cdc_ncm 5-1:1.0: skipping garbage [ 393.890499][ T5949] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found [ 393.897339][ T5949] cdc_ncm 5-1:1.0: bind() failure [ 394.124884][ T9701] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 394.522866][ T5949] usb 5-1: USB disconnect, device number 24 [ 395.746631][ T5900] cdc_mbim 6-1:1.0: bind() failure [ 395.766118][ T5900] cdc_ncm 6-1:1.1: probe with driver cdc_ncm failed with error -71 [ 395.789723][ T5900] cdc_mbim 6-1:1.1: probe with driver cdc_mbim failed with error -71 [ 395.814739][ T5900] usbtest 6-1:1.1: probe with driver usbtest failed with error -71 [ 395.860177][ T5900] usb 6-1: USB disconnect, device number 26 [ 396.326280][ T9728] FAULT_INJECTION: forcing a failure. [ 396.326280][ T9728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 396.341123][ T9728] CPU: 1 UID: 0 PID: 9728 Comm: syz.4.946 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 396.341139][ T9728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 396.341148][ T9728] Call Trace: [ 396.341156][ T9728] [ 396.341160][ T9728] dump_stack_lvl+0x189/0x250 [ 396.341177][ T9728] ? __pfx____ratelimit+0x10/0x10 [ 396.341192][ T9728] ? __pfx_dump_stack_lvl+0x10/0x10 [ 396.341203][ T9728] ? __pfx__printk+0x10/0x10 [ 396.341214][ T9728] ? __might_fault+0xb0/0x130 [ 396.341234][ T9728] should_fail_ex+0x414/0x560 [ 396.341250][ T9728] _copy_from_user+0x2d/0xb0 [ 396.341262][ T9728] __sys_bpf+0x1ed/0x860 [ 396.341277][ T9728] ? __pfx___sys_bpf+0x10/0x10 [ 396.341296][ T9728] ? ksys_write+0x22a/0x250 [ 396.341310][ T9728] ? __pfx_ksys_write+0x10/0x10 [ 396.341321][ T9728] ? rcu_is_watching+0x15/0xb0 [ 396.341335][ T9728] __x64_sys_bpf+0x7c/0x90 [ 396.341348][ T9728] do_syscall_64+0xfa/0x3b0 [ 396.341357][ T9728] ? lockdep_hardirqs_on+0x9c/0x150 [ 396.341370][ T9728] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.341379][ T9728] ? clear_bhb_loop+0x60/0xb0 [ 396.341390][ T9728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.341400][ T9728] RIP: 0033:0x7f8441f8e929 [ 396.341409][ T9728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 396.341417][ T9728] RSP: 002b:00007f8442d6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 396.341429][ T9728] RAX: ffffffffffffffda RBX: 00007f84421b6080 RCX: 00007f8441f8e929 [ 396.341436][ T9728] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005 [ 396.341442][ T9728] RBP: 00007f8442d6b090 R08: 0000000000000000 R09: 0000000000000000 [ 396.341448][ T9728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 396.341454][ T9728] R13: 0000000000000000 R14: 00007f84421b6080 R15: 00007ffdef6bdcd8 [ 396.341469][ T9728] [ 396.531696][ C1] vkms_vblank_simulate: vblank timer overrun [ 402.639243][ T121] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 403.310194][ T121] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 403.321461][ T121] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 403.454550][ T121] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 403.469438][ T121] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.477461][ T121] usb 5-1: Product: syz [ 403.489251][ T121] usb 5-1: Manufacturer: syz [ 403.493877][ T121] usb 5-1: SerialNumber: syz [ 403.724638][ T30] audit: type=1800 audit(1752615578.564:104): pid=9781 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.962" name="/" dev="9p" ino=4611686018427387906 res=0 errno=0 [ 403.781221][ T121] cdc_mbim 5-1:1.0: skipping garbage [ 404.460771][ T9787] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 405.347161][ T9795] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 405.392803][ T9795] batadv_slave_0: entered promiscuous mode [ 405.439644][ T9795] batadv_slave_0: entered allmulticast mode [ 405.496695][ T9795] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 405.618486][ T9798] fuse: Unknown parameter '…roup_id' [ 405.755095][ T9795] net_ratelimit: 172 callbacks suppressed [ 405.755113][ T9795] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 406.030928][ T121] cdc_mbim 5-1:1.0: bind() failure [ 406.049254][ T121] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 406.061989][ T121] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 406.079522][ T121] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 406.123051][ T121] usb 5-1: USB disconnect, device number 25 [ 406.444830][ T9812] hfsplus: unable to find HFS+ superblock [ 410.239207][ T5892] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 410.450339][ T5892] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 410.679932][ T5892] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 410.711800][ T5892] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 410.721324][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.739238][ T5892] usb 2-1: Product: syz [ 410.743456][ T5892] usb 2-1: Manufacturer: syz [ 410.748069][ T5892] usb 2-1: SerialNumber: syz [ 410.759798][ T5892] cdc_mbim 2-1:1.0: skipping garbage [ 411.327056][ T9861] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 412.159899][ T9867] netlink: 4 bytes leftover after parsing attributes in process `syz.3.986'. [ 413.098403][ T5892] cdc_mbim 2-1:1.0: bind() failure [ 413.112878][ T5892] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 413.134335][ T5892] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 413.152510][ T5892] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 413.209896][ T5892] usb 2-1: USB disconnect, device number 14 [ 413.552395][ T30] audit: type=1800 audit(1752615588.424:105): pid=9882 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.990" name="SYSV00000000" dev="tmpfs" ino=7 res=0 errno=0 [ 417.822819][ T9904] Cannot find set identified by id 0 to match [ 418.178292][ T9912] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1002'. [ 420.990347][ T5892] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 421.000133][ T9935] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1008'. [ 421.239523][ T5892] usb 2-1: Using ep0 maxpacket: 8 [ 421.281454][ T5892] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 421.297847][ T5892] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83 [ 421.402109][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 421.402129][ T5892] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 421.404302][ T5892] usb 2-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e [ 421.404319][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.404330][ T5892] usb 2-1: Product: syz [ 421.404337][ T5892] usb 2-1: Manufacturer: syz [ 421.404345][ T5892] usb 2-1: SerialNumber: syz [ 421.406646][ T5892] usb 2-1: config 0 descriptor?? [ 421.430498][ T5892] input: iMON Panel, Knob and Mouse(15c2:003b) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input7 [ 422.829684][ T9952] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 422.829728][ T9952] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 422.829878][ T9952] vhci_hcd vhci_hcd.0: Device attached [ 423.099699][ T10] usb 36-1: SetAddress Request (6) to port 0 [ 423.099788][ T10] usb 36-1: new SuperSpeed USB device number 6 using vhci_hcd [ 424.051310][ T30] audit: type=1800 audit(1752615598.874:106): pid=9967 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1017" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 424.896208][ T9953] vhci_hcd: connection reset by peer [ 424.896642][ T9074] vhci_hcd: stop threads [ 424.896659][ T9074] vhci_hcd: release socket [ 424.897706][ T9074] vhci_hcd: disconnect device [ 425.002977][ T5892] imon:send_packet: packet tx failed (-71) [ 425.017192][ T9969] trusted_key: encrypted_key: insufficient parameters specified [ 425.019600][ T5892] imon 2-1:0.0: panel buttons/knobs setup failed [ 425.112220][ T5892] rc_core: IR keymap rc-imon-pad not found [ 425.112239][ T5892] Registered IR keymap rc-empty [ 425.112428][ T5892] imon 2-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 425.112445][ T5892] imon 2-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 425.117513][ T5892] imon:send_packet: packet tx failed (-71) [ 425.131573][ T5892] imon 2-1:0.0: remote input dev register failed [ 425.132017][ T5892] imon 2-1:0.0: imon_init_intf0: rc device setup failed [ 425.620990][ T5892] imon 2-1:0.0: unable to initialize intf0, err 0 [ 425.627462][ T5892] imon:imon_probe: failed to initialize context! [ 425.634684][ T5892] imon 2-1:0.0: unable to register, err -19 [ 425.801119][ T5892] usb 2-1: USB disconnect, device number 15 [ 427.277699][ T5892] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 427.430670][T10004] libceph: resolve '. [ 427.430670][T10004] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 427.430670][T10004] ' (ret=-3): failed [ 427.633738][ T5892] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.10 [ 427.633769][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.633787][ T5892] usb 4-1: Product: syz [ 427.633802][ T5892] usb 4-1: Manufacturer: syz [ 427.633815][ T5892] usb 4-1: SerialNumber: syz [ 427.636858][ T5892] usb 4-1: config 0 descriptor?? [ 427.660646][ T5892] go7007 4-1:0.0: probe with driver go7007 failed with error -12 [ 427.847891][ T5892] usb 4-1: USB disconnect, device number 20 [ 428.289249][ T10] usb 36-1: device descriptor read/8, error -110 [ 428.940590][ T10] usb usb36-port1: attempt power cycle [ 429.405771][T10040] hfsplus: unable to find HFS+ superblock [ 429.761515][T10042] hfsplus: unable to find HFS+ superblock [ 430.210997][ T10] usb usb36-port1: unable to enumerate USB device [ 430.656873][ T77] Bluetooth: Error in BCSP hdr checksum [ 430.844219][T10052] binder: 10050:10052 unknown command 0 [ 430.859782][T10052] binder: 10050:10052 ioctl c0306201 200000000080 returned -22 [ 430.891289][T10052] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1043'. [ 432.419736][ T5853] Bluetooth: hci5: command 0x1003 tx timeout [ 432.424040][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 433.149485][T10080] hfsplus: unable to find HFS+ superblock [ 436.136044][ T30] audit: type=1800 audit(1752615611.004:107): pid=10128 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1070" name="SYSV00000000" dev="tmpfs" ino=8 res=0 errno=0 [ 436.219802][ T48] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 436.434180][ T48] usb 5-1: config 0 has an invalid interface number: 156 but max is 0 [ 436.542443][ T48] usb 5-1: config 0 has no interface number 0 [ 436.590368][ T48] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 436.698164][ T48] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.867224][ T48] usb 5-1: config 0 descriptor?? [ 437.004597][ T48] gspca_main: spca561-2.14.0 probing abcd:cdee [ 437.513724][T10142] netlink: 'syz.5.1076': attribute type 1 has an invalid length. [ 437.543125][T10142] netlink: 228 bytes leftover after parsing attributes in process `syz.5.1076'. [ 437.599620][ T48] spca561 5-1:0.156: probe with driver spca561 failed with error -22 [ 437.620343][ T48] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 437.659332][ T48] usb 5-1: MIDIStreaming interface descriptor not found [ 437.847087][ T48] usb 5-1: USB disconnect, device number 26 [ 438.063778][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 438.615307][T10160] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1080'. [ 440.337558][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.828098][T10172] hfsplus: unable to find HFS+ superblock [ 440.839678][ T48] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 441.517176][ T48] usb 6-1: unable to get BOS descriptor or descriptor too short [ 441.540052][ T30] audit: type=1800 audit(1752615616.404:108): pid=10175 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.1084" name="SYSV00000000" dev="tmpfs" ino=8 res=0 errno=0 [ 441.598667][ T48] usb 6-1: not running at top speed; connect to a high speed hub [ 441.662114][ T48] usb 6-1: config 1 interface 0 has no altsetting 0 [ 441.721971][ T48] usb 6-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40 [ 441.796715][ T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.854396][ T48] usb 6-1: Product: syz [ 441.882479][ T48] usb 6-1: Manufacturer: syz [ 441.908352][ T48] usb 6-1: SerialNumber: syz [ 442.608352][ T48] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input10 [ 442.632162][ T5188] bcm5974 6-1:1.0: could not read from device [ 443.263471][ T5188] bcm5974 6-1:1.0: could not read from device [ 443.727072][ T5188] bcm5974 6-1:1.0: could not read from device [ 443.730008][ T48] usb 6-1: USB disconnect, device number 27 [ 444.625936][ T5960] bcm5974 6-1:1.0: could not read from device [ 445.390510][T10211] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1095'. [ 446.096380][T10224] hfsplus: unable to find HFS+ superblock [ 446.598928][ T10] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 446.772554][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 446.795947][ T10] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 446.816203][ T10] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 446.826956][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.867560][ T10] usb 2-1: config 0 descriptor?? [ 448.591383][ T10] usb 2-1: string descriptor 0 read error: -71 [ 448.606077][ T10] usb 2-1: USB disconnect, device number 16 [ 449.190464][ T5899] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 449.472806][ T5899] usb 6-1: Using ep0 maxpacket: 8 [ 449.663639][ T5899] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 449.789602][ T5899] usb 6-1: config 1 has no interface number 1 [ 449.796347][ T5899] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 449.859749][ T10] usb 5-1: new full-speed USB device number 27 using dummy_hcd [ 449.875254][ T5899] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 449.889633][ T5899] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.907864][ T5899] usb 6-1: Product: syz [ 449.922731][ T5899] usb 6-1: Manufacturer: syz [ 449.938462][ T5899] usb 6-1: SerialNumber: syz [ 450.027239][ T10] usb 5-1: config 0 has an invalid interface number: 151 but max is 0 [ 450.055456][ T10] usb 5-1: config 0 has no interface number 0 [ 450.069738][ T24] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 450.099749][ T10] usb 5-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 450.171415][ T5899] usb 6-1: 2:1 : format type 0 is detected, processed as PCM [ 450.186079][ T10] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 450.214975][ T5899] usb 6-1: 2:1 : sample bitwidth 243 in over sample bytes 3 [ 450.228560][ T5899] usb 6-1: 2:1 : invalid channels 0 [ 450.239322][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 450.241142][ T10] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 450.267232][ T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 450.270325][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.300312][ T5899] usb 6-1: USB disconnect, device number 28 [ 450.317513][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 97, changing to 10 [ 450.349803][ T10] usb 5-1: Product: syz [ 450.349971][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 24929, setting to 1024 [ 450.365290][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 450.366054][ T10] usb 5-1: Manufacturer: syz [ 450.397400][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.428721][ T10] usb 5-1: SerialNumber: syz [ 450.432409][ T5885] udevd[5885]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 450.461481][ T24] usb 4-1: config 0 descriptor?? [ 450.475508][ T10] usb 5-1: config 0 descriptor?? [ 450.481794][ T24] hub 4-1:0.0: USB hub found [ 450.487660][T10263] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 450.504468][T10275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1118'. [ 451.007194][ T24] hub 4-1:0.0: 2 ports detected [ 452.710157][ T10] usb 5-1: USB disconnect, device number 27 [ 452.796243][ T24] usb 4-1: USB disconnect, device number 21 [ 452.835366][ T5885] udevd[5885]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 453.153638][ T5892] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 453.435600][ T5892] usb 6-1: Using ep0 maxpacket: 16 [ 453.585044][ T5892] usb 6-1: config 0 has an invalid interface number: 79 but max is 0 [ 453.614224][ T5892] usb 6-1: config 0 has no interface number 0 [ 453.629644][ T5949] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 453.637793][ T5892] usb 6-1: New USB device found, idVendor=10fd, idProduct=0513, bcdDevice=b6.d6 [ 453.667552][ T5892] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.714876][ T5892] usb 6-1: Product: syz [ 453.747299][ T5892] usb 6-1: Manufacturer: syz [ 453.761963][ T5892] usb 6-1: SerialNumber: syz [ 453.785336][ T5949] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 453.817293][ T5949] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 453.827983][ T5892] usb 6-1: config 0 descriptor?? [ 453.889910][ T5949] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 453.922855][ T5949] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.960092][ T5949] usb 2-1: config 0 descriptor?? [ 454.095937][ T5899] usb 6-1: USB disconnect, device number 29 [ 456.522754][ T5892] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 456.631048][ T5949] usb 2-1: string descriptor 0 read error: -71 [ 456.638972][ T5949] usb 2-1: USB disconnect, device number 17 [ 457.371707][ T5892] usb 4-1: device not accepting address 22, error -71 [ 457.417346][T10333] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1134'. [ 460.133825][T10365] syzkaller0: entered promiscuous mode [ 460.167200][T10365] syzkaller0: entered allmulticast mode [ 461.239899][ T5900] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 461.749844][ T5900] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 461.777088][T10380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1148'. [ 461.805688][ T5900] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 461.824823][ T5900] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 461.849715][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.888861][ T5900] usb 2-1: config 0 descriptor?? [ 462.742889][ T24] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 463.777339][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.806802][ T24] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 463.823739][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 463.834256][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.846444][ T24] usb 4-1: Product: syz [ 463.850796][ T24] usb 4-1: Manufacturer: syz [ 463.857439][ T24] usb 4-1: SerialNumber: syz [ 463.898376][ T24] cdc_mbim 4-1:1.0: skipping garbage [ 465.034422][ T5900] usb 2-1: string descriptor 0 read error: -71 [ 465.049862][ T5900] usb 2-1: USB disconnect, device number 18 [ 465.262688][ T30] audit: type=1800 audit(1752615640.124:109): pid=10410 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1156" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0 [ 465.413729][ T30] audit: type=1800 audit(1752615640.284:110): pid=10413 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1158" name="nullb0" dev="tmpfs" ino=936 res=0 errno=0 [ 466.592380][T10418] Invalid source name [ 466.596411][T10418] UBIFS error (pid: 10418): cannot open "./file0", error -22 [ 466.607461][ T24] cdc_mbim 4-1:1.0: bind() failure [ 466.638512][ T24] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 466.645470][ T24] cdc_ncm 4-1:1.1: bind() failure [ 466.771816][ T24] usb 4-1: USB disconnect, device number 24 [ 466.805247][T10424] Bluetooth: MGMT ver 1.23 [ 467.088227][T10430] overlayfs: failed to clone upperpath [ 467.429550][ T24] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 467.511054][T10436] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1165'. [ 467.628760][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 467.669939][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 467.725215][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 467.766340][ T24] usb 4-1: New USB device found, idVendor=1949, idProduct=85a5, bcdDevice=a3.3a [ 467.790876][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.826902][ T30] audit: type=1800 audit(1752615642.674:111): pid=10442 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1168" name="SYSV00000000" dev="tmpfs" ino=10 res=0 errno=0 [ 467.873585][ T24] usb 4-1: Product: syz [ 467.878704][ T24] usb 4-1: Manufacturer: syz [ 467.894588][ T24] usb 4-1: SerialNumber: syz [ 467.954064][ T24] usb 4-1: config 0 descriptor?? [ 470.191426][ T5892] usb 4-1: USB disconnect, device number 25 [ 470.249641][ T5950] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 470.552713][ T5950] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.564452][ T5950] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 470.589835][ T5950] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 470.603214][ T5950] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.645415][ T5950] usb 6-1: Product: syz [ 470.651206][ T5950] usb 6-1: Manufacturer: syz [ 470.656498][ T5950] usb 6-1: SerialNumber: syz [ 470.681931][ T5950] cdc_mbim 6-1:1.0: skipping garbage [ 472.128222][T10472] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1176'. [ 473.196735][ T5950] cdc_mbim 6-1:1.0: bind() failure [ 473.220460][ T5950] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 473.233494][ T5950] cdc_ncm 6-1:1.1: bind() failure [ 473.558316][T10484] loop2: detected capacity change from 0 to 7 [ 473.617440][ T30] audit: type=1800 audit(1752615648.464:112): pid=10487 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1179" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0 [ 474.217173][ T5950] usb 6-1: USB disconnect, device number 30 [ 474.269793][ T5960] Dev loop2: unable to read RDB block 7 [ 474.313110][ T5960] loop2: unable to read partition table [ 474.332955][ T5960] loop2: partition table beyond EOD, truncated [ 474.617780][T10502] evm: overlay not supported [ 475.529306][ T5900] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 476.022659][ T5900] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 476.044004][T10520] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 476.069914][ T5900] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 476.096521][ T5900] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 476.106843][ T5900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 476.153614][ T5900] usb 4-1: SerialNumber: syz [ 476.553808][T10532] netlink: 'syz.4.1197': attribute type 5 has an invalid length. [ 476.676708][ T5900] usb 4-1: 0:2 : does not exist [ 476.697012][ T5900] usb 4-1: unit 5 not found! [ 476.698323][ T30] audit: type=1800 audit(1752615651.564:113): pid=10535 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1196" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0 [ 477.057259][ T5900] usb 4-1: USB disconnect, device number 26 [ 477.097824][T10538] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1198'. [ 477.285975][T10542] netlink: 'syz.1.1198': attribute type 5 has an invalid length. [ 477.685406][T10541] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1199'. [ 478.653633][T10556] FAULT_INJECTION: forcing a failure. [ 478.653633][T10556] name failslab, interval 1, probability 0, space 0, times 0 [ 478.670842][T10556] CPU: 1 UID: 0 PID: 10556 Comm: syz.4.1203 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 478.670867][T10556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 478.670877][T10556] Call Trace: [ 478.670884][T10556] [ 478.670893][T10556] dump_stack_lvl+0x189/0x250 [ 478.670918][T10556] ? __pfx____ratelimit+0x10/0x10 [ 478.670943][T10556] ? __pfx_dump_stack_lvl+0x10/0x10 [ 478.670961][T10556] ? __pfx__printk+0x10/0x10 [ 478.670989][T10556] ? __pfx___might_resched+0x10/0x10 [ 478.671007][T10556] ? fs_reclaim_acquire+0x7d/0x100 [ 478.671030][T10556] should_fail_ex+0x414/0x560 [ 478.671057][T10556] should_failslab+0xa8/0x100 [ 478.671082][T10556] __kmalloc_noprof+0xcb/0x4f0 [ 478.671103][T10556] ? __cgroup_bpf_run_filter_setsockopt+0x224/0xc70 [ 478.671131][T10556] __cgroup_bpf_run_filter_setsockopt+0x224/0xc70 [ 478.671158][T10556] ? vfs_write+0x8d8/0xa90 [ 478.671184][T10556] ? __pfx___cgroup_bpf_run_filter_setsockopt+0x10/0x10 [ 478.671233][T10556] do_sock_setsockopt+0x37a/0x3e0 [ 478.671259][T10556] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 478.671284][T10556] ? __fget_files+0x2a/0x420 [ 478.671308][T10556] __x64_sys_setsockopt+0x18b/0x220 [ 478.671334][T10556] do_syscall_64+0xfa/0x3b0 [ 478.671349][T10556] ? lockdep_hardirqs_on+0x9c/0x150 [ 478.671369][T10556] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.671385][T10556] ? clear_bhb_loop+0x60/0xb0 [ 478.671404][T10556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.671421][T10556] RIP: 0033:0x7f8441f8e929 [ 478.671436][T10556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.671447][T10556] RSP: 002b:00007f8442d8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 478.671464][T10556] RAX: ffffffffffffffda RBX: 00007f84421b5fa0 RCX: 00007f8441f8e929 [ 478.671476][T10556] RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000006 [ 478.671485][T10556] RBP: 00007f8442d8c090 R08: 0000000000000090 R09: 0000000000000000 [ 478.671497][T10556] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 478.671507][T10556] R13: 0000000000000000 R14: 00007f84421b5fa0 R15: 00007ffdef6bdcd8 [ 478.671535][T10556] [ 480.118568][ T5892] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 480.392943][ T5892] usb 5-1: Using ep0 maxpacket: 32 [ 480.420353][ T5892] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 480.472300][ T5892] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 480.509563][ T5892] usb 5-1: can't read configurations, error -61 [ 480.740651][ T30] audit: type=1800 audit(1752615655.604:114): pid=10577 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1209" name="SYSV00000000" dev="tmpfs" ino=11 res=0 errno=0 [ 480.809298][ T5892] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 483.699449][ T5892] usb usb5-port1: attempt power cycle [ 485.565197][T10619] FAULT_INJECTION: forcing a failure. [ 485.565197][T10619] name failslab, interval 1, probability 0, space 0, times 0 [ 485.608218][ T5892] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 485.641009][T10619] CPU: 0 UID: 0 PID: 10619 Comm: syz.3.1223 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 485.641036][T10619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 485.641046][T10619] Call Trace: [ 485.641054][T10619] [ 485.641062][T10619] dump_stack_lvl+0x189/0x250 [ 485.641086][T10619] ? __pfx____ratelimit+0x10/0x10 [ 485.641110][T10619] ? __pfx_dump_stack_lvl+0x10/0x10 [ 485.641128][T10619] ? __pfx__printk+0x10/0x10 [ 485.641154][T10619] ? __pfx___might_resched+0x10/0x10 [ 485.641176][T10619] should_fail_ex+0x414/0x560 [ 485.641204][T10619] should_failslab+0xa8/0x100 [ 485.641229][T10619] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 485.641252][T10619] ? __alloc_skb+0x112/0x2d0 [ 485.641276][T10619] __alloc_skb+0x112/0x2d0 [ 485.641297][T10619] netlink_sendmsg+0x5c6/0xb30 [ 485.641326][T10619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.641361][T10619] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 485.641383][T10619] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.641403][T10619] __sock_sendmsg+0x219/0x270 [ 485.641430][T10619] ____sys_sendmsg+0x505/0x830 [ 485.641456][T10619] ? __pfx_____sys_sendmsg+0x10/0x10 [ 485.641485][T10619] ? import_iovec+0x74/0xa0 [ 485.641508][T10619] ___sys_sendmsg+0x21f/0x2a0 [ 485.641532][T10619] ? __pfx____sys_sendmsg+0x10/0x10 [ 485.641586][T10619] ? __fget_files+0x2a/0x420 [ 485.641601][T10619] ? __fget_files+0x3a0/0x420 [ 485.641626][T10619] __x64_sys_sendmsg+0x19b/0x260 [ 485.641650][T10619] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 485.641680][T10619] ? __pfx_ksys_write+0x10/0x10 [ 485.641700][T10619] ? rcu_is_watching+0x15/0xb0 [ 485.641722][T10619] ? do_syscall_64+0xbe/0x3b0 [ 485.641743][T10619] do_syscall_64+0xfa/0x3b0 [ 485.641758][T10619] ? lockdep_hardirqs_on+0x9c/0x150 [ 485.641780][T10619] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.641796][T10619] ? clear_bhb_loop+0x60/0xb0 [ 485.641817][T10619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.641821][ T5892] usb 5-1: config 0 has an invalid interface number: 93 but max is 0 [ 485.641833][T10619] RIP: 0033:0x7f950058e929 [ 485.641849][T10619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.641861][T10619] RSP: 002b:00007f9501478038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 485.641876][T10619] RAX: ffffffffffffffda RBX: 00007f95007b5fa0 RCX: 00007f950058e929 [ 485.641887][T10619] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 485.641897][T10619] RBP: 00007f9501478090 R08: 0000000000000000 R09: 0000000000000000 [ 485.641907][T10619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 485.641917][T10619] R13: 0000000000000000 R14: 00007f95007b5fa0 R15: 00007ffd95658418 [ 485.641945][T10619] [ 486.038730][ T5892] usb 5-1: config 0 has no interface number 0 [ 486.051822][ T5892] usb 5-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65 [ 486.064167][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.073336][ T5892] usb 5-1: Product: syz [ 486.077594][ T5892] usb 5-1: Manufacturer: syz [ 486.082305][ T5892] usb 5-1: SerialNumber: syz [ 486.100859][ T5892] usb 5-1: config 0 descriptor?? [ 486.329500][ T48] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 486.502492][ T48] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 486.532581][ T48] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 486.558798][ T48] usb 4-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 486.579348][ T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.614659][ T48] usb 4-1: config 0 descriptor?? [ 487.372644][ T5892] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in cold state, will try to load a firmware [ 487.520606][ T5892] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 487.528742][ T5892] dib0700: firmware download failed at 7 with -22 [ 487.604394][ T5892] usb 5-1: USB disconnect, device number 30 [ 487.737113][T10663] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 491.932485][ T48] usb 4-1: string descriptor 0 read error: -32 [ 493.387112][T10684] fuse: Bad value for 'fd' [ 495.042827][T10694] MTD: Couldn't look up './file1': -15 [ 495.639653][ T5892] usb 4-1: USB disconnect, device number 27 [ 495.836610][T10709] Bluetooth: Invalid byte 02 after esc byte [ 496.958334][T10717] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1252'. [ 497.393773][ T5900] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 497.731240][ T5900] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 497.759800][ T5900] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 497.791198][ T5900] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 497.814570][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 497.839570][ T5900] usb 2-1: Product: syz [ 497.843786][ T5900] usb 2-1: Manufacturer: syz [ 497.854496][ T5900] usb 2-1: SerialNumber: syz [ 497.859988][ T5852] Bluetooth: hci5: command 0x1003 tx timeout [ 497.866395][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 497.918292][ T5900] cdc_mbim 2-1:1.0: skipping garbage [ 499.599630][T10744] syzkaller0: entered promiscuous mode [ 499.611085][T10744] syzkaller0: entered allmulticast mode [ 500.141149][ T5900] cdc_mbim 2-1:1.0: bind() failure [ 500.380747][ T5900] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 500.401811][ T5900] cdc_ncm 2-1:1.1: bind() failure [ 500.499509][ T5900] usb 2-1: USB disconnect, device number 19 [ 501.992225][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.736236][T10768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1265'. [ 502.862785][ T9073] Bluetooth: Error in BCSP hdr checksum [ 502.926796][T10780] 9pnet_fd: Insufficient options for proto=fd [ 503.034317][T10778] Bluetooth: Invalid byte 02 after esc byte [ 504.464370][T10793] bridge_slave_0: left allmulticast mode [ 504.499922][T10793] bridge0: port 1(bridge_slave_0) entered disabled state [ 504.919318][ T5852] Bluetooth: hci5: command 0x1003 tx timeout [ 504.921444][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 507.194821][T10814] syzkaller0: entered promiscuous mode [ 507.287085][T10814] syzkaller0: entered allmulticast mode [ 509.899594][ T5900] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 510.069683][ T5900] usb 4-1: Using ep0 maxpacket: 32 [ 510.087022][ T5900] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 510.178798][ T5900] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 510.213553][ T5900] usb 4-1: config 0 interface 0 has no altsetting 0 [ 510.275830][ T5900] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 510.331879][ T5900] usb 4-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 510.378758][ T5900] usb 4-1: Product: syz [ 510.386730][ T5900] usb 4-1: Manufacturer: syz [ 510.462376][ T5900] usb 4-1: SerialNumber: syz [ 510.719608][ T5900] usb 4-1: config 0 descriptor?? [ 510.979765][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 510.980075][T10827] Bluetooth: hci5: command 0x1003 tx timeout [ 511.297667][ T5900] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 511.559546][ T5950] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 511.982744][ T5900] gs_usb 4-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 513.950813][ T5900] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -22 [ 513.979224][ T5900] usb 4-1: USB disconnect, device number 28 [ 513.993590][ T5950] usb 6-1: Using ep0 maxpacket: 16 [ 514.035061][ T5950] usb 6-1: config 0 interface 0 has no altsetting 0 [ 514.056889][ T5950] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 514.094931][T10869] IPVS: set_ctl: invalid protocol: 135 127.0.0.1:20000 [ 514.120981][ T5950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.299817][ T5950] usb 6-1: config 0 descriptor?? [ 514.329549][ T5950] usb 6-1: can't set config #0, error -71 [ 514.910138][ T5950] usb 6-1: USB disconnect, device number 31 [ 515.446343][T10881] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1301'. [ 517.103014][T10885] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1303'. [ 519.150485][ T5950] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 520.401501][ T5950] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 520.436533][ T5950] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 520.449387][ T5950] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 520.465602][ T5950] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 520.481767][ T5950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.501114][ T5950] usb 5-1: Product: syz [ 520.505322][ T5950] usb 5-1: Manufacturer: syz [ 520.510782][ T5950] usb 5-1: SerialNumber: syz [ 520.530233][ T5950] usb 5-1: config 0 descriptor?? [ 520.536203][T10916] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 520.639691][T10916] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 520.757796][ T5950] usb 5-1: ucan: probing device on interface #0 [ 521.778502][ T5950] usb 5-1: ucan: device reported invalid device info [ 521.785724][ T5950] usb 5-1: ucan: probe failed; try to update the device firmware [ 522.066913][T10952] ipt_REJECT: ECHOREPLY no longer supported. [ 522.415401][T10957] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1322'. [ 522.453662][T10957] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1322'. [ 524.180223][ T5900] usb 5-1: USB disconnect, device number 31 [ 526.516694][T11004] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1334'. [ 526.553666][T11004] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1334'. [ 526.594821][T11004] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1334'. [ 526.604066][T11007] xt_CT: You must specify a L4 protocol and not use inversions on it [ 527.771979][T11025] netlink: 'syz.1.1336': attribute type 1 has an invalid length. [ 527.781455][T11025] netlink: 'syz.1.1336': attribute type 1 has an invalid length. [ 527.825072][T11025] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.65538) [ 529.188138][T11037] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1339'. [ 529.197969][ T5914] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 529.270086][T11037] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1339'. [ 529.312327][T11037] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1339'. [ 529.360023][T11037] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1339'. [ 529.389228][ T5914] usb 2-1: Using ep0 maxpacket: 16 [ 529.400674][ T5914] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 529.434508][ T5914] usb 2-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82 [ 529.444235][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.456886][ T5914] usb 2-1: Product: syz [ 529.475792][ T5914] usb 2-1: Manufacturer: syz [ 529.499251][ T5914] usb 2-1: SerialNumber: syz [ 529.523299][ T5914] usb 2-1: config 0 descriptor?? [ 529.545453][ T5914] kobil_sct 2-1:0.0: required endpoints missing [ 529.649627][ T5949] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 529.836418][ T5949] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 529.875976][ T5949] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 529.993200][ T5949] usb 4-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 530.047392][ T5949] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.087029][ T5949] usb 4-1: config 0 descriptor?? [ 531.096323][ T5949] uclogic 0003:5543:0522.0005: item fetching failed at offset 10/11 [ 531.120324][ T5949] uclogic 0003:5543:0522.0005: parse failed [ 531.126360][ T5949] uclogic 0003:5543:0522.0005: probe with driver uclogic failed with error -22 [ 531.291733][T11069] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1346'. [ 531.899840][ T121] usb 2-1: USB disconnect, device number 20 [ 532.455128][ T5900] usb 4-1: USB disconnect, device number 29 [ 532.517364][ T121] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 532.570677][ T5949] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 532.646079][T11081] netlink: 40 bytes leftover after parsing attributes in process `+}[@'. [ 532.691571][T11081] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.719228][ T121] usb 2-1: Using ep0 maxpacket: 16 [ 532.730943][ T5949] usb 5-1: device descriptor read/64, error -71 [ 532.732456][ T121] usb 2-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice= 0.03 [ 532.771814][ T121] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 532.789859][ T121] usb 2-1: SerialNumber: syz [ 532.840242][ T121] usb 2-1: config 0 descriptor?? [ 533.385138][ T5949] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 533.468184][ T30] audit: type=1326 audit(1752615715.314:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000 [ 533.641957][ T5949] usb 5-1: device descriptor read/64, error -71 [ 533.697646][ T30] audit: type=1326 audit(1752615715.314:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000 [ 533.771510][ T5949] usb usb5-port1: attempt power cycle [ 533.866112][ T30] audit: type=1326 audit(1752615715.314:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f945b98e929 code=0x7ffc0000 [ 534.077527][ T30] audit: type=1326 audit(1752615715.314:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000 [ 534.100410][ T30] audit: type=1326 audit(1752615715.314:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000 [ 534.122977][ T30] audit: type=1326 audit(1752615715.314:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f945b98e929 code=0x7ffc0000 [ 534.146460][ T5949] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 534.154547][ T5950] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 534.385237][ T30] audit: type=1326 audit(1752615715.314:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000 [ 534.409662][ T5949] usb 5-1: device descriptor read/8, error -71 [ 534.417542][ T30] audit: type=1326 audit(1752615715.314:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f945b98e929 code=0x7ffc0000 [ 534.450921][ T30] audit: type=1326 audit(1752615715.314:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000 [ 534.475816][ T121] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 534.502420][ T30] audit: type=1326 audit(1752615715.314:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11089 comm="syz.1.1351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f945b98e929 code=0x7ffc0000 [ 534.544434][ T121] usb 2-1: Detected SIO [ 534.550091][ T5950] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 534.559046][ T121] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 534.569656][ T5950] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 534.584980][ T121] usb 2-1: USB disconnect, device number 21 [ 534.596868][ T5950] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 534.621916][ T121] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 534.630290][ T5950] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 534.649818][ T5949] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 534.670982][ T5950] usb 6-1: Product: syz [ 534.676000][ T5950] usb 6-1: Manufacturer: syz [ 534.687610][ T5950] usb 6-1: SerialNumber: syz [ 534.694007][ T5949] usb 5-1: device descriptor read/8, error -71 [ 534.813031][ T5949] usb usb5-port1: unable to enumerate USB device [ 534.851860][ T5950] cdc_mbim 6-1:1.0: skipping garbage [ 534.858813][ T121] ftdi_sio 2-1:0.0: device disconnected [ 536.154531][T11125] sock: sock_timestamping_bind_phc: sock not bind to device [ 537.015129][ T5950] cdc_mbim 6-1:1.0: bind() failure [ 537.022940][ T5950] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found [ 537.069687][ T5950] cdc_ncm 6-1:1.1: bind() failure [ 537.168294][ T5950] usb 6-1: USB disconnect, device number 32 [ 537.551869][T11145] 9pnet_fd: Insufficient options for proto=fd [ 537.917543][T11152] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1371'. [ 537.928854][T11152] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1371'. [ 537.961392][T11156] tipc: Enabled bearer , priority 0 [ 538.003849][T11156] tipc: Resetting bearer [ 538.031431][T11155] tipc: Disabling bearer [ 539.106585][T11173] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1380'. [ 542.314665][T11195] bond_slave_1: entered promiscuous mode [ 542.321839][T11195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1384'. [ 542.844995][T11195] bond0: (slave bond_slave_1): Releasing backup interface [ 542.959719][T11199] tipc: Enabled bearer , priority 0 [ 543.103731][T11202] tipc: Resetting bearer [ 543.174765][T11207] bond_slave_1: entered promiscuous mode [ 543.183787][T11207] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1387'. [ 543.336539][T11207] bond0: (slave bond_slave_1): Releasing backup interface [ 543.352639][T11207] bond_slave_1 (unregistering): left promiscuous mode [ 543.566626][T11198] tipc: Disabling bearer [ 544.743734][T11228] fuse: Bad value for 'fd' [ 545.173204][T11245] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1401'. [ 548.498992][T11276] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1408'. [ 550.702577][T11300] IPVS: Scheduler module ip_vs_sip not found [ 552.122091][T11328] netlink: 420 bytes leftover after parsing attributes in process `syz.3.1425'. [ 552.179521][T11328] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1425'. [ 554.995926][ T5949] usb 6-1: new full-speed USB device number 33 using dummy_hcd [ 555.004263][ T5900] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 555.169853][ T5900] usb 4-1: Using ep0 maxpacket: 32 [ 555.608554][ T5949] usb 6-1: config 54 has an invalid interface number: 154 but max is 0 [ 555.621811][ T5900] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 555.644003][ T5949] usb 6-1: config 54 has no interface number 0 [ 555.650989][ T5900] usb 4-1: config 0 has no interface number 0 [ 555.657211][ T5949] usb 6-1: config 54 interface 154 altsetting 0 endpoint 0x2 has invalid maxpacket 47325, setting to 64 [ 555.690000][ T5900] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 555.712797][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.819626][ T5900] usb 4-1: Product: syz [ 555.823874][ T5900] usb 4-1: Manufacturer: syz [ 555.828797][ T5900] usb 4-1: SerialNumber: syz [ 555.862117][ T5900] usb 4-1: config 0 descriptor?? [ 555.870403][ T5949] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice= 0.ec [ 555.894465][ T5900] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 555.909556][ T5949] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.918951][ T5949] usb 6-1: Product: syz [ 555.928483][ T5949] usb 6-1: Manufacturer: syz [ 555.938448][ T5949] usb 6-1: SerialNumber: syz [ 556.438508][ T5949] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 556.461042][ T5949] usb 6-1: USB disconnect, device number 33 [ 557.540961][ T5900] usb 4-1: qt2_attach - failed to power on unit: -71 [ 557.548375][ T5900] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71 [ 557.705183][ T5900] usb 4-1: USB disconnect, device number 30 [ 557.791036][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 557.791060][ T30] audit: type=1800 audit(1752615739.664:140): pid=11370 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.1437" name="SYSV00000000" dev="tmpfs" ino=10 res=0 errno=0 [ 558.535819][T11374] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1440'. [ 558.707449][T11382] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1440'. [ 558.730986][T11384] fuse: Unknown parameter '0x0000000000000003' [ 558.904919][T11394] x_tables: ip6_tables: eui64 match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD [ 559.675327][T11407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1448'. [ 560.749934][T11416] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1450'. [ 560.938327][T11424] netlink: 'syz.4.1446': attribute type 1 has an invalid length. [ 560.946667][T11424] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1446'. [ 561.803360][T11432] netlink: 420 bytes leftover after parsing attributes in process `syz.3.1456'. [ 561.814362][T11432] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1456'. [ 563.110543][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 564.681552][T11461] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1464'. [ 565.880278][T11475] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1469'. [ 568.032882][T11490] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1474'. [ 568.146832][T11490] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1474'. [ 568.224101][T11504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1477'. [ 568.345704][T11509] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1479'. [ 568.439756][ T10] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 568.530131][T11490] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1474'. [ 568.620590][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 568.638654][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 568.678005][ T10] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 568.739120][ T10] usb 4-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice= 6.8a [ 568.878387][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.014002][ T10] usb 4-1: Product: syz [ 569.108024][ T10] usb 4-1: Manufacturer: syz [ 569.215560][ T10] usb 4-1: SerialNumber: syz [ 569.233380][T11520] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1482'. [ 569.243278][ T10] usb 4-1: config 0 descriptor?? [ 569.477403][T11526] sock: sock_timestamping_bind_phc: sock not bind to device [ 569.535699][ T10] usb 4-1: USB disconnect, device number 31 [ 571.297977][T11544] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.441842][T11544] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1489'. [ 571.521886][T11544] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1489'. [ 571.567987][T11549] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1490'. [ 571.611714][T11549] FAULT_INJECTION: forcing a failure. [ 571.611714][T11549] name failslab, interval 1, probability 0, space 0, times 0 [ 571.658732][T11549] CPU: 0 UID: 0 PID: 11549 Comm: syz.5.1490 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) [ 571.658750][T11549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 571.658757][T11549] Call Trace: [ 571.658761][T11549] [ 571.658767][T11549] dump_stack_lvl+0x189/0x250 [ 571.658784][T11549] ? __pfx____ratelimit+0x10/0x10 [ 571.658799][T11549] ? __pfx_dump_stack_lvl+0x10/0x10 [ 571.658809][T11549] ? __pfx__printk+0x10/0x10 [ 571.658824][T11549] ? __pfx___might_resched+0x10/0x10 [ 571.658838][T11549] should_fail_ex+0x414/0x560 [ 571.658854][T11549] should_failslab+0xa8/0x100 [ 571.658870][T11549] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 571.658884][T11549] ? __alloc_skb+0x112/0x2d0 [ 571.658898][T11549] __alloc_skb+0x112/0x2d0 [ 571.658913][T11549] netlink_sendmsg+0x5c6/0xb30 [ 571.658930][T11549] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.658945][T11549] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 571.658958][T11549] ? __pfx_netlink_sendmsg+0x10/0x10 [ 571.658969][T11549] __sock_sendmsg+0x219/0x270 [ 571.658985][T11549] __sys_sendto+0x3bd/0x520 [ 571.658997][T11549] ? __pfx___sys_sendto+0x10/0x10 [ 571.659006][T11549] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 571.659023][T11549] ? __fget_files+0x3a0/0x420 [ 571.659042][T11549] ? ksys_write+0x22a/0x250 [ 571.659063][T11549] ? __pfx_ksys_write+0x10/0x10 [ 571.659078][T11549] ? rcu_is_watching+0x15/0xb0 [ 571.659099][T11549] __x64_sys_sendto+0xde/0x100 [ 571.659118][T11549] do_syscall_64+0xfa/0x3b0 [ 571.659132][T11549] ? lockdep_hardirqs_on+0x9c/0x150 [ 571.659152][T11549] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.659169][T11549] ? clear_bhb_loop+0x60/0xb0 [ 571.659189][T11549] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.659205][T11549] RIP: 0033:0x7f57b93907bc [ 571.659219][T11549] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 571.659233][T11549] RSP: 002b:00007f57ba147ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 571.659251][T11549] RAX: ffffffffffffffda RBX: 00007f57ba147fc0 RCX: 00007f57b93907bc [ 571.659264][T11549] RDX: 0000000000000024 RSI: 00007f57ba148010 RDI: 0000000000000004 [ 571.659274][T11549] RBP: 0000000000000000 R08: 00007f57ba147f14 R09: 000000000000000c [ 571.659285][T11549] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 571.659294][T11549] R13: 00007f57ba147f68 R14: 00007f57ba148010 R15: 0000000000000000 [ 571.659322][T11549] [ 571.901642][ C0] vkms_vblank_simulate: vblank timer overrun [ 572.337276][T11565] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1497'. [ 572.778855][T11557] IPVS: Scheduler module ip_vs_sip not found [ 574.877399][T11612] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1510'. [ 576.594994][T11627] netlink: 'syz.4.1514': attribute type 4 has an invalid length. [ 576.687231][T11627] netlink: 'syz.4.1514': attribute type 2 has an invalid length. [ 580.516367][ T5914] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 580.649220][ T5914] usb 5-1: device descriptor read/64, error -71 [ 581.399433][ T5914] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 581.559610][ T5914] usb 5-1: device descriptor read/64, error -71 [ 581.722944][ T5914] usb usb5-port1: attempt power cycle [ 584.325734][ T5914] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 584.402574][T11707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1532'. [ 584.702718][T11715] netlink: 'syz.5.1534': attribute type 29 has an invalid length. [ 584.726806][ T5914] usb 5-1: device not accepting address 38, error -71 [ 585.848287][T11727] hfsplus: unable to find HFS+ superblock [ 588.179206][ T24] usb 6-1: new low-speed USB device number 34 using dummy_hcd [ 588.205295][T11766] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1547'. [ 588.314145][T11769] tipc: Enabling of bearer rejected, failed to enable media [ 588.349279][ T24] usb 6-1: device descriptor read/64, error -71 [ 588.507082][T11775] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1550'. [ 588.781731][ T24] usb 6-1: new low-speed USB device number 35 using dummy_hcd [ 589.373418][ T24] usb 6-1: device descriptor read/64, error -71 [ 589.562146][ T24] usb usb6-port1: attempt power cycle [ 589.659636][ T5900] usb 5-1: new full-speed USB device number 40 using dummy_hcd [ 589.889349][ T5900] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 590.089825][ T5900] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 590.241759][ T5900] usb 5-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 590.367502][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.399153][ T24] usb 6-1: new low-speed USB device number 36 using dummy_hcd [ 590.423000][ T24] usb 6-1: device descriptor read/8, error -71 [ 590.667738][ T5900] usb 5-1: config 0 descriptor?? [ 590.979841][ T24] usb 6-1: new low-speed USB device number 37 using dummy_hcd [ 591.474262][ T24] usb 6-1: device not accepting address 37, error -71 [ 591.499445][ T24] usb usb6-port1: unable to enumerate USB device [ 591.843225][T11806] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1561'. [ 591.854300][ T30] audit: type=1804 audit(1752615773.724:141): pid=11805 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.1560" name=6D656D66643A6C32AA2AAAAAAB49F9BF83667CC38615ACBBEDBF25D8EE2917AA0FAA6C5296E621D76B026FFF5345 dev="hugetlbfs" ino=33390 res=1 errno=0 [ 592.063408][T11811] tipc: Enabled bearer , priority 0 [ 592.082753][T11811] syzkaller0: entered promiscuous mode [ 592.088289][T11811] syzkaller0: entered allmulticast mode [ 592.161144][T11811] tipc: Resetting bearer [ 592.203244][T11810] tipc: Resetting bearer [ 592.741441][T10827] Bluetooth: hci5: command 0x1003 tx timeout [ 592.750065][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 592.831553][T11810] tipc: Disabling bearer [ 594.465769][T11822] IPVS: Scheduler module ip_vs_sip not found [ 595.359676][T11842] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1572'. [ 595.703526][ T5900] usb 5-1: string descriptor 0 read error: -32 [ 595.843008][ T24] usb 5-1: USB disconnect, device number 40 [ 599.084385][T11892] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1586'. [ 599.647212][ T48] usb 6-1: new full-speed USB device number 38 using dummy_hcd [ 599.916364][ T48] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 600.003610][ T48] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 600.126630][ T48] usb 6-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 600.417338][ T48] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.545563][ T48] usb 6-1: config 0 descriptor?? [ 601.497268][T11919] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1594'. [ 602.393534][ T48] usb 6-1: string descriptor 0 read error: -71 [ 603.409423][ T48] usb 6-1: USB disconnect, device number 38 [ 608.402741][T11977] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1612'. [ 610.459015][T11995] team0: No ports can be present during mode change [ 611.472157][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 613.830955][T12030] openvswitch: netlink: IP tunnel dst address not specified [ 614.093024][ T5914] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 614.399710][ T5914] usb 6-1: device descriptor read/64, error -71 [ 615.312605][ T5914] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 615.492889][ T5914] usb 6-1: device descriptor read/64, error -71 [ 615.655784][ T5914] usb usb6-port1: attempt power cycle [ 616.062455][ T5914] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 616.125265][ T5914] usb 6-1: device descriptor read/8, error -71 [ 616.604645][T12074] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1642'. [ 616.980342][ T5914] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 617.067282][T12078] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1643'. [ 617.214154][ T5914] usb 6-1: device not accepting address 42, error -71 [ 617.249340][ T5914] usb usb6-port1: unable to enumerate USB device [ 617.408396][T12091] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1649'. [ 618.337498][T12107] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1654'. [ 618.372891][T12108] fuse: Unknown parameter '0x00000000000000000x0000000000000004' [ 620.479147][T12140] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1667'. [ 620.787655][T12144] 9pnet_fd: Insufficient options for proto=fd [ 621.864424][T12171] netlink: 4116 bytes leftover after parsing attributes in process `syz.5.1674'. [ 621.942639][T12171] openvswitch: netlink: Flow key attr not present in new flow. [ 624.423575][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.878912][T12213] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1685'. [ 625.262611][T12219] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1689'. [ 625.273529][T12219] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1689'. [ 625.985578][T12228] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1693'. [ 627.139854][T10827] Bluetooth: hci5: command 0x1003 tx timeout [ 627.146318][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 627.315718][T12251] tipc: Enabling of bearer rejected, failed to enable media [ 627.447900][T12258] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 627.456265][T12258] dvmrp1: linktype set to 776 [ 627.504664][T12254] trusted_key: encrypted_key: insufficient parameters specified [ 628.126220][T12276] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1703'. [ 628.324674][T12278] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1705'. [ 629.447559][T12291] delete_channel: no stack [ 630.098939][T12307] netlink: 'syz.2.1711': attribute type 27 has an invalid length. [ 630.226643][T12316] tipc: Enabling of bearer rejected, failed to enable media [ 630.986072][T12330] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1717'. [ 631.415846][T12335] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1718'. [ 632.579608][ T1216] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 632.818870][ T1216] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 633.399860][ T1216] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 633.417122][ T1216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 633.853528][ T1216] usb 5-1: Product: syz [ 633.853550][ T1216] usb 5-1: Manufacturer: syz [ 633.853563][ T1216] usb 5-1: SerialNumber: syz [ 633.861148][ T1216] usb 5-1: config 0 descriptor?? [ 633.866730][ T1216] ims_pcu 5-1:0.0: Missing CDC union descriptor [ 633.866784][ T1216] ims_pcu 5-1:0.0: probe with driver ims_pcu failed with error -22 [ 634.122857][ T5949] usb 5-1: USB disconnect, device number 41 [ 634.305634][T12363] netlink: 'syz.2.1730': attribute type 27 has an invalid length. [ 634.306274][T12364] overlayfs: failed to clone lowerpath [ 635.922559][T12377] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1732'. [ 636.075495][T12382] netlink: 'syz.1.1734': attribute type 10 has an invalid length. [ 636.085204][T12382] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1734'. [ 636.174191][T12382] team0: Port device geneve0 added [ 637.733924][ T5853] Bluetooth: hci4: Malformed HCI Event: 0x22 [ 638.577689][T12410] fuse: Bad value for 'user_id' [ 638.583557][T12410] fuse: Bad value for 'user_id' [ 638.710601][T12403] delete_channel: no stack [ 639.164024][T12429] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1746'. [ 640.199504][ T30] audit: type=1800 audit(1752615827.068:142): pid=12440 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.1753" name="nullb0" dev="tmpfs" ino=1516 res=0 errno=0 [ 640.240483][T12444] tipc: Enabling of bearer rejected, failed to enable media [ 642.295048][ T5853] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 642.959437][T12493] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1760'. [ 644.150586][ T24] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 644.979895][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 644.997462][T12505] delete_channel: no stack [ 645.348677][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 645.357918][ T24] usb 4-1: config 108 has an invalid interface number: 14 but max is 0 [ 645.369517][ T24] usb 4-1: config 108 has no interface number 0 [ 645.375835][ T24] usb 4-1: config 108 interface 14 altsetting 6 endpoint 0x5 has invalid maxpacket 512, setting to 64 [ 645.389246][ T24] usb 4-1: config 108 interface 14 has no altsetting 0 [ 645.800705][ T24] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=d8.65 [ 645.809883][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.820140][ T24] usb 4-1: Product: syz [ 645.824365][ T24] usb 4-1: Manufacturer: syz [ 645.828983][ T24] usb 4-1: SerialNumber: syz [ 646.896733][T12546] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1776'. [ 647.272383][ T24] usb 4-1: USB disconnect, device number 32 [ 647.402599][T12552] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1778'. [ 648.108062][T12563] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1779'. [ 649.044748][T12563] team0: Port device team_slave_0 removed [ 650.239302][ T24] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 650.439754][ T5892] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 650.463827][ T24] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 650.486006][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.496193][ T24] usb 6-1: Product: syz [ 650.502137][ T24] usb 6-1: Manufacturer: syz [ 650.507059][ T24] usb 6-1: SerialNumber: syz [ 650.521573][ T24] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 650.579717][ T5892] usb 5-1: device descriptor read/64, error -71 [ 650.600882][ T5914] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 650.704708][T12603] netlink: 'syz.2.1793': attribute type 39 has an invalid length. [ 650.818192][ C1] usb 6-1: ath: unknown panic pattern! [ 650.824488][ T5892] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 650.959156][ T5892] usb 5-1: device descriptor read/64, error -71 [ 651.079761][ T5892] usb usb5-port1: attempt power cycle [ 651.087777][ T5949] usb 6-1: USB disconnect, device number 43 [ 651.460677][ T5892] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 651.704864][ T5914] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 651.830786][ T24] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 651.929201][ T5892] usb 5-1: device descriptor read/8, error -71 [ 651.941066][ T5914] ath9k_htc: Failed to initialize the device [ 651.979921][ T5949] usb 6-1: ath9k_htc: USB layer deinitialized [ 652.209397][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 652.255048][ T24] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 652.265134][ T24] usb 4-1: config 0 has no interface number 0 [ 652.280679][ T24] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 652.291032][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.309614][ T5892] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 652.328786][ T24] usb 4-1: Product: syz [ 652.334077][ T24] usb 4-1: Manufacturer: syz [ 652.341707][ T5892] usb 5-1: device descriptor read/8, error -71 [ 652.353479][ T24] usb 4-1: SerialNumber: syz [ 652.372710][ T24] usb 4-1: config 0 descriptor?? [ 652.385668][ T24] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 652.450703][ T5892] usb usb5-port1: unable to enumerate USB device [ 654.459554][ T24] usb 4-1: qt2_attach - failed to power on unit: -71 [ 654.499994][ T24] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71 [ 654.582104][ T24] usb 4-1: USB disconnect, device number 33 [ 655.908939][T12677] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1816'. [ 657.905698][T12697] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1820'. [ 658.787665][ T5900] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 659.144240][ T5900] usb 4-1: Using ep0 maxpacket: 32 [ 659.231896][ T5900] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 659.249656][ T5900] usb 4-1: config 0 has no interface number 0 [ 659.424878][ T5900] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 659.439655][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.447889][ T5900] usb 4-1: Product: syz [ 659.453765][ T5900] usb 4-1: Manufacturer: syz [ 659.458537][ T5900] usb 4-1: SerialNumber: syz [ 659.547869][ T5900] usb 4-1: config 0 descriptor?? [ 659.585922][ T5900] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 659.828406][ T1216] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 660.758490][ T1216] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 660.802894][ T1216] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 660.821679][ T1216] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 660.838311][ T1216] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 660.866357][ T1216] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 660.880617][ T1216] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.913868][ T1216] usb 5-1: config 0 descriptor?? [ 661.372875][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 661.518327][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 661.631343][ T5900] usb 4-1: qt2_attach - failed to power on unit: -71 [ 662.237652][ T5900] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71 [ 662.249709][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 662.840496][ T5900] usb 4-1: USB disconnect, device number 34 [ 662.849520][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 662.856972][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 664.379750][ T1216] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 664.541166][ T1216] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 664.603005][ T1216] usb 5-1: USB disconnect, device number 46 [ 664.717863][T12754] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1837'. [ 664.824675][T12751] fido_id[12751]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 667.789690][T12784] tipc: Enabled bearer , priority 0 [ 667.836476][T12784] syzkaller0: entered promiscuous mode [ 667.853118][T12784] syzkaller0: entered allmulticast mode [ 667.884844][T12790] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1847'. [ 667.951454][T12784] tipc: Resetting bearer [ 667.982340][T12783] tipc: Resetting bearer [ 668.054359][T12783] tipc: Disabling bearer [ 668.839271][T12806] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1851'. [ 673.100285][T12848] netlink: 'syz.2.1863': attribute type 1 has an invalid length. [ 673.219226][ T121] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 674.004822][ T121] usb 6-1: Using ep0 maxpacket: 32 [ 674.021906][ T121] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 674.039383][ T121] usb 6-1: config 0 has no interface number 0 [ 674.057798][ T121] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 674.077296][ T121] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.109105][ T121] usb 6-1: Product: syz [ 674.158559][ T121] usb 6-1: Manufacturer: syz [ 674.178356][ T121] usb 6-1: SerialNumber: syz [ 674.215660][ T121] usb 6-1: config 0 descriptor?? [ 674.252320][ T121] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 676.026845][ T121] usb 6-1: qt2_attach - failed to power on unit: -71 [ 676.049556][ T121] quatech2 6-1:0.51: probe with driver quatech2 failed with error -71 [ 676.141343][ T121] usb 6-1: USB disconnect, device number 44 [ 680.892329][T12898] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1876'. [ 682.939620][ T5900] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 683.119632][ T5900] usb 6-1: Using ep0 maxpacket: 32 [ 683.415382][ T5900] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 683.424085][ T5900] usb 6-1: config 0 has no interface number 0 [ 683.438341][ T5900] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 683.458077][ T5900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.476191][ T5900] usb 6-1: Product: syz [ 683.480933][ T5900] usb 6-1: Manufacturer: syz [ 683.485670][ T5900] usb 6-1: SerialNumber: syz [ 683.504828][ T5900] usb 6-1: config 0 descriptor?? [ 683.514964][ T5900] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 683.669859][T12914] fuse: Bad value for 'fd' [ 684.265018][T12924] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1884'. [ 684.304842][T12922] syzkaller0: entered promiscuous mode [ 684.334024][T12922] syzkaller0: entered allmulticast mode [ 685.214355][ T5900] usb 6-1: qt2_attach - failed to power on unit: -71 [ 685.339636][ T5900] quatech2 6-1:0.51: probe with driver quatech2 failed with error -71 [ 685.369970][T12939] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1889'. [ 685.395251][ T5900] usb 6-1: USB disconnect, device number 45 [ 685.861761][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 687.024458][T12957] bridge_slave_0: entered allmulticast mode [ 689.051145][T13001] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1908'. [ 690.922814][T13018] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1912'. [ 691.002104][T13020] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1912'. [ 692.368578][T13041] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 692.600391][T13049] tipc: Enabling of bearer rejected, failed to enable media [ 694.758359][ T1216] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 694.900417][T13078] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1929'. [ 694.989505][ T1216] usb 5-1: Using ep0 maxpacket: 32 [ 695.002950][ T1216] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 695.012117][ T1216] usb 5-1: config 0 has no interface number 0 [ 695.034253][ T1216] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 695.051823][ T1216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.078783][ T1216] usb 5-1: Product: syz [ 695.094411][ T1216] usb 5-1: Manufacturer: syz [ 695.109102][ T1216] usb 5-1: SerialNumber: syz [ 695.138461][ T1216] usb 5-1: config 0 descriptor?? [ 695.191182][ T1216] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 697.169767][ T1216] usb 5-1: qt2_attach - failed to power on unit: -71 [ 697.176616][ T1216] quatech2 5-1:0.51: probe with driver quatech2 failed with error -71 [ 697.246927][ T1216] usb 5-1: USB disconnect, device number 47 [ 698.580028][T13116] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1939'. [ 706.377440][T13154] virtio-fs: tag not found [ 707.405925][ T1216] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 707.669559][ T1216] usb 5-1: Using ep0 maxpacket: 32 [ 708.121063][ T1216] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 708.201608][ T1216] usb 5-1: config 0 has no interface number 0 [ 713.342166][ T1216] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 713.441096][ T1216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.512630][ T1216] usb 5-1: config 0 descriptor?? [ 713.586243][ T1216] usb 5-1: can't set config #0, error -71 [ 713.628161][ T1216] usb 5-1: USB disconnect, device number 48 [ 715.118662][ T0] sched: DL replenish lagged too much [ 724.987114][T13178] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1956'. [ 728.171892][ T5853] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 728.184972][ T5853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 728.194646][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 728.203964][ T5853] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 728.213560][ T5853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 729.258526][T10827] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 729.270754][T10827] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 729.287205][T10827] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 729.300935][T10827] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 729.312492][T10827] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 729.570591][ T5853] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 729.588768][ T5853] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 729.605149][ T5853] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 729.614797][ T5853] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 729.624490][ T5853] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 729.659622][ T10] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 729.839827][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 729.863276][ T10] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 729.882221][ T10] usb 5-1: config 0 has no interface number 0 [ 729.927924][ T10] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 729.963897][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 729.989713][ T10] usb 5-1: Product: syz [ 730.003726][ T10] usb 5-1: Manufacturer: syz [ 730.038292][ T10] usb 5-1: SerialNumber: syz [ 730.064868][ T10] usb 5-1: config 0 descriptor?? [ 730.108661][ T10] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 730.259959][ T5853] Bluetooth: hci5: command tx timeout [ 731.133673][T13192] chnl_net:caif_netlink_parms(): no params data found [ 731.379597][ T5853] Bluetooth: hci6: command tx timeout [ 731.702829][ T5853] Bluetooth: hci7: command tx timeout [ 732.339980][ T5853] Bluetooth: hci5: command tx timeout [ 732.538244][ T10] usb 5-1: qt2_attach - failed to power on unit: -71 [ 732.556937][ T10] quatech2 5-1:0.51: probe with driver quatech2 failed with error -71 [ 732.609874][ T10] usb 5-1: USB disconnect, device number 49 [ 733.159681][ T10] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 733.429125][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 733.454594][ T10] usb 5-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config [ 733.468043][ T5853] Bluetooth: hci6: command tx timeout [ 733.487678][ T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 733.508422][ T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 733.518560][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.535761][ T10] usb 5-1: Product: syz [ 733.554997][ T10] usb 5-1: Manufacturer: syz [ 733.565945][ T10] usb 5-1: SerialNumber: syz [ 733.779746][ T5853] Bluetooth: hci7: command tx timeout [ 733.811029][ T10] usb 5-1: 0:2 : does not exist [ 733.834281][ T10] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 733.880860][ T10] usb 5-1: USB disconnect, device number 50 [ 733.963087][T13193] udevd[13193]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 734.420113][ T5853] Bluetooth: hci5: command tx timeout [ 735.541356][ T5853] Bluetooth: hci6: command tx timeout [ 735.859686][ T5853] Bluetooth: hci7: command tx timeout [ 736.501376][ T5853] Bluetooth: hci5: command tx timeout [ 737.620161][ T5853] Bluetooth: hci6: command tx timeout [ 737.941349][ T5853] Bluetooth: hci7: command tx timeout [ 747.326133][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 749.320758][T10827] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 749.336178][T10827] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 749.348345][T10827] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 749.357851][T10827] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 749.366968][T10827] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 751.177968][ T5853] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 751.200053][ T5853] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 751.211335][ T5853] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 751.222888][ T5853] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 751.236655][ T5853] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 751.459942][ T5853] Bluetooth: hci8: command tx timeout [ 753.299854][ T5853] Bluetooth: hci9: command tx timeout [ 753.541235][ T5853] Bluetooth: hci8: command tx timeout [ 755.383610][ T5853] Bluetooth: hci9: command tx timeout [ 755.619648][ T5853] Bluetooth: hci8: command tx timeout [ 757.459780][ T5853] Bluetooth: hci9: command tx timeout [ 757.699720][ T5853] Bluetooth: hci8: command tx timeout [ 759.548461][ T5853] Bluetooth: hci9: command tx timeout [ 786.120517][T10827] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 786.133121][T10827] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 786.167345][T10827] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 786.182053][T10827] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 786.193673][T10827] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 786.322662][ T5853] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 786.334013][ T5853] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 786.345256][ T5853] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 786.374826][ T5853] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 786.388455][ T5853] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 786.506715][ T5853] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 786.518182][ T5853] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 786.528232][ T5853] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 786.538714][ T5853] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 786.547965][ T5853] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 788.260583][T10827] Bluetooth: hci10: command tx timeout [ 788.499790][T10827] Bluetooth: hci11: command tx timeout [ 788.660281][T10827] Bluetooth: hci12: command tx timeout [ 790.342882][T10827] Bluetooth: hci10: command tx timeout [ 790.579848][T10827] Bluetooth: hci11: command tx timeout [ 790.739998][T10827] Bluetooth: hci12: command tx timeout [ 792.423745][T10827] Bluetooth: hci10: command tx timeout [ 792.660121][T10827] Bluetooth: hci11: command tx timeout [ 792.820422][T10827] Bluetooth: hci12: command tx timeout [ 794.500295][T10827] Bluetooth: hci10: command tx timeout [ 794.740893][T10827] Bluetooth: hci11: command tx timeout [ 794.899672][T10827] Bluetooth: hci12: command tx timeout [ 808.746980][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 810.190910][ T5853] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 810.203969][ T5853] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 810.214678][ T5853] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 810.227855][ T5853] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 810.242346][ T5853] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 811.676271][ T5853] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 811.698844][ T5853] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 811.715089][ T5853] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 811.724863][ T5853] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 811.735114][ T5853] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 812.340100][ T5853] Bluetooth: hci13: command tx timeout [ 813.783015][ T5853] Bluetooth: hci14: command tx timeout [ 814.419873][ T5853] Bluetooth: hci13: command tx timeout [ 815.859771][ T5853] Bluetooth: hci14: command tx timeout [ 816.500942][ T5853] Bluetooth: hci13: command tx timeout [ 817.941009][ T5853] Bluetooth: hci14: command tx timeout [ 818.585275][ T5853] Bluetooth: hci13: command tx timeout [ 820.019910][ T5853] Bluetooth: hci14: command tx timeout [ 831.948977][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 831.956061][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P10631 [ 831.964422][ C1] rcu: (detected by 1, t=10503 jiffies, g=48985, q=641814 ncpus=2) [ 831.973474][ C1] task:syz.5.1218 state:R running task stack:24456 pid:10631 tgid:10631 ppid:6482 task_flags:0x40044c flags:0x0000400c [ 831.988923][ C1] Call Trace: [ 831.992505][ C1] [ 831.995484][ C1] sched_show_task+0x49d/0x630 [ 832.000460][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 832.007742][ C1] ? rcu_dump_cpu_stacks+0x79/0x4e0 [ 832.016200][ C1] ? wq_watchdog_touch+0xef/0x180 [ 832.022141][ C1] print_other_cpu_stall+0xfa6/0x1370 [ 832.027877][ C1] ? __asan_memcpy+0x40/0x70 [ 832.032675][ C1] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 832.040360][ C1] rcu_sched_clock_irq+0x9d1/0x1090 [ 832.045687][ C1] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 832.051367][ C1] update_process_times+0x23c/0x2f0 [ 832.056634][ C1] tick_nohz_handler+0x39a/0x520 [ 832.062842][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 832.068742][ C1] __hrtimer_run_queues+0x4e0/0xc60 [ 832.075564][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 832.082180][ C1] ? ktime_get_update_offsets_now+0x3ab/0x3d0 [ 832.089325][ C1] hrtimer_interrupt+0x45b/0xaa0 [ 832.094736][ C1] __sysvec_apic_timer_interrupt+0x108/0x410 [ 832.100814][ C1] sysvec_apic_timer_interrupt+0x52/0xc0 [ 832.107238][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 832.114190][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x11/0x70 [ 832.120440][ C1] Code: 5b e9 53 8e 56 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 10 9d 92 <65> 8b 15 c8 dd dc 10 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 [ 832.144772][ C1] RSP: 0018:ffffc90000a07d50 EFLAGS: 00000246 [ 832.152270][ C1] RAX: ffffffff8474134c RBX: ffffc90000a07f34 RCX: ffff888031070000 [ 832.161046][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 832.169642][ C1] RBP: 0000000000000000 R08: ffff888031070000 R09: 0000000000000002 [ 832.179891][ C1] R10: 000000000000002f R11: 0000000000000100 R12: ffff8880675b7000 [ 832.190937][ C1] R13: ffff8880675b6640 R14: ffff8880675b6640 R15: 1ffff92000140fb8 [ 832.200081][ C1] ? security_xfrm_decode_session+0x6c/0x2c0 [ 832.207652][ C1] security_xfrm_decode_session+0x6c/0x2c0 [ 832.216194][ C1] __xfrm_decode_session+0x712/0xb80 [ 832.224882][ C1] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 832.232311][ C1] ? __pfx___xfrm_decode_session+0x10/0x10 [ 832.239846][ C1] ? ip_route_output_flow+0xe6/0x150 [ 832.245697][ C1] ip_route_me_harder+0x91c/0xfe0 [ 832.252861][ C1] ? __pfx_ip_route_me_harder+0x10/0x10 [ 832.259009][ C1] synproxy_send_tcp+0x359/0x6c0 [ 832.266902][ C1] synproxy_send_client_synack+0x8bb/0xe20 [ 832.276273][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 832.283860][ C1] ? nft_symhash_reduce+0x4c8/0x560 [ 832.289620][ C1] ? synproxy_pernet+0x45/0x270 [ 832.295042][ C1] nft_synproxy_eval_v4+0x36e/0x560 [ 832.301055][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 832.310808][ C1] ? nf_ip_checksum+0x13c/0x510 [ 832.317698][ C1] nft_synproxy_do_eval+0x345/0x570 [ 832.323310][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 832.330599][ C1] ? __queue_work+0x103/0xfe0 [ 832.336064][ C1] ? __queue_work+0xc80/0xfe0 [ 832.341836][ C1] nft_do_chain+0x40c/0x1920 [ 832.347143][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 832.354515][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 832.361231][ C1] ? __pfx_nf_nat_inet_fn+0x10/0x10 [ 832.367363][ C1] nft_do_chain_inet+0x25d/0x340 [ 832.374687][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 832.381411][ C1] ? ipt_do_table+0x2a3/0x1630 [ 832.388254][ C1] ? nf_nat_ipv4_local_in+0x223/0x720 [ 832.396137][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 832.403341][ C1] nf_hook_slow+0xc2/0x220 [ 832.410403][ C1] NF_HOOK+0x206/0x3a0 [ 832.416141][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 832.424369][ C1] ? NF_HOOK+0x9a/0x3a0 [ 832.431635][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 832.438964][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 832.446702][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 832.454826][ C1] ? skb_dst+0x4f/0xd0 [ 832.459472][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 832.464554][ C1] NF_HOOK+0x30c/0x3a0 [ 832.469076][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 832.475175][ C1] ? NF_HOOK+0x9a/0x3a0 [ 832.480186][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 832.485762][ C1] ? ip_rcv_core+0x7f7/0xd00 [ 832.491081][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 832.496464][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 832.501439][ C1] __netif_receive_skb+0x143/0x380 [ 832.508510][ C1] ? process_backlog+0x2d5/0x14f0 [ 832.514698][ C1] process_backlog+0x60e/0x14f0 [ 832.522469][ C1] ? __pfx_process_backlog+0x10/0x10 [ 832.529955][ C1] ? do_raw_spin_lock+0x121/0x290 [ 832.536031][ C1] __napi_poll+0xc4/0x480 [ 832.540676][ C1] ? net_rx_action+0x46d/0xe30 [ 832.547489][ C1] net_rx_action+0x707/0xe30 [ 832.553100][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 832.559460][ C1] handle_softirqs+0x283/0x870 [ 832.565240][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 832.570599][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 832.577205][ C1] ? irq_work_single+0x1ac/0x240 [ 832.583207][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 832.588698][ C1] __irq_exit_rcu+0xca/0x1f0 [ 832.593607][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 832.599314][ C1] ? rcu_is_watching+0x15/0xb0 [ 832.604535][ C1] irq_exit_rcu+0x9/0x30 [ 832.610649][ C1] sysvec_irq_work+0xa3/0xc0 [ 832.617302][ C1] [ 832.621397][ C1] [ 832.624707][ C1] asm_sysvec_irq_work+0x1a/0x20 [ 832.631236][ C1] RIP: 0010:finish_task_switch+0x26b/0x950 [ 832.637899][ C1] Code: 0f 84 3c 01 00 00 48 85 db 0f 85 63 01 00 00 e9 27 05 00 00 4c 8b 75 d0 4c 89 e7 e8 ef ca d8 09 e8 3a c4 35 00 fb 4c 8b 65 c0 <49> 8d bc 24 18 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 832.662675][ C1] RSP: 0018:ffffc90003d3eff8 EFLAGS: 00000282 [ 832.671727][ C1] RAX: 8f8cc37ce539bd00 RBX: 0000000000000000 RCX: 8f8cc37ce539bd00 [ 832.685501][ C1] RDX: 0000000000000007 RSI: ffffffff8d98544c RDI: ffffffff8be1ca00 [ 832.695447][ C1] RBP: ffffc90003d3f050 R08: ffffffff8fa0cbf7 R09: 1ffffffff1f4197e [ 832.704491][ C1] R10: dffffc0000000000 R11: fffffbfff1f4197f R12: ffff888031070000 [ 832.715405][ C1] R13: dffffc0000000000 R14: ffff88802ad33c00 R15: ffff8880b873a9d8 [ 832.727448][ C1] ? finish_task_switch+0x266/0x950 [ 832.733718][ C1] __schedule+0x16aa/0x4cb0 [ 832.740721][ C1] ? preempt_schedule_common+0x83/0xd0 [ 832.748603][ C1] ? __pfx___schedule+0x10/0x10 [ 832.753831][ C1] ? __lock_acquire+0xab9/0xd20 [ 832.759192][ C1] ? preempt_schedule+0xae/0xc0 [ 832.765392][ C1] preempt_schedule_common+0x83/0xd0 [ 832.771243][ C1] preempt_schedule+0xae/0xc0 [ 832.776469][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 832.783690][ C1] ? __folio_rmap_sanity_checks+0x30d/0x700 [ 832.792652][ C1] preempt_schedule_thunk+0x16/0x30 [ 832.798419][ C1] _raw_spin_unlock+0x3f/0x50 [ 832.804215][ C1] unmap_page_range+0x3842/0x41c0 [ 832.812008][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 832.817618][ C1] ? unmap_vmas+0x144/0x580 [ 832.823134][ C1] unmap_vmas+0x399/0x580 [ 832.831585][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 832.837749][ C1] exit_mmap+0x248/0xb50 [ 832.844610][ C1] ? uprobe_clear_state+0x20f/0x290 [ 832.850956][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 832.855908][ C1] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 832.862081][ C1] ? __pfx_exit_aio+0x10/0x10 [ 832.866791][ C1] ? uprobe_clear_state+0x274/0x290 [ 832.873233][ C1] ? mm_update_next_owner+0xa7/0x870 [ 832.880470][ C1] __mmput+0x118/0x410 [ 832.884796][ C1] exit_mm+0x1da/0x2c0 [ 832.889700][ C1] ? __pfx_exit_mm+0x10/0x10 [ 832.895641][ C1] ? hrtimer_try_to_cancel+0x3d9/0x420 [ 832.902335][ C1] ? rcu_is_watching+0x15/0xb0 [ 832.909004][ C1] do_exit+0x648/0x22e0 [ 832.914090][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 832.923166][ C1] ? do_raw_spin_lock+0x121/0x290 [ 832.929101][ C1] ? __pfx_do_exit+0x10/0x10 [ 832.934061][ C1] do_group_exit+0x21c/0x2d0 [ 832.940513][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 832.946923][ C1] get_signal+0x125e/0x1310 [ 832.951724][ C1] arch_do_signal_or_restart+0x9a/0x750 [ 832.957405][ C1] ? __pfx_get_timespec64+0x10/0x10 [ 832.962905][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 832.969293][ C1] ? exit_to_user_mode_loop+0x40/0x110 [ 832.977019][ C1] exit_to_user_mode_loop+0x75/0x110 [ 832.983111][ C1] do_syscall_64+0x2bd/0x3b0 [ 832.987919][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 832.993230][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.999833][ C1] ? clear_bhb_loop+0x60/0xb0 [ 833.010265][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 833.017080][ C1] RIP: 0033:0x7f57b93c11e5 [ 833.021805][ C1] Code: Unable to access opcode bytes at 0x7f57b93c11bb. [ 833.030368][ C1] RSP: 002b:00007f57ba127f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 833.041033][ C1] RAX: fffffffffffffdfc RBX: 00007f57b95b6080 RCX: 00007f57b93c11e5 [ 833.051053][ C1] RDX: 00007f57ba127fc0 RSI: 0000000000000000 RDI: 0000000000000000 [ 833.060229][ C1] RBP: 00007f57b9410b39 R08: 0000000000000000 R09: 0000000000000000 [ 833.069270][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 833.080518][ C1] R13: 0000000000000000 R14: 00007f57b95b6080 R15: 00007ffc161f01a8 [ 833.088764][ C1] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)