last executing test programs: 4m43.714248573s ago: executing program 2 (id=2859): socket$packet(0x11, 0x3, 0x300) openat$nullb(0xffffff9c, &(0x7f0000000040), 0x800, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) socket$xdp(0x2c, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$kcm(0x2d, 0x2, 0x0) socket(0x10, 0x3, 0x0) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x24e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x6, 0x40, 0x1, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x2, 0xaa, {0x9, 0x21, 0xff00, 0xa, 0x1, {0x22, 0xfa4}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x7f, 0x3, 0x3a}}}}}]}}]}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="6400000010000304000000000000000000000204", @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 4m42.041637974s ago: executing program 2 (id=2865): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = epoll_create1(0x80000) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000005c0)={0x1000000c}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x3, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000403c0)=@newchain={0x70, 0x64, 0x20, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xfffb, 0x10}, {0xb, 0xffff}, {0xb, 0xffe8}}, [@filter_kind_options=@f_bpf={{0x8}, {0x44, 0x2, [@TCA_BPF_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x2, 0x20000000, 0x4, 0x2, 0x2, {0x0, 0x0, 0xff, 0x696, 0x3ff, 0x5}, {0x1, 0x2, 0x10, 0x8, 0xfff8, 0x101}, 0x8, 0x5, 0xbd57}}]}]}}]}, 0x70}}, 0x20004000) connect$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x43, 0x4}, 0x2}}, 0x10) r5 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14) sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x5c, 0x10, 0x437, 0x1, 0x25dfdbf8, {0x0, 0x0, 0x0, r6, 0x40c89}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x24, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @remote}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x2}, @IFLA_IPTUN_ENCAP_SPORT={0x6, 0x11, 0x4e23}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x1}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x6}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44801}, 0x0) r7 = socket$inet(0x2, 0x2, 0x0) sendmmsg$inet(r7, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @empty, @loopback}}}], 0x20}}], 0x1, 0x4040880) r8 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b000905", @ANYRES32], 0x0) syz_usb_control_io(r8, 0x0, 0x0) syz_usb_control_io$hid(r8, 0x0, 0x0) syz_usb_control_io$uac1(r8, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x0, 0x0, 0x3, 'Yf\''}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r8, 0x0, 0x0) syz_usb_control_io$hid(r8, 0x0, &(0x7f0000001e40)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000001dc0)={0x20, 0x1, 0x34, "712bab"}, 0x0}) syz_usb_control_io(r8, 0x0, 0x0) syz_usb_control_io(r8, 0x0, &(0x7f0000001300)={0x84, &(0x7f0000000e40)={0x0, 0x0, 0x3, "0b3b81"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x5, 0x2d, &(0x7f00000008c0)=ANY=[@ANYBLOB="120110018e2f6b2037210100e50c010a030109021b001e030bc0020904ab6c013c3a0c03090501"], 0x0) 4m37.390312295s ago: executing program 2 (id=2875): socket(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22042, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000", 0x20}], 0x1) 4m37.239981794s ago: executing program 2 (id=2877): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') fchdir(r0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0/../file0/../file0\x00') open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xb8, 0x3e, 0x93, 0x40, 0x2058, 0x1005, 0x975, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xa0, 0x92, 0xd1, 0x0, [], [{{0x9, 0x5, 0xf}}]}}]}}]}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async) open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901) (async) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') (async) fchdir(r0) (async) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) (async) pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0/../file0/../file0\x00') (async) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async) syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xb8, 0x3e, 0x93, 0x40, 0x2058, 0x1005, 0x975, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xa0, 0x92, 0xd1, 0x0, [], [{{0x9, 0x5, 0xf}}]}}]}}]}}, 0x0) (async) 4m36.55520191s ago: executing program 2 (id=2880): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r2 = socket$inet6(0xa, 0x3, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@multicast1, 0xfffd, 0x0, 0x4e20, 0x0, 0x2}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x1}, {{@in=@empty, 0x1, 0x32}, 0xa, @in6=@private0, 0x3502, 0x1, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe8) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) r3 = socket(0x10, 0x3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sched_setscheduler(0x0, 0x2, 0x0) r9 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x338, 0xffffffff, 0x2a0, 0xb0, 0xb0, 0xffffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xb0, 0x0, {0x100000000000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x9}}}, {{@uncond, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@inet=@socket3={{0x28, 'socket\x00', 0x2}}, @common=@unspec=@cluster={{0x30}, {0x4, 0x4, 0x183e, 0x1}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'wlan1\x00', 'pim6reg1\x00', {0xff}}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40}, {{0x2, [0x4, 0x4, 0x4, 0x1, 0x4, 0x7], 0x0, 0x2}}}, @common=@ttl={{0x28}, {0x0, 0x40}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r8, {0xf000, 0xffff}, {}, {0x6}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x4}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)={0x18, 0xd, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4041000}, 0x20004000) socket$unix(0x1, 0x2, 0x0) 4m36.24609524s ago: executing program 2 (id=2882): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x10000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000240)="f1a8f4b520", 0x5}, {&(0x7f0000000380)="a2d2a90ce3f8b2c4f7823e870401ccb88cde8853937a3dc72dae55b0f0fa45de6b36714bee11b1b959b83a6b1455ea20e55ff3bc0c481144b4ef36bd32f032ee6e94e4591d8c87eb2d76215404d9958861f6e0f80b61743055787e6c060c36808463dfed2495ef0193915cf62d412d8278872e237db5246ed8b1e4617da98f46566bfe6ca04d6cbb6265a1eecabacd5b46ac23ee4dbafef7b53d15", 0x9b}], 0x2, 0x0, 0x0, 0x8004}}], 0x1, 0x8000044) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c000000100001002dbd7000fddbdf", @ANYRES32=0x0, @ANYBLOB="0a12020000000000140003006e657464657673690400000000000000180016801400018010393d6a90b7be506f000200370a0000d702000002000000"], 0x4c}}, 0x24040800) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() r2 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0xc0c00) syz_open_dev$sg(&(0x7f0000000180), 0x7ff, 0x0) readv(r2, &(0x7f00000000c0)=[{&(0x7f0000001840)=""/4096, 0x1000}, {&(0x7f0000000480)=""/244, 0xf4}], 0x2) io_submit(0x0, 0x1, &(0x7f0000000800)=[0x0]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@gettaction={0x48, 0x32, 0x400, 0x70bd2a, 0x25cfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x28, 0x1, [{0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4000009}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81f7}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040810) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) munlockall() sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYRES64=r0, @ANYRES32=r4, @ANYBLOB="60bc010004a701003c00128009000100626f6e9b6e0858d3531ffcac3b58dae08c0815a28efcd9bdabf084566b4f26150b2601e5211586cf"], 0x5c}, 0x1, 0x0, 0x0, 0x2001001f}, 0x4000044) r5 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff}) mmap$KVM_VCPU(&(0x7f0000aa6000/0x2000)=nil, r6, 0x9, 0x11, r9, 0x0) r10 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x0) mmap$KVM_VCPU(&(0x7f00003f6000/0x4000)=nil, r6, 0x0, 0x13, r10, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) munlockall() 4m35.884328097s ago: executing program 32 (id=2882): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0x10000) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000240)="f1a8f4b520", 0x5}, {&(0x7f0000000380)="a2d2a90ce3f8b2c4f7823e870401ccb88cde8853937a3dc72dae55b0f0fa45de6b36714bee11b1b959b83a6b1455ea20e55ff3bc0c481144b4ef36bd32f032ee6e94e4591d8c87eb2d76215404d9958861f6e0f80b61743055787e6c060c36808463dfed2495ef0193915cf62d412d8278872e237db5246ed8b1e4617da98f46566bfe6ca04d6cbb6265a1eecabacd5b46ac23ee4dbafef7b53d15", 0x9b}], 0x2, 0x0, 0x0, 0x8004}}], 0x1, 0x8000044) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c000000100001002dbd7000fddbdf", @ANYRES32=0x0, @ANYBLOB="0a12020000000000140003006e657464657673690400000000000000180016801400018010393d6a90b7be506f000200370a0000d702000002000000"], 0x4c}}, 0x24040800) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) munlockall() r2 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0xc0c00) syz_open_dev$sg(&(0x7f0000000180), 0x7ff, 0x0) readv(r2, &(0x7f00000000c0)=[{&(0x7f0000001840)=""/4096, 0x1000}, {&(0x7f0000000480)=""/244, 0xf4}], 0x2) io_submit(0x0, 0x1, &(0x7f0000000800)=[0x0]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@gettaction={0x48, 0x32, 0x400, 0x70bd2a, 0x25cfdbfd, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_gd=@TCA_ACT_TAB={0x28, 0x1, [{0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4000009}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81f7}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040810) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) munlockall() sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYRES64=r0, @ANYRES32=r4, @ANYBLOB="60bc010004a701003c00128009000100626f6e9b6e0858d3531ffcac3b58dae08c0815a28efcd9bdabf084566b4f26150b2601e5211586cf"], 0x5c}, 0x1, 0x0, 0x0, 0x2001001f}, 0x4000044) r5 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r8, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff}) mmap$KVM_VCPU(&(0x7f0000aa6000/0x2000)=nil, r6, 0x9, 0x11, r9, 0x0) r10 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x1]}, 0x8, 0x0) mmap$KVM_VCPU(&(0x7f00003f6000/0x4000)=nil, r6, 0x0, 0x13, r10, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) munlockall() 10.970589856s ago: executing program 5 (id=3755): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x90, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) dup2(r2, r0) close(0x3) 10.689983833s ago: executing program 5 (id=3756): bind$inet6(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r2, 0x0, 0xfffffffffffffec5) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[], 0x1fc}}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd70102030109"], 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)=ANY=[], 0x14) r4 = io_uring_setup(0x1fc4, &(0x7f0000000bc0)={0x0, 0x0, 0x12, 0x0, 0x320}) r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r6 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0}) r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r8 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb) ftruncate(r8, 0xffff) fcntl$addseals(r8, 0x409, 0x7) r9 = ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f00000002c0)={r8, 0x0, 0x0, 0x8000}) close_range(r5, r1, 0x2) r10 = syz_open_dev$vcsn(&(0x7f0000000200), 0x7fffffffffffffff, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, &(0x7f0000000c40)=@raw={'raw\x00', 0x9, 0x3, 0x318, 0x0, 0xffffffff, 0xffffffff, 0xe8, 0xffffffff, 0x248, 0xffffffff, 0xffffffff, 0x248, 0xffffffff, 0x3, &(0x7f0000000080), {[{{@ipv6={@mcast2, @mcast2, [0xffffffff, 0xffffff00, 0xff], [0xff000000, 0xff, 0xffffffff, 0xff000000], 'batadv_slave_0\x00', 'veth0_virt_wifi\x00', {}, {}, 0x3a, 0x5, 0x0, 0x28}, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x9, 0xf6, {0x938f}}}}, {{@uncond, 0x0, 0x100, 0x160, 0x0, {}, [@common=@frag={{0x30}, {[0x0, 0x39], 0x9, 0x0, 0x1}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffff00, 0xff, 0xff000000], 0x4e20, 0x4e23, 0x4e20, 0x4e21, 0x1, 0xa1a9, 0x7, 0x7, 0x32}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x378) r11 = fcntl$dupfd(r9, 0x0, r9) sendmsg$NFNL_MSG_CTHELPER_DEL(r11, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000000203000003100002000c000261000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20048044}, 0x4000000) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r11}) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000000002b0388edb6556900"/50, @ANYRES32=0x0], 0x30}], 0x1, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 8.031501444s ago: executing program 3 (id=3767): r0 = fsopen(&(0x7f0000000200)='ecryptfs\x00', 0x0) close_range(r0, 0xffffffffffffffff, 0x2000000) 7.894184652s ago: executing program 3 (id=3768): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r0, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x1, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x203}, 0x94) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x801e, 0x0, 0x1, {0x1}}) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) readv(r4, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1) ioctl$TCSETS(r4, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x81, "008430168ff09987c99700"}) r5 = syz_open_pts(r4, 0xa001) r6 = dup3(r5, r4, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0x15) write$UHID_INPUT(r6, &(0x7f00000001c0)={0xa, {"08c39ee52f329f1698b1c4865f8b540a5eee9f496a0809c3d20325867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76023256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f0000001400)={{0x6, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x40000000000, 0xffffffffffffffff, 0xffffffefffffffff, 0x0, 0x4, 0x0, 0x0, 0x400004, 0x0, 0x0, 0xfffffeffbfffffff, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0xb, 0x6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000, 0x1000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x7, 0x10000, 0x7785, 0x0, 0x4, 0x4, 0x8, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x80000000002, 0x0, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x1000000000, 0x0, 0x80000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffe, 0x6, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x100, 0x7f, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x2, 0x100000000000, 0xfffffffffffffffd, 0x3, 0x2, 0x0, 0x7, 0xc0c0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffffffeffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x80]}) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r7, 0x107, 0xe, &(0x7f0000000080)=0x800002, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) 6.684272833s ago: executing program 5 (id=3773): r0 = msgget$private(0x0, 0x1c0) msgsnd(r0, &(0x7f0000000180)=ANY=[@ANYRESHEX], 0x0, 0x800) 6.486347365s ago: executing program 5 (id=3775): bind$alg(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x155e, &(0x7f0000000740)={0x0, 0x1c29, 0x10100, 0xfffffffe, 0x345, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) connect$inet(r6, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) splice(r6, 0x0, r5, 0x0, 0x7ffff041, 0x1200000000000008) 5.483384548s ago: executing program 3 (id=3780): syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) socket(0x10, 0x80002, 0x0) fsetxattr(0xffffffffffffffff, &(0x7f0000000000)=@known='system.sockprotoname\x00', 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6e65772064656661756c7420757365723a73577a203030303030303030303030d130d030303430393300dbe6e5298391ea708bb7b771fadf659320089b1a2f9c7ae7d2c3570a25341f285d67d4774ab32aafc7194984630d5a916efa665b521fe44d0b00000000000000b69be67d11c8be203b79d0f6e762ec03ca940c35c7f459d946f553ca23"], 0x2a, 0x0) add_key(0x0, &(0x7f0000000180), &(0x7f0000000100), 0x0, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000002c0)="ae", 0x1, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000100)) r4 = syz_io_uring_setup(0x9eb, &(0x7f0000000140)={0x0, 0xfad6}, 0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0xdb4, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) 5.017764337s ago: executing program 5 (id=3783): bind$inet6(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r2, 0x0, 0xfffffffffffffec5) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[], 0x1fc}}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x14) r4 = io_uring_setup(0x1fc4, &(0x7f0000000bc0)={0x0, 0x0, 0x12, 0x0, 0x320}) r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r6 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0}) r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r8 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb) ftruncate(r8, 0xffff) fcntl$addseals(r8, 0x409, 0x7) r9 = ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f00000002c0)={r8, 0x0, 0x0, 0x8000}) close_range(r5, r1, 0x2) r10 = syz_open_dev$vcsn(&(0x7f0000000200), 0x7fffffffffffffff, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, &(0x7f0000000c40)=@raw={'raw\x00', 0x9, 0x3, 0x318, 0x0, 0xffffffff, 0xffffffff, 0xe8, 0xffffffff, 0x248, 0xffffffff, 0xffffffff, 0x248, 0xffffffff, 0x3, &(0x7f0000000080), {[{{@ipv6={@mcast2, @mcast2, [0xffffffff, 0xffffff00, 0xff], [0xff000000, 0xff, 0xffffffff, 0xff000000], 'batadv_slave_0\x00', 'veth0_virt_wifi\x00', {}, {}, 0x3a, 0x5, 0x0, 0x28}, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x9, 0xf6, {0x938f}}}}, {{@uncond, 0x0, 0x100, 0x160, 0x0, {}, [@common=@frag={{0x30}, {[0x0, 0x39], 0x9, 0x0, 0x1}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffff00, 0xff, 0xff000000], 0x4e20, 0x4e23, 0x4e20, 0x4e21, 0x1, 0xa1a9, 0x7, 0x7, 0x32}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x378) r11 = fcntl$dupfd(r9, 0x0, r9) sendmsg$NFNL_MSG_CTHELPER_DEL(r11, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000000203000003100002000c000261000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20048044}, 0x4000000) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r11}) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000000002b0388edb6556900"/50, @ANYRES32=0x0], 0x30}], 0x1, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 3.746904794s ago: executing program 4 (id=3786): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setxattr$incfs_metadata(0x0, 0x0, &(0x7f0000000880)="22cff5", 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="28000000130001002abd7000f9dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="00830000f020000008001c00", @ANYRES32, @ANYBLOB="d88950c3bb253f40479b6d5525602617733c89095f1f3a1bd4174ab6be401e45908623add2e13fb4a6985a750d588115d089f76f0304141065d48b3cace7d89c74aa33cab70fc80eb6be7530e4f6b53b3b96ea128f2de5fed106f7db90a9a33511751df42f743ab2d546d70cdd55a631f7bb7fcbdebfe59d799b1080004a90b28dc6d83a86beb1e64e72ec5badaf9357530e33fb3de2996c331e64b2f5a5970cc6e29f91ea0af34730d4cf1eecd0a4"], 0x28}, 0x1, 0x0, 0x0, 0x200088d0}, 0x20000000) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) socket(0x400000000010, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x2a, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = syz_pidfd_open(0x0, 0x0) process_madvise(r2, &(0x7f0000000040)=[{&(0x7f0000000440)="0ef0edb5a10c4535de5f561b1745eb12c26947f915503bfdad26324472d07702470d2ba785843b870c8f6172ccbfc3a9d58f000261be59dd2bffccdb350233c6842120833ba16fbea88433cc3c028132d25f958de4c4bef2f93f18f3a2286327c4", 0x61}], 0x1, 0xb, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) socket(0x1000000010, 0x80000, 0x0) getsockname(0xffffffffffffffff, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r4 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r4, &(0x7f0000001d80)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000080)={0x2, 0x4e22, @rand_addr=0x64010104}, 0x10, &(0x7f0000000180)=[{&(0x7f00000000c0)="99", 0x1}], 0x1}}], 0x2, 0x48000) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xc, 0x0, &(0x7f0000000000)) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x42000, 0x0) ioctl$PPPIOCSMAXCID(r5, 0x40047451, &(0x7f0000000100)=0xffff0080) ioctl$PPPIOCSMAXCID(r5, 0x40047451, &(0x7f0000000000)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000100)={0x0, 0xc}, 0x8) close(r3) unshare(0x42000000) 3.492614783s ago: executing program 0 (id=3787): socket$packet(0x11, 0x2, 0x300) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0xf11, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x104}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x4c}}, 0x0) 3.13610643s ago: executing program 0 (id=3788): socket(0x10, 0x3, 0xfffffffc) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x15, 0x5, 0x9}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009b02"]) r3 = socket$netlink(0x10, 0x3, 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0x9, 0x40) close_range(0xffffffffffffffff, r3, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='cmdline\x00') socket$inet6(0xa, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r4, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r6}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 2.263137782s ago: executing program 0 (id=3789): syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4020}, 0x4080) 2.137975116s ago: executing program 3 (id=3790): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0xff00, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe, 0xff00}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108) r1 = userfaultfd(0x80001) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x44}}}, 0x1c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) bind$inet6(r3, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x111}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x10, r0, 0x8c993000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) close(r4) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000140), 0x121200, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="f20f4df466baf80cb8b098fe83ef66bafc0cb8bba0ffffef66baf80cb854579f87ef66bafc0c66b80d0066ef66ba430066ed410f01c8c4c2fd200665f61666460f381e2066baa00066b8d10066ef0f20c035200000000f22c0", 0x59}], 0x1, 0xa, 0x0, 0x0) r7 = dup(r6) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) 1.822878069s ago: executing program 0 (id=3791): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000002c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000dc0)={0x138, r2, 0x5, 0x70bd2a, 0x25dfdbfd, {}, [@WGDEVICE_A_PEERS={0x11c, 0x8, 0x0, 0x1, [{0x74, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0x1, @mcast1, 0x2}}, @WGPEER_A_FLAGS={0x8, 0x3, 0x7}]}, {0x6c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_ALLOWEDIPS={0x44, 0x9, 0x0, 0x1, [{0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}]}]}]}, {0x38, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}]}, 0x138}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 1.624244404s ago: executing program 4 (id=3793): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000040)={0x0, {{0xa, 0x4e20, 0x6, @mcast2, 0x4f}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0xdd, @mcast2}}, 0x1, 0x1, [{{0xa, 0x4e24, 0x8, @private1={0xfc, 0x1, '\x00', 0x1}, 0x47}}]}, 0x110) syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6004c2ad00101100fc0100000000000000000000000000000000014e210e220010907802000000a600000000000000000000000000000099ffb3004c00"], 0x0) 1.591088821s ago: executing program 0 (id=3794): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x34, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 1.251888187s ago: executing program 4 (id=3796): r0 = msgget$private(0x0, 0x1c0) msgsnd(r0, &(0x7f0000000180)=ANY=[@ANYRESHEX], 0x0, 0x800) 1.236667847s ago: executing program 1 (id=3797): socket(0x10, 0x3, 0xfffffffc) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000000)={0x15, 0x5, 0x9}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009b02"]) r3 = socket$netlink(0x10, 0x3, 0x0) syz_open_dev$usbfs(&(0x7f00000000c0), 0x9, 0x40) close_range(0xffffffffffffffff, r3, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='cmdline\x00') socket$inet6(0xa, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r4, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r6}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 1.214469578s ago: executing program 0 (id=3798): socket$key(0xf, 0x3, 0x2) r0 = userfaultfd(0x80801) r1 = socket$pppl2tp(0x18, 0x1, 0x1) fdatasync(r1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x0, 0x3, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000"], 0x0) syz_open_dev$sndctrl(&(0x7f0000000140), 0x1007, 0x10b00) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54010000060a090400000000000000000200000028010480240101800e000100696d6d656469617465000000100102800800014000000000040102801400028008000180ffffffff08000180fffffffbae0001008980b82eeb506f22c89ee5130054b48acc2378f9fb72ba199af16ae54ba4b755078a3f7b4d797f0723464ef20faacbce172bf29eef68a801221d3f76f2e97cf2e4b78c4ca97f2633492d27c1f6d2ca46c97ed2b47153dcaea2ccadac726487c397a40053450ede0212f032da6065d4f2f60e94af9a0c7605692a4759e82a3e45a011cc59fb6af44e96e914cf11a94a1eb6dc7fe2035355ae3d80d9dca3e02f0cf4f3c01391aeb3b4edc000000c00028008000180ffffffff3000028008000180fffffffc0900020073797a310000000008000180ffffffff080003400000000108000180ffffffff0900010073797a30000000000900020073797a32"], 0x190}}, 0x0) r6 = add_key$keyring(&(0x7f00000011c0), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0x0) keyctl$restrict_keyring(0x1d, r6, 0x0, 0x0) r7 = syz_clone(0x2004000, &(0x7f0000000180)="9c604e976492bcb61976ab213d2fbf3e675b7daab8b65d6bbdd96d5da664e8e3fbc9a7e5a45479e5d8f7fbd5ce28f454474bfa4f1d27750eb224a2c8d125ebffa9555133983deace7d2964cb9638d1c04f69be255082e97d8d5f512ed40ebd3e36496bde8df8db71ab6e15b7924e3008d7e6c5357582d3d14ccc8f23e8b64267aee0efd9e3f514ffc6c1136a24f9fc65c53eb519ae9a9caef89bc26c65d23087b07aa852ca98e2c1ca1e5d7395707baad2eff0ded43c989a581163e6320dfc62eca84cc83b41b63936f1268b5055bf2f535f4127308914dc3ad81b55159a537c50253e3eaba2c0056168b197dad7f31552be48fdd070d46bdb03db0c3fcbea6bcf81c87361f95a728a456c5f3f45ec3e4575450e9f47eea381d69fcb1c61184f48816bd2ecf77884f9c1933a8d416ec92eb45e10c07f4d6eab1a465fd7f50d28d29e9f8d25c131ca1d85e445a627eddc23ad241a8b547952229c3010396501ba9be4269d82941c47d812c9a8021474a93557098ebbde4a42828ac8ec92ae254c5013088137e8c25df92207eaf55ef2b4a29c5e73536fccb93970172daee207879733e2d5235ac685e1504107fade5bcc91805e99f9907b0ba8b156f99bb37e79cf96f381fb439e635a7c3772bdcbd8314f04381042786ac48331e0cdac6028ed33fc761306213413d9448c892b2d9b5cb6e7cd2b08f0c4b4539cbceb723024e0ef70022016bea1f1982beedebf1f9cd5206e2ecc53cd0405dd0e97031790aa283e5b71b828723da126d95637e217bc64c7dc5237ca38fc480c04280990f22c8404325d9aec30986eb295bc70ca70b855fa01121fa2e852fe199c68f920f4b7893c724489ad480a92c9cdbd6d40f8a46815188edf53e0ffda2146706f0cebf77073dc3cade334c323397e60961587026d984a6225a9acf775819bebd90fe05d9b0af3d0f7b13d3d49e29d3bae6680a256f1565833570dd854e5327e1516b81d9115fd5eec91d401277abe69e947ccbc555f95cc6803cf15ea30ea9f1f29003287123edd1b0657783086969b04c7a9c5ed2be81524ada2cf2dae9cb0f25b5bb54cd75f3a98c4eab18ed2b00f525ceedaf7cfe04ed65daf59f902fc1121ecbb81897d6c376a0e09073bf70399e859d7c0fd877f82a2413d4e7879412e6cd135930c8a061bfeda8a3e5eb0bd9c02e184077e434c2f2e0bc09c74728ea2fb3cb4dc88d6c2757418fc5add4385fca83f0c33fdff8280e4d09beb8b686898dace5947ecea81ea7ad6cb65f89bb580fdb17ab52624d2ecfd2d30a36f3d80dd388c23afd40c37d888e7da7714fb66e09101fcbc81492f0e5b4b2a8f60e612ae7414673a3d3b17f3dbc77454b067aedb812a8a6252e81f8b1acadc1683b242abfc986d190c6867160451c62d0e0d38d4947e1bb5d42470b2308bd211b2a09dc44ae7ce305d210ebd387f7428b17df0a4abd1b62847cc35f934283ff55a4029aaab06da67aa8ec3624919fb13b4763a6eceedc5ecd08db67d7ae379ce8a6cd7d0464881c5f3fafd9388c3765028bd06cb5a996d924af4583123ee9e3f91fa6da90e330664f7ee456d45edacb2349f606c611bd98afdf6058fc8411d0237ebda881438e9347158703aa9560e3d1265bfa07bf18bbd0fc93db8b5b3d31471fdc4be11efddffb958826dd92ec69f5505faf0a7a94478a9d61e577b7039d890b163600186b986f8f38eb8bba455bc592ea380ef6db8d05056c9f747bcc74e76f6d71ee76c22fbd52f25cd6e4e8eff500113d8c0839adab157cb8dc0b0483caea9f812e474dbb6bfc8f468636dc91cf350db4c2aca8a2521b47a41154557c90ee4fc06ba63ee483d442b228b082a666f18a913f177c22fc63f5b2b66182ee6439f165a97ce204cff0f6bd283d15ba9542007dc97ef0e6ff1db0f22412b93a3ffc46df926b54eba6aaa2ff0f50ea02d124209bf06fd0efd34d83d1bcaf446a6b531b082581d9c6307692d6f9ed24959fa3a85c3e2ecf8e7bcf1da137be6a587b753932b72b185984715e43b923ff132c52f99c7a095f75c430688b07899ca3b11e4a7f52d5c86cc4f6c4c937077cb171c15ae0b9f0db9b6857b7472895790e125c2c77d4f48b5a5bad14144cd1321c0e92b76d5cf6221491fa81c22fb9ff2fe3dd0df4b64e3336fe6e92f53759a285d37158a8a13e0315d00eed750b38dfd2a0206ff50609105c76039a75509899a0730bdbf7d3045c541315dcf46ec671fad18b2c3a5ab5f90ce982e565f7d2c453cf47c73aad8b283f5716fc29b5d55e30e49f2e552c466206b90ff9947a1b5544420ef6919cadddd9586a0a363183503fa6d3cecb5c5e064b88cf73a8635c607fb1cef9f7f6f1d0a6df0bde7a75217a1d3c5d20bcb0b64b1ece1ba8563d6f237cd44bd1fedc5df43cf8d9f470829307f832c33d9a8faa6f9ef4b8873cd9d244bffda7250081006e683c354fb14d58d7a0302f79ec34489412a0ff6b51dc89894a246e562426fda05c46ef78af6f8a12793bdaee987c5ad62dba1a215f550c13e470337c187f5a95cdc450541aac3af73b80f9b758b10cc672a508ea793f5084a5758a687eebe1862561e2a30ef11d1d810fd08dba7ea53409b71572a3e957b6770af2c8a84294539422563bc1610c569f4e6ed8e581fb46943bd66d725092772d75f253e0f1c4e8b421f0a41ae8df97f62281cf6237cb9261bdab2c22e6c429c7313174fdd2c87102af8e723a09f63ac4b9a324a374e8f6a097d5c8f6b79adc0f5f4cdafa3bb19d3a3c7f0dcc68e69953792b2b645a31499ae7abd8f3d16c95d92c536f2dfa508a42dc788a43ec2e4ca00308bf4a926ad6aeeedf0c399e71ee6743e88ba80af3d70fe1cea0a31046d1f4bf6d911d4f3f4734dda53331c36ead3edc257758a1dbc09a5e12a528e8f1bfc502caa2deee37b76ab499198b1228fc68fcdbda71599c983eda5c40031ea85ea70191f23d63673bd1c275f6efe023391c13b74ddaa0a0c9c60438d7926dd8779a5408f77ef685cb4202c55b731b13823a10a7177a2395111693195b68bb3075274dd5e769ea12216eb7bc7604b382700af1fe89a266842fb5778a9f9af968cf0b526d7bdfb3cbd56a8594f47a0cde5a0a1c80edd23ead284db783ff7edc15cbc0ae8da1f7309db8563a261387e7ce3aeb626fbcb812380aa204e1d21a8731ac4cbceb1ebb8bf09c13025010fda05cadfe7f0d00a64c7301b5bacd49815b188f2ac474954c5e4612952b8a14de0233b3b630915c7d6b437c400ed225b5d4db56d00209bff6f3016ac552e55f7f0b2db1ad7c27db33ef5caff390044a66e3e9d92c9876b81ec9edbf492e45ae2c9c97f2730557b6293b13c382c14b15567a02ac64f6f25fca2576ce73e025983cae71ccf7cdc02166d99c538fa266d007be025f0323c80fc876ea07b62f8d929ab94fe5eaa1a654c34b703783416acb7711c1038feb8fa8f857aa8de6daea3e88e2afefda0e1b05be64076007c0c1566576636da878e5766fdd7541542415064011533331b3027e93cc1951da46de410c678fb45d7d21c1f483b499b84d3104c8eeb0f8ed7e21e8f1840d034ba1848a1ae3eb2167a193a0759f4323998b73c3f12c3727ee679f6ec0fdfb704f1439567dc4ab872ce15c05a6aeb4de53ebd7d607226ab473237137aa578d44473ddd394bad57ddb4a62b726d9ec5fb8ec2ac3de8e8c2511d05141ec30290ed9107cee8be636e8ca1e0a66505687248a128047ce8b51741788a6e4af1a5f6112c86855e713e5e46dfb270af1f9e80f70818cbf1e220aa7b4bef0e4959550f18d2026f80a13317e6e77ca3e3c83a77520a09385abb9a5aed2747395a59a91160922fb28c9c515a3a33e2f59a0c342f5972cd1c346189089d8e4f806f99f4ee9bd47d8f8dc180867a71179a7c58b5ed781986ccd2f49ee78ab65bf6d43878b36a0142eccbfe31adcc4b4ae9f19cbd697788d0a5fe96f94de53de88f75df12b790eb2d7af2a006e807c66c09969f6ea641aa7537b13e4bff96e99c9e0417deb956e345cde25d38ceb7616e423cc3aae3a056a75edad9985b564cc1b6d1cee0907ba64c1c3d98f167ed2581aa607d091536091b1cacfae22724cd433d13d048d4c257735dca41b41bf753724a654e0300cb6411e60469aee00bb3078da49e7c3e74971c6332d5dbf9c703c2971d033704484717b09c1d39359aec3f32cd1edc0dfa13552e9ec4ce36bfd42997038fc0678550b7b7ef3b1e2e420804045c63a887befbd9ad13e273d81bc1565f48d683fca4bb52001a470166612c276c6dc7d8fd70c9745233f4c59267763604ff2be3069a34fb8165aeae1187ca6640a855942d61385a271b74fa56e66e236eff4354541bc4f033cb03f34a29bad8eaad52b8b0709888c63428bdf05d041b6e9297dc686194244a86c11e31ac35934733b0c0ae3f51db2179ceb4c9b2f7e0722c6102043a072a000d59c0195654c4e06b5e6889645a32619a71967954061948e3c2852738ae3f5954ecbc688f2ac4b9f4ccdb475809414b31b1b17ca4b1de79fb435467cd47434a5c1b983d16dc27d16a1f9424a55015f07f0f8bc5d77b92a438259124af2227c20743ec0faf4a427498a985d1941be606391d9954fdf478a313faf49f9fd7c7db8f448cef23facf9fa8ade5acdeb72ae2b15d6ef84dedc01b34983f2af78a01cf1dde4fa2c9aebf905e983d4398b9e7882dc6f8d8456acff05cec74fd902e448e98948d97e535ee82f8e431f03889448df55b8a7dbb31554543634030ca07556bcac30048b6a90affa70b4b3679b470e048b87eda8ce72f84d3f12a38370ff7d9c8630ca9f7ab8756514f28a2ef57821ca01441c7efc26e5b8fd9f4ba33d981f3afd6612d52f0a42d60c27bec1a7e7c11a69dab73d9fd6d017dafb08badff581c14da0d17c96668b048dbe3d01e195370e35d838552a876885e7334da2db07cb2eb5136a0832aa8a674710a538c228fe213cb6fd3632184b7c29bba4145a601ea6fd7fd9507f5822d4180297936ac3afaa16b3e53e2e691dc92efb23de3e667c", 0xe00, 0x0, &(0x7f00000011c0), &(0x7f0000001200)) r8 = syz_open_dev$loop(&(0x7f0000001340), 0x7ff, 0x1) ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000001380)={'\x00', 0x7fff, 0x4, 0x1, 0x80000001, 0xa, r7}) io_uring_enter(r4, 0x71ad, 0xca44, 0x1e, &(0x7f0000001200)={[0x8]}, 0x8) close(0xffffffffffffffff) r9 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r9, 0x80dc5521, &(0x7f00000001c0)=""/4096) syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2) socket(0x40000000015, 0x5, 0x0) syz_io_uring_setup(0x3525, 0x0, &(0x7f0000000000), &(0x7f0000001240)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) 1.016233962s ago: executing program 5 (id=3799): listen(0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) r0 = syz_usb_connect(0x2, 0x239, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e388d640697a01006ba8010203010902270201020010000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r2, 0x707, &(0x7f0000002580)={&(0x7f0000000180)=[{0x9b, 0x1011, 0x0, 0x0}], 0x1}) 902.424474ms ago: executing program 4 (id=3800): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, 0x0, 0x0) 816.938991ms ago: executing program 4 (id=3801): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x24}}, 0x0) 725.059216ms ago: executing program 3 (id=3802): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r0], 0x24}}, 0x0) 681.783342ms ago: executing program 4 (id=3803): unshare(0x2060000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x44, 0x0, &(0x7f0000001600), 0x14, 0x7000000, &(0x7f0000000100)="6027a98820210172b82b22ecbdc64da99999ab9cdde9825980d5afd8654f38976e340713fac123221463a4645d8412ab50d14af845e59a9b4c322bed0473fe3a0bc3e66c8361516863336d32b39aa011976bd5ff5943c6591b983a62329cdd15a94146eeacf5082415e0199c5956eb46579021ed56a6cba6ccf60a8ec3096ef265f0ef865e5504de730fdb74d3d3e8"}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b"], 0x0) syz_open_dev$midi(0x0, 0x3, 0x4a243) r4 = socket(0x10, 0x803, 0x0) r5 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) syz_usb_control_io(r5, 0x0, 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), r4) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', r6, 0x4, 0x0, 0x0, 0x0, 0x0, @dev, @dev, 0x80, 0x0, 0x1, 0x1}}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'ip6tnl0\x00', r7, 0x0, 0xff, 0x0, 0x7, 0x0, @dev, @private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x1, 0xfffffffe}}) openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) sendmmsg$inet(r3, 0x0, 0x0, 0xf00) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xc}]}, @NFT_MSG_NEWSETELEM={0x2c, 0xb, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x0) sendmsg$nl_generic(r8, &(0x7f0000000140)={0x0, 0xffffffffffffffc8, &(0x7f0000001ac0)={&(0x7f0000001b00)={0x14, 0x2d, 0x1, 0x70bd26, 0x25dfdbf7, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4c00d}, 0x20000000) fsmount(0xffffffffffffffff, 0x1, 0x0) 628.027643ms ago: executing program 1 (id=3804): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000002c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000dc0)={0x138, r2, 0x5, 0x70bd2a, 0x25dfdbfd, {}, [@WGDEVICE_A_PEERS={0x11c, 0x8, 0x0, 0x1, [{0x74, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0x1, @mcast1, 0x2}}, @WGPEER_A_FLAGS={0x8, 0x3, 0x7}]}, {0x6c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_ALLOWEDIPS={0x44, 0x9, 0x0, 0x1, [{0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}]}]}]}, {0x38, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}]}, 0x138}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 515.056551ms ago: executing program 1 (id=3805): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x48, 0x0, 0x2, 0x401, 0x0, 0x0, {0x9}, [@CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x20}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @broadcast}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x200080d0}, 0x0) r1 = syz_io_uring_setup(0x4d45, &(0x7f0000000100)={0x0, 0x2633, 0x8000, 0x1, 0x3bf}, &(0x7f0000000000), &(0x7f00000001c0)) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r2, 0x11, 0x68, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4) mq_open(&(0x7f0000003b40)='#! ', 0x40, 0x101, &(0x7f0000003b80)={0x3, 0x9, 0xfffffffffffffffb, 0x6}) setsockopt$inet_udp_encap(r2, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) close(0xffffffffffffffff) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r3], 0x24}}, 0x0) syz_io_uring_setup(0x6081, &(0x7f0000000200)={0x0, 0x90b, 0x4000, 0x1, 0x398, 0x0, r1}, &(0x7f0000000280), &(0x7f00000002c0)) r4 = socket(0x10, 0x80002, 0x0) openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000380), 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010001fff0000056800080000faff0000", @ANYRES32=0x0, @ANYBLOB="c30c424700000000280012800a00010076786c616e00000018000280140010"], 0x48}}, 0x0) sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0) 390.382342ms ago: executing program 3 (id=3806): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000340)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f0000000100)=r1, 0x4) sendmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)='?', 0x1}], 0x1}, 0x20000) sendmsg$inet(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000002c0)}], 0x1}, 0x811) 347.202933ms ago: executing program 1 (id=3807): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb440009000e000a", 0x23}], 0x1}, 0x0) 161.62061ms ago: executing program 1 (id=3808): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r2, @ANYBLOB="00000002000000002800"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x34, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 0s ago: executing program 1 (id=3809): bind$inet6(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r2, 0x0, 0xfffffffffffffec5) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[], 0x1fc}}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x14) r4 = io_uring_setup(0x1fc4, &(0x7f0000000bc0)={0x0, 0x0, 0x12, 0x0, 0x320}) r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r6 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x80, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0}) r7 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r8 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb) ftruncate(r8, 0xffff) fcntl$addseals(r8, 0x409, 0x7) r9 = ioctl$UDMABUF_CREATE(r7, 0x40187542, &(0x7f00000002c0)={r8, 0x0, 0x0, 0x8000}) close_range(r5, r1, 0x2) r10 = syz_open_dev$vcsn(&(0x7f0000000200), 0x7fffffffffffffff, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, &(0x7f0000000c40)=@raw={'raw\x00', 0x9, 0x3, 0x318, 0x0, 0xffffffff, 0xffffffff, 0xe8, 0xffffffff, 0x248, 0xffffffff, 0xffffffff, 0x248, 0xffffffff, 0x3, &(0x7f0000000080), {[{{@ipv6={@mcast2, @mcast2, [0xffffffff, 0xffffff00, 0xff], [0xff000000, 0xff, 0xffffffff, 0xff000000], 'batadv_slave_0\x00', 'veth0_virt_wifi\x00', {}, {}, 0x3a, 0x5, 0x0, 0x28}, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x9, 0xf6, {0x938f}}}}, {{@uncond, 0x0, 0x100, 0x160, 0x0, {}, [@common=@frag={{0x30}, {[0x0, 0x39], 0x9, 0x0, 0x1}}, @inet=@rpfilter={{0x28}, {0xc}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffff00, 0xff, 0xff000000], 0x4e20, 0x4e23, 0x4e20, 0x4e21, 0x1, 0xa1a9, 0x7, 0x7, 0x32}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x378) r11 = fcntl$dupfd(r9, 0x0, r9) sendmsg$NFNL_MSG_CTHELPER_DEL(r11, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000000203000003100002000c000261000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20048044}, 0x4000000) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r11}) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000000002b0388edb6556900"/50, @ANYRES32=0x0], 0x30}], 0x1, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): egistering): Port device team_slave_0 removed [ 990.026612][ T1209] hub 6-1:0.0: 2 ports detected [ 990.089449][ T976] usb 5-1: new full-speed USB device number 29 using dummy_hcd [ 990.126628][ T976] usb 5-1: device descriptor read/8, error -71 [ 990.372298][ T976] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 990.399966][ T976] usb 5-1: device descriptor read/8, error -71 [ 990.509503][ T976] usb usb5-port1: unable to enumerate USB device [ 990.555505][T17429] bridge0: port 1(team0) entered blocking state [ 990.564091][T17429] bridge0: port 1(team0) entered disabled state [ 990.574453][T17429] team0: entered allmulticast mode [ 990.585560][T17429] team0: left allmulticast mode [ 990.664166][ T1209] hub 6-1:0.0: set hub depth failed [ 990.701653][ T1209] usb 6-1: USB disconnect, device number 7 [ 990.829891][T17266] hsr_slave_0: entered promiscuous mode [ 990.847623][T17266] hsr_slave_1: entered promiscuous mode [ 990.857425][T17266] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 990.865213][T17266] Cannot create hsr debugfs directory [ 991.127144][T17459] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3122'. [ 991.142406][T10887] IPVS: stop unused estimator thread 0... [ 992.059467][ T976] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 992.087330][T17266] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 992.152822][T17266] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 992.285890][ T976] usb 4-1: Using ep0 maxpacket: 16 [ 992.321820][ T976] usb 4-1: unable to get BOS descriptor or descriptor too short [ 992.345735][ T976] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 992.365745][T17266] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 992.399306][ T976] usb 4-1: config 0 has no interfaces? [ 992.424831][ T976] usb 4-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 992.434870][ T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 992.458031][ T976] usb 4-1: Product: syz [ 992.465550][ T976] usb 4-1: Manufacturer: syz [ 992.485441][ T976] usb 4-1: SerialNumber: syz [ 992.551482][ T976] usb 4-1: config 0 descriptor?? [ 992.586677][T17266] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 992.847296][T17477] netlink: 5120 bytes leftover after parsing attributes in process `syz.3.3125'. [ 993.227522][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.234030][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.505990][T17266] 8021q: adding VLAN 0 to HW filter on device bond0 [ 993.828352][T17266] 8021q: adding VLAN 0 to HW filter on device team0 [ 994.067045][T16697] bridge0: port 1(bridge_slave_0) entered blocking state [ 994.074708][T16697] bridge0: port 1(bridge_slave_0) entered forwarding state [ 994.194717][T16697] bridge0: port 2(bridge_slave_1) entered blocking state [ 994.202007][T16697] bridge0: port 2(bridge_slave_1) entered forwarding state [ 994.507371][T17266] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 994.564968][T17266] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 994.890178][T17266] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 995.181155][ T1209] usb 4-1: USB disconnect, device number 32 [ 995.190381][T17266] veth0_vlan: entered promiscuous mode [ 995.303166][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 995.391875][T17266] veth1_vlan: entered promiscuous mode [ 995.466184][T17266] veth0_macvtap: entered promiscuous mode [ 995.520181][T17266] veth1_macvtap: entered promiscuous mode [ 995.649970][T17266] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 995.697377][T17266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 995.775627][T17266] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 995.815300][T17266] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 995.845703][T17266] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 995.869516][T17266] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 996.029161][T17536] macsec0: entered promiscuous mode [ 996.056836][T17539] veth1_macvtap: entered promiscuous mode [ 996.103505][T17539] macsec0: left promiscuous mode [ 996.109407][T17539] veth1_macvtap: left promiscuous mode [ 996.251678][T17536] vlan2: entered allmulticast mode [ 996.257086][T17536] bond0: entered allmulticast mode [ 996.832717][T16697] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 996.871413][T16697] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 996.970312][T16697] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 996.978671][T16697] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 999.257906][ T30] audit: type=1800 audit(1752064630.002:333): pid=17590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3150" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1000.487068][T17612] netlink: 'syz.1.3156': attribute type 5 has an invalid length. [ 1000.552234][T17612] netlink: 'syz.1.3156': attribute type 10 has an invalid length. [ 1004.278621][T17688] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1004.288563][T17688] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1004.298101][T17688] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1004.307040][T17688] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1004.363604][T17689] mmap: syz.1.3182 (17689): VmData 45907968 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data. [ 1005.136113][ T30] audit: type=1804 audit(1752064635.922:334): pid=17700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3185" name="/newroot/15/bus" dev="tmpfs" ino=95 res=1 errno=0 [ 1007.241458][T17717] bridge_slave_0: left allmulticast mode [ 1007.249566][T17717] bridge_slave_0: left promiscuous mode [ 1007.279389][T17717] bridge0: port 1(bridge_slave_0) entered disabled state [ 1007.333131][T17717] bridge_slave_1: left allmulticast mode [ 1007.338923][T17717] bridge_slave_1: left promiscuous mode [ 1007.344897][T17717] bridge0: port 2(bridge_slave_1) entered disabled state [ 1007.547241][T17717] bond0: (slave bond_slave_0): Releasing backup interface [ 1007.642881][T17717] bond0: (slave bond_slave_1): Releasing backup interface [ 1008.064292][T17717] team0: Port device team_slave_0 removed [ 1008.269463][T17717] team0: Port device team_slave_1 removed [ 1008.771018][T17717] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1008.792470][T17717] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1009.413085][T17736] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3196'. [ 1009.460457][T17736] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3196'. [ 1011.187260][T17758] usb usb8: usbfs: process 17758 (syz.4.3202) did not claim interface 0 before use [ 1011.196985][T17758] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1011.766266][ C1] vcan0: j1939_tp_rxtimer: 0xffff888054ddf800: rx timeout, send abort [ 1011.779072][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888054ddf800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 1014.517789][ T30] audit: type=1326 audit(1752064645.312:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17787 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24d78e929 code=0x7ffc0000 [ 1014.681236][ T30] audit: type=1326 audit(1752064645.312:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17787 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24d78e929 code=0x7ffc0000 [ 1014.777733][ T30] audit: type=1326 audit(1752064645.392:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17787 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff24d78e929 code=0x7ffc0000 [ 1014.859793][ T30] audit: type=1326 audit(1752064645.402:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17787 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24d78e929 code=0x7ffc0000 [ 1015.754176][ T30] audit: type=1326 audit(1752064645.402:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17787 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24d78e929 code=0x7ffc0000 [ 1015.899037][T16502] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1016.039092][T16502] usb 5-1: device descriptor read/64, error -71 [ 1016.399126][T16502] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 1016.624666][T16502] usb 5-1: device descriptor read/64, error -71 [ 1016.654149][T17810] netlink: zone id is out of range [ 1016.729179][T17810] netlink: set zone limit has 8 unknown bytes [ 1016.749299][T16502] usb usb5-port1: attempt power cycle [ 1017.239211][T16502] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 1017.270423][T16502] usb 5-1: device descriptor read/8, error -71 [ 1017.709772][T16502] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 1017.750069][T16502] usb 5-1: device descriptor read/8, error -71 [ 1018.015353][T16502] usb usb5-port1: unable to enumerate USB device [ 1018.237428][ T30] audit: type=1326 audit(1752064649.032:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17832 comm="syz.1.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24d78e929 code=0x7ffc0000 [ 1018.373112][ T30] audit: type=1326 audit(1752064649.042:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17832 comm="syz.1.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24d78e929 code=0x7ffc0000 [ 1018.512111][ T30] audit: type=1326 audit(1752064649.042:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17832 comm="syz.1.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff24d78e929 code=0x7ffc0000 [ 1018.649571][ T30] audit: type=1326 audit(1752064649.042:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17832 comm="syz.1.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff24d78e929 code=0x7ffc0000 [ 1018.671919][ C0] vkms_vblank_simulate: vblank timer overrun [ 1021.027078][ T30] audit: type=1326 audit(1752064651.812:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d58e929 code=0x7ffc0000 [ 1021.089871][ T30] audit: type=1326 audit(1752064651.822:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d58e929 code=0x7ffc0000 [ 1021.149675][ T30] audit: type=1326 audit(1752064651.822:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1f1d58e929 code=0x7ffc0000 [ 1021.298851][ T30] audit: type=1326 audit(1752064651.822:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d58e929 code=0x7ffc0000 [ 1021.393463][ T30] audit: type=1326 audit(1752064651.822:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17872 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d58e929 code=0x7ffc0000 [ 1021.899450][T17886] netlink: zone id is out of range [ 1021.904655][T17886] netlink: zone id is out of range [ 1021.950819][T17886] netlink: set zone limit has 4 unknown bytes [ 1021.957167][T16502] IPVS: starting estimator thread 0... [ 1022.072273][T17897] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3245'. [ 1022.081305][T17892] IPVS: using max 27 ests per chain, 64800 per kthread [ 1022.081656][T17897] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3245'. [ 1022.139703][T17897] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3245'. [ 1025.374534][T17939] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3257'. [ 1025.384823][T17939] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3257'. [ 1025.436268][T17941] netlink: 'syz.1.3257': attribute type 10 has an invalid length. [ 1025.505734][T17941] bridge0: port 3(team0) entered blocking state [ 1025.530218][T17941] bridge0: port 3(team0) entered disabled state [ 1025.564138][T17941] team0: entered allmulticast mode [ 1025.609063][T17941] team_slave_0: entered allmulticast mode [ 1025.630649][T17941] team_slave_1: entered allmulticast mode [ 1025.653087][T17941] team0: entered promiscuous mode [ 1025.668572][T17941] team_slave_0: entered promiscuous mode [ 1025.699674][T17941] team_slave_1: entered promiscuous mode [ 1025.726213][T17941] bridge0: port 3(team0) entered blocking state [ 1025.732757][T17941] bridge0: port 3(team0) entered forwarding state [ 1025.784107][T17945] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3259'. [ 1025.960578][T17948] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3259'. [ 1026.021721][T17913] Bluetooth: hci0: command 0x0406 tx timeout [ 1026.669872][T17954] netlink: zone id is out of range [ 1026.675080][T17954] netlink: zone id is out of range [ 1026.680795][T17954] netlink: set zone limit has 4 unknown bytes [ 1028.236415][T17959] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1029.225108][T17975] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1029.641026][T17978] netdevsim netdevsim4: Direct firmware load for . [ 1029.641026][T17978] failed with error -2 [ 1029.660451][T17978] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 1029.660451][T17978] [ 1031.290639][T18000] netlink: zone id is out of range [ 1031.296016][T18000] netlink: zone id is out of range [ 1031.309952][T18000] netlink: set zone limit has 8 unknown bytes [ 1031.609078][T12447] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 1031.921892][T12447] usb 5-1: Using ep0 maxpacket: 16 [ 1032.397991][T18004] netlink: 124 bytes leftover after parsing attributes in process `syz.4.3271'. [ 1033.520756][T18023] netlink: zone id is out of range [ 1033.538132][T18023] netlink: zone id is out of range [ 1033.552844][T18023] netlink: set zone limit has 4 unknown bytes [ 1034.703227][T18030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1034.888695][T18037] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3280'. [ 1035.215055][T18041] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3281'. [ 1035.235767][T18041] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3281'. [ 1035.306190][ T30] audit: type=1326 audit(1752064666.102:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18040 comm="syz.0.3281" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f69e838e929 code=0x0 [ 1035.357432][T18041] netlink: 'syz.0.3281': attribute type 10 has an invalid length. [ 1035.386435][T18041] bridge0: port 3(team0) entered blocking state [ 1035.407178][T12447] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1035.440381][T12447] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1035.480844][T18041] bridge0: port 3(team0) entered disabled state [ 1035.519652][T18041] team0: entered allmulticast mode [ 1035.525006][T12447] usb 5-1: can't read configurations, error -71 [ 1035.551331][T18041] team_slave_0: entered allmulticast mode [ 1035.596781][T18041] team_slave_1: entered allmulticast mode [ 1035.624072][T18041] team0: entered promiscuous mode [ 1035.629971][T18041] team_slave_0: entered promiscuous mode [ 1035.641749][T18041] team_slave_1: entered promiscuous mode [ 1035.687139][T18041] bridge0: port 3(team0) entered blocking state [ 1035.694699][T18041] bridge0: port 3(team0) entered forwarding state [ 1036.673452][T18060] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1040.955890][T18096] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1042.334936][T18117] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1042.371777][T18110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1042.550656][T18129] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1045.322287][T18156] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1045.804864][T18165] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3313'. [ 1045.814331][T18165] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3313'. [ 1045.839482][T18165] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3313'. [ 1045.901778][T18167] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3314'. [ 1045.936236][T18167] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3314'. [ 1046.026113][T18167] netlink: 'syz.3.3314': attribute type 10 has an invalid length. [ 1046.067524][T18167] bridge0: port 1(team0) entered blocking state [ 1046.074139][T18167] bridge0: port 1(team0) entered disabled state [ 1046.098553][T18167] team0: entered allmulticast mode [ 1046.106737][T18167] team0: left allmulticast mode [ 1046.751990][T12447] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1046.939198][ T1209] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 1046.955165][T12447] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 1046.965943][T12447] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1046.984243][T12447] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1047.033566][T12447] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1047.043264][T12447] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1047.054808][T12447] usb 4-1: Manufacturer: syz [ 1047.080016][T12447] usb 4-1: config 0 descriptor?? [ 1047.098653][T12447] igorplugusb 4-1:0.0: incorrect number of endpoints [ 1047.112923][ T1209] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1047.131460][ T1209] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1047.149256][ T1209] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1047.158597][ T1209] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1047.202771][T18182] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 1047.213710][ T1209] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1047.320460][T18176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1047.364604][T18176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1048.627517][T18189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1049.458066][ T9] usb 4-1: USB disconnect, device number 33 [ 1049.994659][ T44] usb 5-1: USB disconnect, device number 37 [ 1050.566250][ T1209] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1050.568851][T18223] binder: 18220:18223 unknown command 0 [ 1050.691517][T18223] binder: 18220:18223 ioctl c0306201 200000000480 returned -22 [ 1050.849092][T12447] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1050.899302][ T1209] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1050.930749][ T1209] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1050.995966][ T976] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1051.004971][ T1209] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1051.038386][T12447] usb 6-1: config 0 has no interfaces? [ 1051.211825][ T1209] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1051.335778][ T976] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1051.346452][ T976] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 1051.361093][ T976] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1051.379623][T12447] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1051.398638][ T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1051.408388][T12447] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1051.417955][T18217] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1051.432781][ T1209] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1051.449139][T12447] usb 6-1: Product: syz [ 1051.453369][T12447] usb 6-1: Manufacturer: syz [ 1051.458006][T12447] usb 6-1: SerialNumber: syz [ 1051.514266][T18237] vlan3: entered promiscuous mode [ 1051.521028][T18237] vlan2: entered promiscuous mode [ 1051.526090][T18237] gretap0: entered promiscuous mode [ 1051.553329][T12447] usb 6-1: config 0 descriptor?? [ 1052.450615][T18246] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1052.653080][ T9] usb 6-1: USB disconnect, device number 8 [ 1054.380844][ T9] usb 5-1: USB disconnect, device number 38 [ 1054.672246][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.711203][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.912671][T18258] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1055.034820][T15128] usb 4-1: USB disconnect, device number 34 [ 1056.717077][T18289] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3351'. [ 1056.727568][T18289] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3351'. [ 1056.737672][T18289] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3351'. [ 1056.793301][T18291] netlink: 'syz.1.3354': attribute type 10 has an invalid length. [ 1057.169987][ T9] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1057.393868][ T9] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 1057.402564][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1058.313770][ T9] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1058.400466][ T9] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1058.461012][ T9] usb 4-1: Manufacturer: syz [ 1058.478373][ T9] usb 4-1: config 0 descriptor?? [ 1058.489648][ T9] igorplugusb 4-1:0.0: incorrect number of endpoints [ 1058.701707][T18294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1058.715570][T18294] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1059.539273][T18334] netlink: 'syz.5.3370': attribute type 10 has an invalid length. [ 1059.655327][T18334] bridge0: port 3(team0) entered blocking state [ 1059.712192][T18334] bridge0: port 3(team0) entered disabled state [ 1059.729320][T18334] team0: entered allmulticast mode [ 1059.734636][T18334] team_slave_0: entered allmulticast mode [ 1059.751737][T18334] team_slave_1: entered allmulticast mode [ 1059.864499][T18334] team0: entered promiscuous mode [ 1059.879948][T18334] team_slave_0: entered promiscuous mode [ 1060.011953][T18334] team_slave_1: entered promiscuous mode [ 1060.031265][T18334] bridge0: port 3(team0) entered blocking state [ 1060.037697][T18334] bridge0: port 3(team0) entered forwarding state [ 1060.165057][T12447] usb 4-1: USB disconnect, device number 35 [ 1060.193395][T18327] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1060.520006][ T9] usb 5-1: new full-speed USB device number 39 using dummy_hcd [ 1061.049459][ T9] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1061.085867][ T9] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 1061.098084][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1061.116589][ T9] usb 5-1: Product: syz [ 1061.127953][ T9] usb 5-1: Manufacturer: syz [ 1061.162588][ T9] usb 5-1: SerialNumber: syz [ 1061.202349][ T9] usb 5-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 1061.947631][T18343] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1062.003154][ T9] usb 5-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 1062.039580][T18343] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1062.250879][ T9] usb 5-1: USB disconnect, device number 39 [ 1062.678514][T18369] netlink: 'syz.3.3384': attribute type 10 has an invalid length. [ 1062.688206][T18369] bridge0: port 1(team0) entered blocking state [ 1062.737095][T18369] bridge0: port 1(team0) entered disabled state [ 1062.790929][T18369] team0: entered allmulticast mode [ 1062.797987][T18369] team0: left allmulticast mode [ 1063.009147][ T9] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 1063.233135][ T9] usb 2-1: config 0 has no interfaces? [ 1063.251575][ T9] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1063.333350][ T44] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 1063.348737][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1063.449269][ T9] usb 2-1: Product: syz [ 1063.453573][ T9] usb 2-1: Manufacturer: syz [ 1063.539975][ T9] usb 2-1: SerialNumber: syz [ 1063.554803][ T9] usb 2-1: config 0 descriptor?? [ 1063.561404][ T44] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 1063.603391][ T44] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1063.739030][ T1209] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1063.763031][ T44] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1063.801196][ T44] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1063.833853][ T44] usb 5-1: Manufacturer: syz [ 1063.854057][ T44] usb 5-1: config 0 descriptor?? [ 1063.894068][ T44] igorplugusb 5-1:0.0: incorrect number of endpoints [ 1064.099110][ T1209] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1064.120970][T18378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1064.149292][T18378] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1064.157121][ T1209] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1064.266653][ T1209] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1064.287749][ T1209] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1064.543863][T18381] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 1064.556535][ T1209] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1065.898710][ T1209] usb 2-1: USB disconnect, device number 29 [ 1066.204290][T16502] usb 4-1: USB disconnect, device number 36 [ 1066.329970][T15128] usb 5-1: USB disconnect, device number 40 [ 1066.343897][T18396] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1066.629071][ T1209] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1066.903073][ T1209] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1066.933134][ T1209] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1067.013409][ T1209] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1067.024200][ T1209] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 1067.034471][ T1209] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1067.062956][ T1209] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1067.100899][ T1209] usb 2-1: config 0 descriptor?? [ 1067.132505][T18397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1067.384550][ T1209] hdpvr 2-1:0.0: firmware version 0x8 dated )#jn [ 1067.788409][T18401] IPVS: set_ctl: invalid protocol: 191 100.1.1.1:20003 [ 1067.959302][ T1209] hdpvr 2-1:0.0: Could not setup controls [ 1067.986566][ T1209] hdpvr 2-1:0.0: registering videodev failed [ 1068.051730][ T1209] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -71 [ 1068.068294][T18417] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3398'. [ 1068.083216][ T1209] usb 2-1: USB disconnect, device number 30 [ 1068.218276][T18421] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3397'. [ 1068.228913][T18421] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3397'. [ 1068.240164][T18421] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3397'. [ 1068.735147][T18432] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3402'. [ 1068.745777][T18432] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3402'. [ 1068.778741][ T30] audit: type=1326 audit(1752064699.572:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18430 comm="syz.4.3402" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d58e929 code=0x0 [ 1068.800628][ C1] vkms_vblank_simulate: vblank timer overrun [ 1068.906920][ T1209] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1069.173272][ T1209] usb 2-1: Using ep0 maxpacket: 16 [ 1069.205799][ T1209] usb 2-1: config 0 has no interfaces? [ 1069.297268][ T1209] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1069.328125][ T1209] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1069.372276][ T1209] usb 2-1: Product: syz [ 1069.376525][ T1209] usb 2-1: Manufacturer: syz [ 1069.437777][ T1209] usb 2-1: SerialNumber: syz [ 1069.519190][ T1209] usb 2-1: config 0 descriptor?? [ 1069.973583][T18440] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1069.982695][T18440] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1069.991540][T18440] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1070.000347][T18440] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1070.276220][T18431] blktrace: Concurrent blktraces are not allowed on loop7 [ 1070.359539][T18452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3407'. [ 1070.368738][T18452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3407'. [ 1070.379775][T18452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3407'. [ 1070.410724][T18451] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3409'. [ 1072.099378][T17913] Bluetooth: hci5: command 0x0406 tx timeout [ 1072.245833][T18465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1072.454463][T15128] usb 2-1: USB disconnect, device number 31 [ 1072.614513][T18474] FAULT_INJECTION: forcing a failure. [ 1072.614513][T18474] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1072.639463][T18474] CPU: 0 UID: 0 PID: 18474 Comm: syz.1.3415 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1072.639486][T18474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1072.639496][T18474] Call Trace: [ 1072.639503][T18474] [ 1072.639511][T18474] dump_stack_lvl+0x189/0x250 [ 1072.639536][T18474] ? __pfx____ratelimit+0x10/0x10 [ 1072.639561][T18474] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1072.639580][T18474] ? __pfx__printk+0x10/0x10 [ 1072.639601][T18474] ? __might_fault+0xb0/0x130 [ 1072.639627][T18474] should_fail_ex+0x414/0x560 [ 1072.639652][T18474] _copy_from_user+0x2d/0xb0 [ 1072.639671][T18474] __sys_bpf+0x1ed/0x860 [ 1072.639687][T18474] ? __pfx___sys_bpf+0x10/0x10 [ 1072.639710][T18474] ? ksys_write+0x22a/0x250 [ 1072.639729][T18474] ? __pfx_ksys_write+0x10/0x10 [ 1072.639752][T18474] __x64_sys_bpf+0x7c/0x90 [ 1072.639774][T18474] do_syscall_64+0xfa/0x3b0 [ 1072.639788][T18474] ? lockdep_hardirqs_on+0x9c/0x150 [ 1072.639811][T18474] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1072.639826][T18474] ? clear_bhb_loop+0x60/0xb0 [ 1072.639844][T18474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1072.639859][T18474] RIP: 0033:0x7ff24d78e929 [ 1072.639873][T18474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1072.639886][T18474] RSP: 002b:00007ff24e62c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1072.639904][T18474] RAX: ffffffffffffffda RBX: 00007ff24d9b5fa0 RCX: 00007ff24d78e929 [ 1072.639915][T18474] RDX: 000000000000001c RSI: 00002000000002c0 RDI: 0000000000000008 [ 1072.639925][T18474] RBP: 00007ff24e62c090 R08: 0000000000000000 R09: 0000000000000000 [ 1072.639935][T18474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1072.639944][T18474] R13: 0000000000000001 R14: 00007ff24d9b5fa0 R15: 00007ff24dadfa28 [ 1072.639966][T18474] [ 1073.692722][T18478] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3418'. [ 1074.185480][T18491] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3421'. [ 1074.279196][ T976] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 1074.610007][ T976] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1074.623377][ T976] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 1074.636223][ T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1074.742259][ T976] usb 4-1: Product: syz [ 1074.749172][ T976] usb 4-1: Manufacturer: syz [ 1075.038547][T18502] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1075.246634][ T976] usb 4-1: SerialNumber: syz [ 1075.476824][T18507] binder: 18504:18507 unknown command 0 [ 1075.482750][T18507] binder: 18504:18507 ioctl c0306201 200000000480 returned -22 [ 1075.666293][ T976] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 1076.265981][T18488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1076.277958][T18488] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1076.290474][ T976] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 1076.321483][ T976] usb 4-1: USB disconnect, device number 37 [ 1076.459245][ T9] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1076.629237][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 1076.654044][ T9] usb 6-1: config 0 has no interfaces? [ 1076.684870][ T9] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1076.867057][ T9] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1076.917279][ T9] usb 6-1: Product: syz [ 1076.931328][ T9] usb 6-1: Manufacturer: syz [ 1076.974761][ T9] usb 6-1: SerialNumber: syz [ 1077.033381][ T9] usb 6-1: config 0 descriptor?? [ 1077.487213][T18511] blktrace: Concurrent blktraces are not allowed on loop7 [ 1078.117635][T18516] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1078.669781][ T1209] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 1078.749941][T18538] FAULT_INJECTION: forcing a failure. [ 1078.749941][T18538] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1078.787666][T18538] CPU: 0 UID: 0 PID: 18538 Comm: syz.3.3434 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1078.787698][T18538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1078.787711][T18538] Call Trace: [ 1078.787721][T18538] [ 1078.787731][T18538] dump_stack_lvl+0x189/0x250 [ 1078.787762][T18538] ? __pfx____ratelimit+0x10/0x10 [ 1078.787796][T18538] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1078.787822][T18538] ? __pfx__printk+0x10/0x10 [ 1078.787851][T18538] ? __might_fault+0xb0/0x130 [ 1078.787888][T18538] should_fail_ex+0x414/0x560 [ 1078.787933][T18538] _copy_from_user+0x2d/0xb0 [ 1078.787960][T18538] ___sys_sendmsg+0x158/0x2a0 [ 1078.787993][T18538] ? __pfx____sys_sendmsg+0x10/0x10 [ 1078.788059][T18538] ? __fget_files+0x2a/0x420 [ 1078.788087][T18538] ? __fget_files+0x3a0/0x420 [ 1078.788144][T18538] __x64_sys_sendmsg+0x19b/0x260 [ 1078.788177][T18538] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1078.788217][T18538] ? __pfx_ksys_write+0x10/0x10 [ 1078.788240][T18538] ? rcu_is_watching+0x15/0xb0 [ 1078.788273][T18538] ? do_syscall_64+0xbe/0x3b0 [ 1078.788299][T18538] do_syscall_64+0xfa/0x3b0 [ 1078.788320][T18538] ? lockdep_hardirqs_on+0x9c/0x150 [ 1078.788354][T18538] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1078.788377][T18538] ? clear_bhb_loop+0x60/0xb0 [ 1078.788404][T18538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1078.788426][T18538] RIP: 0033:0x7f46f9d8e929 [ 1078.788446][T18538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1078.788466][T18538] RSP: 002b:00007f46fabbd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1078.788491][T18538] RAX: ffffffffffffffda RBX: 00007f46f9fb5fa0 RCX: 00007f46f9d8e929 [ 1078.788508][T18538] RDX: 0000000000004010 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1078.788536][T18538] RBP: 00007f46fabbd090 R08: 0000000000000000 R09: 0000000000000000 [ 1078.788551][T18538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1078.788565][T18538] R13: 0000000000000000 R14: 00007f46f9fb5fa0 R15: 00007f46fa0dfa28 [ 1078.788598][T18538] [ 1078.839125][ T1209] usb 2-1: Using ep0 maxpacket: 16 [ 1079.317406][ T5918] usb 6-1: USB disconnect, device number 9 [ 1079.594843][T18542] FAULT_INJECTION: forcing a failure. [ 1079.594843][T18542] name failslab, interval 1, probability 0, space 0, times 0 [ 1079.668822][T18542] CPU: 0 UID: 0 PID: 18542 Comm: syz.5.3435 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1079.668854][T18542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1079.668869][T18542] Call Trace: [ 1079.668879][T18542] [ 1079.668889][T18542] dump_stack_lvl+0x189/0x250 [ 1079.668926][T18542] ? __pfx____ratelimit+0x10/0x10 [ 1079.668962][T18542] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1079.668991][T18542] ? __pfx__printk+0x10/0x10 [ 1079.669018][T18542] ? __pfx___might_resched+0x10/0x10 [ 1079.669036][T18542] ? fs_reclaim_acquire+0x7d/0x100 [ 1079.669062][T18542] should_fail_ex+0x414/0x560 [ 1079.669088][T18542] should_failslab+0xa8/0x100 [ 1079.669109][T18542] __kmalloc_noprof+0xcb/0x4f0 [ 1079.669126][T18542] ? kfree+0x4d/0x440 [ 1079.669140][T18542] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1079.669160][T18542] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1079.669176][T18542] ? tomoyo_domain+0xd9/0x130 [ 1079.669195][T18542] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1079.669216][T18542] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1079.669239][T18542] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1079.669273][T18542] ? __lock_acquire+0xab9/0xd20 [ 1079.669303][T18542] ? __fget_files+0x2a/0x420 [ 1079.669326][T18542] ? __fget_files+0x2a/0x420 [ 1079.669344][T18542] ? __fget_files+0x3a0/0x420 [ 1079.669363][T18542] ? __fget_files+0x2a/0x420 [ 1079.669386][T18542] security_file_ioctl+0xcb/0x2d0 [ 1079.669408][T18542] __se_sys_ioctl+0x47/0x170 [ 1079.669426][T18542] do_syscall_64+0xfa/0x3b0 [ 1079.669440][T18542] ? lockdep_hardirqs_on+0x9c/0x150 [ 1079.669463][T18542] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1079.669478][T18542] ? clear_bhb_loop+0x60/0xb0 [ 1079.669497][T18542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1079.669511][T18542] RIP: 0033:0x7fcd7878e929 [ 1079.669525][T18542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1079.669538][T18542] RSP: 002b:00007fcd79662038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1079.669556][T18542] RAX: ffffffffffffffda RBX: 00007fcd789b5fa0 RCX: 00007fcd7878e929 [ 1079.669568][T18542] RDX: 0000200000000000 RSI: 00000000802c550a RDI: 0000000000000003 [ 1079.669585][T18542] RBP: 00007fcd79662090 R08: 0000000000000000 R09: 0000000000000000 [ 1079.669595][T18542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1079.669605][T18542] R13: 0000000000000000 R14: 00007fcd789b5fa0 R15: 00007fcd78adfa28 [ 1079.669627][T18542] [ 1079.959560][T18542] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1080.089039][ T5918] usb 4-1: new full-speed USB device number 38 using dummy_hcd [ 1080.240538][ T5918] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1080.255192][ T5918] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 1080.293198][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1080.296822][ T1209] usb 2-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2 [ 1080.314486][ T1209] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1080.322744][ T1209] usb 2-1: Product: syz [ 1080.327078][ T1209] usb 2-1: Manufacturer: syz [ 1080.334581][ T1209] usb 2-1: SerialNumber: syz [ 1080.356542][ T1209] usb 2-1: config 0 descriptor?? [ 1080.373778][ T1209] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1080.385569][ T5918] usb 4-1: Product: syz [ 1080.422297][ T1209] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1080.498608][ T5999] udevd[5999]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1080.548338][ T5918] usb 4-1: Manufacturer: syz [ 1080.704556][ T30] audit: type=1326 audit(1752064711.502:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18551 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7878e929 code=0x7ffc0000 [ 1080.737284][ T5918] usb 4-1: SerialNumber: syz [ 1080.738307][ T30] audit: type=1326 audit(1752064711.532:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18551 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fcd7878e929 code=0x7ffc0000 [ 1080.774745][ T30] audit: type=1326 audit(1752064711.532:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18551 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7878e929 code=0x7ffc0000 [ 1080.848390][ T5918] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 1080.859254][ T30] audit: type=1326 audit(1752064711.532:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18551 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7878e929 code=0x7ffc0000 [ 1080.959347][ T30] audit: type=1326 audit(1752064711.532:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18551 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcd7878d290 code=0x7ffc0000 [ 1080.986112][ T30] audit: type=1326 audit(1752064711.532:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18551 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7878e929 code=0x7ffc0000 [ 1081.012634][ T30] audit: type=1326 audit(1752064711.532:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18551 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7878e929 code=0x7ffc0000 [ 1081.041543][ T30] audit: type=1326 audit(1752064711.532:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18551 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fcd7878e929 code=0x7ffc0000 [ 1081.109171][ T30] audit: type=1326 audit(1752064711.532:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18551 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7878e929 code=0x7ffc0000 [ 1081.179337][ T30] audit: type=1326 audit(1752064711.532:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18551 comm="syz.5.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd7878e929 code=0x7ffc0000 [ 1081.529674][T18544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1081.542210][ T5918] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 1081.572033][T18544] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1081.646027][ T5918] usb 4-1: USB disconnect, device number 38 [ 1082.197268][ T5918] usb 2-1: USB disconnect, device number 32 [ 1082.229198][T18566] FAULT_INJECTION: forcing a failure. [ 1082.229198][T18566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1082.245038][T18566] CPU: 0 UID: 0 PID: 18566 Comm: syz.1.3445 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1082.245061][T18566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1082.245071][T18566] Call Trace: [ 1082.245077][T18566] [ 1082.245084][T18566] dump_stack_lvl+0x189/0x250 [ 1082.245108][T18566] ? __pfx____ratelimit+0x10/0x10 [ 1082.245132][T18566] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1082.245151][T18566] ? __pfx__printk+0x10/0x10 [ 1082.245173][T18566] ? __might_fault+0xb0/0x130 [ 1082.245199][T18566] should_fail_ex+0x414/0x560 [ 1082.245232][T18566] _copy_from_user+0x2d/0xb0 [ 1082.245251][T18566] do_sock_getsockopt+0x1cd/0x650 [ 1082.245274][T18566] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1082.245294][T18566] ? do_syscall_64+0x40/0x3b0 [ 1082.245311][T18566] ? ksys_write+0x1e1/0x250 [ 1082.245333][T18566] __x64_sys_getsockopt+0x1a5/0x250 [ 1082.245357][T18566] ? do_syscall_64+0x40/0x3b0 [ 1082.245373][T18566] ? do_syscall_64+0x40/0x3b0 [ 1082.245390][T18566] do_syscall_64+0xfa/0x3b0 [ 1082.245404][T18566] ? lockdep_hardirqs_on+0x9c/0x150 [ 1082.245428][T18566] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1082.245444][T18566] ? clear_bhb_loop+0x60/0xb0 [ 1082.245462][T18566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1082.245478][T18566] RIP: 0033:0x7ff24d78e929 [ 1082.245492][T18566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1082.245505][T18566] RSP: 002b:00007ff24e62c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1082.245523][T18566] RAX: ffffffffffffffda RBX: 00007ff24d9b5fa0 RCX: 00007ff24d78e929 [ 1082.245534][T18566] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1082.245543][T18566] RBP: 00007ff24e62c090 R08: 0000200000000280 R09: 0000000000000000 [ 1082.245554][T18566] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000001 [ 1082.245564][T18566] R13: 0000000000000000 R14: 00007ff24d9b5fa0 R15: 00007ff24dadfa28 [ 1082.245586][T18566] [ 1083.349047][ T44] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1083.553770][ T44] usb 4-1: Using ep0 maxpacket: 16 [ 1083.775614][T18586] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3448'. [ 1083.861671][ T44] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1083.873595][ T44] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1084.052590][ T44] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1084.100060][ T44] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1084.151351][ T44] usb 4-1: Product: syz [ 1084.188891][ T44] usb 4-1: Manufacturer: syz [ 1084.217998][ T44] usb 4-1: SerialNumber: syz [ 1084.346810][ T44] usb 4-1: config 0 descriptor?? [ 1084.906962][T18600] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1085.045537][T18579] blktrace: Concurrent blktraces are not allowed on loop7 [ 1085.169546][T18607] FAULT_INJECTION: forcing a failure. [ 1085.169546][T18607] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1085.221927][T18607] CPU: 0 UID: 0 PID: 18607 Comm: syz.0.3456 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1085.221960][T18607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1085.221974][T18607] Call Trace: [ 1085.221984][T18607] [ 1085.221994][T18607] dump_stack_lvl+0x189/0x250 [ 1085.222026][T18607] ? __pfx____ratelimit+0x10/0x10 [ 1085.222059][T18607] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1085.222085][T18607] ? __pfx__printk+0x10/0x10 [ 1085.222114][T18607] ? __might_fault+0xb0/0x130 [ 1085.222151][T18607] should_fail_ex+0x414/0x560 [ 1085.222188][T18607] _copy_from_user+0x2d/0xb0 [ 1085.222215][T18607] ___sys_sendmsg+0x158/0x2a0 [ 1085.222245][T18607] ? __pfx____sys_sendmsg+0x10/0x10 [ 1085.222310][T18607] ? __fget_files+0x2a/0x420 [ 1085.222338][T18607] ? __fget_files+0x3a0/0x420 [ 1085.222383][T18607] __x64_sys_sendmsg+0x19b/0x260 [ 1085.222414][T18607] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1085.222452][T18607] ? __pfx_ksys_write+0x10/0x10 [ 1085.222475][T18607] ? rcu_is_watching+0x15/0xb0 [ 1085.222506][T18607] ? do_syscall_64+0xbe/0x3b0 [ 1085.222530][T18607] do_syscall_64+0xfa/0x3b0 [ 1085.222550][T18607] ? lockdep_hardirqs_on+0x9c/0x150 [ 1085.222583][T18607] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1085.222603][T18607] ? clear_bhb_loop+0x60/0xb0 [ 1085.222629][T18607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1085.222650][T18607] RIP: 0033:0x7f69e838e929 [ 1085.222669][T18607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1085.222688][T18607] RSP: 002b:00007f69e91d9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1085.222712][T18607] RAX: ffffffffffffffda RBX: 00007f69e85b5fa0 RCX: 00007f69e838e929 [ 1085.222728][T18607] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1085.222742][T18607] RBP: 00007f69e91d9090 R08: 0000000000000000 R09: 0000000000000000 [ 1085.222756][T18607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1085.222769][T18607] R13: 0000000000000000 R14: 00007f69e85b5fa0 R15: 00007f69e86dfa28 [ 1085.222800][T18607] [ 1085.579034][ T44] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 1085.819306][ T44] usb 5-1: Using ep0 maxpacket: 16 [ 1085.827529][ T44] usb 5-1: too many configurations: 123, using maximum allowed: 8 [ 1085.836762][ T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1085.856015][ T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1085.885362][ T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1085.955222][ T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1085.994563][ T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1086.012359][ T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1086.030465][ T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1086.061992][ T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1086.085323][ T44] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 1086.104580][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 1086.157583][ T44] usb 5-1: SerialNumber: syz [ 1086.230082][ T44] usb 5-1: config 0 descriptor?? [ 1086.275564][ T44] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input85 [ 1086.433595][T18623] FAULT_INJECTION: forcing a failure. [ 1086.433595][T18623] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1086.519867][T18623] CPU: 1 UID: 0 PID: 18623 Comm: syz.0.3464 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1086.519920][T18623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1086.519934][T18623] Call Trace: [ 1086.519943][T18623] [ 1086.519961][T18623] dump_stack_lvl+0x189/0x250 [ 1086.519995][T18623] ? __pfx____ratelimit+0x10/0x10 [ 1086.520030][T18623] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1086.520059][T18623] ? __pfx__printk+0x10/0x10 [ 1086.520089][T18623] ? __might_fault+0xb0/0x130 [ 1086.520129][T18623] should_fail_ex+0x414/0x560 [ 1086.520167][T18623] _copy_from_user+0x2d/0xb0 [ 1086.520196][T18623] ___sys_sendmsg+0x158/0x2a0 [ 1086.520231][T18623] ? __pfx____sys_sendmsg+0x10/0x10 [ 1086.520301][T18623] ? __fget_files+0x2a/0x420 [ 1086.520330][T18623] ? __fget_files+0x3a0/0x420 [ 1086.520372][T18623] __x64_sys_sendmsg+0x19b/0x260 [ 1086.520407][T18623] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1086.520448][T18623] ? __pfx_ksys_write+0x10/0x10 [ 1086.520472][T18623] ? rcu_is_watching+0x15/0xb0 [ 1086.520505][T18623] ? do_syscall_64+0xbe/0x3b0 [ 1086.520533][T18623] do_syscall_64+0xfa/0x3b0 [ 1086.520554][T18623] ? lockdep_hardirqs_on+0x9c/0x150 [ 1086.520587][T18623] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1086.520609][T18623] ? clear_bhb_loop+0x60/0xb0 [ 1086.520635][T18623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1086.520658][T18623] RIP: 0033:0x7f69e838e929 [ 1086.520678][T18623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1086.520698][T18623] RSP: 002b:00007f69e91d9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1086.520723][T18623] RAX: ffffffffffffffda RBX: 00007f69e85b5fa0 RCX: 00007f69e838e929 [ 1086.520740][T18623] RDX: 0000000000004010 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1086.520756][T18623] RBP: 00007f69e91d9090 R08: 0000000000000000 R09: 0000000000000000 [ 1086.520770][T18623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1086.520784][T18623] R13: 0000000000000000 R14: 00007f69e85b5fa0 R15: 00007f69e86dfa28 [ 1086.520818][T18623] [ 1086.549337][ T5918] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1086.817449][ T5203] bcm5974 5-1:0.0: could not read from device [ 1086.835581][ T1209] usb 4-1: USB disconnect, device number 39 [ 1086.844713][ T5203] bcm5974 5-1:0.0: could not read from device [ 1086.867086][ T5203] bcm5974 5-1:0.0: could not read from device [ 1086.904463][ T44] usb 5-1: USB disconnect, device number 41 [ 1086.959166][ T5918] usb 6-1: Using ep0 maxpacket: 16 [ 1086.969877][ T5203] bcm5974 5-1:0.0: could not read from device [ 1087.059180][ T5918] usb 6-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2 [ 1087.088871][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1087.140556][ T5918] usb 6-1: Product: syz [ 1087.167425][ T5918] usb 6-1: Manufacturer: syz [ 1087.220236][ T5918] usb 6-1: SerialNumber: syz [ 1087.333465][ T5918] usb 6-1: config 0 descriptor?? [ 1087.407252][ T5918] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1087.514687][T18638] FAULT_INJECTION: forcing a failure. [ 1087.514687][T18638] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1087.529912][T18638] CPU: 1 UID: 0 PID: 18638 Comm: syz.3.3469 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1087.529943][T18638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1087.529957][T18638] Call Trace: [ 1087.529967][T18638] [ 1087.529977][T18638] dump_stack_lvl+0x189/0x250 [ 1087.530008][T18638] ? __pfx____ratelimit+0x10/0x10 [ 1087.530042][T18638] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1087.530069][T18638] ? __pfx__printk+0x10/0x10 [ 1087.530112][T18638] should_fail_ex+0x414/0x560 [ 1087.530150][T18638] _copy_to_user+0x31/0xb0 [ 1087.530178][T18638] simple_read_from_buffer+0xe1/0x170 [ 1087.530218][T18638] proc_fail_nth_read+0x1df/0x250 [ 1087.530253][T18638] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1087.530288][T18638] ? rw_verify_area+0x258/0x650 [ 1087.530313][T18638] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1087.530344][T18638] vfs_read+0x200/0x980 [ 1087.530375][T18638] ? __pfx___mutex_lock+0x10/0x10 [ 1087.530397][T18638] ? __pfx_vfs_read+0x10/0x10 [ 1087.530423][T18638] ? __fget_files+0x2a/0x420 [ 1087.530458][T18638] ? __fget_files+0x3a0/0x420 [ 1087.530485][T18638] ? __fget_files+0x2a/0x420 [ 1087.530523][T18638] ksys_read+0x145/0x250 [ 1087.530547][T18638] ? __fget_files+0x3a0/0x420 [ 1087.530577][T18638] ? __pfx_ksys_read+0x10/0x10 [ 1087.530608][T18638] ? do_syscall_64+0xbe/0x3b0 [ 1087.530633][T18638] do_syscall_64+0xfa/0x3b0 [ 1087.530653][T18638] ? lockdep_hardirqs_on+0x9c/0x150 [ 1087.530685][T18638] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.530707][T18638] ? clear_bhb_loop+0x60/0xb0 [ 1087.530734][T18638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.530755][T18638] RIP: 0033:0x7f46f9d8d33c [ 1087.530774][T18638] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1087.530793][T18638] RSP: 002b:00007f46fab9c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1087.530817][T18638] RAX: ffffffffffffffda RBX: 00007f46f9fb6080 RCX: 00007f46f9d8d33c [ 1087.530834][T18638] RDX: 000000000000000f RSI: 00007f46fab9c0a0 RDI: 0000000000000005 [ 1087.530847][T18638] RBP: 00007f46fab9c090 R08: 0000000000000000 R09: 0000000000000000 [ 1087.530861][T18638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1087.530874][T18638] R13: 0000000000000000 R14: 00007f46f9fb6080 R15: 00007f46fa0dfa28 [ 1087.530912][T18638] [ 1087.769627][ C1] vkms_vblank_simulate: vblank timer overrun [ 1087.877851][ T5918] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1087.953745][ T5999] udevd[5999]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1087.982957][T18641] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3471'. [ 1088.653475][T18653] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1089.585094][T18668] netlink: 13 bytes leftover after parsing attributes in process `syz.4.3478'. [ 1089.746400][ T1209] usb 6-1: USB disconnect, device number 10 [ 1090.549143][ T5984] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1090.561817][ T1209] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 1090.591890][T18687] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3483'. [ 1090.772714][ T1209] usb 5-1: no configurations [ 1090.777397][ T1209] usb 5-1: can't read configurations, error -22 [ 1090.820141][ T5984] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1090.840863][ T5984] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1090.856632][ T5984] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1090.893758][ T5984] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1090.929055][ T1209] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 1090.987638][T18682] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1091.031547][ T5984] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1091.126467][ T1209] usb 5-1: no configurations [ 1091.152657][ T1209] usb 5-1: can't read configurations, error -22 [ 1091.411118][ T1209] usb usb5-port1: attempt power cycle [ 1091.563642][T18701] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1091.779120][ T1209] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 1091.884292][ T1209] usb 5-1: no configurations [ 1091.889620][ T1209] usb 5-1: can't read configurations, error -22 [ 1091.988768][T18704] binder: BC_ACQUIRE_RESULT not supported [ 1091.996459][T18704] binder: 18703:18704 ioctl c0306201 2000000001c0 returned -22 [ 1092.069616][ T1209] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 1092.412506][ T1209] usb 5-1: no configurations [ 1092.417277][ T1209] usb 5-1: can't read configurations, error -22 [ 1092.425293][ T1209] usb usb5-port1: unable to enumerate USB device [ 1092.471719][T16502] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 1092.657595][T16502] usb 2-1: Using ep0 maxpacket: 16 [ 1092.685943][T16502] usb 2-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2 [ 1092.698474][T16502] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1092.721753][T16502] usb 2-1: Product: syz [ 1092.733826][T16502] usb 2-1: Manufacturer: syz [ 1092.749383][T16502] usb 2-1: SerialNumber: syz [ 1092.788557][T16502] usb 2-1: config 0 descriptor?? [ 1092.826213][T16502] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1092.870022][T16502] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1092.940133][ T5999] udevd[5999]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 1093.709493][ T1209] usb 5-1: new full-speed USB device number 46 using dummy_hcd [ 1093.912871][T18726] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1094.267397][T18724] vlan3: entered promiscuous mode [ 1094.272708][T18724] dummy0: entered promiscuous mode [ 1094.337042][ T1209] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1094.350617][ T1209] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1094.362109][ T1209] usb 5-1: can't read configurations, error -71 [ 1094.541437][T16502] usb 6-1: USB disconnect, device number 11 [ 1094.725860][T18728] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3497'. [ 1095.332770][T18743] FAULT_INJECTION: forcing a failure. [ 1095.332770][T18743] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1095.371806][T18742] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1095.381207][T18742] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1095.390364][T18742] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1095.399197][T18742] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1095.408710][T18743] CPU: 1 UID: 0 PID: 18743 Comm: syz.4.3501 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1095.408738][T18743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1095.408753][T18743] Call Trace: [ 1095.408762][T18743] [ 1095.408774][T18743] dump_stack_lvl+0x189/0x250 [ 1095.408799][T18743] ? __pfx____ratelimit+0x10/0x10 [ 1095.408823][T18743] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1095.408841][T18743] ? __pfx__printk+0x10/0x10 [ 1095.408871][T18743] should_fail_ex+0x414/0x560 [ 1095.408897][T18743] _copy_to_user+0x31/0xb0 [ 1095.408930][T18743] simple_read_from_buffer+0xe1/0x170 [ 1095.408963][T18743] proc_fail_nth_read+0x1df/0x250 [ 1095.408997][T18743] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1095.409031][T18743] ? rw_verify_area+0x258/0x650 [ 1095.409053][T18743] ? aa_sk_perm+0x81e/0x950 [ 1095.409080][T18743] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1095.409113][T18743] vfs_read+0x200/0x980 [ 1095.409134][T18743] ? __pfx_aa_sk_perm+0x10/0x10 [ 1095.409162][T18743] ? tomoyo_socket_bind_permission+0x150/0x290 [ 1095.409356][T18743] ? xsk_bind+0x13d/0xf90 [ 1095.409377][T18743] ? __pfx_vfs_read+0x10/0x10 [ 1095.409394][T18743] ? bpf_lsm_socket_bind+0x9/0x20 [ 1095.409438][T18743] ? __sys_bind+0x2e9/0x3e0 [ 1095.409475][T18743] ? __pfx___sys_bind+0x10/0x10 [ 1095.409496][T18743] ksys_read+0x145/0x250 [ 1095.409534][T18743] ? __pfx_ksys_read+0x10/0x10 [ 1095.409549][T18743] ? rcu_is_watching+0x15/0xb0 [ 1095.409571][T18743] ? do_syscall_64+0xbe/0x3b0 [ 1095.409589][T18743] do_syscall_64+0xfa/0x3b0 [ 1095.409603][T18743] ? lockdep_hardirqs_on+0x9c/0x150 [ 1095.409627][T18743] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1095.409642][T18743] ? clear_bhb_loop+0x60/0xb0 [ 1095.409660][T18743] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1095.409675][T18743] RIP: 0033:0x7f1f1d58d33c [ 1095.409690][T18743] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1095.409704][T18743] RSP: 002b:00007f1f1e42f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1095.409722][T18743] RAX: ffffffffffffffda RBX: 00007f1f1d7b5fa0 RCX: 00007f1f1d58d33c [ 1095.409733][T18743] RDX: 000000000000000f RSI: 00007f1f1e42f0a0 RDI: 0000000000000004 [ 1095.409743][T18743] RBP: 00007f1f1e42f090 R08: 0000000000000000 R09: 0000000000000000 [ 1095.409752][T18743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1095.409761][T18743] R13: 0000000000000000 R14: 00007f1f1d7b5fa0 R15: 00007f1f1d8dfa28 [ 1095.409784][T18743] [ 1095.806293][ T5984] usb 2-1: USB disconnect, device number 33 [ 1096.565623][T18758] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1096.723736][ T5984] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 1097.021537][ T5984] usb 5-1: no configurations [ 1097.026420][ T5984] usb 5-1: can't read configurations, error -22 [ 1097.159751][ T5984] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 1097.204348][T18765] tap0: tun_chr_ioctl cmd 1074025677 [ 1097.233850][T18765] tap0: linktype set to 804 [ 1097.320253][ T5984] usb 5-1: no configurations [ 1097.324983][ T5984] usb 5-1: can't read configurations, error -22 [ 1097.334319][ T5984] usb usb5-port1: attempt power cycle [ 1097.339091][ T1209] usb 6-1: new full-speed USB device number 12 using dummy_hcd [ 1097.529161][ T1209] usb 6-1: device descriptor read/64, error -71 [ 1097.691593][ T5984] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1097.722758][ T5984] usb 5-1: no configurations [ 1097.727453][ T5984] usb 5-1: can't read configurations, error -22 [ 1097.769071][ T1209] usb 6-1: new full-speed USB device number 13 using dummy_hcd [ 1097.909079][ T1209] usb 6-1: device descriptor read/64, error -71 [ 1097.969088][ T5984] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 1097.993580][T18777] FAULT_INJECTION: forcing a failure. [ 1097.993580][T18777] name failslab, interval 1, probability 0, space 0, times 0 [ 1098.007752][T18777] CPU: 0 UID: 0 PID: 18777 Comm: syz.3.3511 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1098.007788][T18777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1098.007815][T18777] Call Trace: [ 1098.007823][T18777] [ 1098.007833][T18777] dump_stack_lvl+0x189/0x250 [ 1098.007864][T18777] ? __pfx____ratelimit+0x10/0x10 [ 1098.007897][T18777] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1098.007938][T18777] ? __pfx__printk+0x10/0x10 [ 1098.007972][T18777] ? __pfx___might_resched+0x10/0x10 [ 1098.008001][T18777] should_fail_ex+0x414/0x560 [ 1098.008038][T18777] should_failslab+0xa8/0x100 [ 1098.008068][T18777] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 1098.008094][T18777] ? __alloc_skb+0x112/0x2d0 [ 1098.008123][T18777] __alloc_skb+0x112/0x2d0 [ 1098.008152][T18777] netlink_sendmsg+0x5c6/0xb30 [ 1098.008190][T18777] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1098.008220][T18777] ? aa_sock_msg_perm+0x94/0x160 [ 1098.008254][T18777] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1098.008286][T18777] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1098.008313][T18777] __sock_sendmsg+0x219/0x270 [ 1098.008350][T18777] ____sys_sendmsg+0x505/0x830 [ 1098.008383][T18777] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1098.008419][T18777] ? import_iovec+0x74/0xa0 [ 1098.008447][T18777] ___sys_sendmsg+0x21f/0x2a0 [ 1098.008478][T18777] ? __pfx____sys_sendmsg+0x10/0x10 [ 1098.008564][T18777] ? __fget_files+0x2a/0x420 [ 1098.008593][T18777] ? __fget_files+0x3a0/0x420 [ 1098.008645][T18777] __x64_sys_sendmsg+0x19b/0x260 [ 1098.008676][T18777] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1098.008715][T18777] ? __pfx_ksys_write+0x10/0x10 [ 1098.008737][T18777] ? rcu_is_watching+0x15/0xb0 [ 1098.008768][T18777] ? do_syscall_64+0xbe/0x3b0 [ 1098.008793][T18777] do_syscall_64+0xfa/0x3b0 [ 1098.008812][T18777] ? lockdep_hardirqs_on+0x9c/0x150 [ 1098.008844][T18777] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.008865][T18777] ? clear_bhb_loop+0x60/0xb0 [ 1098.008891][T18777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1098.008912][T18777] RIP: 0033:0x7f46f9d8e929 [ 1098.008938][T18777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1098.008956][T18777] RSP: 002b:00007f46fabbd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1098.008980][T18777] RAX: ffffffffffffffda RBX: 00007f46f9fb5fa0 RCX: 00007f46f9d8e929 [ 1098.008995][T18777] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 1098.009009][T18777] RBP: 00007f46fabbd090 R08: 0000000000000000 R09: 0000000000000000 [ 1098.009024][T18777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1098.009037][T18777] R13: 0000000000000000 R14: 00007f46f9fb5fa0 R15: 00007f46fa0dfa28 [ 1098.009068][T18777] [ 1098.069839][ T1209] usb usb6-port1: attempt power cycle [ 1098.318359][ T5984] usb 5-1: no configurations [ 1098.323986][ T5984] usb 5-1: can't read configurations, error -22 [ 1098.343519][ T5984] usb usb5-port1: unable to enumerate USB device [ 1098.999353][ T976] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 1099.159051][ T976] usb 2-1: Using ep0 maxpacket: 16 [ 1099.267893][ T976] usb 2-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2 [ 1099.279129][ T1209] usb 6-1: new full-speed USB device number 14 using dummy_hcd [ 1099.309805][ T1209] usb 6-1: device descriptor read/8, error -71 [ 1099.318506][ T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1099.369528][ T976] usb 2-1: Product: syz [ 1099.373856][ T976] usb 2-1: Manufacturer: syz [ 1099.378499][ T976] usb 2-1: SerialNumber: syz [ 1099.545945][ T976] usb 2-1: config 0 descriptor?? [ 1099.559319][ T1209] usb 6-1: new full-speed USB device number 15 using dummy_hcd [ 1099.581974][ T976] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1099.599964][ T1209] usb 6-1: device descriptor read/8, error -71 [ 1099.621969][ T976] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1099.722209][ T5999] udevd[5999]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1099.742879][ T1209] usb usb6-port1: unable to enumerate USB device [ 1099.964531][T18799] FAULT_INJECTION: forcing a failure. [ 1099.964531][T18799] name failslab, interval 1, probability 0, space 0, times 0 [ 1100.020822][T18799] CPU: 0 UID: 0 PID: 18799 Comm: syz.3.3519 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1100.020845][T18799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1100.020855][T18799] Call Trace: [ 1100.020862][T18799] [ 1100.020869][T18799] dump_stack_lvl+0x189/0x250 [ 1100.020893][T18799] ? __pfx____ratelimit+0x10/0x10 [ 1100.020918][T18799] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1100.020937][T18799] ? __pfx__printk+0x10/0x10 [ 1100.020971][T18799] ? __pfx___might_resched+0x10/0x10 [ 1100.020993][T18799] should_fail_ex+0x414/0x560 [ 1100.021025][T18799] should_failslab+0xa8/0x100 [ 1100.021047][T18799] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 1100.021067][T18799] ? __alloc_skb+0x112/0x2d0 [ 1100.021088][T18799] __alloc_skb+0x112/0x2d0 [ 1100.021109][T18799] netlink_sendmsg+0x5c6/0xb30 [ 1100.021135][T18799] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1100.021157][T18799] ? aa_sock_msg_perm+0x94/0x160 [ 1100.021182][T18799] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1100.021205][T18799] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1100.021230][T18799] __sock_sendmsg+0x219/0x270 [ 1100.021269][T18799] ____sys_sendmsg+0x505/0x830 [ 1100.021306][T18799] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1100.021336][T18799] ? import_iovec+0x74/0xa0 [ 1100.021357][T18799] ___sys_sendmsg+0x21f/0x2a0 [ 1100.021379][T18799] ? __pfx____sys_sendmsg+0x10/0x10 [ 1100.021424][T18799] ? __fget_files+0x2a/0x420 [ 1100.021444][T18799] ? __fget_files+0x3a0/0x420 [ 1100.021472][T18799] __x64_sys_sendmsg+0x19b/0x260 [ 1100.021494][T18799] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1100.021521][T18799] ? __pfx_ksys_write+0x10/0x10 [ 1100.021537][T18799] ? rcu_is_watching+0x15/0xb0 [ 1100.021559][T18799] ? do_syscall_64+0xbe/0x3b0 [ 1100.021589][T18799] do_syscall_64+0xfa/0x3b0 [ 1100.021602][T18799] ? lockdep_hardirqs_on+0x9c/0x150 [ 1100.021625][T18799] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1100.021639][T18799] ? clear_bhb_loop+0x60/0xb0 [ 1100.021657][T18799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1100.021672][T18799] RIP: 0033:0x7f46f9d8e929 [ 1100.021686][T18799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1100.021700][T18799] RSP: 002b:00007f46fabbd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1100.021717][T18799] RAX: ffffffffffffffda RBX: 00007f46f9fb5fa0 RCX: 00007f46f9d8e929 [ 1100.021728][T18799] RDX: 0000000000004010 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1100.021738][T18799] RBP: 00007f46fabbd090 R08: 0000000000000000 R09: 0000000000000000 [ 1100.021748][T18799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1100.021757][T18799] R13: 0000000000000000 R14: 00007f46f9fb5fa0 R15: 00007f46fa0dfa28 [ 1100.021780][T18799] [ 1100.645029][T18806] FAULT_INJECTION: forcing a failure. [ 1100.645029][T18806] name failslab, interval 1, probability 0, space 0, times 0 [ 1100.687576][T18806] CPU: 1 UID: 0 PID: 18806 Comm: syz.5.3522 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1100.687599][T18806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1100.687609][T18806] Call Trace: [ 1100.687615][T18806] [ 1100.687622][T18806] dump_stack_lvl+0x189/0x250 [ 1100.687645][T18806] ? __pfx____ratelimit+0x10/0x10 [ 1100.687686][T18806] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1100.687730][T18806] ? __pfx__printk+0x10/0x10 [ 1100.687753][T18806] ? __pfx___might_resched+0x10/0x10 [ 1100.687771][T18806] ? fs_reclaim_acquire+0x7d/0x100 [ 1100.687796][T18806] should_fail_ex+0x414/0x560 [ 1100.687821][T18806] should_failslab+0xa8/0x100 [ 1100.687843][T18806] __kmalloc_noprof+0xcb/0x4f0 [ 1100.687860][T18806] ? tomoyo_encode+0x28b/0x550 [ 1100.687878][T18806] tomoyo_encode+0x28b/0x550 [ 1100.687896][T18806] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1100.687919][T18806] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1100.687940][T18806] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1100.687965][T18806] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1100.687998][T18806] ? __lock_acquire+0xab9/0xd20 [ 1100.688029][T18806] ? __fget_files+0x2a/0x420 [ 1100.688051][T18806] ? __fget_files+0x2a/0x420 [ 1100.688070][T18806] ? __fget_files+0x3a0/0x420 [ 1100.688088][T18806] ? __fget_files+0x2a/0x420 [ 1100.688111][T18806] security_file_ioctl+0xcb/0x2d0 [ 1100.688132][T18806] __se_sys_ioctl+0x47/0x170 [ 1100.688151][T18806] do_syscall_64+0xfa/0x3b0 [ 1100.688164][T18806] ? lockdep_hardirqs_on+0x9c/0x150 [ 1100.688186][T18806] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1100.688201][T18806] ? clear_bhb_loop+0x60/0xb0 [ 1100.688218][T18806] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1100.688232][T18806] RIP: 0033:0x7fcd7878e929 [ 1100.688246][T18806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1100.688259][T18806] RSP: 002b:00007fcd79662038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1100.688276][T18806] RAX: ffffffffffffffda RBX: 00007fcd789b5fa0 RCX: 00007fcd7878e929 [ 1100.688287][T18806] RDX: 0000200000000000 RSI: 00000000802c550a RDI: 0000000000000003 [ 1100.688297][T18806] RBP: 00007fcd79662090 R08: 0000000000000000 R09: 0000000000000000 [ 1100.688306][T18806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1100.688315][T18806] R13: 0000000000000000 R14: 00007fcd789b5fa0 R15: 00007fcd78adfa28 [ 1100.688337][T18806] [ 1100.688354][T18806] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1101.390506][T18819] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3527'. [ 1102.119892][ T976] usb 2-1: USB disconnect, device number 34 [ 1102.670140][ T5984] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 1102.827663][T13625] Bluetooth: hci1: command 0x0406 tx timeout [ 1102.840550][ T5984] usb 6-1: no configurations [ 1102.845507][ T5984] usb 6-1: can't read configurations, error -22 [ 1102.979694][ T5984] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1103.195795][ T5984] usb 6-1: no configurations [ 1103.201567][ T5984] usb 6-1: can't read configurations, error -22 [ 1103.208571][ T5984] usb usb6-port1: attempt power cycle [ 1103.609122][ T5984] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 1103.653129][ T5984] usb 6-1: no configurations [ 1103.657764][ T5984] usb 6-1: can't read configurations, error -22 [ 1103.869174][ T5984] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 1103.910364][ T5984] usb 6-1: no configurations [ 1103.919132][ T5984] usb 6-1: can't read configurations, error -22 [ 1103.928520][ T5984] usb usb6-port1: unable to enumerate USB device [ 1104.165624][T18851] FAULT_INJECTION: forcing a failure. [ 1104.165624][T18851] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1104.189249][T18851] CPU: 0 UID: 0 PID: 18851 Comm: syz.4.3535 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1104.189274][T18851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1104.189284][T18851] Call Trace: [ 1104.189291][T18851] [ 1104.189298][T18851] dump_stack_lvl+0x189/0x250 [ 1104.189322][T18851] ? __pfx____ratelimit+0x10/0x10 [ 1104.189347][T18851] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1104.189366][T18851] ? __pfx__printk+0x10/0x10 [ 1104.189391][T18851] ? __might_fault+0xb0/0x130 [ 1104.189424][T18851] should_fail_ex+0x414/0x560 [ 1104.189450][T18851] _copy_from_user+0x2d/0xb0 [ 1104.189470][T18851] do_ip_getsockopt+0x25f/0x1b60 [ 1104.189494][T18851] ? __pfx_do_ip_getsockopt+0x10/0x10 [ 1104.189512][T18851] ? aa_label_sk_perm+0x413/0x560 [ 1104.189538][T18851] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1104.189579][T18851] ? __lock_acquire+0xab9/0xd20 [ 1104.189605][T18851] ip_getsockopt+0xbb/0x220 [ 1104.189627][T18851] ? __pfx_ip_getsockopt+0x10/0x10 [ 1104.189652][T18851] do_sock_getsockopt+0x35d/0x650 [ 1104.189674][T18851] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1104.189693][T18851] ? do_syscall_64+0x40/0x3b0 [ 1104.189708][T18851] ? __fget_files+0x3a0/0x420 [ 1104.189728][T18851] ? __fget_files+0x2a/0x420 [ 1104.189754][T18851] __x64_sys_getsockopt+0x1a5/0x250 [ 1104.189773][T18851] ? do_syscall_64+0x40/0x3b0 [ 1104.189789][T18851] ? do_syscall_64+0x40/0x3b0 [ 1104.189806][T18851] do_syscall_64+0xfa/0x3b0 [ 1104.189820][T18851] ? lockdep_hardirqs_on+0x9c/0x150 [ 1104.189844][T18851] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1104.189860][T18851] ? clear_bhb_loop+0x60/0xb0 [ 1104.189878][T18851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1104.189893][T18851] RIP: 0033:0x7f1f1d58e929 [ 1104.189907][T18851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1104.189921][T18851] RSP: 002b:00007f1f1e40e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1104.189939][T18851] RAX: ffffffffffffffda RBX: 00007f1f1d7b6080 RCX: 00007f1f1d58e929 [ 1104.189951][T18851] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1104.189960][T18851] RBP: 00007f1f1e40e090 R08: 0000200000000280 R09: 0000000000000000 [ 1104.189971][T18851] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000001 [ 1104.189981][T18851] R13: 0000000000000000 R14: 00007f1f1d7b6080 R15: 00007f1f1d8dfa28 [ 1104.190003][T18851] [ 1104.680180][T18853] FAULT_INJECTION: forcing a failure. [ 1104.680180][T18853] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1104.763814][T18853] CPU: 0 UID: 0 PID: 18853 Comm: syz.4.3538 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1104.763838][T18853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1104.763848][T18853] Call Trace: [ 1104.763855][T18853] [ 1104.763862][T18853] dump_stack_lvl+0x189/0x250 [ 1104.763886][T18853] ? __pfx____ratelimit+0x10/0x10 [ 1104.763911][T18853] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1104.763929][T18853] ? __pfx__printk+0x10/0x10 [ 1104.763951][T18853] ? __might_fault+0xb0/0x130 [ 1104.763978][T18853] should_fail_ex+0x414/0x560 [ 1104.764004][T18853] _copy_from_user+0x2d/0xb0 [ 1104.764024][T18853] ___sys_sendmsg+0x158/0x2a0 [ 1104.764047][T18853] ? __pfx____sys_sendmsg+0x10/0x10 [ 1104.764094][T18853] ? __fget_files+0x2a/0x420 [ 1104.764114][T18853] ? __fget_files+0x3a0/0x420 [ 1104.764142][T18853] __sys_sendmmsg+0x227/0x430 [ 1104.764166][T18853] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1104.764185][T18853] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1104.764219][T18853] ? ksys_write+0x22a/0x250 [ 1104.764238][T18853] ? __pfx_ksys_write+0x10/0x10 [ 1104.764254][T18853] ? rcu_is_watching+0x15/0xb0 [ 1104.764277][T18853] __x64_sys_sendmmsg+0xa0/0xc0 [ 1104.764299][T18853] do_syscall_64+0xfa/0x3b0 [ 1104.764314][T18853] ? lockdep_hardirqs_on+0x9c/0x150 [ 1104.764337][T18853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1104.764352][T18853] ? clear_bhb_loop+0x60/0xb0 [ 1104.764371][T18853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1104.764385][T18853] RIP: 0033:0x7f1f1d58e929 [ 1104.764399][T18853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1104.764413][T18853] RSP: 002b:00007f1f1e42f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1104.764431][T18853] RAX: ffffffffffffffda RBX: 00007f1f1d7b5fa0 RCX: 00007f1f1d58e929 [ 1104.764442][T18853] RDX: 0400000000000159 RSI: 0000200000001c00 RDI: 0000000000000003 [ 1104.764470][T18853] RBP: 00007f1f1e42f090 R08: 0000000000000000 R09: 0000000000000000 [ 1104.764480][T18853] R10: 0000000000040840 R11: 0000000000000246 R12: 0000000000000001 [ 1104.764490][T18853] R13: 0000000000000000 R14: 00007f1f1d7b5fa0 R15: 00007f1f1d8dfa28 [ 1104.764513][T18853] [ 1106.045034][T18868] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3542'. [ 1106.251315][T16502] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1106.302189][T18859] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1106.449017][T16502] usb 4-1: Using ep0 maxpacket: 16 [ 1106.462319][T18872] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3543'. [ 1106.516691][T16502] usb 4-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2 [ 1106.525929][T16502] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1106.546099][T16502] usb 4-1: Product: syz [ 1106.574896][T16502] usb 4-1: Manufacturer: syz [ 1106.608996][T16502] usb 4-1: SerialNumber: syz [ 1106.656785][T16502] usb 4-1: config 0 descriptor?? [ 1106.702907][T16502] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1106.770985][T16502] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1106.802726][ T5999] udevd[5999]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1107.048066][T18878] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3544'. [ 1108.527449][T18888] netlink: zone id is out of range [ 1108.544570][T18888] netlink: zone id is out of range [ 1109.455725][T16502] usb 4-1: USB disconnect, device number 40 [ 1109.872267][T18917] binder: 18910:18917 unknown command 0 [ 1109.895615][T18917] binder: 18910:18917 ioctl c0306201 200000000480 returned -22 [ 1109.911936][T18921] fuse: Unknown parameter 'group_i00000000000000000000' [ 1110.269224][ T976] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1110.424090][T18916] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1110.726921][ T976] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1110.737556][ T976] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 1110.789149][ T976] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1110.818868][ T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1110.901051][T18927] loop6: detected capacity change from 0 to 524287487 [ 1111.036781][T18927] Buffer I/O error on dev loop6, logical block 0, async page read [ 1111.309255][T18928] loop6: detected capacity change from 524287487 to 0 [ 1111.328395][T18927] Buffer I/O error on dev loop6, logical block 0, async page read [ 1111.422640][T18927] ldm_validate_partition_table(): Disk read failed. [ 1111.430978][T18927] Dev loop6: unable to read RDB block 0 [ 1111.436610][T18927] loop6: unable to read partition table [ 1111.458763][T18927] loop6: partition table beyond EOD, truncated [ 1111.515081][T18927] loop_reread_partitions: partition scan of loop6 (^L A;b@֔:Bw<gnf. -ӑ.i >^.dDd) failed (rc=-5) [ 1111.979757][T18936] input: syz1 as /devices/virtual/input/input88 [ 1112.246182][T18929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1112.972874][T12447] usb 5-1: USB disconnect, device number 52 [ 1115.412463][T18967] FAULT_INJECTION: forcing a failure. [ 1115.412463][T18967] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1115.439453][T18967] CPU: 0 UID: 0 PID: 18967 Comm: syz.3.3568 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1115.439484][T18967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1115.439495][T18967] Call Trace: [ 1115.439502][T18967] [ 1115.439514][T18967] dump_stack_lvl+0x189/0x250 [ 1115.439538][T18967] ? __pfx____ratelimit+0x10/0x10 [ 1115.439563][T18967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1115.439582][T18967] ? __pfx__printk+0x10/0x10 [ 1115.439619][T18967] should_fail_ex+0x414/0x560 [ 1115.439645][T18967] _copy_to_user+0x31/0xb0 [ 1115.439666][T18967] simple_read_from_buffer+0xe1/0x170 [ 1115.439690][T18967] proc_fail_nth_read+0x1df/0x250 [ 1115.439714][T18967] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1115.439738][T18967] ? rw_verify_area+0x258/0x650 [ 1115.439755][T18967] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1115.439778][T18967] vfs_read+0x200/0x980 [ 1115.439798][T18967] ? __pfx___mutex_lock+0x10/0x10 [ 1115.439814][T18967] ? __pfx_vfs_read+0x10/0x10 [ 1115.439832][T18967] ? __fget_files+0x2a/0x420 [ 1115.439855][T18967] ? __fget_files+0x3a0/0x420 [ 1115.439874][T18967] ? __fget_files+0x2a/0x420 [ 1115.439900][T18967] ksys_read+0x145/0x250 [ 1115.439919][T18967] ? __pfx_ksys_read+0x10/0x10 [ 1115.439934][T18967] ? rcu_is_watching+0x15/0xb0 [ 1115.439955][T18967] ? do_syscall_64+0xbe/0x3b0 [ 1115.439973][T18967] do_syscall_64+0xfa/0x3b0 [ 1115.439986][T18967] ? lockdep_hardirqs_on+0x9c/0x150 [ 1115.440008][T18967] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1115.440023][T18967] ? clear_bhb_loop+0x60/0xb0 [ 1115.440041][T18967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1115.440056][T18967] RIP: 0033:0x7f46f9d8d33c [ 1115.440070][T18967] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1115.440083][T18967] RSP: 002b:00007f46fabbd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1115.440100][T18967] RAX: ffffffffffffffda RBX: 00007f46f9fb5fa0 RCX: 00007f46f9d8d33c [ 1115.440111][T18967] RDX: 000000000000000f RSI: 00007f46fabbd0a0 RDI: 0000000000000006 [ 1115.440121][T18967] RBP: 00007f46fabbd090 R08: 0000000000000000 R09: 0000000000000000 [ 1115.440130][T18967] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 1115.440140][T18967] R13: 0000000000000000 R14: 00007f46f9fb5fa0 R15: 00007f46fa0dfa28 [ 1115.440162][T18967] [ 1116.065929][T18977] netlink: 'syz.4.3572': attribute type 10 has an invalid length. [ 1116.108746][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.115217][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.265786][T18977] bridge0: port 1(team0) entered blocking state [ 1116.424143][T18981] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1116.481383][T18977] bridge0: port 1(team0) entered disabled state [ 1116.532776][T18977] team0: entered allmulticast mode [ 1116.725828][T18968] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1117.610432][T18996] syzkaller1: tun_chr_ioctl cmd 2148553947 [ 1117.646901][T18996] FAULT_INJECTION: forcing a failure. [ 1117.646901][T18996] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1117.717887][T18996] CPU: 0 UID: 0 PID: 18996 Comm: syz.1.3577 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1117.717917][T18996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1117.717928][T18996] Call Trace: [ 1117.717936][T18996] [ 1117.717945][T18996] dump_stack_lvl+0x189/0x250 [ 1117.717974][T18996] ? __pfx____ratelimit+0x10/0x10 [ 1117.718005][T18996] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1117.718047][T18996] ? __pfx__printk+0x10/0x10 [ 1117.718088][T18996] should_fail_ex+0x414/0x560 [ 1117.718122][T18996] _copy_to_user+0x31/0xb0 [ 1117.718149][T18996] __tun_chr_ioctl+0x151d/0x1df0 [ 1117.718187][T18996] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 1117.718214][T18996] ? __fget_files+0x2a/0x420 [ 1117.718243][T18996] ? __fget_files+0x3a0/0x420 [ 1117.718268][T18996] ? __fget_files+0x2a/0x420 [ 1117.718300][T18996] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1117.718322][T18996] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 1117.718343][T18996] __se_sys_ioctl+0xfc/0x170 [ 1117.718368][T18996] do_syscall_64+0xfa/0x3b0 [ 1117.718389][T18996] ? lockdep_hardirqs_on+0x9c/0x150 [ 1117.718422][T18996] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1117.718443][T18996] ? clear_bhb_loop+0x60/0xb0 [ 1117.718468][T18996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1117.718489][T18996] RIP: 0033:0x7ff24d78e929 [ 1117.718509][T18996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1117.718527][T18996] RSP: 002b:00007ff24e62c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1117.718550][T18996] RAX: ffffffffffffffda RBX: 00007ff24d9b5fa0 RCX: 00007ff24d78e929 [ 1117.718566][T18996] RDX: 0000000000000000 RSI: 00000000801054db RDI: 0000000000000003 [ 1117.718580][T18996] RBP: 00007ff24e62c090 R08: 0000000000000000 R09: 0000000000000000 [ 1117.718593][T18996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1117.718606][T18996] R13: 0000000000000000 R14: 00007ff24d9b5fa0 R15: 00007ff24dadfa28 [ 1117.718638][T18996] [ 1118.303137][T19001] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3579'. [ 1118.479808][T19001] netlink: 'syz.0.3579': attribute type 30 has an invalid length. [ 1118.909937][T19017] FAULT_INJECTION: forcing a failure. [ 1118.909937][T19017] name failslab, interval 1, probability 0, space 0, times 0 [ 1118.973741][T19017] CPU: 1 UID: 0 PID: 19017 Comm: syz.3.3583 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1118.973773][T19017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1118.973787][T19017] Call Trace: [ 1118.973796][T19017] [ 1118.973805][T19017] dump_stack_lvl+0x189/0x250 [ 1118.973838][T19017] ? __pfx____ratelimit+0x10/0x10 [ 1118.973871][T19017] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1118.973897][T19017] ? __pfx__printk+0x10/0x10 [ 1118.973932][T19017] ? __pfx___might_resched+0x10/0x10 [ 1118.973962][T19017] should_fail_ex+0x414/0x560 [ 1118.973999][T19017] should_failslab+0xa8/0x100 [ 1118.974028][T19017] __kmalloc_cache_node_noprof+0x73/0x3d0 [ 1118.974056][T19017] ? __get_vm_area_node+0x13f/0x300 [ 1118.974087][T19017] __get_vm_area_node+0x13f/0x300 [ 1118.974119][T19017] __vmalloc_node_range_noprof+0x301/0x12f0 [ 1118.974167][T19017] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 1118.974192][T19017] ? is_bpf_text_address+0x26/0x2b0 [ 1118.974253][T19017] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1118.974287][T19017] ? __might_fault+0xb0/0x130 [ 1118.974313][T19017] ? _parse_integer_limit+0x1ae/0x1f0 [ 1118.974350][T19017] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 1118.974370][T19017] __vmalloc_noprof+0xb1/0xf0 [ 1118.974397][T19017] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 1118.974422][T19017] bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 1118.974449][T19017] bpf_prog_alloc+0x3c/0x1a0 [ 1118.974474][T19017] bpf_prog_load+0x735/0x1930 [ 1118.974508][T19017] ? __pfx_bpf_prog_load+0x10/0x10 [ 1118.974553][T19017] ? bpf_lsm_bpf+0x9/0x20 [ 1118.974574][T19017] ? security_bpf+0x7e/0x300 [ 1118.974606][T19017] __sys_bpf+0x5f1/0x860 [ 1118.974627][T19017] ? __pfx___sys_bpf+0x10/0x10 [ 1118.974660][T19017] ? ksys_write+0x22a/0x250 [ 1118.974688][T19017] ? __pfx_ksys_write+0x10/0x10 [ 1118.974721][T19017] __x64_sys_bpf+0x7c/0x90 [ 1118.974754][T19017] do_syscall_64+0xfa/0x3b0 [ 1118.974774][T19017] ? lockdep_hardirqs_on+0x9c/0x150 [ 1118.974806][T19017] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1118.974828][T19017] ? clear_bhb_loop+0x60/0xb0 [ 1118.974854][T19017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1118.974875][T19017] RIP: 0033:0x7f46f9d8e929 [ 1118.974894][T19017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1118.974913][T19017] RSP: 002b:00007f46fabbd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1118.974936][T19017] RAX: ffffffffffffffda RBX: 00007f46f9fb5fa0 RCX: 00007f46f9d8e929 [ 1118.974952][T19017] RDX: 0000000000000048 RSI: 000020000000e000 RDI: 0000000000000005 [ 1118.974966][T19017] RBP: 00007f46fabbd090 R08: 0000000000000000 R09: 0000000000000000 [ 1118.974979][T19017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1118.974991][T19017] R13: 0000000000000001 R14: 00007f46f9fb5fa0 R15: 00007f46fa0dfa28 [ 1118.975024][T19017] [ 1118.978817][T19017] warn_alloc: 1 callbacks suppressed [ 1119.266478][T19017] syz.3.3583: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1119.284763][T19017] CPU: 1 UID: 0 PID: 19017 Comm: syz.3.3583 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1119.284792][T19017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1119.284806][T19017] Call Trace: [ 1119.284815][T19017] [ 1119.284840][T19017] dump_stack_lvl+0x189/0x250 [ 1119.284875][T19017] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1119.284902][T19017] ? __pfx__printk+0x10/0x10 [ 1119.284931][T19017] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1119.284960][T19017] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1119.284992][T19017] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 1119.285025][T19017] warn_alloc+0x214/0x310 [ 1119.285061][T19017] ? __pfx_warn_alloc+0x10/0x10 [ 1119.285093][T19017] ? __get_vm_area_node+0x13f/0x300 [ 1119.285125][T19017] ? __get_vm_area_node+0x2b5/0x300 [ 1119.285159][T19017] __vmalloc_node_range_noprof+0x326/0x12f0 [ 1119.285190][T19017] ? is_bpf_text_address+0x26/0x2b0 [ 1119.285247][T19017] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1119.285275][T19017] ? __might_fault+0xb0/0x130 [ 1119.285303][T19017] ? _parse_integer_limit+0x1ae/0x1f0 [ 1119.285343][T19017] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 1119.285363][T19017] __vmalloc_noprof+0xb1/0xf0 [ 1119.285391][T19017] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 1119.285417][T19017] bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 1119.285444][T19017] bpf_prog_alloc+0x3c/0x1a0 [ 1119.285469][T19017] bpf_prog_load+0x735/0x1930 [ 1119.285504][T19017] ? __pfx_bpf_prog_load+0x10/0x10 [ 1119.285549][T19017] ? bpf_lsm_bpf+0x9/0x20 [ 1119.285571][T19017] ? security_bpf+0x7e/0x300 [ 1119.285604][T19017] __sys_bpf+0x5f1/0x860 [ 1119.285626][T19017] ? __pfx___sys_bpf+0x10/0x10 [ 1119.285660][T19017] ? ksys_write+0x22a/0x250 [ 1119.285688][T19017] ? __pfx_ksys_write+0x10/0x10 [ 1119.285722][T19017] __x64_sys_bpf+0x7c/0x90 [ 1119.285757][T19017] do_syscall_64+0xfa/0x3b0 [ 1119.285779][T19017] ? lockdep_hardirqs_on+0x9c/0x150 [ 1119.285812][T19017] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.285834][T19017] ? clear_bhb_loop+0x60/0xb0 [ 1119.285861][T19017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.285882][T19017] RIP: 0033:0x7f46f9d8e929 [ 1119.285901][T19017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1119.285921][T19017] RSP: 002b:00007f46fabbd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1119.285945][T19017] RAX: ffffffffffffffda RBX: 00007f46f9fb5fa0 RCX: 00007f46f9d8e929 [ 1119.285961][T19017] RDX: 0000000000000048 RSI: 000020000000e000 RDI: 0000000000000005 [ 1119.285976][T19017] RBP: 00007f46fabbd090 R08: 0000000000000000 R09: 0000000000000000 [ 1119.285990][T19017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1119.286003][T19017] R13: 0000000000000001 R14: 00007f46f9fb5fa0 R15: 00007f46fa0dfa28 [ 1119.286036][T19017] [ 1119.286685][T19017] Mem-Info: [ 1119.575480][T19017] active_anon:7929 inactive_anon:0 isolated_anon:0 [ 1119.575480][T19017] active_file:12674 inactive_file:40288 isolated_file:0 [ 1119.575480][T19017] unevictable:768 dirty:280 writeback:0 [ 1119.575480][T19017] slab_reclaimable:10859 slab_unreclaimable:123254 [ 1119.575480][T19017] mapped:34911 shmem:1501 pagetables:1764 [ 1119.575480][T19017] sec_pagetables:0 bounce:0 [ 1119.575480][T19017] kernel_misc_reclaimable:0 [ 1119.575480][T19017] free:1279957 free_pcp:15309 free_cma:0 [ 1119.793601][T19017] Node 0 active_anon:32616kB inactive_anon:0kB active_file:50696kB inactive_file:160948kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139644kB dirty:620kB writeback:0kB shmem:4468kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13588kB pagetables:6828kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1119.969017][ T1209] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1119.989110][T19017] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1120.029594][T19017] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1120.145790][ T1209] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1120.157220][ T1209] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1120.177692][ T1209] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1120.209059][T19017] lowmem_reserve[]: 0 2498 2500 2500 2500 [ 1120.214366][ T1209] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1120.287116][T19018] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1120.298648][T19017] [ 1120.302780][T19017] Node 0 DMA32 free:1211820kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:30648kB inactive_anon:0kB active_file:50696kB inactive_file:159372kB unevictable:1536kB writepending:616kB present:3129332kB managed:2558408kB mlocked:0kB bounce:0kB free_pcp:32540kB local_pcp:14956kB free_cma:0kB [ 1120.309323][ T1209] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1120.628357][T19017] lowmem_reserve[]: 0 0 1 1 1 [ 1120.675686][T19017] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 1120.781403][T19017] lowmem_reserve[]: 0 0 0 0 0 [ 1120.788587][T19017] Node 1 Normal free:3892636kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:30016kB local_pcp:11296kB free_cma:0kB [ 1120.888203][T19017] lowmem_reserve[]: 0 0 0 0 0 [ 1120.896788][T19017] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1120.936999][T19017] Node 0 DMA32: 1130*4kB (UME) 1097*8kB (UM) 680*16kB (UME) 536*32kB (UME) 141*64kB (UME) 60*128kB (UME) 36*256kB (UME) 225*512kB (UME) 125*1024kB (UME) 12*2048kB (UM) 214*4096kB (M) = 1211568kB [ 1121.047998][T19017] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1121.085291][T19017] Node 1 Normal: 179*4kB (UM) 68*8kB (UME) 61*16kB (UME) 147*32kB (UME) 42*64kB (UME) 12*128kB (UME) 4*256kB (UME) 3*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 946*4096kB (UM) = 3892636kB [ 1121.155049][T19017] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1121.187357][T19017] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 1121.215295][T19017] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1121.581284][T19035] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1121.652655][T19017] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1121.663066][T19017] 54464 total pagecache pages [ 1121.668587][T19017] 1 pages in swap cache [ 1121.674113][T19017] Free swap = 124992kB [ 1121.680347][T19017] Total swap = 124996kB [ 1121.685475][T19017] 2097051 pages RAM [ 1121.690568][T19017] 0 pages HighMem/MovableOnly [ 1121.696967][T19017] 425407 pages reserved [ 1121.704882][T19017] 0 pages cma reserved [ 1122.418743][ T1209] usb 5-1: USB disconnect, device number 53 [ 1123.169189][T19062] binder: 19053:19062 unknown command 0 [ 1123.174926][T19062] binder: 19053:19062 ioctl c0306201 200000000480 returned -22 [ 1123.419013][ T1209] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 1123.623149][ T1209] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1123.841320][ T1209] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 1123.933404][ T1209] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1123.963642][ T1209] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1126.081984][ T976] usb 2-1: new full-speed USB device number 35 using dummy_hcd [ 1126.251362][ T976] usb 2-1: config 0 has an invalid interface number: 172 but max is 0 [ 1126.326785][ T976] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1126.389205][ T976] usb 2-1: config 0 has no interface number 0 [ 1126.395398][ T976] usb 2-1: config 0 interface 172 altsetting 0 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 1126.434694][ T976] usb 2-1: config 0 interface 172 altsetting 0 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 1126.469341][ T976] usb 2-1: config 0 interface 172 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1126.489352][ T976] usb 2-1: config 0 interface 172 altsetting 0 has a duplicate endpoint with address 0xD, skipping [ 1126.518966][ T976] usb 2-1: config 0 interface 172 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 1126.559054][ T976] usb 2-1: config 0 interface 172 altsetting 0 has a duplicate endpoint with address 0x9, skipping [ 1126.621448][ T976] usb 2-1: config 0 interface 172 altsetting 0 has 9 endpoint descriptors, different from the interface descriptor's value: 15 [ 1126.696975][ T976] usb 2-1: New USB device found, idVendor=07c4, idProduct=a002, bcdDevice=c3.c0 [ 1126.716454][ T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1126.742406][ T976] usb 2-1: Product: syz [ 1126.765818][ T976] usb 2-1: Manufacturer: syz [ 1126.782499][ T976] usb 2-1: SerialNumber: syz [ 1126.799662][ T976] usb 2-1: config 0 descriptor?? [ 1126.848225][ T976] ums-datafab 2-1:0.172: USB Mass Storage device detected [ 1126.873307][ T1209] usb 5-1: USB disconnect, device number 54 [ 1127.043501][ T976] ums-datafab 2-1:0.172: Quirks match for vid 07c4 pid a002: 1 [ 1127.104094][T19113] FAULT_INJECTION: forcing a failure. [ 1127.104094][T19113] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1127.184814][ T976] usb 2-1: USB disconnect, device number 35 [ 1127.191107][T19113] CPU: 0 UID: 0 PID: 19113 Comm: syz.5.3610 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1127.191129][T19113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1127.191139][T19113] Call Trace: [ 1127.191145][T19113] [ 1127.191152][T19113] dump_stack_lvl+0x189/0x250 [ 1127.191176][T19113] ? __pfx____ratelimit+0x10/0x10 [ 1127.191201][T19113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1127.191220][T19113] ? __pfx__printk+0x10/0x10 [ 1127.191245][T19113] ? __pfx___mutex_lock+0x10/0x10 [ 1127.191277][T19113] should_fail_ex+0x414/0x560 [ 1127.191316][T19113] _copy_to_user+0x31/0xb0 [ 1127.191346][T19113] cec_ioctl+0x1660/0x2f20 [ 1127.191373][T19113] ? __pfx_cec_ioctl+0x10/0x10 [ 1127.191389][T19113] ? do_vfs_ioctl+0xf37/0x1990 [ 1127.191410][T19113] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1127.191430][T19113] ? kasan_quarantine_put+0xdd/0x220 [ 1127.191454][T19113] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1127.191476][T19113] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1127.191503][T19113] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 1127.191523][T19113] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1127.191545][T19113] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1127.191579][T19113] ? __lock_acquire+0xab9/0xd20 [ 1127.191611][T19113] ? __fget_files+0x2a/0x420 [ 1127.191633][T19113] ? __fget_files+0x2a/0x420 [ 1127.191665][T19113] ? __fget_files+0x3a0/0x420 [ 1127.191683][T19113] ? __fget_files+0x2a/0x420 [ 1127.191706][T19113] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1127.191722][T19113] ? __pfx_cec_ioctl+0x10/0x10 [ 1127.191735][T19113] __se_sys_ioctl+0xfc/0x170 [ 1127.191753][T19113] do_syscall_64+0xfa/0x3b0 [ 1127.191767][T19113] ? lockdep_hardirqs_on+0x9c/0x150 [ 1127.191789][T19113] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1127.191803][T19113] ? clear_bhb_loop+0x60/0xb0 [ 1127.191821][T19113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1127.191836][T19113] RIP: 0033:0x7fcd7878e929 [ 1127.191849][T19113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1127.191861][T19113] RSP: 002b:00007fcd79662038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1127.191879][T19113] RAX: ffffffffffffffda RBX: 00007fcd789b5fa0 RCX: 00007fcd7878e929 [ 1127.191890][T19113] RDX: 00002000000010c0 RSI: 00000000c0506107 RDI: 0000000000000003 [ 1127.191900][T19113] RBP: 00007fcd79662090 R08: 0000000000000000 R09: 0000000000000000 [ 1127.191909][T19113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1127.191918][T19113] R13: 0000000000000000 R14: 00007fcd789b5fa0 R15: 00007fcd78adfa28 [ 1127.191939][T19113] [ 1128.599014][ T5984] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 1128.800143][ T5984] usb 5-1: Using ep0 maxpacket: 32 [ 1128.919379][T19123] bond0: entered promiscuous mode [ 1128.998744][T19123] batadv0: entered promiscuous mode [ 1129.017869][T19123] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 1129.056718][T19123] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 1129.097262][T19123] bond0: left promiscuous mode [ 1129.126460][T19123] batadv0: left promiscuous mode [ 1129.219268][ T976] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1129.381132][ T976] usb 4-1: config 0 interface 0 altsetting 12 bulk endpoint 0x87 has invalid maxpacket 185 [ 1129.401195][ T976] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1129.482697][ T976] usb 4-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3 [ 1129.497081][ T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1129.530158][T19133] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3617'. [ 1129.545104][T19133] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1129.579240][ T976] usb 4-1: Product: syz [ 1129.583517][ T976] usb 4-1: Manufacturer: syz [ 1129.588165][ T976] usb 4-1: SerialNumber: syz [ 1129.614520][ T976] usb 4-1: config 0 descriptor?? [ 1129.705772][T19129] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1129.709541][ T1209] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 1129.718118][ T976] keyspan 4-1:0.0: Keyspan 2 port adapter converter detected [ 1129.740140][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 7 [ 1129.828207][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81 [ 1129.943347][ T1209] usb 6-1: New USB device found, idVendor=0547, idProduct=6801, bcdDevice=43.6f [ 1129.956725][ T1209] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1129.989908][T19133] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1130.014621][ T1209] usb 6-1: Product: syz [ 1130.019840][ T1209] usb 6-1: Manufacturer: syz [ 1130.029798][ T1209] usb 6-1: SerialNumber: syz [ 1130.055666][ T1209] usb 6-1: config 0 descriptor?? [ 1130.084197][T19129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1130.103379][T19129] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1130.141214][T19129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1130.168231][ T1209] gspca_main: touptek-2.14.0 probing 0547:6801 [ 1130.212301][T19129] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1130.221924][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1 [ 1130.231085][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2 [ 1130.319594][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 85 [ 1130.417164][T19142] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9) [ 1130.423763][T19142] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1130.432457][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 5 [ 1130.439581][T12447] usb 6-1: USB disconnect, device number 20 [ 1130.481935][T19146] netlink: 'syz.3.3616': attribute type 5 has an invalid length. [ 1130.524387][T19142] vhci_hcd vhci_hcd.0: Device attached [ 1130.694723][ T976] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 1130.713287][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83 [ 1130.730881][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3 [ 1130.738747][T19143] vhci_hcd: connection closed [ 1130.747837][T16703] vhci_hcd: stop threads [ 1130.748113][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 4 [ 1130.755408][T16703] vhci_hcd: release socket [ 1130.757822][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 86 [ 1130.802812][ T976] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 6 [ 1130.810846][ T5918] usb 40-1: SetAddress Request (2) to port 0 [ 1130.820225][ T5918] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 1130.837821][T16703] vhci_hcd: disconnect device [ 1130.869594][ T976] usb 4-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 1130.942495][ T976] usb 4-1: USB disconnect, device number 41 [ 1131.060109][ T976] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 1131.150363][ T976] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 1131.175987][ T976] keyspan 4-1:0.0: device disconnected [ 1131.593945][T19149] fuse: Bad value for 'fd' [ 1132.021610][ T5984] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1132.072496][ T5984] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1132.189965][ T5984] usb 5-1: can't read configurations, error -71 [ 1133.078028][T19163] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3623'. [ 1133.110619][T19163] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3623'. [ 1133.178274][T19156] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1133.421956][T19172] ALSA: seq fatal error: cannot create timer (-19) [ 1134.249857][T19193] fuse: Bad value for 'fd' [ 1134.525623][T19203] input: syz0 as /devices/virtual/input/input91 [ 1135.941525][ T5918] usb 40-1: device descriptor read/8, error -110 [ 1136.434412][ T5918] usb usb40-port1: attempt power cycle [ 1136.567380][T19235] fuse: Bad value for 'fd' [ 1136.789335][T12447] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 1136.922109][T12447] usb 6-1: device descriptor read/64, error -71 [ 1137.061637][ T5918] usb usb40-port1: unable to enumerate USB device [ 1137.318983][T12447] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 1137.499003][T12447] usb 6-1: device descriptor read/64, error -71 [ 1137.629479][T12447] usb usb6-port1: attempt power cycle [ 1137.919917][T19254] netlink: 'syz.3.3647': attribute type 33 has an invalid length. [ 1138.077307][T19254] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3647'. [ 1138.120202][T12447] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 1138.162497][T12447] usb 6-1: device descriptor read/8, error -71 [ 1138.292921][T19245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1138.419040][ T1209] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1138.489065][T12447] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 1138.531360][T12447] usb 6-1: device descriptor read/8, error -71 [ 1138.654672][ T1209] usb 4-1: Using ep0 maxpacket: 16 [ 1138.662071][T12447] usb usb6-port1: unable to enumerate USB device [ 1138.677453][ T1209] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1138.709047][ T5984] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 1138.744130][ T1209] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1138.787736][ T1209] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1138.853172][ T5984] usb 2-1: device descriptor read/64, error -71 [ 1138.902607][ T1209] usb 4-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=f6.59 [ 1138.940744][ T1209] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1138.969277][ T1209] usb 4-1: Product: syz [ 1138.973526][ T1209] usb 4-1: Manufacturer: syz [ 1138.978145][ T1209] usb 4-1: SerialNumber: syz [ 1139.021060][ T1209] usb 4-1: config 0 descriptor?? [ 1139.101955][ T1209] peak_usb 4-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -8 [ 1139.109704][ T5984] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 1139.121420][ T1209] peak_usb 4-1:0.0: unable to read PCAN-USB serial number (err -8) [ 1139.266116][ T1209] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -8 [ 1139.289050][ T5984] usb 2-1: device descriptor read/64, error -71 [ 1139.297855][ T1209] usb 4-1: USB disconnect, device number 42 [ 1139.419419][ T5984] usb usb2-port1: attempt power cycle [ 1139.815295][ T5984] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 1139.843856][T19271] netlink: zone id is out of range [ 1139.851633][T19271] netlink: zone id is out of range [ 1139.927061][ T5984] usb 2-1: device descriptor read/8, error -71 [ 1140.189232][ T5984] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 1140.256887][ T5984] usb 2-1: device descriptor read/8, error -71 [ 1140.505069][ T5984] usb usb2-port1: unable to enumerate USB device [ 1140.610168][T19275] fuse: Bad value for 'fd' [ 1142.549481][ T5984] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1142.729559][ T5984] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1142.741702][ T5984] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1142.776116][ T5984] usb 2-1: config 0 descriptor?? [ 1142.802986][ T5984] cp210x 2-1:0.0: cp210x converter detected [ 1143.207861][ T5984] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1143.325794][T19311] fuse: Bad value for 'fd' [ 1143.812066][T19316] netlink: zone id is out of range [ 1143.889975][T19316] netlink: zone id is out of range [ 1144.652707][T19322] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1145.320189][ T5984] cp210x 2-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 1145.329887][ T5984] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 1145.427650][ T5984] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1145.448679][ T5984] usb 2-1: USB disconnect, device number 40 [ 1145.508405][ T5984] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1145.562078][ T5984] cp210x 2-1:0.0: device disconnected [ 1146.350985][T19348] fuse: Bad value for 'fd' [ 1146.470924][T19350] netlink: zone id is out of range [ 1146.486455][T19350] netlink: zone id is out of range [ 1146.842909][T19357] wireguard0: entered promiscuous mode [ 1146.862835][T19357] wireguard0: entered allmulticast mode [ 1147.064603][T19363] netlink: 'syz.1.3684': attribute type 29 has an invalid length. [ 1147.684203][T19378] fuse: Invalid rootmode [ 1147.899050][ T9] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1148.055207][ T9] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1148.063104][ T9] usb 5-1: can't read configurations, error -61 [ 1148.199031][ T9] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1148.368217][ T9] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1148.377233][ T9] usb 5-1: can't read configurations, error -61 [ 1148.384995][ T9] usb usb5-port1: attempt power cycle [ 1148.739368][ T9] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1150.185038][ T9] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1150.193344][ T9] usb 5-1: can't read configurations, error -61 [ 1150.368198][ T9] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1150.435855][ T9] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1150.470856][ T9] usb 5-1: can't read configurations, error -61 [ 1150.561759][ T9] usb usb5-port1: unable to enumerate USB device [ 1151.475101][T19411] fuse: Invalid rootmode [ 1152.088611][T19421] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1152.097714][T19421] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1152.107166][T19421] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1152.116025][T19421] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1152.540051][T19430] overlayfs: missing 'lowerdir' [ 1152.606367][T19436] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3704'. [ 1153.180666][T19435] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1153.756216][T19454] fuse: Invalid rootmode [ 1153.819187][ T5918] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 1154.197225][ T5918] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1154.205258][ T5918] usb 6-1: can't read configurations, error -61 [ 1154.359453][ T5918] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1154.847336][ T5918] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1154.908981][ T5918] usb 6-1: can't read configurations, error -61 [ 1155.021291][T19465] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1155.048352][ T5918] usb usb6-port1: attempt power cycle [ 1155.539062][ T5918] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 1155.585864][ T5918] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1155.593769][ T5918] usb 6-1: can't read configurations, error -61 [ 1155.784079][ T5918] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 1157.106748][ T5918] usb 6-1: device descriptor read/8, error -71 [ 1157.117452][T19487] Set syz0 is full, maxelem 0 reached [ 1157.137635][T19489] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1157.146464][T19489] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1157.155282][T19489] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1157.165040][T19489] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1157.219521][ T5918] usb usb6-port1: unable to enumerate USB device [ 1157.447046][T19494] fuse: Unknown parameter '00000000000000000000' [ 1157.744265][T19501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3726'. [ 1157.770133][T19498] fuse: Unknown parameter 'grou00000000000000000000' [ 1158.205034][T19506] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1159.898829][T19522] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1161.499092][ T44] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1162.125274][ T44] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1162.386740][ T44] usb 5-1: can't read configurations, error -61 [ 1162.533951][T19561] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3738'. [ 1162.559102][ T44] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1163.289529][ T44] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1163.297347][ T44] usb 5-1: can't read configurations, error -61 [ 1163.304999][ T44] usb usb5-port1: attempt power cycle [ 1163.719884][ T44] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1164.189330][T19575] fuse: Unknown parameter '00000000000000000000' [ 1164.387214][ T44] usb 5-1: device descriptor read/8, error -71 [ 1164.422642][T19580] netlink: zone id is out of range [ 1164.429179][T19580] netlink: zone id is out of range [ 1164.435428][T19580] netlink: set zone limit has 4 unknown bytes [ 1165.796950][T19598] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3749'. [ 1167.820108][T19620] fuse: Unknown parameter 'user00000000000000000000' [ 1168.559037][ T5910] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 1169.122766][ T5910] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1169.172000][ T5910] usb 6-1: can't read configurations, error -61 [ 1169.339619][ T5910] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 1169.537832][ T5910] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1169.547343][ T5910] usb 6-1: can't read configurations, error -61 [ 1169.613759][ T5910] usb usb6-port1: attempt power cycle [ 1170.120358][ T5910] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 1170.581927][T19653] fuse: Unknown parameter 'user00000000000000000000' [ 1170.813564][ T5910] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1170.839622][ T5910] usb 6-1: can't read configurations, error -61 [ 1171.060314][ T5910] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 1171.906293][ T5910] usb 6-1: device descriptor read/8, error -71 [ 1172.049409][ T5910] usb usb6-port1: unable to enumerate USB device [ 1173.069347][T19690] fuse: Unknown parameter 'user00000000000000000000' [ 1174.479565][ T5910] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 1174.933551][ T5910] usb 6-1: config 0 has no interfaces? [ 1174.977394][ T5910] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1174.992114][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1175.008970][ T5910] usb 6-1: Product: syz [ 1175.024420][ T5910] usb 6-1: Manufacturer: syz [ 1175.054120][ T5910] usb 6-1: SerialNumber: syz [ 1175.109924][ T5910] usb 6-1: config 0 descriptor?? [ 1177.129991][T19737] fuse: Unknown parameter 'user_i00000000000000000000' [ 1177.243866][T19741] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3794'. [ 1177.545283][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.552142][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.587460][ T9] usb 6-1: USB disconnect, device number 33 [ 1178.089624][ T9] usb 6-1: new full-speed USB device number 34 using dummy_hcd [ 1178.173124][T19769] binder: 19761:19769 unknown command 0 [ 1178.179009][T19769] binder: 19761:19769 ioctl c0306201 200000000480 returned -22 [ 1178.257295][ T9] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1178.296595][ T9] usb 6-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 1178.314260][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1178.338957][ T9] usb 6-1: Product: syz [ 1178.344396][ T9] usb 6-1: Manufacturer: syz [ 1178.355198][ T9] usb 6-1: SerialNumber: syz [ 1178.384212][ T9] usb 6-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 1178.489099][ T5984] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1178.655404][ T5984] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1178.673149][ T5984] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 1178.725348][ T5984] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1178.763457][ T5984] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1178.996895][T19755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1179.113807][ T9] usb 6-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 1179.164269][T19755] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1179.186430][T19755] ------------[ cut here ]------------ [ 1179.192597][T19755] usb 6-1: BOGUS control dir, pipe 80002280 doesn't match bRequestType c0 [ 1179.224576][T19755] WARNING: CPU: 1 PID: 19755 at drivers/usb/core/urb.c:413 usb_submit_urb+0x115d/0x1890 [ 1179.235221][T19755] Modules linked in: [ 1179.239716][T19755] CPU: 1 UID: 0 PID: 19755 Comm: syz.5.3799 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1179.251832][T19755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1179.261958][T19755] RIP: 0010:usb_submit_urb+0x115d/0x1890 [ 1179.267620][T19755] Code: 0f b6 44 05 00 84 c0 0f 85 10 06 00 00 45 0f b6 04 24 48 c7 c7 c0 3d 34 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 74 f2 62 fa 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 e0 f3 ff ff 89 e9 80 [ 1179.287792][T19755] RSP: 0018:ffffc9000be2f7b0 EFLAGS: 00010246 [ 1179.294273][T19755] RAX: 613af9b0a2571700 RBX: ffff888053b3e400 RCX: 0000000000080000 [ 1179.302331][T19755] RDX: ffffc9000c37b000 RSI: 000000000000403b RDI: 000000000000403c [ 1179.310345][T19755] RBP: 1ffff110090053b4 R08: 0000000000000003 R09: 0000000000000004 [ 1179.318323][T19755] R10: dffffc0000000000 R11: fffffbfff1bfaa64 R12: ffff888048029da0 [ 1179.326516][T19755] R13: dffffc0000000000 R14: 0000000080002280 R15: ffff888029e6ff20 [ 1179.334579][T19755] FS: 00007fcd796626c0(0000) GS:ffff888125d1b000(0000) knlGS:0000000000000000 [ 1179.343614][T19755] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1179.350251][T19755] CR2: 00002000000ae030 CR3: 000000004800c000 CR4: 00000000003526f0 [ 1179.358234][T19755] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1179.366249][T19755] DR3: 00000000000032e7 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1179.374306][T19755] Call Trace: [ 1179.377614][T19755] [ 1179.380658][T19755] usb_start_wait_urb+0x114/0x4c0 [ 1179.386205][T19755] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 1179.392181][T19755] usb_control_msg+0x232/0x3e0 [ 1179.396972][T19755] gl861_ctrl_msg+0x214/0x3e0 [ 1179.401748][T19755] ? look_up_lock_class+0x74/0x170 [ 1179.406884][T19755] ? __pfx_gl861_ctrl_msg+0x10/0x10 [ 1179.412238][T19755] ? __lock_acquire+0xab9/0xd20 [ 1179.417125][T19755] gl861_i2c_master_xfer+0x439/0x650 [ 1179.422468][T19755] __i2c_transfer+0x871/0x2170 [ 1179.427269][T19755] ? lockdep_hardirqs_on+0x9c/0x150 [ 1179.432578][T19755] ? __pfx___i2c_transfer+0x10/0x10 [ 1179.437793][T19755] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 1179.443237][T19755] ? i2c_transfer+0x120/0x3a0 [ 1179.447933][T19755] i2c_transfer+0x25b/0x3a0 [ 1179.452488][T19755] ? __pfx_i2c_transfer+0x10/0x10 [ 1179.457529][T19755] ? _copy_from_user+0x94/0xb0 [ 1179.462420][T19755] i2cdev_ioctl_rdwr+0x460/0x740 [ 1179.467401][T19755] i2cdev_ioctl+0x64b/0x7f0 [ 1179.472074][T19755] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 1179.477130][T19755] ? __fget_files+0x3a0/0x420 [ 1179.481883][T19755] ? __fget_files+0x2a/0x420 [ 1179.486521][T19755] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1179.492879][T19755] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 1179.497964][T19755] __se_sys_ioctl+0xfc/0x170 [ 1179.502656][T19755] do_syscall_64+0xfa/0x3b0 [ 1179.507179][T19755] ? lockdep_hardirqs_on+0x9c/0x150 [ 1179.512738][T19755] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1179.519166][T19755] ? clear_bhb_loop+0x60/0xb0 [ 1179.523872][T19755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1179.529819][T19755] RIP: 0033:0x7fcd7878e929 [ 1179.534253][T19755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1179.553940][T19755] RSP: 002b:00007fcd79662038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1179.562539][T19755] RAX: ffffffffffffffda RBX: 00007fcd789b5fa0 RCX: 00007fcd7878e929 [ 1179.570577][T19755] RDX: 0000200000002580 RSI: 0000000000000707 RDI: 0000000000000005 [ 1179.578564][T19755] RBP: 00007fcd78810b39 R08: 0000000000000000 R09: 0000000000000000 [ 1179.586830][T19755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1179.595439][T19755] R13: 0000000000000000 R14: 00007fcd789b5fa0 R15: 00007fcd78adfa28 [ 1179.604025][T19755] [ 1179.607111][T19755] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1179.614427][T19755] CPU: 1 UID: 0 PID: 19755 Comm: syz.5.3799 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 1179.626516][T19755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1179.636607][T19755] Call Trace: [ 1179.639907][T19755] [ 1179.642857][T19755] dump_stack_lvl+0x99/0x250 [ 1179.647514][T19755] ? __asan_memcpy+0x40/0x70 [ 1179.652124][T19755] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1179.657343][T19755] ? __pfx__printk+0x10/0x10 [ 1179.661966][T19755] panic+0x2db/0x790 [ 1179.665883][T19755] ? __pfx_panic+0x10/0x10 [ 1179.670340][T19755] __warn+0x31b/0x4b0 [ 1179.674337][T19755] ? usb_submit_urb+0x115d/0x1890 [ 1179.679390][T19755] ? usb_submit_urb+0x115d/0x1890 [ 1179.684442][T19755] report_bug+0x2be/0x4f0 [ 1179.688800][T19755] ? usb_submit_urb+0x115d/0x1890 [ 1179.693848][T19755] ? usb_submit_urb+0x115d/0x1890 [ 1179.698900][T19755] ? usb_submit_urb+0x115f/0x1890 [ 1179.703960][T19755] handle_bug+0x84/0x160 [ 1179.708218][T19755] exc_invalid_op+0x1a/0x50 [ 1179.712739][T19755] asm_exc_invalid_op+0x1a/0x20 [ 1179.717611][T19755] RIP: 0010:usb_submit_urb+0x115d/0x1890 [ 1179.723274][T19755] Code: 0f b6 44 05 00 84 c0 0f 85 10 06 00 00 45 0f b6 04 24 48 c7 c7 c0 3d 34 8c 48 8b 74 24 10 4c 89 fa 44 89 f1 e8 74 f2 62 fa 90 <0f> 0b 90 90 49 bd 00 00 00 00 00 fc ff df e9 e0 f3 ff ff 89 e9 80 [ 1179.742898][T19755] RSP: 0018:ffffc9000be2f7b0 EFLAGS: 00010246 [ 1179.748989][T19755] RAX: 613af9b0a2571700 RBX: ffff888053b3e400 RCX: 0000000000080000 [ 1179.756985][T19755] RDX: ffffc9000c37b000 RSI: 000000000000403b RDI: 000000000000403c [ 1179.764971][T19755] RBP: 1ffff110090053b4 R08: 0000000000000003 R09: 0000000000000004 [ 1179.772957][T19755] R10: dffffc0000000000 R11: fffffbfff1bfaa64 R12: ffff888048029da0 [ 1179.780941][T19755] R13: dffffc0000000000 R14: 0000000080002280 R15: ffff888029e6ff20 [ 1179.788957][T19755] usb_start_wait_urb+0x114/0x4c0 [ 1179.794019][T19755] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 1179.799632][T19755] usb_control_msg+0x232/0x3e0 [ 1179.804428][T19755] gl861_ctrl_msg+0x214/0x3e0 [ 1179.809126][T19755] ? look_up_lock_class+0x74/0x170 [ 1179.814268][T19755] ? __pfx_gl861_ctrl_msg+0x10/0x10 [ 1179.819489][T19755] ? __lock_acquire+0xab9/0xd20 [ 1179.824388][T19755] gl861_i2c_master_xfer+0x439/0x650 [ 1179.829702][T19755] __i2c_transfer+0x871/0x2170 [ 1179.834495][T19755] ? lockdep_hardirqs_on+0x9c/0x150 [ 1179.839747][T19755] ? __pfx___i2c_transfer+0x10/0x10 [ 1179.845000][T19755] ? rt_mutex_lock_nested+0x15e/0x1e0 [ 1179.850411][T19755] ? i2c_transfer+0x120/0x3a0 [ 1179.855119][T19755] i2c_transfer+0x25b/0x3a0 [ 1179.859655][T19755] ? __pfx_i2c_transfer+0x10/0x10 [ 1179.864717][T19755] ? _copy_from_user+0x94/0xb0 [ 1179.869512][T19755] i2cdev_ioctl_rdwr+0x460/0x740 [ 1179.874486][T19755] i2cdev_ioctl+0x64b/0x7f0 [ 1179.879019][T19755] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 1179.884070][T19755] ? __fget_files+0x3a0/0x420 [ 1179.888764][T19755] ? __fget_files+0x2a/0x420 [ 1179.893380][T19755] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1179.898341][T19755] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 1179.903401][T19755] __se_sys_ioctl+0xfc/0x170 [ 1179.908017][T19755] do_syscall_64+0xfa/0x3b0 [ 1179.912534][T19755] ? lockdep_hardirqs_on+0x9c/0x150 [ 1179.917854][T19755] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1179.923938][T19755] ? clear_bhb_loop+0x60/0xb0 [ 1179.928661][T19755] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1179.934595][T19755] RIP: 0033:0x7fcd7878e929 [ 1179.939030][T19755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1179.958658][T19755] RSP: 002b:00007fcd79662038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1179.967101][T19755] RAX: ffffffffffffffda RBX: 00007fcd789b5fa0 RCX: 00007fcd7878e929 [ 1179.975089][T19755] RDX: 0000200000002580 RSI: 0000000000000707 RDI: 0000000000000005 [ 1179.983076][T19755] RBP: 00007fcd78810b39 R08: 0000000000000000 R09: 0000000000000000 [ 1179.991060][T19755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1179.999057][T19755] R13: 0000000000000000 R14: 00007fcd789b5fa0 R15: 00007fcd78adfa28 [ 1180.007074][T19755] [ 1180.010450][T19755] Kernel Offset: disabled [ 1180.014787][T19755] Rebooting in 86400 seconds..