last executing test programs: 4m53.620549316s ago: executing program 1 (id=2392): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) pselect6(0x40, &(0x7f0000000400)={0x3, 0x3, 0x7, 0x1e35, 0x2, 0x100, 0x165e9858, 0x1}, &(0x7f0000000440)={0x6, 0xce, 0xbe6, 0x9, 0xaf1, 0x1, 0xffffffffffffffc0, 0x2000000000091}, &(0x7f0000000480)={0xe, 0x10001, 0x8, 0x8, 0x2, 0xfffffffffffffffe, 0x9a, 0x8}, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = dup(0xffffffffffffffff) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000080)={0xffffffffffffffff, r5}, 0xc) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r6, 0x4b67, &(0x7f0000001ec0)={0x0, 0x0}) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000300)="0bb8509e4dec649fa1aba57a682235a2a078ed59e02ddb54a59c3b30855e238aacc3c2"}, 0x20) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="74010000100063d129bd7000fbdbdf25fe8000000000000000000000000000aafe8000000000000004000000000000aa00000000000000000000000011000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc0100000000000000000000000000000000000033000000ac1414bb00000000000000000000000001000000000000000000000000000000000000000000000002000000000000000b000000000000000000000000000000820000000000000000010000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000084000100636d6163286165732900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e001"], 0x174}, 0x1, 0x0, 0x0, 0x40000}, 0x4004) 4m52.232747972s ago: executing program 0 (id=2395): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2}, 0x50) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={0x0, @remote, @multicast1}, &(0x7f00000000c0)=0xc) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = dup(r5) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800003a"]) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) r8 = socket$kcm(0x2, 0x3, 0x2) sendmsg$inet(r8, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="1c000000000000000000000001"], 0x48}, 0x0) ioctl$FS_IOC_SETFLAGS(r7, 0x40046f41, &(0x7f0000000440)=0x1f) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x7, 0x7, 0x2, 0x20020, r1, 0x101, '\x00', r2, r7, 0x4, 0x5, 0x2}, 0x50) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000008c0)={0x2c, &(0x7f0000000680)={0x20, 0xf}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 4m52.232459713s ago: executing program 1 (id=2396): syz_usb_connect$uac1(0x5, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000) r6 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r9}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x700}, 0x0) 4m51.346847226s ago: executing program 4 (id=2400): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = syz_open_dev$media(&(0x7f00000006c0), 0x2c29, 0x28004) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000940)) (async, rerun: 64) syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) (async, rerun: 64) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000}) (async) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0) (async, rerun: 64) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x7, 0x87}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async, rerun: 64) getpid() (async, rerun: 64) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_pidfd_open(0x0, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async, rerun: 32) sendmmsg$unix(r8, &(0x7f0000000000), 0x0, 0x44044) (rerun: 32) recvmmsg(r0, &(0x7f0000002080)=[{{&(0x7f0000000340)=@ethernet, 0x80, &(0x7f00000004c0)=[{&(0x7f00000001c0)}, {&(0x7f0000000480)=""/37, 0x25}], 0x2, &(0x7f0000000540)=""/101, 0x65}, 0x9}, {{&(0x7f0000000640)=@generic, 0x80, &(0x7f0000001a80)=[{&(0x7f0000000700)=""/141, 0x8d}, {&(0x7f00000007c0)=""/184, 0xb8}, {&(0x7f0000000980)=""/240, 0xf0}, {&(0x7f0000000a80)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/30, 0x1e}, {&(0x7f0000000880)=""/84, 0x54}, {&(0x7f0000000900)=""/15, 0xf}], 0x7, &(0x7f0000001b00)=""/219, 0xdb}, 0x2}, {{0x0, 0x0, &(0x7f0000001f40)=[{&(0x7f0000001c00)=""/69, 0x45}, {&(0x7f0000001c80)=""/129, 0x81}, {&(0x7f0000001d40)=""/250, 0xfa}, {&(0x7f0000001e40)=""/99, 0x63}, {&(0x7f0000001ec0)=""/37, 0x25}, {&(0x7f0000001f00)=""/1, 0x1}], 0x6, &(0x7f0000001fc0)=""/134, 0x86}, 0x4}], 0x3, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) (async) r9 = syz_open_dev$sndpcmc(&(0x7f0000000300), 0x0, 0x0) (async) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r10, &(0x7f00000001c0)=ANY=[@ANYRES16=r3, @ANYRES64, @ANYRES8=r9], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r10, 0x0) (async, rerun: 64) ioctl$SNDRV_PCM_IOCTL_TTSTAMP(r9, 0x40044103, &(0x7f0000000000)) (rerun: 64) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r7, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}}, 0x0) 4m51.123423425s ago: executing program 4 (id=2402): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, 0x0, {0x5, 0x8}, {0xfff1, 0xffff}, {0xd, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x3000c81c) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4004) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0xfffffffffffffffd}}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="b8000000150001000000000000000000e00000020000000000000000000000000000000000000000000000000000000100000300000000000a00100000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000010a63a69e2ff01000000000000000000000000000000000000000000010000007a01e54986f60000000000000036cb07670484c3717210ab00000000000020ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b56b6e0000017b381ae434526d129f8ff9d8d15af2ce4207a813724209b5047a8cb847c542a9027e24b18229"], 0xb8}}, 0x0) 4m51.016640989s ago: executing program 4 (id=2404): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) rt_sigaction(0x1, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x13, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="4daa000000000000711027000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x8000000}, 0x94) 4m50.558166834s ago: executing program 2 (id=2405): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317c8de5e5c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1786eda2b20"], &(0x7f0000000100)='GPL\x00'}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$smackfs_ptrace(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) read$smackfs_ptrace(r3, &(0x7f0000000300), 0x14) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r4}, &(0x7f0000000200), &(0x7f0000000240)=r0}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000400018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 4m50.557696254s ago: executing program 4 (id=2406): bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) connect$rds(r0, &(0x7f00000001c0)={0x2, 0x4e24, @broadcast}, 0x10) syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x104, 0x2, 0x3c8, 0xe8, 0xe8, 0x2e0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28}}, {{@arp={@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac, {[0xff]}}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 'nicvf0\x00', 'lo\x00'}, 0xc0, 0x110, 0x0, {0xb000000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @dev={0xac, 0x14, 0x14, 0xb}, @local, 0x8, 0x1}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x9, {@empty, {[0xff]}}, {@mac=@remote}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'veth0_macvtap\x00', 'ipvlan1\x00', {}, {}, 0x0, 0x2}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x418) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0xfffffffc, 0x25dfdbf9, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x44}}, 0x0) r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) socket$l2tp(0x2, 0x2, 0x73) r6 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000180)={{0x5e, @multicast1, 0x4e20, 0x1, 'wlc\x00', 0x28, 0x3, 0x45}, {@loopback, 0x4e22, 0x10000, 0x0, 0x5, 0xff}}, 0x44) preadv(r5, &(0x7f0000000540)=[{&(0x7f0000000080)=""/166, 0xa6}], 0x1, 0x6, 0x4) 4m50.415460855s ago: executing program 2 (id=2407): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x3}, @func_proto, @struct={0x0, 0x0, 0x0, 0x9, 0x0, 0x2}]}}, 0x0, 0x3e, 0x0, 0x1, 0x0, 0x0, @void, @value=0x300}, 0x28) 4m50.405296288s ago: executing program 1 (id=2408): bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61128c005703000061138c0000000000bf2000000000000015000000081400002d0301000000000095000000000000006916600000000000bf67000000000000260300000fff0748670600000f000000170300000ee60020bf050000000000001d360000000000006507f9ff01000000070700004c000000cc75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ff7f5be95e09b67754bb12feffffff8ecf264e0f84f9f17d3c51e3c7bdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be5b369289aa6812b8e007e733b9a4f16d0abbd5ad9381806ef08513e3d3778a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad5b803306b17cf4ef3f1d45f65727546e7c955ccefa1f6ab689fde4de4e63edf10271a5144ddc8da3aa5b0ab733a1b901627b562ed04ae76002d4519af619e3a2a4d69e0dee5eb106774a8f3e6916dfec88b5634ef79b02d2ca8ff54c158f0200000000eafb735fd552bdc206004aeb0743eb2dc819c75c8ac86d8a297dff0445a13d006723888fb126a163f16fb2ad9bc1162ba7cbebe174cecac4d03723f1c932b3faffffffffffffff5fc998e13b670e373e3e5897f7ad2e99e0e67a993716dbf580469f0f53acbb40b401e3738270b315d362ed834f2a0700000096649a462e7ee4bcf8b07a101c879730beb4000000000000000000000000000000bc00f674629709e7e78f4ddc3d1bc3ebf0bd9d42ca019dd5d022cf7468659fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7eab04871bc47287cd313f3bea788ea2bcdc340ffb567b40407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f3767ce603c9d4867b63d20a268bb9f15a0a6e66ce4660fbee91629ab028acfc1d9260e9659a0f6a5480a55c22fe3ae5f562d0ae520c38d2bab6528000000596fb73a96b33c81cdbbd421a27f7f1db054cc7a0a4d372849c99a98822103b9851d924b85b1ca4b21b187db00000000000000066dead3b9670a7604a5ddd0fd2e4fb8a5749a8a8ad78454ba1eebeff1b528da294247d294d2487babb176fdfafeb3d492a325671e6b91afb41f87feda4ce2f468a3758750c0b8f151d4d8574bbbe027687a0e12311cdf3384a26ee3f6f2424ba1e5be98ef1f8f2db9a4991e234f9f447e1730ceaf54cf25c0e3ad7cbb0de06d55db89d154c9d3fcd01c551b0ef58034c252629aefbfd5305845b9a8763b264e8f0bcd0f606fe92e511f122325ebc5fef1b68f2e2ec7bebe423d4baae0e27845d0eb8b8a4f97f83424221e94a5c4623feb8496ccdbc55b27773bf1b3e6a91a20e0c27fc80262647f88d8d1123d199b2c7729bb7700e887ea963f00004a1d0851dbfb9308d16cadcc7b477c9a9586571182526898735552a203c4797228533b1a73ab44aa115136353964648abcc4adbe765556643842290a92eafea0ec2c000000000000000000000000000000e1f3518dc3fc2bbefe043804ac1b6b1c8b7e3afed045a3a808700bca61a39d5bfa83877803013e2d145e642253632f3a283c6eee0e22cb69fe7f94786220c31e9b2a82a9856e947bace74923e4740bf1c17cb41ef19161c3d417655517c28bd08dee32d77a40b834ba7a12223354e9321b8300f7d5d63fa0e8f074adc176285a8f41609ce040cec99943792f5443ca5292447b0f0f240743c4b2b8142ce0b43d4d1731ce11533f61ef241c83557f5aae58a848b5ccce86b8b0fb21fe369c90f06e2d9680003df72f3f0060e6c3415cc1026d342003bece09fbfd062efdd9b48377335903f3b4e87386915e3ac429a4db646da1cc6e29ad8650f4da326cbfdce12c8d5deba32549d6aefe422e0d665d62325c737fe76ec1f3c3670ed96f86738a2cf1c59b5f9b84ffd068f7b4509f53617910a41b811a3f7cd6251f8100008133af11a4db2d00c0ad86ce9f40f3e06b41b45f72b1598a12abddf58ac778bff2f1e49306a1d2f80b2a7d7a28f3997ee60793c62ffee96535e47adac9f367395cf26056a4b76d646f7682f21beafcdb7a9c07acfd145487426f1a009327b8ec6e695e6a7ddcc2c9151cc9c4efa413fa1e521b398151247104bc47748199441cf298e925ef2e3374f4ec0193b38a355c35ee44962fceb3f418510742c93a442f857733b74b6d9197cd62784d7f2afa6a4bc5cae18e33435665250241a7ffd96fc0790000009c17c570096bb75de737107e029b18ec0e61ab3761366452a1c6e3e3c912170f874555aaefc9644cffa768eb2b47c6b040698746df86026730db64859c46cdfb775b86214cfd1932d5ad87c56ea4f38bca780000000000000000000000003bf179c894590cb06b546082451bb735e7152afd5340683663e8effbfb49855ec98703a1e141ab7510fc0e3b081e72d25bfa4e52bedadd11e152bb1dcfcfe942b97b813cf4cdd8626ecfb630425db071c1bfdb03fee96f80b1a96f9427e17edfdc902749ccbab746e26a3a46527b3a32c49dab9608ab1dca3982590c1e78ff5c87d10eef5c3707974981c01c00000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xf000000}, 0x48) 4m50.315975693s ago: executing program 1 (id=2409): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0) mount$overlay(0xfffffff0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 4m50.247475999s ago: executing program 2 (id=2410): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r2, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r2], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x4c094) r4 = socket(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}, {0x5, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x79}}, 0x800) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001540)=@newtfilter={0x68, 0x28, 0xd27, 0x1004001, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xffff, 0x9}, {}, {0x2, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_sample={0x30, 0x215, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x8810}, 0x404c0c0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x10) 4m50.080996648s ago: executing program 1 (id=2411): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) read$dsp(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) r8 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r8, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) listen(r8, 0x0) r9 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r9, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) accept4(r8, 0x0, 0x0, 0x0) sendmmsg(r9, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)="7c220752098d1a03003fb4d50b17b9653538f559e8ca1a63dfa1a8f54135abe90913a7bb3930c14e8d1808268429578d92871b8681b42a7a264d4c578a7c26845616d98fc09729e3d8c0aa68e95af732c067f9dd1d9fdd4ee2008561e5a690de23248e60f4ab6390f520377d0a68cc822a17c773be19ee5b51b2428acd21725b17f5fadc10e18e574983e260010d619f74dd4c30", 0x94}], 0x1, &(0x7f0000000480)=ANY=[], 0x170}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000f40)="f48f2d", 0x7313485bca3e9141}], 0x1}}], 0x2, 0x0) 4m50.079949764s ago: executing program 3 (id=2412): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000880)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newtaction={0x270, 0x31, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x25c, 0x1, [@m_vlan={0x124, 0x10, 0x0, 0x0, {{0x9}, {0x5c, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x400, 0xfffffffd, 0x0, 0x1000, 0xfff}, 0x2}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x4ac}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x400, 0x8001, 0x4, 0xeea, 0x2}, 0x3}}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x3ee}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xb71}]}, {0xa0, 0x6, "8b4e5c8b9256de50fd5abbf50c9121243ca9c7ed44aa0a8520332d3456057927da1835a143dc705d8aca3cbf8f87636054ab701138b6d70610b3dcad5ffa46dcafd4f3d48ad45b17dd0ed1da12823afb5cc4e1aff5c44aef8cbdb864a8100ccc03eb11b48b57bed77b6ab863fb55f0c401b9ff161a9eb68e798a8ac886af090cfd506c1ac2064629360e18cca6692cdae9f56a8e8fbce0a1d6cca251"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ct={0x50, 0x1, 0x0, 0x0, {{0xffffffffffffffcf}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0xd, 0x6, "68346e3f013a0a2b40"}, {0xc}, {0xc}}}, @m_gact={0xe4, 0x3, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x2, 0xea3, 0x20000000}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x10000000, 0x34e, 0xffff}}]}, {0x93, 0x6, "a18bcce5c29f9203c329bf4afe2ef0dce30a257c78e8c4a0e9fcfa2af2f1de53ff14b3412be05fe7843fa32a3b7d402d7c2bd5a8c7f33de2aeb67fb6dc7e8059010ba01d13e4b17e596958b4051015854a9b310cc452163a9aa5849fbd2e4007f68d5f5919b923593253764f3a24bc551a9b767800d9fb4190c655ab926b89606e1e8acef807d4d0cab28307157b3d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x270}}, 0x0) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, r0}) 4m49.931433595s ago: executing program 2 (id=2413): setsockopt$netrom_NETROM_N2(0xffffffffffffffff, 0x103, 0x3, &(0x7f0000000200)=0x8, 0x4) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=ANY=[@ANYBLOB="f80000001600712f1444c6ba2bf8000020010000000000000000000000000002a600000200000000000000000000000000000000000000000000000000000000be4943f8ff6edc195d653d870d2e71596be470e73e0f92ca781d2f3c6ed61529c7e582b727807a071c5a84632a29f8dd09c1370069a679e3560b4e000e43670f35797e7b71e9966fa83d5550033d128ad73033faa802bba66272565b52776feb68d801d4c83babf6b458e161533dfe6a1e252464cb6d0c36ca7b7eeb30164824b2cc69f22140955cecde517f284b37eb8ad983a908047b462aa58bd22fe56b0d8870e9d332f55b3371d536ab314f1aa645897ecd0192fa94b6771cd08bb3865022a70000df9eac893f4284b7c724bddd6b333c7643ecccc96e11d7baf2629b520c059b", @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x80) r2 = getpid() unshare(0x2a020480) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2000000000000080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYBLOB="ec000000210001000000000000000000ac1e000190254708f1678e0700000100ff02000000000000000000000000000100"/59, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ff020000000000000000000000000001fe8000000000000000000000000000bbfe800000000000000000000000000000e000000200000000000000000000000000000000000000000000000000000000000000000000ffff00000000fc0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"], 0xec}}, 0x0) bpf$LINK_DETACH(0x22, &(0x7f0000000080), 0x4) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000100)=r2) syz_open_dev$vim2m(&(0x7f00000000c0), 0x3, 0x2) syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x43, 0x0, 0x5a) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000fc5000/0x1000)=nil, 0x1000, 0x2000005, 0x100010, 0xffffffffffffffff, 0xffffc000) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000001ac0)={r5, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}}) dup(r6) 4m49.931121585s ago: executing program 3 (id=2414): openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) accept(0xffffffffffffffff, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x80) (async) r0 = accept(0xffffffffffffffff, &(0x7f00000001c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x80) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x34, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) timer_create(0x2, 0x0, &(0x7f0000000180)=0x0) timer_settime(0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) timer_settime(0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_gettime(r2, &(0x7f0000000140)) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x9, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062430bc068829afff36b31fa7e35ce95d04"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0xe40, 0x0, &(0x7f0000000240)="5cdd3086ddff0066b3c9bbac88a8862c00dffd0013dd000000000000000088a8f5df86dd", 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="500100001a000100000000000200000002001c1f0000c808ffffffea080006000700000008000400", @ANYRES32=r1, @ANYBLOB="06001c004e21000008000100ac1414"], 0x150}, 0x1, 0x0, 0x0, 0x2000c094}, 0x4040084) 4m49.146616518s ago: executing program 0 (id=2415): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f000001aa40)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x34}]}, @NFT_MSG_NEWSETELEM={0x30, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x10, 0x1, 0xf4, 0x0, {0x0, 0x84}}}, 0xb4}}, 0x0) 4m49.050397036s ago: executing program 2 (id=2416): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x50) (async, rerun: 64) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYBLOB], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) (async, rerun: 64) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x88100) io_submit(0x0, 0x1, &(0x7f0000000a40)=[&(0x7f0000000840)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xd, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088", 0x0, 0x800, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x5}, 0x50) (async, rerun: 32) r3 = socket$inet(0x2, 0x2, 0x0) (rerun: 32) setsockopt$inet_mreqn(r3, 0x0, 0x20, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) (async) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r4, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) (async) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000200)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x14) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000840)={@multicast2, @loopback}, 0xc) (async) r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r6}, &(0x7f0000bbdffc)) (async) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async, rerun: 64) futex(&(0x7f0000000180)=0x1, 0x5, 0x2, 0x0, 0x0, 0xfffffffc) (rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x6ceb3000) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async) rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) (async) syz_clone3(&(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) (async) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f0000000080)={0x0, &(0x7f0000000040)}) (async) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async, rerun: 32) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) (async, rerun: 32) setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a0101"], 0x57) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a01010044140503000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) (async) r7 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file1/file0\x00', 0x101000, 0xc) ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000180)={0x1, 0x14, 0x4, 0xfffd, 0xaa, 0x40, &(0x7f0000000480)="c9ea87d1c0e550f1a28fbc590fe3489fc3b1fa4828b551545d337b76b362d12de25d965d8ebc69c08ff64b72f94c9fde5b730f488f9a6f961aead38ece4e5a72e772805d1e5192819db1d15a6571e6c30246899c933f27eb61a36c978d828f5b691493d08ade579aa4dd705321af6e52887f1952b34e55ded07093432234ba4fbfe9bee9fc7fb0a78c7b852d6d75192a0338e929ed579b39161524e66360b5f1f882436829db4e911f66"}) 4m48.983509398s ago: executing program 3 (id=2417): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r2, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0xb97979010a91f913, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00'}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000009104"]) mmap$IORING_OFF_SQ_RING(&(0x7f0000fed000/0x4000)=nil, 0x4000, 0x2, 0x10, r6, 0x0) 4m48.950573523s ago: executing program 0 (id=2418): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000017c0)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x0, 0x0, 0x1f}, 0x2}, [{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, {}, {}, {0x5943}, {}, {}, {}, {0x0, 0x0, 0x0, 0x10}, {}, {}, {0x0, 0xa2}, {}, {}, {}, {0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x8}, {}, {0x0, 0xfffffffe, 0x400000}, {0x0, 0xfffffffc}, {0x0, 0x0, 0xfffffffe}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0xffff8000}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {0x0, 0x0, 0x0, 0x2ca2}, {}, {0x0, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x5}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x27a}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x4}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x47d6}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {0x0, 0x0, 0x3}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0xfffffc00}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x80000000}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {}, {0x0, 0x40000000, 0x1}, {0x2}, {}, {0x80000}, {0x0, 0x0, 0x0, 0xffffffff, 0x6}, {0x0, 0x0, 0x0, 0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, {0x4}, {}, {0x0, 0x0, 0x0, 0x400}, {}, {0x0, 0xa, 0xfffffffc}, {0x0, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x1, 0x0, 0x9d}], [{}, {}, {}, {}, {}, {0x0, 0x1}, {}, {0x6}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {0x0, 0x1}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x7}, {}, {}, {}, {}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xe68}}, 0x0) 4m48.819594334s ago: executing program 0 (id=2419): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000240a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000064000000060a0104006f0000000000000100000008000b40000000003c000480380001800b00010064796e7365740000280002800900010073797a32000000000800024000000000080003400000000008000440000000000900010073797a30"], 0xd8}}, 0x0) 4m48.536848123s ago: executing program 0 (id=2420): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x20, 0x17, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}}, 0x880) 4m48.536361389s ago: executing program 4 (id=2421): socketpair(0x1, 0x100000005, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='tlb_flush\x00', r0, 0x0, 0x10000000000000}, 0x18) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) dup(r1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) kcmp(0x0, 0x0, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x558, 0x0, 0xffffff80, 0x178, 0x0, 0x178, 0x488, 0x22b, 0x258, 0x488, 0x258, 0x2034, 0x0, {[{{@uncond, 0x1d, 0x300, 0x320, 0x340, {0x1e0002a8, 0x7203000000000000}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x1a, 0x64, [{}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {0x0, 0x1, 0x0, 0x10000000}, {}, {}, {}, {}, {}, {0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}, {}, {}, {}, {}, {}, {}, {0xffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfd}]}}, @inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1_to_bridge\x00', 'geneve1\x00'}, 0x0, 0x100, 0x168, 0x0, {}, [@common=@ah={{0x30}}, @common=@ipv6header={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b8) 4m48.534027947s ago: executing program 3 (id=2422): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_qrtr_TIOCOUTQ(r1, 0x5411, &(0x7f0000000300)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x120}}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)={0x1c, 0x20, 0x9, 0x2, 0x25dfdbfe, {0x1}, [@typed={0x8, 0x8, 0x0, 0x0, @fd=r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xfb135cbad5eb549c, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a0000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8"], &(0x7f0000000140)='GPL\x00', 0x9, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r7 = syz_open_dev$vcsa(0x0, 0x200, 0x0) r8 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan0\x00'}) ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f00000000c0)={r9}) ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="15374dd78f25000000100000783b44bee74f835d3bf7af624f3639867bfa747365"]) 4m48.148952114s ago: executing program 1 (id=2423): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = getpid() r2 = socket$kcm(0xa, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b4861ea30df81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cf"], 0x0, 0x5}, 0x94) sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000640)=[{0x20, 0x84, 0x8, "941f6721e757691d02"}, {0x18, 0x84, 0x0, 'b'}], 0x38}, 0x41) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$packet(0x11, 0x0, 0x300) setsockopt$SO_TIMESTAMP(r4, 0x1, 0x40, &(0x7f0000000200)=0x102, 0x4) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000845, 0x0, 0x0) r5 = dup(r0) sendmsg$IPSET_CMD_TYPE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x20000001) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xf, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x1, 0xe7030000}, {0x16, 0x0, 0x0, 0x6}}, [], {{0x4, 0x1, 0x3, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$unix(r5, 0x0, 0x0) 4m41.428676236s ago: executing program 3 (id=2424): r0 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000000)) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000140)={&(0x7f0000000080)="de9d8b6ae3db8b4a077358ded042f6f1671824c1d6d6b58129841ea7a3c90be1f3c0345a4b2b18f285ce294cf1b1ac0a3812182a623a1d0a1073fb94ef922f843c47d6f657099247b63d8d048c9c852c9409b7b72d31cf14490d3ca80d558459e91c4ab29065223e029dad144f9240e031e06240bcf9171a044e630c5599c1fa377db4ff70bc533066f4", 0x8a}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x1ff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1c, 0x18, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0xb9}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x5}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x10}, @map_fd={0x18, 0x1, 0x1, 0x0, r0}, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x3, 0x0, &(0x7f00000002c0), 0x40f00, 0x2, '\x00', 0x0, @fallback=0xf, r0, 0x8, &(0x7f0000000300)={0xa, 0x2}, 0x8, 0x10, &(0x7f0000000340)={0x2, 0x10, 0x8, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x1, &(0x7f0000000380)=[r0, r0, r0, r0, r0], &(0x7f00000003c0)=[{0x0, 0x1, 0x2, 0x9}], 0x10, 0x3}, 0x94) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), r0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000005c0)={'syztnl1\x00', &(0x7f0000000540)={'gre0\x00', 0x0, 0x80, 0x80, 0x183, 0x1, {{0xd, 0x4, 0x3, 0x4, 0x34, 0x65, 0x0, 0xff, 0x2f, 0x0, @loopback, @private=0xa010101, {[@timestamp_addr={0x44, 0xc, 0xaa, 0x1, 0x6, [{@broadcast, 0x2}]}, @ra={0x94, 0x4}, @rr={0x7, 0x7, 0xc7, [@broadcast]}, @lsrr={0x83, 0x7, 0x2b, [@multicast1]}]}}}}}) getpeername$packet(r0, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000640)=0x14) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000740)={'syztnl2\x00', &(0x7f0000000680)={'gretap0\x00', 0x0, 0x80, 0x7800, 0xac81, 0xfffffffd, {{0x1b, 0x4, 0x1, 0x10, 0x6c, 0x66, 0x0, 0x4b, 0x0, 0x0, @local, @broadcast, {[@end, @timestamp_addr={0x44, 0x24, 0x10, 0x1, 0x5, [{@remote, 0x4}, {@remote, 0x4}, {@local, 0x2}, {@local, 0x5}]}, @timestamp_prespec={0x44, 0xc, 0xf0, 0x3, 0x7, [{@multicast2, 0xcf49de44}]}, @timestamp_prespec={0x44, 0xc, 0xa9, 0x3, 0xf, [{@multicast1, 0x4}]}, @noop, @rr={0x7, 0x17, 0x77, [@loopback, @multicast1, @local, @rand_addr=0x64010100, @broadcast]}]}}}}}) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000a40)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000a00)={&(0x7f0000000780)={0x244, r2, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@ETHTOOL_A_FEATURES_HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_FEATURES_WANTED={0x1e4, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0xe2, 0x5, "d29d187f32f15d84287cfdfbe975748da8a36ffcceddfa3598b07c5a65260afcef07762ac3fbf64e799ea2c2d30a92273d9d8af15bfcfd1f2642b992d58a9b928f17fe1b488e6bb268caa0171ed4f1be12cbc07a72aaead853908db4a931a98de85bdbacdf17a7b45aaecb252bae298135eb49de88a89eaf490082a5183c3ad0cc1b79dbb88d022807b76c065a9d3602812cc62a57f4bedd595fbf6bc400f501788dfd7d66642d77bd8eeeae9abbf18a0ce47d9a89b0f44812a3fa3d5ce9f28adeca5f350e5dd29ab085f47db63bf2f2b1d5d09a41f342509b0421e9abb6"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0xee, 0x5, "ceb1bf6a2696dfc4028bcd3c0f66a9344fad777a804829d3902753ee87cb2bac7a7802a3b89dbb200ada5aacd48d2fb3533ea992686e773aa039c67672a027ca706bc5818daad62faae0e67c8c638ea0cd262cc1901ebeb90badb8e991d2bd3d7c8c73a1f8013d24238f48a7306e4e46062ba734e4044dbf2151f2d95fcb166f94f670b378b615a5baa18f1c98c53eb737991ed318cf8955027d3380f27cc1034896680e891bbc0bbc6ca91eca98abf9192c9f06e3c13cb10af7243069c0413bfa161fd7ed46566447d3bc5ad413fb87c2b3bc4cdc831c57710c70bdf4de8d86267de2684113ded3d1ad"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5}]}]}, 0x244}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) sendmsg$inet(r0, &(0x7f0000000cc0)={&(0x7f0000000a80)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="3f9f07e8793dcb788666c5777c2365e3854c0c80c7f6679d33b33666bb518a1a1176ab0d845d44eac08f91d82809b1ff06339782d3488084c0bf2ea56bc6e634effd118aa0ec87feb0fd25f22245ae9a4f8a51739619bd5714edcdcfac6b4a2f7b9f34dd88734a8dff4b2771104870d5bb016ca37f2c3f69b698de953767018a412c4511b65a7ab0fe7b52a6343653d9d232fb9ea11ad8534ad75b869538c317ed1d5d19af81b623b5e1fd83f94ef6e42cbfadbf482103445e7b70b483df20b370dc3e82c8cdfadf", 0xc8}], 0x1, &(0x7f0000000c00)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x5}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @remote, @multicast1}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3ff}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xe9}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @remote}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xffffffff}}, @ip_ttl={{0x14, 0x0, 0x2, 0x46}}], 0xb8}, 0x4000000) fcntl$lock(r1, 0x26, &(0x7f0000000d00)={0x0, 0x2, 0xa3d0, 0x10001, 0xffffffffffffffff}) r6 = socket$l2tp(0x2, 0x2, 0x73) sendto$inet(r6, &(0x7f0000000d40)="b8387253fe6912d863bf70592e62984b0b51fdce954fa01693ab6a7e59b3747daf529e84f11ecebf269df342ee2fb72397b1c0c15aff60bf89d90e07a355c214845375bec799dab8dc9b3d8f1679afd7204f32254124d83527b703bc63cf70652869e80d246371b3e04c742afcdbc53d679cf208cad5db3feebe220261666ea308158e41c99969e3ed54df3764d5eedba5d37a1336f33a16bad143f50e0b1dcf78139a9d9cc7f8a9c9077241cef1684926357c7a4ee08bdd5b99a1cd6af84ccf0e783b3fbedaecd8e5c67ca781600438d56ad2eab05d120fa3e63a4bf4ae2480583c0938b13040f1a58c1a733dc586aa20670333589f9d6f54c359e63da9", 0xfe, 0x2404c104, &(0x7f0000000e40)={0x2, 0x4e21, @private=0xa010100}, 0x10) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000f80)={&(0x7f0000000e80)=[0x0, 0x0, 0x0], &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000f40)=[0x0, 0x0, 0x0], 0x3, 0x4, 0xa, 0x3}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000001000)={&(0x7f0000000fc0)=[0x0], 0x1, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000001080)={r8, r14, 0x9, 0xfffffff7, 0x4}) socket$netlink(0x10, 0x3, 0x5) r15 = fsopen(&(0x7f00000010c0)='fuseblk\x00', 0x0) r16 = dup3(r1, r15, 0x80000) r17 = syz_open_dev$dri(&(0x7f0000001100), 0x0, 0x183181) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r16, 0xc02064b9, &(0x7f0000001240)={&(0x7f00000011c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000001200)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x4, r10}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r16, 0xc02064b9, &(0x7f0000001300)={&(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0], 0x4, r12, 0xc0c0c0c0}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000001540)={&(0x7f0000001340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001380)=[{}, {}, {}], &(0x7f0000001480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000014c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x3, 0xa, 0xa, 0x0, r12}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000001740)={&(0x7f00000015c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001600)=[{}, {}], &(0x7f00000016c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000001700)=[0x0, 0x0, 0x0, 0x0], 0x2, 0x4, 0x5, 0x0, r11}) ioctl$DRM_IOCTL_MODE_ATOMIC(r17, 0xc03864bc, &(0x7f0000001840)={0x100, 0x3, &(0x7f0000001140)=[r7, r13, r9], &(0x7f0000001180)=[0x7c, 0x9, 0x7e5], &(0x7f00000017c0)=[r18, r19, 0x0, r20, r21], &(0x7f0000001800)=[0x0, 0x9, 0xff, 0xed2, 0x5, 0x5, 0x9], 0x0, 0x4}) socket$inet(0x2, 0x3, 0x9) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001980)={&(0x7f0000001880)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9c, 0x9c, 0x6, [@func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0x3, 0x3}, {0x8, 0x1}, {0x7, 0x2}, {0x8, 0x3}, {0x2, 0x4}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x1, 0x3}}, @typedef={0x7, 0x0, 0x0, 0x8, 0x5}, @int={0x4, 0x0, 0x0, 0x1, 0x0, 0x4b, 0x0, 0x35, 0x2}, @enum64={0xb, 0x2, 0x0, 0x13, 0x1, 0x8, [{0xa, 0x0, 0x3}, {0x10, 0x5, 0x3}]}, @var={0x2, 0x0, 0x0, 0xe, 0x2, 0x3}]}, {0x0, [0x2e, 0x0, 0x61, 0x2e]}}, &(0x7f0000001940)=""/33, 0xba, 0x21, 0x0, 0x6, 0x10000, @value=r6}, 0x28) read$FUSE(r16, &(0x7f00000019c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r22, 0x68, &(0x7f0000003a00)=""/45) 4m41.428119173s ago: executing program 4 (id=2425): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000000040)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)={0x5, 0x10, 0xfffffffd, {0x0, 0x2710}, {0x77359400}, {0x0, 0x1, 0x1}, 0x1, @can={{0x1, 0x0, 0x1}, 0x8, 0x3, 0x0, 0x0, "db62a24ce964087d"}}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r3, {0x1}, {0x9, 0xc}, {0xfff2, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x1500}, 0x40044) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$can_bcm(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)={0x5, 0x820, 0xfffffffb, {}, {0x77359400}, {0x0, 0x1, 0x1}, 0x1, @canfd={{0x31c, 0x1, 0x0, 0x1}, 0x2c, 0x0, 0x0, 0x0, "3fb3d4e4011ae684b84cb775fb1b69033846574452064067f6aa7310e759482da9b7b6578ae61afcd1997acf06273fa76185ad16116b2ce25faaeb2a49823b9f"}}, 0x80}, 0x1, 0x0, 0x0, 0x40805}, 0x4840) 4m41.427844628s ago: executing program 0 (id=2426): r0 = socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40004) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip_vti0\x00', &(0x7f00000002c0)={'erspan0\x00', 0x0, 0x20, 0x8, 0x8, 0xffffffff, {{0x5, 0x4, 0x2, 0x3, 0x14, 0x64, 0x0, 0x0, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x28}, @empty}}}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare(0x2040600) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0xff, 0x2, 0x9, 0x1, 0xffffffffffffffff, 0x9}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r3, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2) r5 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000180)=0xc) ftruncate(r5, 0xffff) fcntl$addseals(r5, 0x409, 0x7) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000100)={r5, 0x0, 0x0, 0x1000}) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000080)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000000c0)=0x5) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001ec0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x3}, 0x28) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) setsockopt$inet6_int(r0, 0x29, 0x34, &(0x7f0000000000)=0x10, 0x4) 4m41.426707179s ago: executing program 2 (id=2427): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)={0x1c, 0x0, 0x1, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x803341) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x14, 0x0, 0x200, 0x170b92c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40951}, 0x4014) r2 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0019800400ad00"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) 4m32.305716324s ago: executing program 3 (id=2428): socket$kcm(0x10, 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="8500000008000000760000000000000027000000000000009500000000000000d9e029f8c1652bc575bc1dc3a9fa16094393337a693d6504978ceb558b41537525a394249a1506da9ac69561c187afa3ba7ebc3af563e1e94ceec996695d1d26bbfb2feebab62478775a18852a3359fb20d4d020daf585b85d18b24cf00e3ac10552a5c9acddcb10eae4445de245fe9c7bf90262293683e504b59ef6d4568f30efe6465b5e0aeb3c6f9f5c6ad0a0891670e48b75f80000000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket(0x2b, 0x80801, 0x1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, 0x0, 0x0) read$msr(r1, &(0x7f0000001b00)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0) r4 = inotify_init1(0x0) r5 = dup(r4) inotify_rm_watch(r5, 0x0) epoll_pwait(0xffffffffffffffff, &(0x7f0000000180)=[{}], 0x1, 0xffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xe, 0x3, 0xee3, 0x8000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000796412000000000000000001851000200600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000001000180000000000001000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000200085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78) 4m5.92765708s ago: executing program 32 (id=2426): r0 = socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40004) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip_vti0\x00', &(0x7f00000002c0)={'erspan0\x00', 0x0, 0x20, 0x8, 0x8, 0xffffffff, {{0x5, 0x4, 0x2, 0x3, 0x14, 0x64, 0x0, 0x0, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x28}, @empty}}}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare(0x2040600) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0xff, 0x2, 0x9, 0x1, 0xffffffffffffffff, 0x9}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r3, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2) r5 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040), &(0x7f0000000180)=0xc) ftruncate(r5, 0xffff) fcntl$addseals(r5, 0x409, 0x7) r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000100)={r5, 0x0, 0x0, 0x1000}) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000000080)=0x2) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000000c0)=0x5) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001ec0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x3}, 0x28) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) setsockopt$inet6_int(r0, 0x29, 0x34, &(0x7f0000000000)=0x10, 0x4) 3m53.022152317s ago: executing program 33 (id=2423): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = getpid() r2 = socket$kcm(0xa, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000aecd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad94ed406f21caf5adcf920569c00cc1199684fa75814709fea019af247c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c1faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fca4e0b6fab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b79db2e3d5986c82b5aa94e539b204d58f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c7160ec83070000020000004015cf10453f6c0b973b4861ea30df81a484ebad04859d928365a7ea3fab8b4b380a00d72b0000000000001cf555c14d56b51c2298237bebfc08e0d5976a942b846970cf"], 0x0, 0x5}, 0x94) sendmsg$kcm(r2, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000640)=[{0x20, 0x84, 0x8, "941f6721e757691d02"}, {0x18, 0x84, 0x0, 'b'}], 0x38}, 0x41) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$packet(0x11, 0x0, 0x300) setsockopt$SO_TIMESTAMP(r4, 0x1, 0x40, &(0x7f0000000200)=0x102, 0x4) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="04", 0x1, 0x20000845, 0x0, 0x0) r5 = dup(r0) sendmsg$IPSET_CMD_TYPE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x24008000}, 0x20000001) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xf, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x1, 0xe7030000}, {0x16, 0x0, 0x0, 0x6}}, [], {{0x4, 0x1, 0x3, 0x2, 0x3}, {0x5, 0x0, 0xb, 0x3}, {0x85, 0x0, 0x0, 0x76}}}, &(0x7f0000000040)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) connect$unix(r5, 0x0, 0x0) 3m52.606969422s ago: executing program 34 (id=2427): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)={0x1c, 0x0, 0x1, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x803341) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x14, 0x0, 0x200, 0x170b92c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40951}, 0x4014) r2 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0019800400ad00"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) 3m33.297485526s ago: executing program 35 (id=2428): socket$kcm(0x10, 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="8500000008000000760000000000000027000000000000009500000000000000d9e029f8c1652bc575bc1dc3a9fa16094393337a693d6504978ceb558b41537525a394249a1506da9ac69561c187afa3ba7ebc3af563e1e94ceec996695d1d26bbfb2feebab62478775a18852a3359fb20d4d020daf585b85d18b24cf00e3ac10552a5c9acddcb10eae4445de245fe9c7bf90262293683e504b59ef6d4568f30efe6465b5e0aeb3c6f9f5c6ad0a0891670e48b75f80000000000"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket(0x2b, 0x80801, 0x1) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, 0x0, 0x0) read$msr(r1, &(0x7f0000001b00)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0) r4 = inotify_init1(0x0) r5 = dup(r4) inotify_rm_watch(r5, 0x0) epoll_pwait(0xffffffffffffffff, &(0x7f0000000180)=[{}], 0x1, 0xffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xe, 0x3, 0xee3, 0x8000, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000796412000000000000000001851000200600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000001000180000000000001000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000200085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78) 3m17.75065893s ago: executing program 36 (id=2425): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000000040)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)={0x5, 0x10, 0xfffffffd, {0x0, 0x2710}, {0x77359400}, {0x0, 0x1, 0x1}, 0x1, @can={{0x1, 0x0, 0x1}, 0x8, 0x3, 0x0, 0x0, "db62a24ce964087d"}}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r3, {0x1}, {0x9, 0xc}, {0xfff2, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x1500}, 0x40044) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$can_bcm(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)={0x5, 0x820, 0xfffffffb, {}, {0x77359400}, {0x0, 0x1, 0x1}, 0x1, @canfd={{0x31c, 0x1, 0x0, 0x1}, 0x2c, 0x0, 0x0, 0x0, "3fb3d4e4011ae684b84cb775fb1b69033846574452064067f6aa7310e759482da9b7b6578ae61afcd1997acf06273fa76185ad16116b2ce25faaeb2a49823b9f"}}, 0x80}, 0x1, 0x0, 0x0, 0x40805}, 0x4840) 3m6.587328511s ago: executing program 5 (id=2429): timerfd_gettime(0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00') move_mount(r0, &(0x7f0000000180)='./mnt\x00', r0, &(0x7f0000000340)='./mnt\x00', 0x114) unshare(0x22020600) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0x13, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5ba}, [@printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0x6400, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000002a00), 0x1, 0x0) fdatasync(r2) 3m6.087877269s ago: executing program 6 (id=2430): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newchain={0x84, 0x64, 0x100, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x6, 0x4}, {0xfff1, 0xfff3}, {0x2, 0xffe0}}, [@TCA_CHAIN={0x8, 0xb, 0xbe01}, @filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_ACT={0x4}, @TCA_U32_FLAGS={0x8}, @TCA_U32_MARK={0x10, 0xa, {0x5, 0x9c7}}, @TCA_U32_INDEV={0x14, 0x8, 'veth0_vlan\x00'}, @TCA_U32_FLAGS={0x8, 0xb, 0x5}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x24000845}, 0x44080) r4 = socket$unix(0x1, 0x1, 0x0) unshare(0x2040400) r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r6 = dup(r5) write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c) r7 = syz_io_uring_setup(0x68a3, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) epoll_create1(0x80000) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r6, 0x0, 0x0, 0x0, 0x80000}) io_uring_enter(r7, 0x47f5, 0x0, 0x0, 0x0, 0x0) connect$unix(r4, &(0x7f0000000340)=@abs={0x1, 0x0, 0x4e29}, 0x6e) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r11, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r11, 0x0, 0x6) ioctl$sock_SIOCGIFINDEX_802154(r10, 0x8933, &(0x7f0000000040)={'wpan3\x00'}) syz_open_dev$video4linux(&(0x7f0000000080), 0xffffffffffffffff, 0x40b01) 3m5.922649496s ago: executing program 7 (id=2431): socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$cec(&(0x7f00000021c0), 0xffffffffffffffff, 0xd2ec0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b000000"], 0x48) openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x10040, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = creat(0x0, 0x0) r2 = fanotify_init(0xf00, 0x1) fanotify_mark(r2, 0x105, 0x40009975, r1, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x1000000, 0x3) r3 = socket$kcm(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18020000e2ffffff00000000000000c685000000c20000009500001800000000922ae83713ab9600010000801b10fb54a8cb72d232ad558c46fff4208d4990ec11ce9413ac30e00bd0081f8504e19a5183d769676520e98a263345e44d5ad12bca35510100c4d86abeb12303ff1c9fe0d0020000d60400000007d3670000008aff66d6b3181ffc1d62a3954c1198bbc4fa13aee48ca9e8969faebf3183fe803ab3f5024b52dc265b36fc9dae00a09404f01f9504d0976d252bd8d24538556e5e57bee3b8cf464ef3c6a7def8bad3ca6e3abdb21696e340bb8e2a093add57196b40def3858ef569147fa4108328392d322ab5df10a2f69a6bdf72ee7944e810d0223917c3d042410f57466f59544047d6d8ac44060000000000ee16c729300d2301800000000000002b5a8b05fcc154ad5290a8cdb97c343f454ff69dd6cbde49b28a6cb5f4fc0001745cff6e00e7ffffff0000acf3209a08439f1ff01779b6f6df7e02aa6d7760525b595fe1f697bc114ed1778e97a3f0395f946974cfb458be2a34cf924dc37b5592bf17956f3547497aba814382ff67b345b677a9d6523d87008000000400000000003fe8613ca29ff92be0d8deffff7b68136b0046d535dd39c0f35408869e9b342b953f91447e6b9eab304f134306320600a44095254b45a6c1312a13696c7202df5f764713504facc532c5a6d44d99ec7530ed7b0311000000000000e54e9072a22d911f4a2c2e2fa806e63c5cd98a8569a6d6bcfb000064885117e2ad910eae67e0ebe380d0f648713e68153579e02d71c58d147b00821ab9a6475b31e1ebf1369a04000000fbf3983f283f2f00000000992774814d63c933912d000006000000a66acb0a38856929e7d8b1b06c9bd5d7e5490f3b8596b694ea9483bd4bd287c83dd998a74694d18bdd8ad0983bc90770bbd26a82b9d99d5fc04563b523c47ef8c33400e90d02000000000000000edf1147a7afe772cd45af8aeffe2753088e02ca6bb2feec446ce7dbce66f0a93a03371320980865c7c62ea4d8f8a864dce9fa85aeb0454349100296ee2dba39c3f6fd6cf96714e11fe03b5062809a7418b165dd0336d226bac1e1223be1c97b15175d0e664beb126000e96549e1a1228c686edb475b705eaa9515c96f4fc6b3c925ea404e0f1de61026dc6c6618580fd6ce9eac602c1756f6d1056712412131ed9925989e01eae489ec7052e0ed72c326c7a8aa63999e2297c54ce1822d14b7c7699a9d0600f11f2e7f474cffbc35bc8623cd5eb68af82275a940be0400000000000000bcc3fbe7d90de96d6a8e9f32f18d1f606b381e4903b500000000000000000000004a2357ba5f03000000000000005dcf4f2aaee86d4802000000000000007cdb686d5da2a42e4b5024b6535811f362201d4f82012e6af704973d04ea923c19e6cb723c1923b3eea2d73e176dff383c9fbbac53dfdcb1a68c98e96fe39eec23963faf3ebed3409144c7c53d6318ced678a621450a9b01e9f2772e5f2999d3435da02556e36c3215d2bd4e96c93bff3ad06b11cb2d7556414a86dfa94bb7aa52c7febb1e9b2efcbbc5bccf9d39bed802f4f056976ada362ee9cc624ec454b90200fd9603f96908bddc14500000000000000000000000000044d917c62b27679913075731e8fddb07c10c82002d60181588ae63a440454287de9e340f611267f37bdd0f2d21cb06fcaf45a0a297e396f428d43371424b307eef82c5d6d19f3ef0d3b8f7fa51957e3099caab31133b34a1d3eebc0f0c9056df2e9667ba0b55695c7894010079b07e7aef7785e2486472b5cba1f3346c1e8e23deb8c83ab6eb2c72c484241dc3b66da78260f800fffd39368b952f6f4a10295c50c887a31d8b543c5d10f2dbd4d0b84eaad43feb6e169a9f2fcff7000000000000000000e011bc6366f56fa787f212c1f8c0f47f5078191c8a02ad436725771738a2a98891971e3b932352896e1ea10f62e8ef7a87e16151b39d6c27575714540d8c293a3fa4b5a867152823ed853140edda002c16c842b168bb55f6bb713deb57d0aa78d6d4e5fc5be2c402bd246128f41bcb02000000892b135a92e8c844938aa98ba4839a1408a696454d40e5eed4d4dce481ca86bfac54c330331b7f2cde17cbaeb0377696faf546ecbe742d73d47d726a50f6e752f3325255bd7e8b5923aa3cfb6f7e06494f21ca4501391358000000000000000000000800000000000000000075aa0000000000000000000000005560bd9eb81e839e4992e64b074a66cccccf00334fa94da8477be7d99b558ec6a5b1596ac1e7617c6b32eed0cc70286caf2c5189a103f4b0b04aff171c4d388ccf67fea37e782f025c94c853cde330a193a967d907a8c88fcb033e680f559a72150cb900bafcd536f48797915a2fe9922ce27300009e1b36aa4730117d9b00000000003c630000000000008fbbd11b015c415ca04192fbfb1a8b0e3460af35771dbac10062835c9bab3ad09f7a022c52d8000000000000000000004000000000000000000000000000000000000000000400000000000000000000000000006ec473c54399b7b8aa1ee46132fc45da8292631178cecf19550108b8b8423de42957ffe9bb6d752e68d2bc2ce777a17bf4dfdfee5de0f3e4dadf51ab9562827b762fa611ba5f32861c19dffe1dc9fd5c41cd46cf131fd6b0c2ddad90ac33f768f9ecc70327c59918fa5a249befe98262f53c8182d95f6da3698a6a88c2c31d801a8f1f5e0ce05138d5422da0a6a62b9dfe1f39775d1d0c9186096415f544aaf76b0a1c877a6c826a5adcfb22c4a0e5a46271caa3eaf4f389dd5f3c20dbddc0377a4266d7b9fd61b9287e9b4be0a413ee31be0ddecab0ef7b25cba1fb3654ddf291ecb7768ac1e177042cb4c452fa6b3966950000000000000000c187da23d6855500fe8510b51e13a890e394b84a6ea2cc8d42b97c697c29122298d55e2e1cca8e07abda2606a3f381c64b9fec0000000a7965e4854e8e3572ad5149b3872342dea9252132860c9af1bd5fe263c0313dea5d6e0c11a466d6892ed65f34667dd79b07b5cbdd8aa7dd561a26b5562d4861a7e1b0f48930e0b696ea3bee7eb72794e163d7aeac9a0fa5403ac9cb421eae283b0550f1d0d339cd7b96e71d3ab48ad9d7975e0c9b117f71d3ab80a0c9b0284ecc469fa6181c9c71fce07a6ffb23296a107763138e8d9876291af2076890c47925ac773d95d2ca42acb3e5f3a1550665b898462c139ffd0106bc8a61b6117d252efcab7106b4c3a3c13a70ff452e9d2096142c517b0e91b5cf88332faca5b3ee96363065c3ce32d3d39ec36e20d597e05664f2526bd918090649da11f7299789d00f5024df1e99d3efecb9b457642fe810370ba4fbe00fa60a28af966a27a1659e448bbe43a1dcd2ea760018b57a36ac41ef2051a7b703d55c0602540663016e20d50385766df4dac47802a55bd38dd767ee9960c6daa704fc5d01a14591f26b7b538c9bb22f6a2f7a34d1b9edfde3be9e25a110228c64253588ff420644dbc0854e69a7bdda72f93ceaccf92cfe7dd6296c950db10f6dd8a5ef9b73cf6a12a1ba16fdc7e35b805f4fd2fcff0a623722149c1465e4de2d53f0f10b14c21865027abc71a12cb1e9f8029c7a20000000eeb0d53a83e518c8d2052c08b515d9d0bde24ac4e798040c7db0bb03c019507d6377f3d5dd94a27abc6d6b120d61f772407e0d2cb50d29168b68aef9f176b4c3aa8b21279d4ea9c1f669aa8c2c17d5b3a8d1dda58d26f1019af04b7774c85d5bce8be010f27c5211938031c3404680b01279c778bd1fe1b48c4b5b8e0fe756e54a8d76b7cec5e3407d93b4eadc446440607de844acf5524a4657e33af2115547b735b57b5092d0bc8fa6acb832509abe0882d570ce400aaebd7baff88526608d6991aac95751671174129457e4a03aca69d82b64b89e6ad6ed1e275ec5002e48170e4c7b4f3971481098dedb88fba90770e44bf404d5a97fefe2fe8e459fe45933b78c7ab5fe985a480193a20fb07da1455fb283df68af569ac82aa6dc703e29bf158931fb79f2abfa6ff7eb8c4f381c9da58bea460e2ead969933e5391970ca4fddd64da2e5df9c4d82044068caaaab771b37bb06bbe673056d849825525f1120b2250f6b8520381f7a74b1c687781cb6b23e67b918844b83dbaeeb559ec8520d710dd6d6b4e64838bd434a36ed03fc0c488b24571032ffbc9f8ce97041e1bc4729d539358dc9599c1266b9ce2cb6dd0ad57a6e9d3d4a11a27f70b2934c96237e2ba09c58eeda678d4d08b6da99b7a86e946215afb1b48792fde54492e306cb5342e2589874b603a1de972b1f09cc350096f5c3e814118af9ba0793cfdf20c77b34eacfdf63ce59ec4d2f867bf884e941559b068d908325667672b5e1cf71f4829c0493e8b141489ed926b822becead7a0a2b4a4c008ab16b616d60f345e4da54f06443507efe57ea62399ef4eb11b2f559e1b056456a53998bf1c6d13c92e75136147f91ae3a75ca15eb1b51bf700b3c0bf54bc3745ff313c5e75dc66386897f6ee45429371b8d0878c469953a63baf85c1390da13efc353ccbef950c29f39ddf436f0d9bf1be1515ed251d8b6f11ecb16b1e8d1ed04196e9b6c2f9e068b7749bb6c1f533e493f22c901662c65cb761dc2eeff2f698bd4dbae83e2dfdc4f1c7f918a00515c1bc189d10ec22b35c92725cbf0ba244fd029c4f026f68e000000060000ab0476c3fd7f7c1e5c000000000000000000000011e43e39d3f4394fbfa13c416b1c443c5e52eea726491ad75100ebad7c6d5a667c59a3fb158e43da904f19e7e8daa4e90390b8da945f6cd78536c0d2be07221f85ad46b180f256d4d84592691d15d65896b66b63a46705338b67b72dc1c3075fcdc5cbffb0366151632ba5be8ae815dfea9fadfd31c473a24a73d3e5116c3023b3563c72d26fbd59877132bde5ca4ef8d92fd3613c768b35223f6fd0b5e9a8b98cccf1e2b4612e620e3a159d6365c9045aaa826aa0ee6d26cf0397ce674c20824584b464ebdc2f3ea26a7aec4570b242a6677a4e9187f8591c3a9bdc00000000002364bbd93964a8d0bdc802b9be250000000000000000000000000000dd4a009b2ba0d648a6975bcb66956a963912e26eb226af29c9f9f6261884db2d6b172b240dae6c7af327a27c533ab69811ca700d51724999cb8c0a8cace25602c3ecb9f0bcbe9ca6c9a444feb4cd9abbf2db2d583d5279de7f4130"], &(0x7f0000000040)='GPL\x00', 0x4, 0x1076, &(0x7f0000000300)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70) sendmsg$kcm(r3, 0x0, 0xb80b) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x7, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) 3m4.999575567s ago: executing program 9 (id=2433): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18) bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) read$dsp(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000640)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) r8 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r8, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) listen(r8, 0x0) r9 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r9, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) accept4(r8, 0x0, 0x0, 0x0) sendmmsg(r9, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000240)="7c220752098d1a03003fb4d50b17b9653538f559e8ca1a63dfa1a8f54135abe90913a7bb3930c14e8d1808268429578d92871b8681b42a7a264d4c578a7c26845616d98fc09729e3d8c0aa68e95af732c067f9dd1d9fdd4ee2008561e5a690de23248e60f4ab6390f520377d0a68cc822a17c773be19ee5b51b2428acd21725b17f5fadc10e18e574983e260010d619f74dd4c30", 0x94}], 0x1, &(0x7f0000000480)=ANY=[], 0x170}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000f40)="f48f2d", 0x7313485bca3e9141}], 0x1}}], 0x2, 0x0) 0s ago: executing program 8 (id=2432): r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000400)={0x2, 0x1, 0x7, 0x11, 0x1fb, &(0x7f0000000000)="c2365844c24a643ea0361dddbb4eaab36b0e8b0427059733554869968c62fc5af542d1500ed3be2737bed9dbb69c7a084567adf330a735adfcf3076064c138e58156e3f25decbc278204b813445bf02c27f00fa04a3c424322e7da2c85dd1af732712e469b6dca26596776e06efb34d82269de034f764bbef1c4fded88d36c56a3338b6584992eb6c696ad06c03cf73c27487082346f660a796505b2f66509967110f572acd5481f6103580dd1e6cb49ca120179e47285ceac6d70088c311f33fdb482b43b470ae547c7274848048292ee7081c1f3415e0c4d4aa95946142d92bfcfdf281a390fb4028d14a0e5e15252537133a966bc1d0e060a7e82f6a1e19ba7aadb21a30e9a929ca8981855348828e52fc6da6cf82aaa8ea29e55428f5bb6c47f52dbaa208a8d281fb4ced0ff720203ce2a7a56d45ff71e794d4d91b175b1d943eb53997af01655ce4f9cb5231f81dad7037354edfad307d841d9744d7de77a73762648fae9b7813aa590b83014a932add506a58ee9fbf710c24caf505635db0f746284dc1e61f86d53df01f04cdadc0490c31b9ee3fabeee289af3b03a2e8738b21fbf6ee566455b6ef42d6a42a3ebefaf84003923c083ed71da57d38bf07b3338141b853f48df2de47a2c35ee4c1c7a1a1077fd25b0d588461d597db45c66c606fb5a56e81af2a5e04286d3d732668c57e60b509576f5eb2befe39ad24fb67cbeae5d359d8f44283456e801f62abcf868cff5e6070424ac2bb91316faa1ceb64513b455b8cb7bf40a12b5afbd08780078bdf001a77de34916271891f4ff51a389ea9cc0aa399681429a245e55f6cad19e49d6ae7f3910510e9ea00570e1b8321cc6beb92c9a0a24b6fc281e00e8f505789d2be02e3f00ead031f3b58b0aec03fde4da64b521bad1eb79e82a589c9c8803a509ba8a1a5400ceb8a03ad5ce30c0f7eeb0d8c666ff76016df5e3dd621e97d8fc5c01b1074d1f88f3d2476174141a354af2cb5f7d27facde0d58bacae5a5a36888a6743310ddc1b6d4d998b9280a8e09ea9a6b4eb46828f065a51badca4d7483b6bc060617ff858d7a7906949425cfe03bc536ff77a4ef9fdd5afe49c61b7f6a221e30349fdb430c0880734f4df3fada31700cb4ecc4bf473bd96a9e8114f77385512620615244e5126e2417dd7582892f6ffb5aa0af7e9fb096ae34871844defa6b9ceb0441403393c06fafda0a5f3415871411ce1a96963d3292e55107f0d88bee863bb3ca97af88b83d4c56848e122beb56d565fb4b9a03165b88ed8167e54b9395bd49a071f7c2b5edb32df88db9c1ffad1e0e9a49d83dcbfbcb0a634334bdbaaaccd3f405075ba73ca57d695bd20f646b83241f3b04123e7f09422ea20dbd9dbc6568dea477c302cc187becfbcbb64a9c93c9f61bb1d5e99746796116bfc3d8da172d96f1c82b7947f41"}) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000440)={{0x1, 0x1, 0x18, r0, {0x6b23}}, './file0\x00'}) io_uring_enter(r1, 0x72ee, 0x8470, 0x48, &(0x7f0000000480)={[0x7fffffff]}, 0x8) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r1) sendmsg$NL80211_CMD_ASSOCIATE(r1, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x90, r2, 0x8, 0x70bd2c, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_USE_MFP={0x8, 0x42, 0x1}, @NL80211_ATTR_DISABLE_VHT={0x4}, @NL80211_ATTR_DISABLE_HT={0x4}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x20, 0x2, 0x0, 0x0, {0x1000, 0xb, 0x0, 0x6b, 0x0, 0x1, 0x0, 0x3}, 0x300, 0x4, 0x8}}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x8, 0x1, 0x6, 0x0, {0x8, 0x0, 0x0, 0x3fd, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x1, 0x1, 0xcd}}, @NL80211_ATTR_FILS_NONCES={0x24, 0xf3, [0x2, 0x5, 0xd, 0x7f, 0x5, 0x5, 0x5, 0x2, 0x1, 0x0, 0xfff8, 0x7418, 0x4, 0x6f8e, 0xff, 0xd945]}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000004}, 0x1) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000006c0)={0x0, 0x38, &(0x7f0000000680)=[@in6={0xa, 0x4e20, 0x1, @private2, 0x100}, @in6={0xa, 0x4e24, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7ff}]}, &(0x7f0000000700)=0x10) ioctl$BLKGETNRZONES(r1, 0x80041285, &(0x7f0000000740)) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000780)={r3, 0xfed, 0x20}, &(0x7f00000007c0)=0xc) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000800)={r4, 0x5, 0x30}, &(0x7f0000000840)=0xc) io_uring_enter(r1, 0x1c16, 0xec73, 0x8, &(0x7f0000000880)={[0x3]}, 0x8) r5 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7) ioctl$TCSBRK(r5, 0x5409, 0x5) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f00000008c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) r7 = openat$cgroup_ro(r6, &(0x7f0000000900)='cpuacct.usage_sys\x00', 0x0, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r7, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000980)={0x1c, r2, 0x800, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MAX_CRIT_PROT_DURATION={0x6, 0xb4, 0x633}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20044010) recvmsg$unix(r1, &(0x7f0000000c00)={&(0x7f0000000a40), 0x6e, &(0x7f0000000b80)=[{&(0x7f0000000ac0)=""/139, 0x8b}], 0x1, &(0x7f0000000bc0)=[@cred={{0x1c}}], 0x20}, 0x0) ioctl$KVM_GET_DEVICE_ATTR_vm(r1, 0x4018aee2, &(0x7f0000000c80)=@attr_other={0x0, 0xc, 0x3, &(0x7f0000000c40)=0x100}) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000d00)=@IORING_OP_FILES_UPDATE={0x14, 0x68, 0x0, 0x0, 0xfffffffffffffe00, &(0x7f0000000cc0)=[r6, r7, r5, r5, r6, r5], 0x6, 0x0, 0x0, {0x0, r8}}) sendmsg$nl_route_sched(r7, &(0x7f0000000e80)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000d80)=@gettaction={0x9c, 0x32, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_gd=@TCA_ACT_TAB={0x4}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}, @action_gd=@TCA_ACT_TAB={0x38, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x10, 0x3, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x5}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4050}, 0x80000) ioctl$NBD_DISCONNECT(r1, 0xab08) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000ec0)) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_START_AP(r7, &(0x7f0000001000)={&(0x7f0000000f00)={0x10, 0x0, 0x0, 0xc62588f375787698}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f40)={0x64, r2, 0x400, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0xdc, 0x4c}}}}, [@NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @crypto_settings=[@NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_AKM_SUITES={0x10, 0x4c, [0xfac04, 0xfac0e, 0xfac0e]}, @NL80211_ATTR_CONTROL_PORT_NO_PREAUTH={0x4}, @NL80211_ATTR_SAE_PASSWORD={0x12, 0x115, "08f05a84c61fbad1cb71ab7e8cb3"}], @NL80211_ATTR_TWT_RESPONDER={0x4}]}, 0x64}, 0x1, 0x0, 0x0, 0x20000000}, 0x24004884) r9 = syz_usb_connect$uac1(0x5, 0xcb, &(0x7f0000001040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb9, 0x3, 0x1, 0x1, 0xe0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0x8e}, [@extension_unit={0xd, 0x24, 0x8, 0x2, 0x82, 0x9, "c3b8c6ee2b27"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x0, 0xfffb, 0x6, "2db9"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0xd, 0x2, 0x1, 0x40, "cc20"}, @as_header={0x7, 0x24, 0x1, 0xe, 0x7, 0x1002}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x8, 0x8a, 0x85, "90cf28669cb1"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x2, 0x4, 0x8, 0x5}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x2, 0xff, 0xf, {0x7, 0x25, 0x1, 0x82, 0x10, 0x200}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x3, 0x2, 0x4, 0xc, "b3", "d59a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x6, 0x200, 0x3, "52640f768c13"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x2, 0x7, 0xf7, {0x7, 0x25, 0x1, 0x2, 0x7, 0x101}}}}}}}]}}, &(0x7f0000001200)={0xa, &(0x7f0000001140)={0xa, 0x6, 0x200, 0x7, 0x7f, 0x7f, 0x0, 0x7}, 0x8, &(0x7f0000001180)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x1, [{0x4, &(0x7f00000011c0)=@lang_id={0x4, 0x3, 0x810}}]}) syz_usb_control_io$uac1(r9, &(0x7f0000001400)={0x14, &(0x7f0000001240)={0x20, 0x5, 0xf0, {0xf0, 0xe, "c81cad0cb0a9ed1372c990c51a4ba9eaf2fbf0fc0bfa1424a1f2a1732dec5bf23281a869c7eb44b8243ea7c667d4ef9f164416168bd9610d2aaf2ee7f6e7fe0b8a448df2c06127ad86e359a259e7aece6d0cf7eb207fdacfba3fbe5f42bb8c38175e7c7e00c045a3519db322266377d9470913701255d22bbeadb3b0c9c3f6e83e3e8015d2428e3b151c246e80ef8098c315696686fde84d16049bc07d55c10a77af42278dd3dc90523d7b9c9faad4a19c7e1f837da5fc55e5e663243162ffab416964524e321feb1205b38b294e6df2baf16628fc99f54409216e972cafbe0799bb663e236a99f082651eab6bb7"}}, &(0x7f0000001340)={0x0, 0x3, 0xac, @string={0xac, 0x3, "4b5f3b41669eb58329c3bc2d14929c0f11d66e0cc497fa6f96d5360af5346f63c63588b4ddc31a56ed84d5334d3fca6ac70baa0c41dd0f8bd9c9095756db7713498eb09078f2d4fb22dbd59732b48b609d9b58f98d4b8049b7053c32d4467435a634e0b42cb262909c8bfb38ff107b2bc5256ba27c533e104f2f6b2228eae9563f4318d0977004204d755c16bacc622da22bd425fd60c59b884f5ec42dfba3b69719f8ffd77fb457daa4"}}}, &(0x7f00000016c0)={0x44, &(0x7f0000001440)={0x40, 0xf, 0xa6, "4ef90862c88065ad934acfbd534999aae6feddbeadee40faef60aca0734f84cf906b494e2f92adca884949b9c6bc41ebbcc711abae139cf0ba1afaaa7ccadfc80839a6a29f6d72a993f4fad5e5c5c3a2c570107a2d6f6dec6c9676c2487dae77e0cf35e5da368b57e5e755a630de7949ee27395795d4ea30ca47e179dff0b4e3429b66cfb96199243b08b502f76d443d75ab9d7504403cc8a5254996bc629d8d13a0b37a0280"}, &(0x7f0000001500)={0x0, 0xa, 0x1, 0x10}, &(0x7f0000001540)={0x0, 0x8, 0x1, 0xfc}, &(0x7f0000001580)={0x20, 0x81, 0x3, "f481e5"}, &(0x7f00000015c0)={0x20, 0x82, 0x1, "f5"}, &(0x7f0000001600)={0x20, 0x83, 0x3, "34e52b"}, &(0x7f0000001640)={0x20, 0x84, 0x4, "c03a8f44"}, &(0x7f0000001680)={0x20, 0x85, 0x3, "3b8a5d"}}) ioctl$TIOCSERGETLSR(r0, 0x5459, &(0x7f0000001740)) open_by_handle_at(r1, &(0x7f0000001780)=@isofs={0x14, 0x1, {0x4, 0x2c, 0x9, 0x4, 0xffff, 0xc7}}, 0x10000) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r7, 0x5386, &(0x7f00000017c0)) kernel console output (not intermixed with test programs): 0007f26043d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 594.267353][T11677] RAX: ffffffffffffffda RBX: 00007f26037b5fa0 RCX: 00007f260358e929 [ 594.267368][T11677] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000009 [ 594.267386][T11677] RBP: 00007f26043d0090 R08: 0000000000000000 R09: 0000000000000000 [ 594.267398][T11677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 594.267410][T11677] R13: 0000000000000000 R14: 00007f26037b5fa0 R15: 00007ffec9f6bf88 [ 594.267441][T11677] [ 594.375596][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.553997][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.565174][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.573185][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.716668][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.744065][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.775050][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.799874][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.807766][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.820447][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.828380][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.838905][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.936477][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.944165][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.957425][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.965202][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.976675][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.984542][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 594.996096][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 595.934449][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 595.984837][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 596.815375][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 596.822974][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 596.830487][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 596.837915][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 596.845380][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 596.944138][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 596.953024][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 596.961413][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 597.029572][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 597.046237][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 597.067933][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 597.091003][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 597.098484][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 597.119606][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 597.127092][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 597.149469][ T5920] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 597.190828][ T5920] hid-generic 0000:0000:0000.0009: hidraw0: HID v0.00 Device [syz0] on syz0 [ 597.829740][ T9341] usb 4-1: new low-speed USB device number 22 using dummy_hcd [ 598.555510][ T9341] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 598.572311][ T9341] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid maxpacket 32, setting to 8 [ 598.689493][ T9341] usb 4-1: config 0 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 598.719382][ T9341] usb 4-1: config 0 interface 0 has no altsetting 0 [ 598.726384][ T9341] usb 4-1: New USB device found, idVendor=28bd, idProduct=0934, bcdDevice= 0.00 [ 598.736515][T11729] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1661'. [ 598.757003][ T9341] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.983400][ T9341] usb 4-1: config 0 descriptor?? [ 599.010324][T11710] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 599.505234][ T9341] usbhid 4-1:0.0: can't add hid device: -71 [ 599.512213][ T9341] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 600.166993][ T9341] usb 4-1: USB disconnect, device number 22 [ 604.159786][ T2996] kworker/u8:8 (2996) used greatest stack depth: 19672 bytes left [ 610.207073][T11823] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 610.522502][T11830] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1689'. [ 611.647282][T11837] team0: entered allmulticast mode [ 616.037967][T11883] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1706'. [ 618.123416][T11921] lo: entered allmulticast mode [ 619.037954][T11921] tunl0: entered allmulticast mode [ 619.084672][T11929] netlink: 'syz.3.1717': attribute type 1 has an invalid length. [ 619.098284][T11921] gre0: entered allmulticast mode [ 619.130184][T11921] gretap0: entered allmulticast mode [ 619.145075][T11921] erspan0: entered allmulticast mode [ 619.154781][T11931] binder_alloc: 11930: pid 11930 spamming oneway? 1 buffers allocated for a total size of 4096 [ 619.173624][T11921] ip_vti0: entered allmulticast mode [ 619.181772][T11921] ip6_vti0: entered allmulticast mode [ 619.191237][T11921] sit0: entered allmulticast mode [ 619.201921][T11921] ip6tnl0: entered allmulticast mode [ 619.212649][T11921] ip6gre0: entered allmulticast mode [ 619.430772][T11921] ip6gretap0: entered allmulticast mode [ 619.451576][T11921] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.460926][T11921] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.494610][T11921] bridge0: entered allmulticast mode [ 619.514347][T11921] vcan0: entered allmulticast mode [ 619.536712][T11921] : entered allmulticast mode [ 619.551665][T11921] bond_slave_0: entered allmulticast mode [ 619.564049][T11921] bond_slave_1: entered allmulticast mode [ 619.587998][T11921] team0: entered allmulticast mode [ 619.611319][T11921] team_slave_0: entered allmulticast mode [ 619.628732][T11921] team_slave_1: entered allmulticast mode [ 619.660351][T11921] dummy0: entered allmulticast mode [ 619.695924][T11921] nlmon0: entered allmulticast mode [ 619.714215][T11921] caif0: entered allmulticast mode [ 619.731588][T11921] batadv0: entered allmulticast mode [ 619.756238][T11921] vxcan0: entered allmulticast mode [ 619.763190][T11921] vxcan1: entered allmulticast mode [ 619.774691][T11921] veth0: entered allmulticast mode [ 619.784989][T11921] veth1: entered allmulticast mode [ 619.799028][T11921] wg0: entered allmulticast mode [ 619.809615][T11921] wg1: entered allmulticast mode [ 619.824054][T11921] wg2: entered allmulticast mode [ 619.833128][T11921] veth0_to_bridge: entered allmulticast mode [ 619.854475][T11921] veth1_to_bridge: entered allmulticast mode [ 619.873599][T11921] veth0_to_bond: entered allmulticast mode [ 619.885988][T11921] veth1_to_bond: entered allmulticast mode [ 619.897838][T11921] veth0_to_team: entered allmulticast mode [ 619.917330][T11921] veth1_to_team: entered allmulticast mode [ 619.930328][T11921] veth0_to_batadv: entered allmulticast mode [ 619.940642][T11921] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 619.952416][T11921] batadv_slave_0: entered allmulticast mode [ 619.972922][T11921] veth1_to_batadv: entered allmulticast mode [ 619.997387][T11921] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 620.233038][T11921] batadv_slave_1: entered allmulticast mode [ 620.243244][T11921] xfrm0: entered allmulticast mode [ 620.268091][T11953] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1725'. [ 620.271259][T11921] veth0_to_hsr: entered allmulticast mode [ 620.997962][T11921] hsr_slave_0: entered allmulticast mode [ 621.018600][T11921] veth1_to_hsr: entered allmulticast mode [ 621.028698][T11921] hsr_slave_1: entered allmulticast mode [ 621.040891][T11921] hsr0: entered allmulticast mode [ 621.051292][T11921] veth1_virt_wifi: entered allmulticast mode [ 621.086236][T11921] veth0_virt_wifi: entered allmulticast mode [ 621.100832][T11921] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 621.118736][T11921] veth1_vlan: entered allmulticast mode [ 621.174075][T11921] veth0_vlan: entered allmulticast mode [ 621.197846][T11921] vlan0: entered allmulticast mode [ 621.206629][T11921] vlan1: entered allmulticast mode [ 621.215191][T11921] macvlan0: entered allmulticast mode [ 621.235249][T11921] macvlan1: entered allmulticast mode [ 621.248164][T11921] ipvlan0: entered allmulticast mode [ 621.274293][T11921] ipvlan1: entered allmulticast mode [ 621.292010][T11921] veth1_macvtap: entered allmulticast mode [ 622.116626][T11962] netlink: 'syz.2.1727': attribute type 3 has an invalid length. [ 622.123611][T11921] veth0_macvtap: entered allmulticast mode [ 622.130877][T11962] netlink: 'syz.2.1727': attribute type 3 has an invalid length. [ 622.368223][T11962] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1727'. [ 622.591055][T11921] macvtap0: entered allmulticast mode [ 622.606079][T11921] macsec0: entered allmulticast mode [ 622.621786][T11921] geneve0: entered allmulticast mode [ 622.647242][T11921] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.661012][T11921] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.674026][T11921] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.683581][T11921] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 622.693345][T11921] geneve1: entered allmulticast mode [ 622.709674][T11921] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 622.722190][T11921] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 622.734646][T11921] netdevsim netdevsim1 netdevsim2: entered allmulticast mode [ 622.747854][T11921] netdevsim netdevsim1 netdevsim3: entered allmulticast mode [ 622.761897][T11921] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 622.775776][T11921] mac80211_hwsim hwsim10 wlan1: entered allmulticast mode [ 622.787298][T11921] bridge1: entered allmulticast mode [ 622.793858][T11921] mac80211_hwsim hwsim13 wlan2: entered allmulticast mode [ 622.804388][T11921] erspan1: entered allmulticast mode [ 622.810720][T11921] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 622.818863][T11921] ip6gretap1: entered allmulticast mode [ 622.831661][T11921] bond1: entered allmulticast mode [ 622.836973][T11921] wireguard0: entered allmulticast mode [ 622.846006][T11921] batman_adv: batadv0: Interface deactivated: ip6gretap2 [ 622.856595][T11921] ip6gretap2: entered allmulticast mode [ 622.864392][T11921] veth2: entered allmulticast mode [ 622.870313][T11921] veth3: entered allmulticast mode [ 622.876696][T11921] sit1: entered allmulticast mode [ 622.899918][ T5884] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 622.917427][T11921] gretap1: entered allmulticast mode [ 622.923059][T11921] gretap2: entered allmulticast mode [ 622.928914][T11921] bridge2: entered allmulticast mode [ 622.934853][T11921] gretap3: entered allmulticast mode [ 622.941503][T11921] bridge3: entered allmulticast mode [ 622.947027][T11921] gretap4: entered allmulticast mode [ 622.958131][T11921] bond0: entered allmulticast mode [ 622.966497][T11921] gretap5: entered allmulticast mode [ 622.977014][T11921] gretap5: left promiscuous mode [ 623.150240][T11929] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 623.214792][T11980] program syz.0.1733 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 623.235559][ T5884] usb 5-1: no configurations [ 623.243936][ T5884] usb 5-1: can't read configurations, error -22 [ 623.460448][ T5884] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 623.976479][ T5884] usb 5-1: no configurations [ 623.989807][ T5884] usb 5-1: can't read configurations, error -22 [ 624.003274][ T5884] usb usb5-port1: attempt power cycle [ 624.927420][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.933882][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.989352][ T5884] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 625.120699][ T5884] usb 5-1: no configurations [ 625.126014][ T5884] usb 5-1: can't read configurations, error -22 [ 625.171783][T11999] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1738'. [ 625.499527][ T5884] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 626.208482][ T5884] usb 5-1: device descriptor read/8, error -71 [ 626.370291][ T5884] usb usb5-port1: unable to enumerate USB device [ 628.711703][T12020] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1743'. [ 628.724692][T12020] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1743'. [ 629.727668][T12028] FAULT_INJECTION: forcing a failure. [ 629.727668][T12028] name failslab, interval 1, probability 0, space 0, times 0 [ 629.741360][T12028] CPU: 0 UID: 0 PID: 12028 Comm: syz.1.1746 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 629.741390][T12028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 629.741402][T12028] Call Trace: [ 629.741410][T12028] [ 629.741418][T12028] dump_stack_lvl+0x189/0x250 [ 629.741453][T12028] ? __pfx____ratelimit+0x10/0x10 [ 629.741482][T12028] ? __pfx_dump_stack_lvl+0x10/0x10 [ 629.741511][T12028] ? __pfx__printk+0x10/0x10 [ 629.741538][T12028] ? cipso_v4_doi_getdef+0x7e/0x450 [ 629.741575][T12028] should_fail_ex+0x414/0x560 [ 629.741604][T12028] should_failslab+0xa8/0x100 [ 629.741632][T12028] __kmalloc_cache_noprof+0x70/0x3d0 [ 629.741656][T12028] ? netlbl_cfg_cipsov4_map_add+0x7b/0x620 [ 629.741687][T12028] netlbl_cfg_cipsov4_map_add+0x7b/0x620 [ 629.741713][T12028] ? cipso_v4_doi_add+0x6a5/0x810 [ 629.741748][T12028] smk_cipso_doi+0x2ba/0x4e0 [ 629.741771][T12028] ? __pfx_smk_cipso_doi+0x10/0x10 [ 629.741806][T12028] smk_write_doi+0x17b/0x220 [ 629.741827][T12028] ? __pfx_smk_write_doi+0x10/0x10 [ 629.741872][T12028] vfs_writev+0x4b6/0x960 [ 629.741903][T12028] ? __pfx_smk_write_doi+0x10/0x10 [ 629.741929][T12028] ? __pfx_vfs_writev+0x10/0x10 [ 629.741981][T12028] ? __fget_files+0x2a/0x420 [ 629.742012][T12028] ? __fget_files+0x3a0/0x420 [ 629.742036][T12028] ? __fget_files+0x2a/0x420 [ 629.742072][T12028] do_writev+0x14d/0x2d0 [ 629.742103][T12028] ? __pfx_do_writev+0x10/0x10 [ 629.742127][T12028] ? rcu_is_watching+0x15/0xb0 [ 629.742162][T12028] ? do_syscall_64+0xbe/0x3b0 [ 629.742195][T12028] do_syscall_64+0xfa/0x3b0 [ 629.742222][T12028] ? lockdep_hardirqs_on+0x9c/0x150 [ 629.742249][T12028] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.742268][T12028] ? clear_bhb_loop+0x60/0xb0 [ 629.742293][T12028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.742312][T12028] RIP: 0033:0x7f260358e929 [ 629.742334][T12028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 629.742352][T12028] RSP: 002b:00007f26043d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 629.742372][T12028] RAX: ffffffffffffffda RBX: 00007f26037b5fa0 RCX: 00007f260358e929 [ 629.742387][T12028] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000003 [ 629.742400][T12028] RBP: 00007f26043d0090 R08: 0000000000000000 R09: 0000000000000000 [ 629.742412][T12028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 629.742425][T12028] R13: 0000000000000000 R14: 00007f26037b5fa0 R15: 00007ffec9f6bf88 [ 629.742457][T12028] [ 629.742540][T12028] smk_cipso_doi:699 map add rc = -12 [ 633.713069][T12069] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1759'. [ 633.724432][T12069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1759'. [ 633.921403][ T5884] usb 3-1: new full-speed USB device number 33 using dummy_hcd [ 635.242079][ T5884] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 635.259226][ T5884] usb 3-1: config 0 has no interfaces? [ 635.265834][ T5884] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 635.275274][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 635.694243][ T5884] usb 3-1: config 0 descriptor?? [ 635.738177][ T5884] usb 3-1: can't set config #0, error -71 [ 635.931861][ T5884] usb 3-1: USB disconnect, device number 33 [ 636.789961][T12093] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 637.718601][T12103] ubi: mtd0 is already attached to ubi31 [ 639.676101][T12121] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1774'. [ 640.613908][T12123] netlink: 'syz.1.1772': attribute type 6 has an invalid length. [ 640.649774][ T5884] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 640.825362][ T5884] usb 3-1: Using ep0 maxpacket: 8 [ 640.966212][ T5884] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 640.977758][ T5884] usb 3-1: config 179 has no interface number 0 [ 640.985486][ T5884] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 641.007477][ T5884] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 641.053180][ T5884] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 641.163035][ T5884] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 641.197752][ T5884] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 642.338149][T12131] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1775'. [ 642.340380][ T5884] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 642.613616][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 642.674518][ T5884] usb 3-1: can't set config #179, error -71 [ 642.836399][ T5884] usb 3-1: USB disconnect, device number 34 [ 644.608783][T12177] No such timeout policy "syz0" [ 645.726162][T12190] netlink: 216 bytes leftover after parsing attributes in process `syz.0.1792'. [ 646.395543][T12195] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1793'. [ 646.487949][T12197] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1794'. [ 646.551066][T12197] netlink: 'syz.0.1794': attribute type 39 has an invalid length. [ 647.627666][T12214] --map-set only usable from mangle table [ 648.530498][T12229] binder_alloc: 12227: pid 12227 spamming oneway? 1 buffers allocated for a total size of 4096 [ 648.827177][T12236] binder: 12235:12236 ioctl c0306201 200000000240 returned -11 [ 649.110206][T12248] FAULT_INJECTION: forcing a failure. [ 649.110206][T12248] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 649.162028][T12248] CPU: 1 UID: 0 PID: 12248 Comm: syz.1.1810 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 649.162057][T12248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 649.162070][T12248] Call Trace: [ 649.162079][T12248] [ 649.162088][T12248] dump_stack_lvl+0x189/0x250 [ 649.162124][T12248] ? __pfx____ratelimit+0x10/0x10 [ 649.162153][T12248] ? __pfx_dump_stack_lvl+0x10/0x10 [ 649.162183][T12248] ? __pfx__printk+0x10/0x10 [ 649.162202][T12248] ? __might_fault+0xb0/0x130 [ 649.162240][T12248] should_fail_ex+0x414/0x560 [ 649.162279][T12248] _copy_to_iter+0x3f5/0x16f0 [ 649.162323][T12248] ? __pfx__copy_to_iter+0x10/0x10 [ 649.162354][T12248] ? fput+0xa0/0xd0 [ 649.162380][T12248] ? __pfx_bpf_map_show_fdinfo+0x10/0x10 [ 649.162411][T12248] ? seq_show+0x5f5/0x750 [ 649.162443][T12248] seq_read_iter+0xbeb/0xe10 [ 649.162486][T12248] seq_read+0x2e2/0x3d0 [ 649.162517][T12248] ? __pfx_seq_read+0x10/0x10 [ 649.162552][T12248] ? rw_verify_area+0x258/0x650 [ 649.162573][T12248] ? __pfx_seq_read+0x10/0x10 [ 649.162595][T12248] vfs_read+0x1fd/0x980 [ 649.162622][T12248] ? __pfx___mutex_lock+0x10/0x10 [ 649.162651][T12248] ? __pfx_vfs_read+0x10/0x10 [ 649.162674][T12248] ? __fget_files+0x2a/0x420 [ 649.162706][T12248] ? __fget_files+0x3a0/0x420 [ 649.162731][T12248] ? __fget_files+0x2a/0x420 [ 649.162767][T12248] ksys_read+0x145/0x250 [ 649.162793][T12248] ? __pfx_ksys_read+0x10/0x10 [ 649.162812][T12248] ? rcu_is_watching+0x15/0xb0 [ 649.162848][T12248] ? do_syscall_64+0xbe/0x3b0 [ 649.162883][T12248] do_syscall_64+0xfa/0x3b0 [ 649.162910][T12248] ? lockdep_hardirqs_on+0x9c/0x150 [ 649.162937][T12248] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.162958][T12248] ? clear_bhb_loop+0x60/0xb0 [ 649.162983][T12248] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 649.163003][T12248] RIP: 0033:0x7f260358e929 [ 649.163021][T12248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 649.163038][T12248] RSP: 002b:00007f26043d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 649.163060][T12248] RAX: ffffffffffffffda RBX: 00007f26037b5fa0 RCX: 00007f260358e929 [ 649.163075][T12248] RDX: 0000000000000039 RSI: 00002000000004c0 RDI: 0000000000000004 [ 649.163088][T12248] RBP: 00007f26043d0090 R08: 0000000000000000 R09: 0000000000000000 [ 649.163101][T12248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 649.163113][T12248] R13: 0000000000000000 R14: 00007f26037b5fa0 R15: 00007ffec9f6bf88 [ 649.163146][T12248] [ 649.428958][ T5884] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 649.551445][T12250] xt_bpf: check failed: parse error [ 649.906424][T12252] loop2: detected capacity change from 0 to 6 [ 650.055282][T12252] loop2: [POWERTEC] p1 p2 p3 p4 [ 650.064203][T12252] loop2: p1 start 262143 is beyond EOD, truncated [ 650.077140][T12252] loop2: p2 start 16 is beyond EOD, truncated [ 650.087397][T12252] loop2: p3 size 8 extends beyond EOD, truncated [ 650.097201][T12252] loop2: p4 size 1986356271 extends beyond EOD, truncated [ 650.199461][ T5884] usb 1-1: Using ep0 maxpacket: 32 [ 650.205165][ T5920] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 650.294133][ T5884] usb 1-1: config 1 has an invalid interface number: 233 but max is 0 [ 650.309455][ T5884] usb 1-1: config 1 has no interface number 0 [ 650.315676][ T5884] usb 1-1: config 1 interface 233 has no altsetting 0 [ 650.326803][ T5884] usb 1-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=34.ac [ 650.342178][T12259] mkiss: ax0: crc mode is auto. [ 650.358582][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.385033][ T5884] usb 1-1: Product: syz [ 650.389499][ T5920] usb 2-1: Using ep0 maxpacket: 32 [ 650.394157][ T5884] usb 1-1: Manufacturer: syz [ 650.409584][ T5884] usb 1-1: SerialNumber: syz [ 650.416152][ T5920] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 650.421720][T12265] program syz.2.1815 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 650.431760][ T5920] usb 2-1: config 0 has no interface number 0 [ 650.459285][ T5920] usb 2-1: config 0 interface 2 has no altsetting 0 [ 650.473963][ T5920] usb 2-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 650.495723][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 650.531714][ T5920] usb 2-1: Product: syz [ 650.535990][ T5920] usb 2-1: Manufacturer: syz [ 651.015715][ T5884] imon_raw 1-1:1.233: IR endpoint missing [ 651.345631][ T5884] usb 1-1: USB disconnect, device number 25 [ 651.457531][ T5920] usb 2-1: SerialNumber: syz [ 651.467857][ T5920] usb 2-1: config 0 descriptor?? [ 651.589947][T12276] xt_hashlimit: Unknown mode mask FF80, kernel too old? [ 652.063137][T12255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 652.119673][T12255] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 652.196663][T12280] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 652.236397][T12280] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 652.829942][ T5920] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 655.273478][ T5920] usb 2-1: USB disconnect, device number 37 [ 655.662465][T12292] overlayfs: workdir and upperdir must be separate subtrees [ 656.381047][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 656.381069][ T30] audit: type=1326 audit(1751443175.084:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12286 comm="syz.4.1821" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f563238e929 code=0x0 [ 656.725977][T12290] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1823'. [ 657.017441][T12313] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1828'. [ 657.162775][T12313] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1828'. [ 658.849822][ T30] audit: type=1326 audit(1751443177.784:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12340 comm="syz.2.1834" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f937018e929 code=0x0 [ 658.870903][ C0] vkms_vblank_simulate: vblank timer overrun [ 660.328913][ T5884] usb 2-1: new full-speed USB device number 38 using dummy_hcd [ 660.605574][ T5884] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 661.200070][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 661.530951][ T5884] usb 2-1: config 0 descriptor?? [ 661.557909][ T5884] usb 2-1: can't set config #0, error -71 [ 661.796412][ T5884] usb 2-1: USB disconnect, device number 38 [ 662.710296][T12378] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 662.829699][T12378] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 662.839051][T12378] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 662.879108][T12370] mkiss: ax0: crc mode is auto. [ 663.191941][T12381] QAT: Invalid ioctl 1073935638 [ 664.033873][T12397] ubi: mtd0 is already attached to ubi31 [ 664.071279][T12396] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1847'. [ 665.686341][T12412] bond2: entered promiscuous mode [ 665.691767][T12412] bond2: entered allmulticast mode [ 665.701024][T12412] 8021q: adding VLAN 0 to HW filter on device bond2 [ 666.567003][ T9351] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 666.748861][ T9351] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 667.299702][ T9351] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 2 [ 667.308774][ T9351] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 667.322042][ T9351] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.340599][ T9351] usb 1-1: config 0 descriptor?? [ 667.717263][ T5884] usb 1-1: USB disconnect, device number 26 [ 668.121337][T12451] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 668.134607][ T9341] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 668.369226][ T9341] usb 5-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 668.588088][ T9341] usb 5-1: config 36 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 668.739623][ T9341] usb 5-1: config 36 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 668.787884][ T9341] usb 5-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 668.835661][ T9341] usb 5-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 668.864955][ T9341] usb 5-1: Manufacturer: syz [ 668.883212][ T9341] usb 5-1: SerialNumber: syz [ 668.948460][T12462] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1867'. [ 669.068524][ T30] audit: type=1326 audit(1751443187.964:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12458 comm="syz.0.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e1638e929 code=0x7ffc0000 [ 669.090200][ C0] vkms_vblank_simulate: vblank timer overrun [ 669.151583][T12465] mkiss: ax0: crc mode is auto. [ 669.162950][ T30] audit: type=1326 audit(1751443187.964:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12458 comm="syz.0.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e1638e929 code=0x7ffc0000 [ 669.188966][ T30] audit: type=1326 audit(1751443187.964:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12458 comm="syz.0.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7f8e1638e929 code=0x7ffc0000 [ 669.320976][ T30] audit: type=1326 audit(1751443187.964:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12458 comm="syz.0.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e1638e929 code=0x7ffc0000 [ 669.732553][ T30] audit: type=1326 audit(1751443187.964:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12458 comm="syz.0.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8e1638e929 code=0x7ffc0000 [ 669.808056][ T30] audit: type=1326 audit(1751443187.964:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12458 comm="syz.0.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e1638e929 code=0x7ffc0000 [ 669.926347][ T30] audit: type=1326 audit(1751443187.964:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12458 comm="syz.0.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8e1638e929 code=0x7ffc0000 [ 669.971088][ T30] audit: type=1326 audit(1751443187.964:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12458 comm="syz.0.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e1638e929 code=0x7ffc0000 [ 669.996690][ T30] audit: type=1326 audit(1751443187.964:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12458 comm="syz.0.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8e1638e929 code=0x7ffc0000 [ 670.021133][ T30] audit: type=1326 audit(1751443187.964:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12458 comm="syz.0.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e1638e929 code=0x7ffc0000 [ 670.059232][ T9341] yealink 5-1:36.0: invalid payload size 0, expected 16 [ 670.076971][ T9341] input: Yealink usb-p1k as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:36.0/input/input22 [ 670.201813][ C0] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 670.209191][ C0] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 670.216274][ C0] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 670.223352][ C0] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 670.230405][ C0] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 670.237408][ C0] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 670.244444][ C0] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 670.251568][ C0] yealink 5-1:36.0: urb_ctl_callback - urb status -71 [ 670.258375][ C0] yealink 5-1:36.0: urb_ctl_callback - usb_submit_urb failed -90 [ 670.275198][ T9341] usb 5-1: USB disconnect, device number 20 [ 672.329564][ T9351] usb 2-1: new full-speed USB device number 39 using dummy_hcd [ 672.440543][T12505] netlink: 788 bytes leftover after parsing attributes in process `syz.4.1876'. [ 673.039469][ T9340] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 673.124173][ T9351] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 673.140364][ T9351] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 2 [ 673.149486][ T9351] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 673.158930][ T9351] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.173999][ T9351] usb 2-1: config 0 descriptor?? [ 673.211462][ T9340] usb 1-1: Using ep0 maxpacket: 8 [ 673.226763][ T9340] usb 1-1: unable to get BOS descriptor or descriptor too short [ 673.241393][ T9340] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 673.259236][ T9340] usb 1-1: can't read configurations, error -61 [ 673.395649][ T9351] usb 2-1: USB disconnect, device number 39 [ 673.401776][ T9340] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 673.545980][T12513] No such timeout policy "syz1" [ 674.084378][ T9340] usb 1-1: Using ep0 maxpacket: 8 [ 674.180772][ T9340] usb 1-1: unable to get BOS descriptor or descriptor too short [ 674.191155][ T9340] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 674.198873][ T9340] usb 1-1: can't read configurations, error -61 [ 674.238418][ T9340] usb usb1-port1: attempt power cycle [ 674.703391][ T9340] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 674.742358][ T9340] usb 1-1: Using ep0 maxpacket: 8 [ 674.748827][T12526] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1885'. [ 674.779784][ T9340] usb 1-1: unable to get BOS descriptor or descriptor too short [ 674.797708][ T9340] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 674.815766][ T9340] usb 1-1: can't read configurations, error -61 [ 674.900767][T12529] program syz.2.1886 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 675.569469][ T9340] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 675.782331][ T9340] usb 1-1: device not accepting address 30, error -71 [ 676.027534][ T9340] usb usb1-port1: unable to enumerate USB device [ 676.472464][T12555] ieee802154 phy0 wpan0: encryption failed: -22 [ 676.774787][T12556] lo: entered allmulticast mode [ 676.783265][T12556] tunl0: entered allmulticast mode [ 676.811632][T12556] gre0: entered allmulticast mode [ 676.890193][T12556] gretap0: entered allmulticast mode [ 676.909909][T12556] erspan0: entered allmulticast mode [ 676.950425][T12556] ip_vti0: entered allmulticast mode [ 676.960312][T12556] ip6_vti0: entered allmulticast mode [ 676.976434][T12556] sit0: entered allmulticast mode [ 676.994719][T12556] ip6tnl0: entered allmulticast mode [ 677.010810][T12556] ip6gre0: entered allmulticast mode [ 677.022070][T12556] ip6gretap0: entered allmulticast mode [ 677.032043][T12556] bridge0: port 2(bridge_slave_1) entered disabled state [ 677.039471][T12556] bridge0: port 1(bridge_slave_0) entered disabled state [ 677.053584][T12556] bridge0: entered allmulticast mode [ 677.063653][T12556] vcan0: entered allmulticast mode [ 677.073596][T12556] bond0: entered allmulticast mode [ 677.078868][T12556] bond_slave_0: entered allmulticast mode [ 677.085365][T12556] bond_slave_1: entered allmulticast mode [ 677.111376][T12556] team0: entered allmulticast mode [ 677.118930][T12556] team_slave_0: entered allmulticast mode [ 677.129055][T12556] team_slave_1: entered allmulticast mode [ 677.153133][T12556] dummy0: entered allmulticast mode [ 677.174292][T12556] nlmon0: entered allmulticast mode [ 677.190725][T12556] caif0: entered allmulticast mode [ 677.196753][T12556] batadv0: entered allmulticast mode [ 677.216738][T12556] veth0: entered allmulticast mode [ 677.225224][T12556] veth1: entered allmulticast mode [ 677.235295][T12556] wg1: entered allmulticast mode [ 677.244087][T12556] wg2: entered allmulticast mode [ 677.254164][T12556] veth0_to_bridge: entered allmulticast mode [ 677.266471][T12556] veth1_to_bridge: entered allmulticast mode [ 677.278693][T12556] veth0_to_bond: entered allmulticast mode [ 677.291212][T12556] veth1_to_bond: entered allmulticast mode [ 677.301059][T12556] veth0_to_team: entered allmulticast mode [ 677.312295][T12556] veth1_to_team: entered allmulticast mode [ 677.319969][ T9341] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 677.324796][T12556] veth0_to_batadv: entered allmulticast mode [ 677.337324][T12556] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 677.345500][T12556] batadv_slave_0: entered allmulticast mode [ 677.355847][T12556] veth1_to_batadv: entered allmulticast mode [ 677.364842][T12556] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 677.373211][T12556] batadv_slave_1: entered allmulticast mode [ 677.382878][T12556] xfrm0: entered allmulticast mode [ 677.391093][T12556] veth0_to_hsr: entered allmulticast mode [ 677.399139][T12556] hsr_slave_0: entered allmulticast mode [ 677.407533][T12556] veth1_to_hsr: entered allmulticast mode [ 677.416842][T12556] hsr_slave_1: entered allmulticast mode [ 677.425787][T12556] hsr0: entered allmulticast mode [ 677.434261][T12556] veth1_virt_wifi: entered allmulticast mode [ 677.445166][T12556] veth0_virt_wifi: entered allmulticast mode [ 677.455928][T12556] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 677.464646][T12556] veth1_vlan: entered allmulticast mode [ 677.474777][T12556] veth0_vlan: entered allmulticast mode [ 677.493051][ T9341] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 677.497434][T12556] @: entered allmulticast mode [ 677.515194][T12556] vlan1: entered allmulticast mode [ 677.516489][ T9341] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 2 [ 677.535257][T12556] macvlan0: entered allmulticast mode [ 677.536231][ T9341] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 677.552216][ T9341] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 677.569890][ T9341] usb 4-1: config 0 descriptor?? [ 677.582173][T12556] macvlan1: entered allmulticast mode [ 677.604635][T12556] ipvlan0: entered allmulticast mode [ 677.612266][T12556] ipvlan1: entered allmulticast mode [ 677.619817][T12556] veth1_macvtap: entered allmulticast mode [ 677.630849][T12556] veth0_macvtap: entered allmulticast mode [ 677.654500][T12556] macvtap0: entered allmulticast mode [ 677.664397][T12556] macsec0: entered allmulticast mode [ 677.673471][T12556] geneve0: entered allmulticast mode [ 677.691760][T12556] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.703751][T12556] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.712916][T12556] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.721895][T12556] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 677.731114][T12556] geneve1: entered allmulticast mode [ 677.739334][T12556] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 677.751384][T12556] netdevsim netdevsim0 netdevsim1: entered allmulticast mode [ 677.762993][T12556] netdevsim netdevsim0 netdevsim2: entered allmulticast mode [ 677.772756][T12556] netdevsim netdevsim0 netdevsim3: entered allmulticast mode [ 677.787123][T12556] mac80211_hwsim hwsim3 wlan0: entered allmulticast mode [ 677.801903][T12556] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 677.811381][T12556] veth2: entered allmulticast mode [ 677.816699][T12556] veth3: entered allmulticast mode [ 677.823441][T12556] erspan1: entered allmulticast mode [ 677.828855][T12556] mac80211_hwsim hwsim14 wlan2: entered allmulticast mode [ 677.836950][T12556] macsec1: entered allmulticast mode [ 677.842577][T12556] mac80211_hwsim hwsim15 wlan3: entered allmulticast mode [ 677.850047][T12556] gretap1: entered allmulticast mode [ 677.855580][T12556] veth4: entered allmulticast mode [ 677.861064][T12556] veth5: entered allmulticast mode [ 677.867718][T12556] bridge1: entered allmulticast mode [ 677.876022][T12556] gre1: entered allmulticast mode [ 677.909325][ T9340] usb 4-1: USB disconnect, device number 23 [ 678.551560][T12575] netlink: 'syz.1.1899': attribute type 10 has an invalid length. [ 678.589721][T12575] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1899'. [ 678.614198][T12575] batadv0: entered promiscuous mode [ 678.630132][T12575] bridge0: port 3(batadv0) entered blocking state [ 678.652749][T12575] bridge0: port 3(batadv0) entered disabled state [ 678.948540][ T6095] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 678.957930][ T6095] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 680.534920][T12594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1905'. [ 680.640856][T12594] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1905'. [ 680.780747][T12594] netlink: 'syz.1.1905': attribute type 19 has an invalid length. [ 681.319327][T12605] syzkaller1: entered promiscuous mode [ 681.332909][T12605] syzkaller1: entered allmulticast mode [ 682.003283][T12613] xt_connbytes: Forcing CT accounting to be enabled [ 682.010168][T12613] Cannot find set identified by id 0 to match [ 683.659519][ T9351] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 684.295331][ T9351] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 684.339824][ T9351] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 684.386779][ T9351] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 684.421252][ T9351] usb 4-1: config 1 has no interface number 1 [ 684.451426][ T9351] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 684.517588][ T9351] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 139, setting to 64 [ 684.585441][ T9351] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 684.638554][ T9351] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.722069][T12653] xt_CT: You must specify a L4 protocol and not use inversions on it [ 685.304616][ T9351] usb 4-1: Product: syz [ 685.425406][ T9351] usb 4-1: Manufacturer: syz [ 685.430407][ T9351] usb 4-1: SerialNumber: syz [ 685.792135][ T9351] usb 4-1: USB disconnect, device number 24 [ 685.886732][T12666] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 685.925944][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.932482][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.837327][T12669] --map-set only usable from mangle table [ 688.575029][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 688.575050][ T30] audit: type=1326 audit(1751443206.894:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12688 comm="syz.2.1932" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f937018e929 code=0x0 [ 689.529640][ T9351] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 689.799956][T12695] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 689.812363][T12698] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 689.999889][ T9351] usb 5-1: Using ep0 maxpacket: 16 [ 690.716959][T12723] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1928'. [ 690.726584][T12723] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1928'. [ 691.752796][T12731] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 691.984507][T12735] team0: No ports can be present during mode change [ 692.400262][ T9351] usb 5-1: device descriptor read/all, error -71 [ 695.055026][T12757] No such timeout policy "syz0" [ 695.523563][T12770] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1951'. [ 695.533972][T12770] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1951'. [ 696.340061][T12770] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1951'. [ 696.820383][T12780] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1958'. [ 696.890041][T12780] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1958'. [ 696.931990][T12784] netlink: 788 bytes leftover after parsing attributes in process `syz.1.1955'. [ 697.439672][T12780] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1958'. [ 697.477125][T12780] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1958'. [ 698.449650][ T9351] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 699.530538][ T9351] usb 4-1: Using ep0 maxpacket: 8 [ 699.544881][ T9351] usb 4-1: config 251 has an invalid descriptor of length 189, skipping remainder of the config [ 699.555672][ T9351] usb 4-1: config 251 has 0 interfaces, different from the descriptor's value: 1 [ 699.597605][ T9351] usb 4-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00 [ 699.650179][ T9351] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 699.679412][T12812] netlink: 'syz.2.1967': attribute type 3 has an invalid length. [ 699.680365][ T9351] usb 4-1: rejected 1 configuration due to insufficient available bus power [ 699.696307][ T9351] usb 4-1: no configuration chosen from 1 choice [ 699.703504][T12812] netlink: 'syz.2.1967': attribute type 3 has an invalid length. [ 699.741246][T12812] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1967'. [ 699.748203][T12814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1969'. [ 699.810364][T12814] caif0: left allmulticast mode [ 699.821663][T12814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1969'. [ 699.872369][T12814] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 700.348212][T12824] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1974'. [ 700.584693][T12839] tipc: Cannot configure node identity twice [ 700.864310][ T9341] usb 4-1: USB disconnect, device number 25 [ 702.909551][T12860] openvswitch: netlink: Message has 20 unknown bytes. [ 702.916897][T12860] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 703.085015][ T9351] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 703.461190][ T9351] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 703.512496][ T9351] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 703.599838][ T9345] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 703.730571][ T9351] usb 5-1: config 0 descriptor?? [ 703.764145][ T9351] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 703.828201][ T9345] usb 3-1: device descriptor read/64, error -71 [ 704.054116][ T9351] gp8psk: usb in 128 operation failed. [ 704.067919][ T9351] gp8psk: usb in 137 operation failed. [ 704.085184][ T9351] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 704.111204][ T9345] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 704.122508][ T9351] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 704.151876][ T9351] usb 5-1: USB disconnect, device number 23 [ 704.269469][ T9345] usb 3-1: device descriptor read/64, error -71 [ 704.532969][ T9345] usb usb3-port1: attempt power cycle [ 704.580301][T12885] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1995'. [ 704.889670][ T9345] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 705.370144][ T9345] usb 3-1: device descriptor read/8, error -71 [ 705.609492][ T9345] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 705.653401][ T9345] usb 3-1: device descriptor read/8, error -71 [ 705.874485][ T9345] usb usb3-port1: unable to enumerate USB device [ 708.135057][T12938] xt_CT: You must specify a L4 protocol and not use inversions on it [ 708.846116][T12941] loop8: detected capacity change from 0 to 8 [ 708.864649][T12941] Dev loop8: unable to read RDB block 8 [ 709.109674][T12941] loop8: unable to read partition table [ 709.115612][T12941] loop8: partition table beyond EOD, truncated [ 709.788501][T12941] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 710.042168][T12947] Bluetooth: MGMT ver 1.23 [ 710.638401][T12960] No such timeout policy "syz1" [ 711.541535][T12963] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2016'. [ 711.643003][T12970] fuse: Unknown parameter 'gro' [ 711.707324][T12974] ip6t_srh: unknown srh invflags 4000 [ 711.817927][ T9345] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 711.981644][ T9345] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 712.022341][ T9345] usb 5-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 712.039459][ T9345] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 712.058354][ T9345] usb 5-1: config 0 descriptor?? [ 712.414539][ T9345] usbhid 5-1:0.0: can't add hid device: -71 [ 712.483603][ T9345] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 712.741405][ T9345] usb 5-1: USB disconnect, device number 24 [ 712.746207][T12995] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2029'. [ 712.825718][T12995] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2029'. [ 714.157221][ T30] audit: type=1326 audit(1751443233.094:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13012 comm="syz.3.2034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd81858e929 code=0x7ffc0000 [ 714.219991][ T30] audit: type=1326 audit(1751443233.104:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13012 comm="syz.3.2034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd81858e929 code=0x7ffc0000 [ 714.299428][ T30] audit: type=1326 audit(1751443233.134:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13012 comm="syz.3.2034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7fd81858e929 code=0x7ffc0000 [ 714.381973][ T30] audit: type=1326 audit(1751443233.134:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13012 comm="syz.3.2034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd81858e929 code=0x7ffc0000 [ 714.430243][T13018] ieee802154 phy0 wpan0: encryption failed: -22 [ 714.434063][ T30] audit: type=1326 audit(1751443233.134:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13012 comm="syz.3.2034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd81858e929 code=0x7ffc0000 [ 714.541175][ T30] audit: type=1326 audit(1751443233.134:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13012 comm="syz.3.2034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd81858e929 code=0x7ffc0000 [ 714.624003][ T30] audit: type=1326 audit(1751443233.134:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13012 comm="syz.3.2034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd81858e929 code=0x7ffc0000 [ 714.699462][ T30] audit: type=1326 audit(1751443233.144:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13012 comm="syz.3.2034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd81858e929 code=0x7ffc0000 [ 714.741829][ T30] audit: type=1326 audit(1751443233.144:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13012 comm="syz.3.2034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd81858e929 code=0x7ffc0000 [ 714.789539][ T30] audit: type=1326 audit(1751443233.144:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13012 comm="syz.3.2034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd81858e929 code=0x7ffc0000 [ 714.920118][ T9345] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 715.028933][T13036] netlink: 'syz.1.2043': attribute type 8 has an invalid length. [ 715.079652][ T9345] usb 1-1: Using ep0 maxpacket: 16 [ 715.088981][ T9345] usb 1-1: too many endpoints for config 0 interface 0 altsetting 8: 87, using maximum allowed: 30 [ 715.100738][ T9345] usb 1-1: config 0 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 87 [ 715.854178][T13047] random: crng reseeded on system resumption [ 716.063228][ T9345] usb 1-1: config 0 interface 0 has no altsetting 0 [ 716.074876][ T9345] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.55 [ 716.084578][ T9345] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 716.109436][ T9345] usb 1-1: Product: syz [ 716.690246][ T5140] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 717.071809][ T9345] usb 1-1: Manufacturer: syz [ 717.086100][ T9345] usb 1-1: SerialNumber: syz [ 717.221883][ T9345] usb 1-1: config 0 descriptor?? [ 717.242260][ T9345] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 718.543843][T13060] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2052'. [ 718.937579][ T9345] ssu100 1-1:0.0: probe with driver ssu100 failed with error -71 [ 719.299785][T13069] Invalid source name [ 719.304149][T13069] UBIFS error (pid: 13069): cannot open "./file0", error -22 [ 719.307683][T13069] binder: 13064:13069 ioctl 40046210 0 returned -14 [ 719.322815][T13069] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2053'. [ 719.930518][ T9345] usb 1-1: USB disconnect, device number 31 [ 722.466945][T13094] vlan2: entered promiscuous mode [ 722.521827][T13094] bridge0: entered promiscuous mode [ 722.528181][T13094] vlan2: entered allmulticast mode [ 723.560153][T13103] bridge0: port 3(batadv0) entered disabled state [ 723.611999][T13103] bridge_slave_0: left promiscuous mode [ 723.630094][T13103] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.666057][T13103] bridge_slave_1: left promiscuous mode [ 723.675197][T13106] Falling back ldisc for ttynull. [ 723.679905][T13103] bridge0: port 2(bridge_slave_1) entered disabled state [ 723.715202][T13120] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2067'. [ 723.725671][T13103] : (slave bond_slave_0): Releasing backup interface [ 723.763180][T13103] : (slave bond_slave_1): Releasing backup interface [ 723.835754][T13103] team0: Port device team_slave_0 removed [ 723.866333][T13103] team0: Port device team_slave_1 removed [ 723.892805][T13103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 723.922404][T13103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 723.946340][T13103] batman_adv: batadv0: Removing interface: ip6gretap1 [ 723.970482][T13103] bond1: (slave wireguard0): Releasing backup interface [ 723.979935][T13103] batman_adv: batadv0: Removing interface: ip6gretap2 [ 723.996018][T13115] fuse: Bad value for 'group_id' [ 724.002278][T13115] fuse: Bad value for 'group_id' [ 724.009443][T13103] batman_adv: batadv0: Removing interface: gretap4 [ 724.027133][T13103] bond0: (slave gretap5): Releasing active interface [ 724.112872][T13129] veth2: entered allmulticast mode [ 724.124841][T13129] veth3: entered allmulticast mode [ 724.131367][T13129] mac80211_hwsim hwsim19 wlan2: entered allmulticast mode [ 724.138906][T13129] sit1: entered allmulticast mode [ 724.148887][T13129] gretap2: entered allmulticast mode [ 724.155671][T13129] bond0: entered allmulticast mode [ 724.163816][T13129] bridge1: entered allmulticast mode [ 724.182309][T13129] mac80211_hwsim hwsim20 wlan3: entered allmulticast mode [ 724.689642][ T5920] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 724.970893][ T5920] usb 5-1: Using ep0 maxpacket: 8 [ 725.033028][ T5884] usb 3-1: new full-speed USB device number 39 using dummy_hcd [ 725.054661][ T5920] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 725.077105][T13150] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2076'. [ 725.090473][ T5920] usb 5-1: config 179 has no interface number 0 [ 725.101764][ T5920] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 725.116820][ T5920] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 725.131994][ T5920] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 725.160791][ T5920] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 725.204879][ T5920] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 725.210869][T13151] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2076'. [ 725.260792][ T5884] usb 3-1: device descriptor read/64, error -71 [ 725.284041][ T5920] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 725.334616][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 725.359966][ T9345] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 725.647362][T13156] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2077'. [ 725.656659][T13156] openvswitch: netlink: Flow actions attr not present in new flow. [ 726.271554][T13140] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 726.301683][ T9345] usb 1-1: Using ep0 maxpacket: 16 [ 726.335803][ T9345] usb 1-1: config 0 has an invalid interface number: 245 but max is 0 [ 726.374717][ T5884] usb 3-1: new full-speed USB device number 40 using dummy_hcd [ 726.539035][ T5920] xpad 5-1:179.65: probe with driver xpad failed with error -5 [ 726.554944][ T9345] usb 1-1: config 0 has no interface number 0 [ 726.564806][ T9345] usb 1-1: too many endpoints for config 0 interface 245 altsetting 142: 118, using maximum allowed: 30 [ 726.580439][ T9345] usb 1-1: config 0 interface 245 altsetting 142 has 0 endpoint descriptors, different from the interface descriptor's value: 118 [ 726.594636][ T9345] usb 1-1: config 0 interface 245 has no altsetting 0 [ 726.604630][ T9345] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b [ 726.628663][ T9345] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 726.636793][ T9345] usb 1-1: Product: syz [ 726.641066][ T9345] usb 1-1: SerialNumber: syz [ 726.648461][ T9345] usb 1-1: config 0 descriptor?? [ 726.648566][ T5885] usb 5-1: USB disconnect, device number 25 [ 726.660061][ T9340] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 726.679582][ T5884] usb 3-1: device descriptor read/64, error -71 [ 726.789882][ T5884] usb usb3-port1: attempt power cycle [ 726.825206][ T9340] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64 [ 726.839286][ T9340] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 726.848595][ T9340] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 726.862706][ T9340] usb 4-1: Product: syz [ 726.866937][ T9340] usb 4-1: Manufacturer: syz [ 726.873772][ T9340] usb 4-1: SerialNumber: syz [ 726.879642][ T9341] usb 2-1: new full-speed USB device number 40 using dummy_hcd [ 726.889281][ T9340] usb 4-1: config 0 descriptor?? [ 726.895352][T13151] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 726.904052][ T9340] hub 4-1:0.0: bad descriptor, ignoring hub [ 726.910154][ T9340] hub 4-1:0.0: probe with driver hub failed with error -5 [ 727.051842][ T9341] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 727.062440][ T9341] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 727.072176][ T9341] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 727.081515][ T9341] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.092753][ T9341] usb 2-1: config 0 descriptor?? [ 727.101617][ T9341] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 727.108290][ T9341] dvb-usb: bulk message failed: -22 (3/0) [ 727.131550][ T5884] usb 3-1: new full-speed USB device number 41 using dummy_hcd [ 727.140096][ T9341] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 727.151478][ T9341] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 727.159642][ T9341] usb 2-1: media controller created [ 727.170291][ T5884] usb 3-1: device descriptor read/8, error -71 [ 727.182375][ T9341] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 727.200607][ T9341] dvb-usb: bulk message failed: -22 (6/0) [ 727.206538][ T9341] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 727.217408][ T9341] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input24 [ 727.233189][ T9341] dvb-usb: schedule remote query interval to 150 msecs. [ 727.243883][ T9341] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 727.401134][ T9341] dvb-usb: bulk message failed: -22 (1/0) [ 727.406955][ T9341] dvb-usb: error while querying for an remote control event. [ 727.454286][ T5920] usb 4-1: USB disconnect, device number 26 [ 727.494176][ T5884] usb 3-1: new full-speed USB device number 42 using dummy_hcd [ 727.515493][ T9341] usb 2-1: USB disconnect, device number 40 [ 728.338672][ T5884] usb 3-1: device descriptor read/8, error -71 [ 728.396280][ T9341] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 728.408147][ T9345] usb 1-1: USB disconnect, device number 32 [ 728.549257][ T5884] usb usb3-port1: unable to enumerate USB device [ 728.733071][T13173] xt_hashlimit: Unknown mode mask 1000000, kernel too old? [ 730.320540][T13185] fuse: Bad value for 'group_id' [ 730.325532][T13185] fuse: Bad value for 'group_id' [ 730.741506][T13213] mkiss: ax0: crc mode is auto. [ 730.769517][ T5884] usb 5-1: new full-speed USB device number 26 using dummy_hcd [ 730.935789][ T5884] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 730.993182][T13217] netlink: 'syz.0.2099': attribute type 1 has an invalid length. [ 731.005010][T13217] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2099'. [ 731.041711][ T5884] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 731.060343][ T5884] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 731.079619][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 731.111413][ T5884] usb 5-1: config 0 descriptor?? [ 731.136418][ T5884] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 731.157470][ T5884] dvb-usb: bulk message failed: -22 (3/0) [ 731.180313][ T5884] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 731.191899][ T5884] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 731.199217][ T5884] usb 5-1: media controller created [ 731.211479][ T5884] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 731.226141][ T5884] dvb-usb: bulk message failed: -22 (6/0) [ 731.239897][ T5884] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 731.255623][ T5884] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input25 [ 731.296571][ T5884] dvb-usb: schedule remote query interval to 150 msecs. [ 731.325924][ T5884] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 731.454798][ T5884] usb 5-1: USB disconnect, device number 26 [ 731.524206][ T5884] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 731.683594][ T9345] usb 1-1: new low-speed USB device number 33 using dummy_hcd [ 732.257320][T13233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2103'. [ 732.301084][ T9345] usb 1-1: No LPM exit latency info found, disabling LPM. [ 732.323594][ T9345] usb 1-1: config 31 has an invalid interface number: 134 but max is 0 [ 732.339450][ T9345] usb 1-1: config 31 contains an unexpected descriptor of type 0x2, skipping [ 732.348302][ T9345] usb 1-1: config 31 contains an unexpected descriptor of type 0x1, skipping [ 732.357518][ T9345] usb 1-1: config 31 has an invalid descriptor of length 6, skipping remainder of the config [ 732.357546][ T9345] usb 1-1: config 31 has no interface number 0 [ 732.357592][ T9345] usb 1-1: config 31 interface 134 altsetting 41 has an invalid endpoint descriptor of length 5, skipping [ 732.357618][ T9345] usb 1-1: config 31 interface 134 altsetting 41 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 732.357646][ T9345] usb 1-1: config 31 interface 134 has no altsetting 0 [ 732.364629][ T9345] usb 1-1: string descriptor 0 read error: -22 [ 732.364775][ T9345] usb 1-1: New USB device found, idVendor=0499, idProduct=1052, bcdDevice=a4.d0 [ 732.364801][ T9345] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 732.393287][ T9345] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 732.605892][ T9345] snd-usb-audio 1-1:31.134: probe with driver snd-usb-audio failed with error -2 [ 732.631535][ T9345] usb 1-1: USB disconnect, device number 33 [ 733.210749][T13241] ubi: mtd0 is already attached to ubi31 [ 735.787766][T13267] xt_CT: You must specify a L4 protocol and not use inversions on it [ 736.869769][ T5884] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 736.900764][T13289] netlink: 'syz.3.2123': attribute type 8 has an invalid length. [ 737.042312][ T5884] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 737.059420][ T5884] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 737.080207][ T5884] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 737.099475][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 737.121966][ T5884] usb 1-1: config 0 descriptor?? [ 737.126667][T13297] netlink: 216 bytes leftover after parsing attributes in process `syz.3.2125'. [ 737.141801][ T5884] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 737.148530][ T5884] dvb-usb: bulk message failed: -22 (3/0) [ 737.172157][ T5884] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 737.190363][ T5884] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 737.206252][ T5884] usb 1-1: media controller created [ 737.224918][T13299] binder_alloc: 13298: pid 13298 spamming oneway? 1 buffers allocated for a total size of 4096 [ 737.241779][ T5884] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 737.269898][T13299] binder: 13298:13299 ioctl c0306201 2000000001c0 returned -14 [ 737.279885][ T5884] dvb-usb: bulk message failed: -22 (6/0) [ 737.280232][T13280] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2119'. [ 737.288150][ T5884] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 737.310373][T13280] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2119'. [ 737.326185][ T5884] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input26 [ 737.356333][ T5884] dvb-usb: schedule remote query interval to 150 msecs. [ 737.366721][ T5884] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 737.408466][ T5884] usb 1-1: USB disconnect, device number 34 [ 737.493384][ T5884] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 737.611873][T13306] FAULT_INJECTION: forcing a failure. [ 737.611873][T13306] name failslab, interval 1, probability 0, space 0, times 0 [ 737.624684][T13306] CPU: 1 UID: 0 PID: 13306 Comm: syz.4.2128 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 737.624713][T13306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 737.624726][T13306] Call Trace: [ 737.624735][T13306] [ 737.624745][T13306] dump_stack_lvl+0x189/0x250 [ 737.624783][T13306] ? __pfx____ratelimit+0x10/0x10 [ 737.624812][T13306] ? __pfx_dump_stack_lvl+0x10/0x10 [ 737.624843][T13306] ? __pfx__printk+0x10/0x10 [ 737.624867][T13306] ? __pfx___might_resched+0x10/0x10 [ 737.624897][T13306] ? fs_reclaim_acquire+0x7d/0x100 [ 737.624931][T13306] should_fail_ex+0x414/0x560 [ 737.624962][T13306] should_failslab+0xa8/0x100 [ 737.624990][T13306] kmem_cache_alloc_noprof+0x73/0x3c0 [ 737.625015][T13306] ? getname_kernel+0x5a/0x2f0 [ 737.625041][T13306] ? trace_kmalloc+0x1f/0xd0 [ 737.625069][T13306] getname_kernel+0x5a/0x2f0 [ 737.625100][T13306] kern_path+0x1d/0x50 [ 737.625131][T13306] ovl_parse_param_lowerdir+0x6d7/0xaa0 [ 737.625177][T13306] ? __pfx_ovl_parse_param_lowerdir+0x10/0x10 [ 737.625208][T13306] ovl_parse_param+0x51b/0xee0 [ 737.625243][T13306] ? smack_fs_context_parse_param+0x102/0x170 [ 737.625276][T13306] ? __pfx_ovl_parse_param+0x10/0x10 [ 737.625315][T13306] ? static_key_count+0x41/0x70 [ 737.625349][T13306] vfs_parse_fs_param+0x1a9/0x420 [ 737.625379][T13306] vfs_parse_monolithic_sep+0x24d/0x310 [ 737.625406][T13306] ? __pfx_ovl_next_opt+0x10/0x10 [ 737.625426][T13306] ? __pfx_vfs_parse_monolithic_sep+0x10/0x10 [ 737.625464][T13306] ? alloc_fs_context+0x665/0x7d0 [ 737.625500][T13306] do_new_mount+0x21a/0xa40 [ 737.625535][T13306] __se_sys_mount+0x317/0x410 [ 737.625568][T13306] ? __pfx___se_sys_mount+0x10/0x10 [ 737.625599][T13306] ? rcu_is_watching+0x15/0xb0 [ 737.625634][T13306] ? do_syscall_64+0xbe/0x3b0 [ 737.625661][T13306] ? __x64_sys_mount+0x20/0xc0 [ 737.625690][T13306] do_syscall_64+0xfa/0x3b0 [ 737.625720][T13306] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.625739][T13306] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 737.625758][T13306] ? clear_bhb_loop+0x60/0xb0 [ 737.625783][T13306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.625802][T13306] RIP: 0033:0x7f563238e929 [ 737.625820][T13306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 737.625837][T13306] RSP: 002b:00007f5633267038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 737.625858][T13306] RAX: ffffffffffffffda RBX: 00007f56325b5fa0 RCX: 00007f563238e929 [ 737.625873][T13306] RDX: 00002000000000c0 RSI: 0000200000001340 RDI: 0000000000000000 [ 737.625886][T13306] RBP: 00007f5633267090 R08: 00002000000003c0 R09: 0000000000000000 [ 737.625899][T13306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 737.625912][T13306] R13: 0000000000000000 R14: 00007f56325b5fa0 R15: 00007ffee3d8c6f8 [ 737.625944][T13306] [ 737.625984][T13306] overlayfs: failed to resolve './file0': -12 [ 737.922994][T13307] xt_CT: You must specify a L4 protocol and not use inversions on it [ 738.339598][ T5884] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 739.519516][ T5884] usb 2-1: Using ep0 maxpacket: 32 [ 739.526641][ T5884] usb 2-1: config 0 interface 0 has no altsetting 0 [ 739.533929][ T5884] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00 [ 739.797195][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 739.845107][ T5884] usb 2-1: config 0 descriptor?? [ 739.952890][ T5884] usb 2-1: can't set config #0, error -71 [ 739.964663][T13338] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2136'. [ 739.984502][ T5884] usb 2-1: USB disconnect, device number 41 [ 740.748216][T13360] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2144'. [ 740.925387][T13361] No such timeout policy "syz1" [ 740.935316][ T9345] usb 1-1: new full-speed USB device number 35 using dummy_hcd [ 741.612395][ T9345] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 741.659440][ T9345] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 741.679533][ T9345] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 741.688654][ T9345] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 741.743302][ T9345] usb 1-1: config 0 descriptor?? [ 741.754455][T13375] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2150'. [ 741.772834][ T9345] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 741.792327][ T9345] dvb-usb: bulk message failed: -22 (3/0) [ 741.810140][ T9345] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 741.829878][ T9345] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 741.837024][ T9345] usb 1-1: media controller created [ 741.869455][ T9345] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 741.892109][ T9345] dvb-usb: bulk message failed: -22 (6/0) [ 741.897997][ T9345] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 741.933015][ T9345] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input27 [ 741.965278][ T9345] dvb-usb: schedule remote query interval to 150 msecs. [ 741.989496][ T9345] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 742.010080][ T9345] usb 1-1: USB disconnect, device number 35 [ 742.087233][T13382] loop2: detected capacity change from 0 to 7 [ 742.184946][T13382] loop2: [CUMANA/ADFS] p1 [ADFS] p1 [ 742.199851][T13382] loop2: partition table partially beyond EOD, truncated [ 742.222908][ T9345] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 742.241187][T13382] loop2: p1 size 2989602745 extends beyond EOD, truncated [ 742.254632][T13387] kernel read not supported for file /file1 (pid: 13387 comm: syz.3.2154) [ 742.263542][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 742.263559][ T30] audit: type=1800 audit(1751443261.204:220): pid=13387 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.2154" name="file1" dev="mqueue" ino=38265 res=0 errno=0 [ 742.361128][ T5920] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 742.519430][ T5920] usb 5-1: Using ep0 maxpacket: 32 [ 742.532974][ T5920] usb 5-1: config 0 has an invalid interface number: 226 but max is 0 [ 742.549430][ T5920] usb 5-1: config 0 has no interface number 0 [ 742.562083][ T5920] usb 5-1: config 0 interface 226 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 742.587138][ T5920] usb 5-1: config 0 interface 226 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 742.609415][ T5920] usb 5-1: New USB device found, idVendor=5543, idProduct=0081, bcdDevice= 0.00 [ 742.630570][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 742.656959][ T5920] usb 5-1: config 0 descriptor?? [ 742.984229][T13395] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2156'. [ 742.994269][ T5920] usbhid 5-1:0.226: can't add hid device: -32 [ 743.002923][ T5920] usbhid 5-1:0.226: probe with driver usbhid failed with error -32 [ 743.814686][T13413] xt_CT: You must specify a L4 protocol and not use inversions on it [ 744.044713][T13416] xt_CT: You must specify a L4 protocol and not use inversions on it [ 744.618697][T13418] lo: entered allmulticast mode [ 744.970544][T13418] tunl0: entered allmulticast mode [ 744.977717][T13418] gre0: entered allmulticast mode [ 745.296393][T13418] gretap0: entered allmulticast mode [ 745.297532][ T5884] usb 5-1: USB disconnect, device number 27 [ 745.367647][T13420] netlink: 'syz.2.2165': attribute type 1 has an invalid length. [ 745.389223][T13418] erspan0: entered allmulticast mode [ 745.406212][T13418] ip_vti0: entered allmulticast mode [ 745.418364][T13418] ip6_vti0: entered allmulticast mode [ 745.428836][T13427] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2165'. [ 745.432045][T13418] sit0: entered allmulticast mode [ 745.450910][T13418] ip6tnl0: entered allmulticast mode [ 745.458845][T13418] ip6gre0: entered allmulticast mode [ 745.467238][T13418] ip6gretap0: entered allmulticast mode [ 745.476139][T13418] vcan0: entered allmulticast mode [ 745.495481][T13418] dummy0: entered allmulticast mode [ 745.506998][T13418] nlmon0: entered allmulticast mode [ 745.514358][T13418] caif0: entered allmulticast mode [ 745.523928][T13418] batadv0: left promiscuous mode [ 745.530129][T13418] veth4: entered allmulticast mode [ 745.535561][T13418] veth5: entered allmulticast mode [ 745.541202][T13418] veth6: entered allmulticast mode [ 745.546670][T13418] veth7: entered allmulticast mode [ 745.557207][T13418] K: entered allmulticast mode [ 745.567168][T13418] bond2: left promiscuous mode [ 745.626741][T13420] 8021q: adding VLAN 0 to HW filter on device bond2 [ 745.646159][T13424] FAULT_INJECTION: forcing a failure. [ 745.646159][T13424] name failslab, interval 1, probability 0, space 0, times 0 [ 745.659455][ T9345] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 745.668197][T13424] CPU: 1 UID: 0 PID: 13424 Comm: syz.1.2163 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 745.668231][T13424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 745.668244][T13424] Call Trace: [ 745.668252][T13424] [ 745.668261][T13424] dump_stack_lvl+0x189/0x250 [ 745.668298][T13424] ? __pfx____ratelimit+0x10/0x10 [ 745.668328][T13424] ? __pfx_dump_stack_lvl+0x10/0x10 [ 745.668359][T13424] ? __pfx__printk+0x10/0x10 [ 745.668386][T13424] ? __pfx___might_resched+0x10/0x10 [ 745.668413][T13424] ? fs_reclaim_acquire+0x7d/0x100 [ 745.668448][T13424] should_fail_ex+0x414/0x560 [ 745.668477][T13424] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 745.668503][T13424] should_failslab+0xa8/0x100 [ 745.668532][T13424] __kvmalloc_node_noprof+0x161/0x5f0 [ 745.668559][T13424] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 745.668597][T13424] alloc_netdev_mqs+0xa8b/0x11e0 [ 745.668633][T13424] rtnl_create_link+0x31f/0xd10 [ 745.668669][T13424] rtnl_newlink_create+0x25c/0xb00 [ 745.668699][T13424] ? __mutex_lock+0x51b/0xe80 [ 745.668734][T13424] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 745.668754][T13424] ? rtnl_newlink+0x8db/0x1c70 [ 745.668776][T13424] ? __pfx___mutex_lock+0x10/0x10 [ 745.668815][T13424] ? ns_capable+0x8a/0xf0 [ 745.668847][T13424] rtnl_newlink+0x16d6/0x1c70 [ 745.668885][T13424] ? __pfx_rtnl_newlink+0x10/0x10 [ 745.668904][T13424] ? is_bpf_text_address+0x26/0x2b0 [ 745.668942][T13424] ? __lock_acquire+0xab9/0xd20 [ 745.668984][T13424] ? __lock_acquire+0xab9/0xd20 [ 745.669042][T13424] ? is_bpf_text_address+0x26/0x2b0 [ 745.669077][T13424] ? is_bpf_text_address+0x292/0x2b0 [ 745.669104][T13424] ? is_bpf_text_address+0x26/0x2b0 [ 745.669137][T13424] ? kernel_text_address+0xa5/0xe0 [ 745.669163][T13424] ? __kernel_text_address+0xd/0x40 [ 745.669186][T13424] ? unwind_get_return_address+0x4d/0x90 [ 745.669214][T13424] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 745.669236][T13424] ? arch_stack_walk+0xfc/0x150 [ 745.669272][T13424] ? __lock_acquire+0xab9/0xd20 [ 745.669327][T13424] ? __pfx_rtnl_newlink+0x10/0x10 [ 745.669345][T13424] rtnetlink_rcv_msg+0x7cc/0xb70 [ 745.669381][T13424] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 745.669411][T13424] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 745.669462][T13424] netlink_rcv_skb+0x205/0x470 [ 745.669486][T13424] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 745.669520][T13424] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 745.669557][T13424] ? netlink_deliver_tap+0x2e/0x1b0 [ 745.669578][T13424] ? netlink_deliver_tap+0x2e/0x1b0 [ 745.669606][T13424] netlink_unicast+0x758/0x8d0 [ 745.669650][T13424] netlink_sendmsg+0x805/0xb30 [ 745.669683][T13424] ? __pfx_netlink_sendmsg+0x10/0x10 [ 745.669716][T13424] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 745.669740][T13424] ? __pfx_netlink_sendmsg+0x10/0x10 [ 745.669764][T13424] __sock_sendmsg+0x219/0x270 [ 745.669797][T13424] ____sys_sendmsg+0x505/0x830 [ 745.669829][T13424] ? __pfx_____sys_sendmsg+0x10/0x10 [ 745.669865][T13424] ? import_iovec+0x74/0xa0 [ 745.669901][T13424] ___sys_sendmsg+0x21f/0x2a0 [ 745.669928][T13424] ? __pfx____sys_sendmsg+0x10/0x10 [ 745.669994][T13424] ? __fget_files+0x2a/0x420 [ 745.670028][T13424] ? __fget_files+0x3a0/0x420 [ 745.670067][T13424] __x64_sys_sendmsg+0x19b/0x260 [ 745.670095][T13424] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 745.670130][T13424] ? __pfx_ksys_write+0x10/0x10 [ 745.670151][T13424] ? rcu_is_watching+0x15/0xb0 [ 745.670187][T13424] ? do_syscall_64+0xbe/0x3b0 [ 745.670222][T13424] do_syscall_64+0xfa/0x3b0 [ 745.670250][T13424] ? lockdep_hardirqs_on+0x9c/0x150 [ 745.670278][T13424] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.670298][T13424] ? clear_bhb_loop+0x60/0xb0 [ 745.670324][T13424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.670344][T13424] RIP: 0033:0x7f260358e929 [ 745.670362][T13424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 745.670380][T13424] RSP: 002b:00007f26043d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 745.670402][T13424] RAX: ffffffffffffffda RBX: 00007f26037b5fa0 RCX: 00007f260358e929 [ 745.670417][T13424] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 745.670431][T13424] RBP: 00007f26043d0090 R08: 0000000000000000 R09: 0000000000000000 [ 745.670444][T13424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 745.670455][T13424] R13: 0000000000000000 R14: 00007f26037b5fa0 R15: 00007ffec9f6bf88 [ 745.670489][T13424] [ 746.102816][ C1] vkms_vblank_simulate: vblank timer overrun [ 746.498216][T13445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 746.550891][T13445] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 746.750237][T13445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 746.857626][T13445] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 747.284016][T13427] bond2 (unregistering): Released all slaves [ 747.302551][ T9345] usb 1-1: unable to get BOS descriptor or descriptor too short [ 747.312308][ T9345] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 747.320134][ T9345] usb 1-1: can't read configurations, error -71 [ 747.372257][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.380906][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.263707][ T30] audit: type=1326 audit(1751443267.204:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13453 comm="syz.2.2171" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f937018e929 code=0x0 [ 749.663138][T13482] xt_CT: You must specify a L4 protocol and not use inversions on it [ 751.211397][T13487] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2178'. [ 752.549256][T13496] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 752.582391][T13496] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2180'. [ 752.649631][ T9345] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 752.739620][ T5920] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 752.789447][ T9345] usb 2-1: device descriptor read/64, error -71 [ 752.906790][ T5920] usb 5-1: Using ep0 maxpacket: 32 [ 752.933628][ T5920] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 752.966322][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 753.012619][ T5920] usb 5-1: config 0 descriptor?? [ 753.021604][ T5920] gspca_main: sunplus-2.14.0 probing 041e:400b [ 753.059471][ T9345] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 753.209631][ T9345] usb 2-1: device descriptor read/64, error -71 [ 753.220087][T13502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 753.239940][T13502] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 753.248951][T13502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 753.267225][T13502] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 753.283538][T13502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 753.293714][T13502] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 753.306701][T13502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 753.316706][T13502] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 753.320223][T13516] FAULT_INJECTION: forcing a failure. [ 753.320223][T13516] name failslab, interval 1, probability 0, space 0, times 0 [ 753.333535][T13502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 753.351781][T13502] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 753.359892][ T9345] usb usb2-port1: attempt power cycle [ 753.371641][T13516] CPU: 0 UID: 0 PID: 13516 Comm: syz.2.2186 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 753.371672][T13516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 753.371685][T13516] Call Trace: [ 753.371692][T13516] [ 753.371701][T13516] dump_stack_lvl+0x189/0x250 [ 753.371736][T13516] ? __pfx____ratelimit+0x10/0x10 [ 753.371764][T13516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 753.371794][T13516] ? __pfx__printk+0x10/0x10 [ 753.371820][T13516] ? __pfx___might_resched+0x10/0x10 [ 753.371855][T13516] should_fail_ex+0x414/0x560 [ 753.371884][T13516] should_failslab+0xa8/0x100 [ 753.371912][T13516] __kmalloc_cache_node_noprof+0x73/0x3d0 [ 753.371939][T13516] ? __get_vm_area_node+0x13f/0x300 [ 753.371961][T13516] ? lockdep_hardirqs_on+0x9c/0x150 [ 753.371993][T13516] __get_vm_area_node+0x13f/0x300 [ 753.372024][T13516] __vmalloc_node_range_noprof+0x301/0x12f0 [ 753.372053][T13516] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 753.372082][T13516] ? is_bpf_text_address+0x26/0x2b0 [ 753.372133][T13516] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 753.372158][T13516] ? __might_fault+0xb0/0x130 [ 753.372185][T13516] ? _parse_integer_limit+0x1ae/0x1f0 [ 753.372216][T13516] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 753.372241][T13516] __vmalloc_noprof+0xb1/0xf0 [ 753.372272][T13516] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 753.372302][T13516] bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 753.372336][T13516] bpf_prog_alloc+0x3c/0x1a0 [ 753.372365][T13516] bpf_prog_load+0x735/0x1930 [ 753.372407][T13516] ? __pfx_bpf_prog_load+0x10/0x10 [ 753.372450][T13516] ? bpf_lsm_bpf+0x9/0x20 [ 753.372472][T13516] ? security_bpf+0x7e/0x300 [ 753.372496][T13516] __sys_bpf+0x5f1/0x860 [ 753.372517][T13516] ? __pfx___sys_bpf+0x10/0x10 [ 753.372547][T13516] ? ksys_write+0x22a/0x250 [ 753.372568][T13516] ? __pfx_ksys_write+0x10/0x10 [ 753.372595][T13516] __x64_sys_bpf+0x7c/0x90 [ 753.372613][T13516] do_syscall_64+0xfa/0x3b0 [ 753.372639][T13516] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.372655][T13516] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 753.372673][T13516] ? clear_bhb_loop+0x60/0xb0 [ 753.372695][T13516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.372711][T13516] RIP: 0033:0x7f937018e929 [ 753.372727][T13516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 753.372744][T13516] RSP: 002b:00007f9371042038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 753.372764][T13516] RAX: ffffffffffffffda RBX: 00007f93703b5fa0 RCX: 00007f937018e929 [ 753.372777][T13516] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005 [ 753.372787][T13516] RBP: 00007f9371042090 R08: 0000000000000000 R09: 0000000000000000 [ 753.372797][T13516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 753.372806][T13516] R13: 0000000000000000 R14: 00007f93703b5fa0 R15: 00007fff92233f68 [ 753.372830][T13516] [ 753.374354][T13516] syz.2.2186: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null) [ 753.400675][ T5920] gspca_sunplus: reg_w_riv err -71 [ 753.414752][T13516] ,cpuset= [ 753.429301][ T5920] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 753.480481][T13516] / [ 753.703769][ T5920] usb 5-1: USB disconnect, device number 28 [ 753.719490][T13516] ,mems_allowed=0-1 [ 753.734214][T13516] CPU: 0 UID: 0 PID: 13516 Comm: syz.2.2186 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 753.734243][T13516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 753.734257][T13516] Call Trace: [ 753.734266][T13516] [ 753.734275][T13516] dump_stack_lvl+0x189/0x250 [ 753.734310][T13516] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 753.734339][T13516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 753.734377][T13516] ? __pfx__printk+0x10/0x10 [ 753.734398][T13516] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 753.734433][T13516] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 753.734474][T13516] warn_alloc+0x214/0x310 [ 753.734510][T13516] ? __pfx_warn_alloc+0x10/0x10 [ 753.734540][T13516] ? __get_vm_area_node+0x13f/0x300 [ 753.734571][T13516] ? __get_vm_area_node+0x2b5/0x300 [ 753.734604][T13516] __vmalloc_node_range_noprof+0x326/0x12f0 [ 753.734635][T13516] ? is_bpf_text_address+0x26/0x2b0 [ 753.734690][T13516] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 753.734727][T13516] ? __might_fault+0xb0/0x130 [ 753.734753][T13516] ? _parse_integer_limit+0x1ae/0x1f0 [ 753.734784][T13516] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 753.734808][T13516] __vmalloc_noprof+0xb1/0xf0 [ 753.734834][T13516] ? bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 753.734863][T13516] bpf_prog_alloc_no_stats+0x4a/0x4e0 [ 753.734895][T13516] bpf_prog_alloc+0x3c/0x1a0 [ 753.734924][T13516] bpf_prog_load+0x735/0x1930 [ 753.734964][T13516] ? __pfx_bpf_prog_load+0x10/0x10 [ 753.735031][T13516] ? bpf_lsm_bpf+0x9/0x20 [ 753.735057][T13516] ? security_bpf+0x7e/0x300 [ 753.735088][T13516] __sys_bpf+0x5f1/0x860 [ 753.735115][T13516] ? __pfx___sys_bpf+0x10/0x10 [ 753.735155][T13516] ? ksys_write+0x22a/0x250 [ 753.735182][T13516] ? __pfx_ksys_write+0x10/0x10 [ 753.735214][T13516] __x64_sys_bpf+0x7c/0x90 [ 753.735237][T13516] do_syscall_64+0xfa/0x3b0 [ 753.735272][T13516] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.735292][T13516] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 753.735313][T13516] ? clear_bhb_loop+0x60/0xb0 [ 753.735338][T13516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.735365][T13516] RIP: 0033:0x7f937018e929 [ 753.735395][T13516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 753.735413][T13516] RSP: 002b:00007f9371042038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 753.735452][T13516] RAX: ffffffffffffffda RBX: 00007f93703b5fa0 RCX: 00007f937018e929 [ 753.735468][T13516] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000005 [ 753.735481][T13516] RBP: 00007f9371042090 R08: 0000000000000000 R09: 0000000000000000 [ 753.735494][T13516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 753.735507][T13516] R13: 0000000000000000 R14: 00007f93703b5fa0 R15: 00007fff92233f68 [ 753.735539][T13516] [ 753.735616][T13516] Mem-Info: [ 753.779634][ T9345] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 754.030218][T13516] active_anon:60572 inactive_anon:8846 isolated_anon:0 [ 754.030218][T13516] active_file:14220 inactive_file:41444 isolated_file:0 [ 754.030218][T13516] unevictable:768 dirty:137 writeback:0 [ 754.030218][T13516] slab_reclaimable:12032 slab_unreclaimable:100581 [ 754.030218][T13516] mapped:29794 shmem:61655 pagetables:1760 [ 754.030218][T13516] sec_pagetables:0 bounce:0 [ 754.030218][T13516] kernel_misc_reclaimable:0 [ 754.030218][T13516] free:1231845 free_pcp:21278 free_cma:0 [ 754.086305][ T9345] usb 2-1: device descriptor read/8, error -71 [ 754.087995][T13516] Node 0 active_anon:242212kB inactive_anon:35288kB active_file:56680kB inactive_file:165776kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119132kB dirty:540kB writeback:0kB shmem:245084kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12236kB pagetables:6812kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 754.152706][T13516] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 754.201752][T13518] ipt_REJECT: TCP_RESET invalid for non-tcp [ 754.298071][T13516] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 754.616778][T13516] lowmem_reserve[]: 0 2501 2503 2503 2503 [ 754.767698][T13532] xt_CT: You must specify a L4 protocol and not use inversions on it [ 755.319492][T13516] Node 0 DMA32 free:999984kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:253556kB inactive_anon:35488kB active_file:54908kB inactive_file:165708kB unevictable:1536kB writepending:608kB present:3129332kB managed:2561448kB mlocked:0kB bounce:0kB free_pcp:65008kB local_pcp:49296kB free_cma:0kB [ 755.449991][T13516] lowmem_reserve[]: 0 0 1 1 1 [ 755.454831][T13516] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1772kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 755.491677][T13516] lowmem_reserve[]: 0 0 0 0 0 [ 755.496606][T13516] Node 1 Normal free:3904800kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:15456kB local_pcp:14816kB free_cma:0kB [ 755.528686][T13516] lowmem_reserve[]: 0 0 0 0 0 [ 755.534887][T13516] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 755.548605][T13516] Node 0 DMA32: 534*4kB (UM) 67*8kB (UME) 224*16kB (UME) 355*32kB (UME) 216*64kB (UME) 32*128kB (UM) 21*256kB (UM) 5*512kB (UM) 6*1024kB (UME) 2*2048kB (ME) 233*4096kB (UM) = 1008080kB [ 755.585288][T13516] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 755.585415][T13516] Node 1 Normal: 248*4kB (UME) 64*8kB (UME) 56*16kB (UME) 192*32kB (UME) 79*64kB (UME) 14*128kB (UM) 3*256kB (UM) 3*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 948*4096kB (ME) = 3904800kB [ 755.585608][T13516] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 755.585625][T13516] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 755.585642][T13516] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 755.585658][T13516] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 755.585673][T13516] 118496 total pagecache pages [ 755.585692][T13516] 0 pages in swap cache [ 755.585700][T13516] Free swap = 124996kB [ 755.585713][T13516] Total swap = 124996kB [ 755.585722][T13516] 2097051 pages RAM [ 755.585730][T13516] 0 pages HighMem/MovableOnly [ 755.585738][T13516] 424582 pages reserved [ 755.585746][T13516] 0 pages cma reserved [ 757.444024][T13539] tty tty29: ldisc open failed (-12), clearing slot 28 [ 759.834221][T13552] delete_channel: no stack [ 759.934543][T13573] Cannot find set identified by id 0 to match [ 762.127355][T13586] ubi: mtd0 is already attached to ubi31 [ 762.213412][T13592] netlink: 'syz.1.2209': attribute type 1 has an invalid length. [ 762.403720][T13600] bond2: (slave bridge5): making interface the new active one [ 762.457812][T13600] bond2: (slave bridge5): Enslaving as an active interface with an up link [ 763.429694][T13617] netlink: 'syz.4.2216': attribute type 1 has an invalid length. [ 763.576768][T13617] 8021q: adding VLAN 0 to HW filter on device bond2 [ 763.695371][T13621] 8021q: adding VLAN 0 to HW filter on device bond2 [ 763.967034][T13621] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 764.365037][T13621] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 764.510429][T13624] gretap3: entered promiscuous mode [ 764.564552][T13624] bond2: (slave gretap3): making interface the new active one [ 764.578102][T13624] bond2: (slave gretap3): Enslaving as an active interface with an up link [ 764.641974][T13617] macvlan2: entered promiscuous mode [ 764.663223][T13617] macvlan2: entered allmulticast mode [ 764.684769][T13617] bond2: entered promiscuous mode [ 764.694157][T13617] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 764.713574][T13617] bond2: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap3 [ 764.760869][T13617] bond2: left promiscuous mode [ 764.809741][ T9340] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 764.852989][ T5920] usb 4-1: new low-speed USB device number 27 using dummy_hcd [ 764.994341][ T9340] usb 3-1: config 0 interface 0 has no altsetting 0 [ 765.006619][ T9340] usb 3-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 765.014672][ T5920] usb 4-1: device descriptor read/64, error -71 [ 765.016896][ T9340] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 765.041798][ T9340] usb 3-1: config 0 descriptor?? [ 765.152721][ T9345] usb 1-1: new full-speed USB device number 38 using dummy_hcd [ 765.259883][ T5920] usb 4-1: new low-speed USB device number 28 using dummy_hcd [ 765.267660][ T9340] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 765.279823][ T9340] usb 3-1: USB disconnect, device number 43 [ 765.311624][ T9345] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 765.322835][ T9345] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 765.333810][ T9351] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 765.341927][ T9345] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 765.357483][ T9345] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 765.366785][ T9345] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.374905][ T9345] usb 1-1: Product: syz [ 765.379106][ T9345] usb 1-1: Manufacturer: syz [ 765.383834][ T9345] usb 1-1: SerialNumber: syz [ 765.393299][T13640] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 765.400691][ T5920] usb 4-1: device descriptor read/64, error -71 [ 765.608308][T13640] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 765.650656][ T5920] usb usb4-port1: attempt power cycle [ 765.689446][ T9351] usb 2-1: Using ep0 maxpacket: 16 [ 765.696609][ T9351] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 765.707565][ T9351] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 765.717924][ T9351] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 765.729508][ T9351] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 765.852603][ T9351] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 765.960893][T13640] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 765.992687][ T9351] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 766.041038][ T5920] usb 4-1: new low-speed USB device number 29 using dummy_hcd [ 766.092581][ T9351] usb 2-1: Product: syz [ 766.172187][ T9351] usb 2-1: Manufacturer: syz [ 766.206054][ T5920] usb 4-1: device descriptor read/8, error -71 [ 766.245115][T13640] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 766.265964][ T9351] usb 2-1: SerialNumber: syz [ 766.316728][ T9345] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS [ 766.333990][ T9345] cdc_ncm 1-1:1.0: bind() failure [ 766.348044][ T9345] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 766.355670][ T9345] cdc_ncm 1-1:1.1: bind() failure [ 766.378119][ T9345] usb 1-1: USB disconnect, device number 38 [ 766.528200][T13644] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 766.575329][T13644] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 766.639608][ T5920] usb 4-1: new low-speed USB device number 30 using dummy_hcd [ 766.684652][ T5920] usb 4-1: device descriptor read/8, error -71 [ 766.739654][ T9351] usb 2-1: USB disconnect, device number 46 [ 766.841638][ T5920] usb usb4-port1: unable to enumerate USB device [ 767.744532][ T9340] usb 3-1: new full-speed USB device number 44 using dummy_hcd [ 767.933175][ T9340] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 767.965894][ T9340] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 768.010729][T13677] caif0: entered allmulticast mode [ 768.016020][ T9340] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 768.035459][T13677] batadv0: left promiscuous mode [ 768.047414][T13677] veth4: entered allmulticast mode [ 768.058256][ T9340] usb 3-1: config 0 descriptor?? [ 768.065745][T13677] veth5: entered allmulticast mode [ 768.073592][T13667] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 768.084973][T13677] ip6tnl1: entered allmulticast mode [ 768.096589][T13677] vxlan0: entered allmulticast mode [ 768.110743][T13677] mac80211_hwsim hwsim21 wlan3: entered allmulticast mode [ 768.120328][T13677] bridge4: entered allmulticast mode [ 768.131845][T13677] macvlan2: entered allmulticast mode [ 768.137566][T13677] bond2: entered allmulticast mode [ 768.143498][T13677] bridge5: entered allmulticast mode [ 768.323328][T13683] tipc: Started in network mode [ 768.328587][T13683] tipc: Node identity 4, cluster identity 4711 [ 768.337956][T13683] tipc: Node number set to 4 [ 769.489122][ T9341] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 769.646079][T13688] loop6: detected capacity change from 0 to 524287999 [ 769.680949][ T9341] usb 1-1: device descriptor read/64, error -71 [ 770.116032][ T9341] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 770.170508][T13694] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2239'. [ 770.184411][ T9340] elan 0003:04F3:0755.000A: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0 [ 770.226742][ T9340] usb 3-1: USB disconnect, device number 44 [ 770.319723][ T9341] usb 1-1: device descriptor read/64, error -71 [ 770.439473][ T9341] usb usb1-port1: attempt power cycle [ 771.284179][ T9341] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 771.498480][ T9341] usb 1-1: device descriptor read/8, error -71 [ 772.759535][ T9351] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 772.960475][ T9351] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 773.031853][ T9351] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 773.254654][ T9351] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 773.356572][ T9351] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 773.411849][ T9351] usb 4-1: SerialNumber: syz [ 773.500025][ T9351] usb 4-1: 0:2 : does not exist [ 773.865269][T13734] trusted_key: encrypted_key: insufficient parameters specified [ 774.369989][ T9340] usb 4-1: USB disconnect, device number 31 [ 774.399666][T13735] loop8: detected capacity change from 0 to 16384 [ 774.759520][ T9341] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 774.929413][T13740] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2254'. [ 775.182662][ T9341] usb 5-1: config 0 has an invalid descriptor of length 36, skipping remainder of the config [ 775.198368][ T9341] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 775.252119][ T9341] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 775.289589][ T9341] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 775.329199][ T9341] usb 5-1: config 0 descriptor?? [ 776.139563][ T9351] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 776.319479][ T9351] usb 4-1: Using ep0 maxpacket: 16 [ 776.348754][ T9351] usb 4-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 776.358204][ T9351] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 776.381734][ T9351] usb 4-1: Product: syz [ 776.386158][ T9351] usb 4-1: Manufacturer: syz [ 776.395061][ T9351] usb 4-1: SerialNumber: syz [ 776.437698][ T9351] usb 4-1: config 0 descriptor?? [ 776.590808][ T9351] usb-storage 4-1:0.0: USB Mass Storage device detected [ 776.608638][ T9351] usb-storage 4-1:0.0: Quirks match for vid 054c pid 002e: 1 [ 776.618365][ T9351] usb-storage 4-1:0.0: This device (054c,002e,0500 S 04 P 00) has an unneeded SubClass entry in unusual_devs.h (kernel 6.16.0-rc4-syzkaller-00013-g66701750d556) [ 776.618365][ T9351] Please send a copy of this message to and [ 776.998414][T13762] /dev/nullb0: Can't open blockdev [ 779.449930][ T9341] usb 5-1: USB disconnect, device number 29 [ 779.459268][ T9340] usb 4-1: USB disconnect, device number 32 [ 780.385633][T13791] loop4: detected capacity change from 0 to 7 [ 780.449021][T13795] ip6t_srh: unknown srh invflags 4000 [ 780.473342][T13791] Dev loop4: unable to read RDB block 7 [ 780.479002][T13791] loop4: unable to read partition table [ 780.509213][T13791] loop4: partition table beyond EOD, truncated [ 780.515615][T13791] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 780.536464][T13797] tipc: Enabling of bearer rejected, failed to enable media [ 780.927384][T13805] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2275'. [ 780.936616][T13805] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2275'. [ 780.945714][T13805] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2275'. [ 782.181477][T13823] ubi: mtd0 is already attached to ubi31 [ 783.929682][T13844] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2285'. [ 784.161709][T13850] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2288'. [ 784.214913][T13850] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2288'. [ 785.181252][T13855] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2289'. [ 785.597104][T13858] binder: BINDER_SET_CONTEXT_MGR already set [ 785.606969][T13858] binder: 13856:13858 ioctl 4018620d 200000000040 returned -16 [ 791.337330][T13932] netlink: 'syz.0.2310': attribute type 1 has an invalid length. [ 791.349791][T13932] NCSI netlink: No device for ifindex 0 [ 791.449869][ T9341] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 791.613153][ T9341] usb 2-1: Using ep0 maxpacket: 16 [ 791.634348][ T9341] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 791.649728][ T9341] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 791.675274][ T9341] usb 2-1: config 0 has no interface number 0 [ 791.692967][ T9341] usb 2-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 791.702621][ T9341] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 791.719558][ T9341] usb 2-1: Product: syz [ 791.723916][ T9341] usb 2-1: Manufacturer: syz [ 791.728562][ T9341] usb 2-1: SerialNumber: syz [ 791.751618][ T9341] usb 2-1: config 0 descriptor?? [ 791.914308][ T9340] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 791.965881][T13931] binder: 13929:13931 ioctl 4018620d 0 returned -22 [ 791.974675][T13931] binder: 13929:13931 ioctl c0306201 200000000240 returned -11 [ 791.986621][ T9341] usb 2-1: USB disconnect, device number 47 [ 792.118276][ T9340] usb 4-1: Using ep0 maxpacket: 32 [ 792.367806][ T9340] usb 4-1: config 0 has no interfaces? [ 792.373505][ T9340] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 792.385313][ T9340] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.400454][ T9340] usb 4-1: config 0 descriptor?? [ 792.678316][T13963] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2322'. [ 792.746127][ T9340] usb 4-1: USB disconnect, device number 33 [ 793.740697][T13980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2327'. [ 794.591143][T13983] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2326'. [ 795.032531][T13990] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2331'. [ 795.264002][T13990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2331'. [ 796.066605][T14014] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2339'. [ 796.123087][T14015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2336'. [ 796.132183][T14015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2336'. [ 796.236139][T14015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2336'. [ 796.280455][T14014] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2339'. [ 796.419532][ T5920] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 796.555669][ T5920] usb 3-1: device descriptor read/64, error -71 [ 796.994602][ T5920] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 797.319576][ T5920] usb 3-1: device descriptor read/64, error -71 [ 797.532098][T14034] xt_CT: You must specify a L4 protocol and not use inversions on it [ 797.714181][T14034] 9pnet_fd: Insufficient options for proto=fd [ 798.050781][ T5920] usb usb3-port1: attempt power cycle [ 798.450978][ T5920] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 798.512804][ T5920] usb 3-1: device descriptor read/8, error -71 [ 798.683046][ T9340] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 799.088899][ T5920] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 799.096084][ T9340] usb 1-1: Using ep0 maxpacket: 32 [ 799.109943][ T9340] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 799.129153][ T9340] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 799.144202][ T9340] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 799.154027][ T9340] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 799.244466][ T9340] usb 1-1: config 0 descriptor?? [ 799.274345][ T9340] hub 1-1:0.0: USB hub found [ 799.342335][ T5920] usb 3-1: device not accepting address 48, error -71 [ 799.373848][ T5920] usb usb3-port1: unable to enumerate USB device [ 799.550022][ T9340] hub 1-1:0.0: 1 port detected [ 800.009982][T14040] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 800.065006][T14040] __nla_validate_parse: 2 callbacks suppressed [ 800.065021][T14040] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2348'. [ 800.656108][ T5920] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 800.717130][T14066] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2354'. [ 800.807899][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 800.824074][ T5920] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 800.842443][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 800.862622][ T5920] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 800.875841][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 800.884168][ T5920] usb 5-1: Product: syz [ 800.888621][ T5920] usb 5-1: Manufacturer: syz [ 800.893879][ T9340] hub 1-1:0.0: hub_ext_port_status failed (err = -32) [ 800.904690][ T5920] usb 5-1: SerialNumber: syz [ 800.916779][ T5920] usb 5-1: config 0 descriptor?? [ 800.926609][T14062] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 800.934969][T14062] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 800.950369][ T5920] usb 5-1: ucan: probing device on interface #0 [ 801.398112][T14077] ntfs3(nullb0): Primary boot signature is not NTFS. [ 801.406789][T14077] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 801.500623][ T5920] usb 5-1: ucan: device protocol version 1330860035 is not supported [ 801.669917][ T5920] usb 5-1: ucan: probe failed; try to update the device firmware [ 801.981167][ T9340] usb 1-1: USB disconnect, device number 43 [ 802.712272][ T9340] usb 5-1: USB disconnect, device number 30 [ 803.051213][T14103] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2365'. [ 803.342669][T14106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2364'. [ 803.771369][T14109] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2366'. [ 803.936580][T14116] tmpfs: Bad value for 'huge' [ 803.943709][T14113] syz_tun: entered allmulticast mode [ 804.639765][T14110] syz_tun: left allmulticast mode [ 804.937999][T14129] xt_cgroup: invalid path, errno=-2 [ 805.672755][T14130] netlink: 'syz.3.2372': attribute type 1 has an invalid length. [ 805.790230][T14135] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2374'. [ 805.951553][T14138] bond3: (slave bridge0): making interface the new active one [ 805.960703][T14138] bond3: (slave bridge0): Enslaving as an active interface with an up link [ 806.592863][T14139] ubi: mtd0 is already attached to ubi31 [ 806.597594][T14135] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 807.286999][T14147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2378'. [ 807.603911][T14155] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2379'. [ 807.686886][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 807.693604][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.545507][T14182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2390'. [ 808.756415][T14186] xt_CT: You must specify a L4 protocol and not use inversions on it [ 808.787184][T14186] 9pnet_fd: Insufficient options for proto=fd [ 810.091705][T14198] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 810.216658][T14200] netlink: 'syz.1.2396': attribute type 1 has an invalid length. [ 810.258429][T14203] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2397'. [ 810.359726][T14200] 8021q: adding VLAN 0 to HW filter on device bond3 [ 810.428424][T14208] 8021q: adding VLAN 0 to HW filter on device bond3 [ 810.644087][ T5920] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 810.676043][T14208] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address [ 810.702792][T14208] bond3: (slave vxcan3): Error -95 calling set_mac_address [ 810.805946][ T5920] usb 1-1: Using ep0 maxpacket: 32 [ 810.812770][ T5920] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 810.822476][ T5920] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 810.834917][ T5920] usb 1-1: config 0 descriptor?? [ 810.856773][ T5920] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 810.874463][T14200] macvlan3: entered promiscuous mode [ 810.879968][T14200] macvlan3: entered allmulticast mode [ 810.896327][T14200] bond3: entered promiscuous mode [ 810.919219][T14200] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 810.950265][T14200] bond3: left promiscuous mode [ 811.200394][T14232] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2402'. [ 811.265877][T14204] ubi31: detaching mtd0 [ 811.288892][T14204] ubi31: mtd0 is detached [ 812.004929][ T9351] usb 5-1: new full-speed USB device number 31 using dummy_hcd [ 812.090676][T14251] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2410'. [ 812.209756][ T9351] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 812.242254][T14254] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2412'. [ 812.244319][ T9351] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 812.273841][ T5920] gspca_nw80x: reg_w err -71 [ 812.291934][ T5920] nw80x 1-1:0.0: probe with driver nw80x failed with error -71 [ 812.314068][ T9351] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 812.323923][ T5920] usb 1-1: USB disconnect, device number 44 [ 812.332195][ T9351] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 812.351718][ T9351] usb 5-1: config 0 descriptor?? [ 812.368154][ T9351] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 812.379933][ T9351] dvb-usb: bulk message failed: -22 (3/0) [ 812.392445][T14258] netlink: 276 bytes leftover after parsing attributes in process `syz.3.2414'. [ 812.402810][ T9351] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 812.422462][ T9351] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 812.443863][T14261] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2413'. [ 812.465363][ T9351] usb 5-1: media controller created [ 812.520000][ T9351] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 812.554282][T14262] loop6: detected capacity change from 0 to 524287999 [ 813.053475][T14241] IPVS: set_ctl: invalid protocol: 94 224.0.0.1:20000 [ 813.054134][ T9351] dvb-usb: bulk message failed: -22 (6/0) [ 813.086471][ T9351] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 813.118552][ T9351] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input28 [ 813.151191][ T9351] dvb-usb: schedule remote query interval to 150 msecs. [ 813.180062][ T9351] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 813.208787][ T9351] usb 5-1: USB disconnect, device number 31 [ 813.306951][T14269] netlink: 'syz.2.2416': attribute type 4 has an invalid length. [ 813.327761][ T9351] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 813.338541][T14269] netlink: 'syz.2.2416': attribute type 4 has an invalid length. [ 813.359114][T14273] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2417'. [ 813.391500][T14273] tipc: Invalid UDP bearer configuration [ 813.391563][T14273] tipc: Enabling of bearer rejected, failed to enable media [ 819.547497][T14301] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2425'. [ 861.435583][ C1] sched: DL replenish lagged too much [ 868.770985][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 868.777350][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 869.792372][ T5140] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 888.023578][T13021] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 888.030215][ T5140] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 904.030528][T14381] Bluetooth: hci5: Opcode 0x0c03 failed: -4 [ 904.036807][T14384] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 904.262533][T14388] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 905.239320][T14388] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 911.681173][T13021] Bluetooth: hci6: Opcode 0x1001 failed: -110 [ 911.687668][ T5824] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 911.694578][ T5140] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 915.732022][T14388] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 915.881658][T14397] Bluetooth: hci8: Opcode 0x0c03 failed: -4 [ 916.095616][T14389] Bluetooth: hci6: Opcode 0x0c03 failed: -4 [ 916.128657][ T5140] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 916.182436][ T5140] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 916.287432][ T5140] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 916.922037][ T5140] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 917.200613][ T5140] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 917.371154][T13021] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 917.480841][ T5824] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 917.489534][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 917.620059][T14388] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 917.628506][T14388] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 917.731300][T14388] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 917.919784][T14388] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 917.983751][T14388] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 918.059323][T14414] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 918.074848][T14414] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 918.083295][T14414] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 918.096651][T14414] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 918.109206][T14414] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 918.117498][T14414] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 918.127147][T14414] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 918.135506][T14414] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 918.170038][T14414] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 918.179718][T14414] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 918.188027][T14417] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 918.210881][T14417] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 933.671164][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 933.677520][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 945.905299][ T5824] Bluetooth: hci7: command tx timeout [ 945.911694][ T5824] Bluetooth: hci6: command tx timeout [ 945.917818][ T5824] Bluetooth: hci5: command tx timeout [ 945.923785][ T5824] Bluetooth: hci4: command tx timeout [ 945.929794][ T5824] Bluetooth: hci0: command tx timeout [ 961.909951][ T5824] Bluetooth: hci0: command tx timeout [ 961.915480][ T5824] Bluetooth: hci4: command tx timeout [ 961.921089][ T5824] Bluetooth: hci5: command tx timeout [ 961.926505][ T5824] Bluetooth: hci6: command tx timeout [ 961.931977][ T5824] Bluetooth: hci7: command tx timeout [ 974.552265][T14388] Bluetooth: hci7: command tx timeout [ 974.557761][T14388] Bluetooth: hci6: command tx timeout [ 974.563270][T14388] Bluetooth: hci5: command tx timeout [ 974.568794][T14388] Bluetooth: hci4: command tx timeout [ 974.574223][T14388] Bluetooth: hci0: command tx timeout [ 992.212382][T14388] Bluetooth: hci0: command tx timeout [ 992.217988][T14388] Bluetooth: hci4: command tx timeout [ 992.223994][T14388] Bluetooth: hci5: command tx timeout [ 992.229510][T14388] Bluetooth: hci6: command tx timeout [ 992.235372][T14388] Bluetooth: hci7: command tx timeout [ 992.249224][ T5824] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 992.396018][ T5824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 992.417592][T14388] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 992.717651][ T5824] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 992.818722][ T5140] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 992.827528][ T5140] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 992.892522][ T5140] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 992.959038][ T5140] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 993.024055][ T5140] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 993.111519][ T5140] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 993.118752][ T5140] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 993.128591][ T5140] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1009.921658][ T5824] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1009.929151][ T5824] Bluetooth: hci2: command tx timeout [ 1009.929945][T14424] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1009.935533][ T5824] Bluetooth: hci3: command tx timeout [ 1010.005772][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1010.012134][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1024.153324][T13021] Bluetooth: hci8: command 0x1003 tx timeout [ 1024.159970][T13021] Bluetooth: hci3: command tx timeout [ 1024.167264][T13021] Bluetooth: hci2: command tx timeout [ 1024.172873][T13021] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1024.181449][T14388] Bluetooth: hci8: Opcode 0x1003 failed: -110 [ 1039.830647][T14439] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 1039.839052][ T5824] Bluetooth: hci2: command tx timeout [ 1039.844712][ T5824] Bluetooth: hci3: command tx timeout [ 1059.078189][T14388] Bluetooth: hci3: command tx timeout [ 1059.083767][T14388] Bluetooth: hci2: command tx timeout [ 1073.348643][T14388] Bluetooth: hci9: Opcode 0x0c03 failed: -110 [ 1073.367867][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1073.374247][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1073.801367][T14449] Bluetooth: hci9: Opcode 0x0c03 failed: -4 [ 1073.969431][T14388] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1074.037084][T14388] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1074.116676][T14388] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1074.233591][T14388] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1074.316572][T14388] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1084.643657][T14417] Bluetooth: hci5: command tx timeout [ 1084.649125][T14417] Bluetooth: hci6: command tx timeout [ 1091.693268][T14388] Bluetooth: hci1: command 0x0c1a tx timeout [ 1091.701075][T14388] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1091.710877][ T5824] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 1091.738289][T14388] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1091.974084][ T5824] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1091.983960][ T5824] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1091.993045][ T5824] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1095.222873][T14451] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 1095.237919][T14457] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 1095.246985][T14418] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1095.561856][ T5824] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1095.571719][ T5824] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1095.581258][ T5824] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1095.589862][ T5824] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1095.598170][ T5824] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1095.629895][T14388] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1095.639311][T14388] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1095.647848][T14388] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1095.656842][T14388] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1095.666217][T14388] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1102.208306][ T31] INFO: task syz.4.2130:13327 blocked for more than 156 seconds. [ 1102.216361][ T31] Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 [ 1102.224574][ T31] Blocked by coredump. [ 1102.229247][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1102.238124][ T31] task:syz.4.2130 state:D stack:26888 pid:13327 tgid:13327 ppid:5825 task_flags:0x40044c flags:0x00004006 [ 1102.250206][ T31] Call Trace: [ 1102.253542][ T31] [ 1102.257000][ T31] __schedule+0x16a2/0x4cb0 [ 1102.261909][ T31] ? __lock_acquire+0xab9/0xd20 [ 1102.266824][ T31] ? schedule+0x165/0x360 [ 1102.271635][ T31] ? __pfx___schedule+0x10/0x10 [ 1102.276573][ T31] ? schedule+0x91/0x360 [ 1102.281155][ T31] schedule+0x165/0x360 [ 1102.285451][ T31] schedule_preempt_disabled+0x13/0x30 [ 1102.291267][ T31] __mutex_lock+0x724/0xe80 [ 1102.295822][ T31] ? __mutex_lock+0x51b/0xe80 [ 1102.300967][ T31] ? tun_chr_close+0x3e/0x1c0 [ 1102.305691][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1102.311329][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 1102.316966][ T31] tun_chr_close+0x3e/0x1c0 [ 1102.321520][ T31] __fput+0x44c/0xa70 [ 1102.325914][ T31] task_work_run+0x1d4/0x260 [ 1102.330557][ T31] ? __pfx_task_work_run+0x10/0x10 [ 1102.336047][ T31] ? kmem_cache_free+0x18f/0x400 [ 1102.341043][ T31] do_exit+0x6b5/0x22e0 [ 1102.345587][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1102.351004][ T31] ? do_raw_spin_lock+0x121/0x290 [ 1102.356372][ T31] ? __pfx_do_exit+0x10/0x10 [ 1102.361021][ T31] do_group_exit+0x21c/0x2d0 [ 1102.366023][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1102.371701][ T31] get_signal+0x125e/0x1310 [ 1102.376280][ T31] arch_do_signal_or_restart+0x9a/0x750 [ 1102.382230][ T31] ? __pfx_get_timespec64+0x10/0x10 [ 1102.387527][ T31] ? __pfx___smp_call_single_queue+0x10/0x10 [ 1102.394113][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1102.400612][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 1102.406140][ T31] exit_to_user_mode_loop+0x75/0x110 [ 1102.411829][ T31] do_syscall_64+0x2bd/0x3b0 [ 1102.416475][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1102.422972][ T31] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1102.429547][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1102.434358][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1102.440420][ T31] RIP: 0033:0x7f56323c11e5 [ 1102.444873][ T31] RSP: 002b:00007f5633224f80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 1102.453390][ T31] RAX: fffffffffffffdfc RBX: 00007f56325b6160 RCX: 00007f56323c11e5 [ 1102.461494][ T31] RDX: 00007f5633224fc0 RSI: 0000000000000000 RDI: 0000000000000000 [ 1102.469579][ T31] RBP: 00007f5632410b39 R08: 0000000000000000 R09: 0000000000000000 [ 1102.477639][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1102.485709][ T31] R13: 0000000000000000 R14: 00007f56325b6160 R15: 00007ffee3d8c6f8 [ 1102.493787][ T31] [ 1102.497108][ T31] [ 1102.497108][ T31] Showing all locks held in the system: [ 1102.504927][ T31] 1 lock held by khungtaskd/31: [ 1102.509943][ T31] #0: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1102.519994][ T31] 5 locks held by kworker/u9:1/5140: [ 1102.525311][ T31] #0: ffff888079af7948 ((wq_completion)hci4#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1102.536423][ T31] #1: ffffc9000eeffbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1102.549117][ T31] #2: ffff88807c384dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 1102.559097][ T31] #3: ffff88807c3840b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0 [ 1102.568911][ T31] #4: ffffffff8f6654e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 1102.578849][ T31] 2 locks held by getty/5582: [ 1102.583585][ T31] #0: ffff888030f690a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1102.593498][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 1102.603913][ T31] 4 locks held by kworker/u9:2/5824: [ 1102.609235][ T31] #0: ffff888075d89148 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1102.620459][ T31] #1: ffffc9000415fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1102.632652][ T31] #2: ffff88805515c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 1102.642726][ T31] #3: ffffffff8f6654e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 1102.653349][ T31] 6 locks held by kworker/u8:14/6356: [ 1102.658760][ T31] #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1102.669841][ T31] #1: ffffc90002e97bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1102.680508][ T31] #2: ffffffff8f4f0890 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 1102.691963][ T31] #3: ffff88806765e0e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 1102.702267][ T31] #4: ffff888057d60250 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 [ 1102.713041][ T31] #5: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0 [ 1102.722582][ T31] 2 locks held by syz.2.177/6562: [ 1102.727722][ T31] #0: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 1102.736808][ T31] #1: ffffffff8e144938 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 1102.747933][ T31] 1 lock held by syz.3.304/6978: [ 1102.752905][ T31] #0: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 1102.762056][ T31] 2 locks held by kworker/0:8/9340: [ 1102.767331][ T31] 1 lock held by syz.4.2130/13327: [ 1102.772589][ T31] #0: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 1102.781837][ T31] 3 locks held by kworker/u8:21/14315: [ 1102.787349][ T31] #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1102.799475][ T31] #1: ffffc9001b73fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1102.810659][ T31] #2: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 1102.819803][ T31] 5 locks held by kworker/u8:66/14368: [ 1102.825319][ T31] 3 locks held by kworker/u8:67/14369: [ 1102.830911][ T31] #0: ffff88814c36c948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1102.842765][ T31] #1: ffffc9001bf4fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1102.856728][ T31] #2: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 1102.866402][ T31] 2 locks held by syz-executor/14395: [ 1102.871820][ T31] #0: ffff8880575c0dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 1102.881942][ T31] #1: ffff8880575c00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 1102.891936][ T31] 5 locks held by kworker/u9:4/14399: [ 1102.897459][ T31] #0: ffff8880675d3948 ((wq_completion)hci0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1102.908587][ T31] #1: ffffc9000bcc7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1102.921445][ T31] #2: ffff888034b84dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 1102.931415][ T31] #3: ffff888034b840b8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x1eb/0xdf0 [ 1102.941216][ T31] #4: ffffffff8f6654e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 1102.951158][ T31] 3 locks held by syz-executor/14412: [ 1102.956583][ T31] #0: ffff8880275a8dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 1102.966740][ T31] #1: ffff8880275a80b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 1102.976714][ T31] #2: ffffffff8f6654e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 1102.987021][ T31] 3 locks held by syz-executor/14415: [ 1102.992435][ T31] #0: ffff888025614dc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 1103.002536][ T31] #1: ffff8880256140b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1103.012380][ T31] #2: ffffffff8f6654e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 1103.022557][ T31] 4 locks held by kworker/u9:6/14417: [ 1103.028006][ T31] #0: ffff888032120948 ((wq_completion)hci9#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1103.039151][ T31] #1: ffffc90003b6fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1103.051312][ T31] #2: ffff88806ab9c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 1103.061448][ T31] #3: ffffffff8f6654e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 1103.072944][ T31] 4 locks held by kworker/u9:7/14418: [ 1103.078433][ T31] #0: ffff888075d8c148 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1103.089784][ T31] #1: ffffc90003b5fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1103.101921][ T31] #2: ffff888029ae80b8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 1103.111994][ T31] #3: ffffffff8f6654e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 1103.122600][ T31] 2 locks held by syz-executor/14431: [ 1103.128065][ T31] #0: ffffffff8fa01488 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 1103.137709][ T31] #1: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 1103.147083][ T31] 1 lock held by syz-executor/14436: [ 1103.152574][ T31] #0: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x37a/0x1df0 [ 1103.162056][ T31] 1 lock held by dhcpcd/14459: [ 1103.167011][ T31] #0: ffff88805864a608 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 1103.177524][ T31] 1 lock held by dhcpcd/14460: [ 1103.182390][ T31] #0: ffff888058791a08 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 1103.192815][ T31] 1 lock held by syz-executor/14462: [ 1103.198129][ T31] #0: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 1103.207851][ T31] 1 lock held by syz-executor/14465: [ 1103.213775][ T31] #0: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 1103.223384][ T31] 1 lock held by syz-executor/14467: [ 1103.228865][ T31] #0: ffffffff8f4fd488 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 1103.238512][ T31] 2 locks held by syz-executor/14469: [ 1103.243929][ T31] 5 locks held by syz-executor/14470: [ 1103.249423][ T31] [ 1103.251792][ T31] ============================================= [ 1103.251792][ T31] [ 1103.260327][ T31] NMI backtrace for cpu 0 [ 1103.260345][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 1103.260369][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1103.260380][ T31] Call Trace: [ 1103.260388][ T31] [ 1103.260397][ T31] dump_stack_lvl+0x189/0x250 [ 1103.260430][ T31] ? __wake_up_klogd+0xd9/0x110 [ 1103.260455][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1103.260485][ T31] ? __pfx__printk+0x10/0x10 [ 1103.260518][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 1103.260546][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1103.260566][ T31] ? _printk+0xcf/0x120 [ 1103.260591][ T31] ? __pfx__printk+0x10/0x10 [ 1103.260614][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1103.260641][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1103.260667][ T31] watchdog+0xfee/0x1030 [ 1103.260694][ T31] ? watchdog+0x1de/0x1030 [ 1103.260726][ T31] kthread+0x711/0x8a0 [ 1103.260769][ T31] ? __pfx_watchdog+0x10/0x10 [ 1103.260792][ T31] ? __pfx_kthread+0x10/0x10 [ 1103.260816][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1103.260841][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1103.260867][ T31] ? __pfx_kthread+0x10/0x10 [ 1103.260890][ T31] ret_from_fork+0x3fc/0x770 [ 1103.260921][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1103.260954][ T31] ? __switch_to_asm+0x39/0x70 [ 1103.260973][ T31] ? __switch_to_asm+0x33/0x70 [ 1103.260991][ T31] ? __pfx_kthread+0x10/0x10 [ 1103.261013][ T31] ret_from_fork_asm+0x1a/0x30 [ 1103.261050][ T31] [ 1103.261058][ T31] Sending NMI from CPU 0 to CPUs 1: [ 1103.419706][ C1] NMI backtrace for cpu 1 [ 1103.419723][ C1] CPU: 1 UID: 0 PID: 14469 Comm: syz-executor Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 1103.419745][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1103.419756][ C1] RIP: 0010:unwind_next_frame+0xc9c/0x2390 [ 1103.419786][ C1] Code: 4c 8b 6c 24 50 4c 8b 64 24 10 74 08 48 89 df e8 ba 0f af 00 4c 89 23 ba 10 00 00 00 4c 89 ef 31 f6 e8 88 11 af 00 48 8b 14 24 c5 04 00 00 4c 89 7c 24 28 48 89 5c 24 78 4d 8d 66 08 4d 89 e5 [ 1103.419802][ C1] RSP: 0018:ffffc90002fb7418 EFLAGS: 00000246 [ 1103.419818][ C1] RAX: ffffc90002fb7538 RBX: ffffc90002fb7520 RCX: 0000000000000000 [ 1103.419831][ C1] RDX: ffffffff903306ac RSI: 0000000000000000 RDI: ffffc90002fb7548 [ 1103.419843][ C1] RBP: dffffc0000000000 R08: ffffc90002fb7547 R09: 0000000000000000 [ 1103.419855][ C1] R10: ffffc90002fb7538 R11: fffff520005f6ea9 R12: ffffc90002fb7620 [ 1103.419869][ C1] R13: ffffc90002fb7538 R14: ffffc90002fb74e8 R15: ffffc90002fb7530 [ 1103.419882][ C1] FS: 0000555581c3c500(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000 [ 1103.419897][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1103.419909][ C1] CR2: 00007f1a8c36fcf0 CR3: 000000005895c000 CR4: 00000000003526f0 [ 1103.419936][ C1] Call Trace: [ 1103.419943][ C1] [ 1103.419953][ C1] ? unwind_next_frame+0xa5/0x2390 [ 1103.419978][ C1] ? stack_trace_save+0x9c/0xe0 [ 1103.419997][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1103.420019][ C1] arch_stack_walk+0x11c/0x150 [ 1103.420047][ C1] ? save_stack+0xf7/0x1f0 [ 1103.420069][ C1] stack_trace_save+0x9c/0xe0 [ 1103.420085][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1103.420107][ C1] save_stack+0xf7/0x1f0 [ 1103.420126][ C1] ? __pfx_save_stack+0x10/0x10 [ 1103.420152][ C1] ? seqcount_lockdep_reader_access+0x102/0x180 [ 1103.420175][ C1] __set_page_owner+0x8d/0x4a0 [ 1103.420194][ C1] ? __pfx___set_page_owner+0x10/0x10 [ 1103.420219][ C1] post_alloc_hook+0x240/0x2a0 [ 1103.420242][ C1] get_page_from_freelist+0x21d5/0x22b0 [ 1103.420290][ C1] ? __pfx_get_page_from_freelist+0x10/0x10 [ 1103.420316][ C1] ? prepare_alloc_pages+0x213/0x610 [ 1103.420343][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 1103.420368][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1103.420396][ C1] ? policy_nodemask+0x27c/0x720 [ 1103.420416][ C1] ? __pfx___might_resched+0x10/0x10 [ 1103.420441][ C1] alloc_pages_mpol+0x232/0x4a0 [ 1103.420464][ C1] alloc_pages_noprof+0xa9/0x190 [ 1103.420485][ C1] __vmalloc_node_range_noprof+0x97d/0x12f0 [ 1103.420522][ C1] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1103.420548][ C1] ? __pfx_kcov_ioctl+0x10/0x10 [ 1103.420567][ C1] vmalloc_user_noprof+0xad/0xf0 [ 1103.420588][ C1] ? kcov_ioctl+0x55/0x640 [ 1103.420606][ C1] kcov_ioctl+0x55/0x640 [ 1103.420626][ C1] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1103.420648][ C1] ? __pfx_kcov_ioctl+0x10/0x10 [ 1103.420667][ C1] __se_sys_ioctl+0xfc/0x170 [ 1103.420684][ C1] do_syscall_64+0xfa/0x3b0 [ 1103.420709][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 1103.420731][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1103.420747][ C1] ? clear_bhb_loop+0x60/0xb0 [ 1103.420766][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1103.420782][ C1] RIP: 0033:0x7ff32418e52b [ 1103.420796][ C1] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 1103.420810][ C1] RSP: 002b:00007fffa65fbaf0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1103.420826][ C1] RAX: ffffffffffffffda RBX: 0000000000080000 RCX: 00007ff32418e52b [ 1103.420838][ C1] RDX: 0000000000080000 RSI: ffffffff80086301 RDI: 00000000000000dc [ 1103.420849][ C1] RBP: 00007ff3243b63b8 R08: 00000000000000da R09: 0000000000000000 [ 1103.420860][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1103.420869][ C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1103.420888][ C1] [ 1103.421743][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1103.817512][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 1103.829330][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1103.839399][ T31] Call Trace: [ 1103.842693][ T31] [ 1103.845639][ T31] dump_stack_lvl+0x99/0x250 [ 1103.850266][ T31] ? __asan_memcpy+0x40/0x70 [ 1103.854867][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1103.860078][ T31] ? __pfx__printk+0x10/0x10 [ 1103.864714][ T31] panic+0x2db/0x790 [ 1103.868645][ T31] ? __pfx_panic+0x10/0x10 [ 1103.873073][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 1103.878899][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1103.884287][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 1103.890478][ T31] watchdog+0x102d/0x1030 [ 1103.894863][ T31] ? watchdog+0x1de/0x1030 [ 1103.899312][ T31] kthread+0x711/0x8a0 [ 1103.903406][ T31] ? __pfx_watchdog+0x10/0x10 [ 1103.908105][ T31] ? __pfx_kthread+0x10/0x10 [ 1103.912718][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1103.917935][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1103.923152][ T31] ? __pfx_kthread+0x10/0x10 [ 1103.927757][ T31] ret_from_fork+0x3fc/0x770 [ 1103.932380][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1103.937525][ T31] ? __switch_to_asm+0x39/0x70 [ 1103.942301][ T31] ? __switch_to_asm+0x33/0x70 [ 1103.947073][ T31] ? __pfx_kthread+0x10/0x10 [ 1103.951677][ T31] ret_from_fork_asm+0x1a/0x30 [ 1103.956470][ T31] [ 1103.959794][ T31] Kernel Offset: disabled [ 1103.964154][ T31] Rebooting in 86400 seconds..