last executing test programs: 9m39.051896466s ago: executing program 4 (id=486): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x2}}]}, 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002e00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92344f242b416ae9eeefc0e9c6f203cb1276bfdbb4ddffffff7f82dc2b938189a7ca02f732e4c2eab72bf40c0682fd0a0c4ac106b29e220dc2880072599456d4c4e6f3fe684ab8373bb4df9d72876ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb39df9858037458a4ca037604007600b6be484e4c9517af216bd8ed42f7dd01008e49f4a94608c9a20819e02fc22e6be45574d4ed88b37ab8d7674c644dca2f1b4d745fd95c41f9dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e14ffffffffe4b8a80366ce5401ec61921a1b529cc8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa228504e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a4500000058b8c9370634060105baa664953514605fba3973aa021945b985a8a66e0200000057033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400001000000000ff8d81006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11edb6b3cc425fe203d2f2655a76865c2c34e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864010067d6bab101446ebfe3fdeed7ee7bb0749cacf56cf27409c60fca2e0004000000000000a9cb6f4a78444986f9b1ab61f9dab53038010000004abbfc59d6d1b18fe380df4bf024f120bd755d82033f2fb7d8fc9e0de834f7646c8dd27da1297d0c77b294e097e293db7f002c0024ab2fb4d32972cba6f49051cec1ff5d16231bbb90a2d201a500000000000000007700b06fa191ebd3a0c2ef0058ffebd7cc4cf80f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f8107671141ffffffe0c7d8e94a27a06a4e3d9acee835fd0571e5bbb3e6d2b5eba505000000968983811f832dc5390f83e817c602c4f1f0d0504255c22ee8674053d0e160e5255366139bbe5863e23c3dd42d21f542816edf56a93d0a7e6f08f9ffffff64875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875857f083144c642f71cdc8e5634c1360c056430fe77ee7ed7ac1f9743786b2fb8e0fcfcc3d36c93230b7b1da97c971c8c84a427edc3492b97e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd194d48e50c84892c97c800d156b059a718f6b10274b077a710f27ab8ee953de70ea860b74a0f3c3dc11177b11cc2e62a95f1ecf607a8dc38e525f415a1bd46b38845ebca04061bacbf627f7975fe599678fee48f83b5989543729e3600000000bc86cd51704f309130f534741377ea7b7bea3c46c0c4c4b7c27c5d057d95ac85a41cdcee8e6fa31f7d2137ed1fb4b21c13b9a2c5e3f7c9ef9e45a35adbf0b9312be929863f000000000000004a82bc080de1f87808d0711dd76f2977ca7f2684bfa5c14a0cd6f1f561e34e4e8e51e81d4a355a7d00d917c16a2bb0cfb2b5f59dfead7ac6e7fa84746e2e425769b9ee2c8ff10e934847604d930f62924d0562ce17f6dadf5053ed8f33092a41bb46e1878c5295fecc27f9c6d1f62da58c0002ea00000000009aa38a05e70591d5cdab1c488ef3c1984c7c0a566cfc2a080000009ec206a54fb49056a555414178ef00d8b8f3c59f01eb5d83415994efcc6ec4b3c275cd6b1b5ff82ef7d7abb1d218e7a1d0afa285706841aac9ccc89df41c39dd58dd70569dde45f8adeaad7d3328fbb6e279f745d2872f0208635e465ca443c3a64c7803760880af23fb3f430a0311fffc96dd13b951642f1433f65b4e170a62a5f7b7d0f9d5cef0d17289c43d4aee0001f7a343899434594cc23e1c864164e130754b337e560f285dc670a31241bf657babf0615b85dc200a10294b7d5885b43ac62fc7f97a85586168483427072a535f2c7481ec261c00f725de74e48d9a86f7d4a5d28da3f099ca3e6472b9d7c86d961f525f799b4517141f018af0673b8296f867eca1ec07be11bc497a6f7d2b752bcf77c2908b64630e7fa0c2261bc2d5de32ab6bbcf296d36807544aa7c3d3301fe227b713a371414c98695e559f9cbf6b046184064a5f24a4cc6f41f21fc24a3ad7d20a89e00a9dc99a40f890869d35fba3ce6f297661d3f8ba21c65badf55d1859581f9e7ef3e2693b46a8fc85be061ce79a08002c04dc04de8b6536123b24be2ef80eb06b2db900fb30596c1574b2a31f81d61ccfd58080d2330b9c7b87b5d17d48c32daffead3414b91603e250eeedc7d601000000037426f643797be3e93da96b5643d3feed0b7c885d06006b830d7cbf3152f27522f5142dcc84a9e48a07518f0142167abf5d6685d09945cbc778bcc3e7dcfaee5d9c1689a3bafc0d3b51b5a3bfd6007954c36d532960964183842601e5364ecb6ad9168040388c7640bfa2f88643de7eebf4da8d1c3e76daace5217761d933d06bbe9609fcf5971aa1e77c3123910e63daaadd8878ad468eabaf78a96012a4ada1a9cd217fb2a0da2d521454ea9e8fcd3b5badfd6f00003a73345b841d04a02bf441955b932c59608a555bc44873272812e0fb874618a0b56b4cf44990f60000000000000000000000b20000da0ca6797590ed13b0bccf71a39e05e877893646d185a77882f866785af6b0149e336c31fb177e3e85f4c60cd4de4ce6ea73a95f434328620fa493937386ad2e2a0d60eb815aa05c33e02c32276dab36d14c63af66a31409ab2a403ec3c7a4e07bd745efa2835a8c932f22aa6da40af9bcdf808b916bc8deb37d5b8c422b65c42d17e61751c561ce775a31b52703d398d52694cfbb7d2b3791b030093b321d9f16b2f06676cf94d75cbba6491ae0b5a16ce92320321314d8d2e88d1cd7e7b1216bdaecba309a38e107103e649d46958cc6ba2d660dd41b78d832beb7206ae01508377273ea96e40760410aeed1866971e04f578e9d856d01000000045aea928f5f669be0636dc3f34f90c34531735f271527412d1ae755a9243da523d713071f9370b509a34eeb46415b2f0d271a7072cbd17e293f20132e6c15756e92776c6a0d7c3a9f512ce17edf3f1ea190853bbf93e220a6ce968b79d504c057000e7d8f8249a8158e68a90bbea8bfab2bd3c067c28e185fe62ce7020f5282cf045b9c790984c6fb65fd3187bd8bfcbe663df6b7770000f58fbad41e6eee5c9595950c4172b9c925403b2f99bbf3cb1981bb0d14bded8eae35e08278020a1ec7f508628056fd3d408a02a1cf8594bcbb21a88f477673442804f714212d000045b9f563b5352fe460a30489b1b6a6d37daead86151492f7fd4b5c64007b68a1b04027eac124478a2ef7f59fe472795785de83578cb96334e0f7c1370dc397d3aa42d937b5718b7610cdcdfe104db7801ec74980b8b111a2748321f81512e4204eb2b024b9fc9e0f257f8c6037b93b2caa236d4354b32434d5a6b01e00000000ee2ea723ea2e1accb97a200609c77e0000000000000000d3a54ccd6e13a966801e9341260d6cbce5fe03999214462cbaa297448677ab659102d0f430fbeae119a7ef2e962d2829d4dd2201c4b30d491269594c88252fbd09aced90609851bd9e5c307e7e0d39e73579c1f3563eff1a6237d3699d61acdc8e36010d76093ddd237df1c4181b0a0c4543b4249e9ff2f5e8b5e0ba2048d542de40f643fda4036124b8feb2dd45d0fa52300518c8052cc09ad73f89734fce82cc627356aa2c651ed2644f34cfbc32e8b29cf29e895e43b473ddb9a43421b4b25f8bbce8e2d7cb8547d156d5972021ae4c9e30f85413276ddebde55999d2ec3c524632b74d703147ba09e0dcb26c4b89636d28428b67e955f53bfd0c9eeb7a9d17000000000096cd8ecf1c511eea07aefa1c5cae1841efa9329d80eafefe00000000000000009111274a44c722ff9f5151aa7cb99ea3e8b2c51eadbd2d0ba1a25b08cc3e67cd186c12ea62a55ff905388bb30d1a63d42593c9aea3a84f5a6fc470d8aaaafeccb373ca26c3685679e6a048af19fca3fc5315a33687"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe28, 0xfffffffffffffff5, &(0x7f0000000980)="b0ff04c66b0d698cb89e2fe086dd1f74ffff06000000fe80000000000000ac14140746647b7954c4c06b580febc28eb143d0f6c0bad62c67a04402ba4125c7024f63fdb0b6c8ee826b4dfe6042a2f057c66cad677d850ea9928bcfcb47e585e427746ed3b27c40060cbd030a6d675c9926af53cd3085b24f9b7a486775c4f284f8c5a572ca115bce90c0ee9d4e7a07f5f1518092cb1f156694036f6618a59196631e6303fd5307d1112601d3641c9492f7dc3503416836b14590c53b1fc1ac149b70cc1142d6bc57fc3a76839fa2f96878b520fedfb9f64d81584a2e85ab4f6ec718b02d78f2ebf04e6b3b94610a21616181629a03c3dc0bf05e0a71f887833b81db7a10bc53259cb80716f6804934a411d424c1db98d454be1adb2776fdbb92b299d3b80af6987a871b4549fdb4c8297ee31ad925c8b0fb1a9d2589b08ed52602cbc26b56df71201bc4ea8621c56f33d251c1d4589af2dcd78fbb4e34bde02cb3920a30cee9489ee72c3e19304c16c2110e1839712d484b80abe77786a7e2ba834874a4e16b93dd07297554a06c2ad2c906f8ebb1db8730df096709184728d48f0a806696bd0d4b12d0064b933d9675353dae77fe8419451f85da63be78b70ca2a84a77f572d9f289d4313e6f6039fe756ac13a5d08838315dff44cda433cc7bc6b77449f8c", 0x0, 0x2f, 0xe8034000, 0xf000, 0xfffffffffffffe2a, &(0x7f0000000000), &(0x7f00000000c0)="c6769e45b7c61302926682c7f9e9bb5ba2b3cdf023e8da0392a4cd62e2370f25ae5ba0dab896bcf5b774cd28bebbde39f796ae27d04582bb7c03e9fe830ea22c9fd03f6d2779515fdad3f5d0de07b7b70996102fdb67b1e77a34a5b7136a212fa2c0ea502588309dc3e42c55a6f93e6ba5e1b492f9db48f0fdd2f9fb937b3e8a63dcf9dd855837433998ba579da27559", 0x5dc}, 0x28) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000180)={0x0, 0x0, 0xf47488e}) mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x2000, 0x1) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020) lstat(&(0x7f0000000b80)='./file0\x00', 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000600)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x3, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @broadcast}, {0x0, 0x883e, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x7, 0x0, @void}}}}}}}, 0x0) 9m36.076126655s ago: executing program 4 (id=495): syz_usb_connect(0x0, 0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003834a6b2099040d10a2840102030109025200010c2440070904b800018cac02010a24010400000201020924030203030201a60d2408010700bc5affd3dc187508240806050005f9072408020600030924030605030303070905032b3b"], &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x1000, 0x0, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x41, 0x6000, @fd=r1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}) io_uring_enter(r1, 0x58a6, 0x7227, 0x23, 0x0, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, 0x0) syz_open_dev$vbi(0x0, 0x3, 0x2) syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r6 = syz_io_uring_setup(0x88d, &(0x7f00000005c0)={0x0, 0xe264, 0x0, 0x2, 0xbfdffff8}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000) r9 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r9) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r12 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r13 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r13, @ANYRES32=r12, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r13}, &(0x7f0000000000), &(0x7f0000000080)=r9}, 0x20) sendmsg$inet(r11, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvfrom(r10, &(0x7f0000004000)=""/4112, 0xfffffffffffffedc, 0x2080, 0x0, 0x0) r14 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r14}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x11, 0x0, @fd, 0x0, 0x0, 0x0, {0x40}}) io_uring_enter(r6, 0x75fa, 0xe475, 0x0, 0x0, 0x0) 9m31.487838015s ago: executing program 4 (id=507): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="280000003e000701feffffff00000000047c0000040042800c0009000200e8ffffffffff03000280bbbfe8d6d99a3b82decd182479b541030ac2e5b8739484d415feb7fac116c2b55e47a942bd419590a2832240192b6212771dd3fa93e243a03d6e5ee81d367be3157d5279fdf8a4f9b965ba1adafc39ad7cff62c606ed47f9226c35cb31c03c3e00ed57927f4af43b3a7acb720e3d54a3fef2193c322046874c7f49a12dd4f9668023bfabd27bda301a8f72e2960a2a63ffdeafb61ef7375e6c3cc781"], 0x28}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000) r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x1000, &(0x7f0000000080)={0x0, 0x80000}, 0x20) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x118) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r3, 0x0, 0x0) listen(r3, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) rename(&(0x7f0000000580)='./file0\x00', &(0x7f0000000780)='./file2\x00') symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00') writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) write$binfmt_misc(r4, &(0x7f0000000000), 0xd) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @none}, 0xe) r5 = syz_open_procfs(0x0, &(0x7f0000000ec0)='net/vlan/config\x00') pread64(r5, &(0x7f0000000080)=""/220, 0xdc, 0x47) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000000000)=0x2) syz_usb_connect(0x2, 0x3f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000e5876e4040200516940a0000000109022d00010000000009040000035883b200090589000000000000090585"], 0x0) 9m28.690937581s ago: executing program 4 (id=514): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0) preadv(r0, &(0x7f0000000840)=[{&(0x7f0000000400)=""/197, 0xc5}], 0x1, 0x6, 0x7) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000140)={[0x20000000007, 0x80, 0x2, 0x800002, 0xfffffffffffffffd, 0x7, 0x0, 0x0, 0x0, 0x40000, 0x8, 0x7f, 0x9, 0x1000000000400001, 0xfffffffffffffffd, 0x1002], 0x1, 0x3e0602}) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000080)=@arm64={0xed, 0xb, 0x44, '\x00', 0x1}) ioctl$KVM_RUN(r4, 0xae80, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000080)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000100)='./file0/../file0\x00', 0x0, 0x1127057, 0x0) mount$bind(&(0x7f0000000400)='./file0/../file0\x00', &(0x7f0000000440)='./file0\x00', 0x0, 0x129c51, 0x0) 9m28.211730773s ago: executing program 4 (id=516): r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f00000001c0)=ANY=[]) syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x63, 0xc6, 0xfa, 0x10, 0xeb1a, 0x2750, 0xe282, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x40, 0x9, [{{0x9, 0x4, 0x4, 0x9, 0x0, 0x27, 0x6d, 0x26, 0x6}}, {{0x9, 0x4, 0x4, 0x4, 0x0, 0x58, 0x39, 0x7c, 0x51}}]}}]}}, 0x0) (async) syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)={{0x12, 0x1, 0x200, 0x63, 0xc6, 0xfa, 0x10, 0xeb1a, 0x2750, 0xe282, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x2, 0x0, 0x0, 0x40, 0x9, [{{0x9, 0x4, 0x4, 0x9, 0x0, 0x27, 0x6d, 0x26, 0x6}}, {{0x9, 0x4, 0x4, 0x4, 0x0, 0x58, 0x39, 0x7c, 0x51}}]}}]}}, 0x0) 9m27.852590953s ago: executing program 4 (id=519): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x10, 0x2, 0x0) openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = getpid() syz_pidfd_open(r4, 0x0) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x920421, 0x0) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fsetxattr$trusted_overlay_upper(r5, &(0x7f00000002c0), &(0x7f0000000480)={0x0, 0xfb, 0x10e, 0x6, 0x36, "466b9da060cb02cb57a1903b5fd2adb3", "b7ba845b06582a01d8b0cc75cd15358e3c5035a1b68d8c269d8dd85f000de22c31eafefc811ab59a68163d8c0765d05a85737ce7073bef80e8ce8fb98a6f9182c4d93297735cb61b48b553785a59627ea91fa888d94f848c9710d588de23bde0de50ec5ab47c30d40e400869a425aae8e6c0b2d7659bfe6fcf3cb264fefa21af8898e1ab718daf87363b6836b18820fcf6a50740b30c12a8cfbc1a84eea07bf061cce9ffabe27203ea418be3b9ff85610213c9541c7d3a3ca38c21361cb7287ab5a9ee2bb45c11ae7b716badf76ff44143def7ad0dd83f180331f450b45ef40e0b4ab505976d8891bed1560808fb8fa115311f6ba3ebc688bf"}, 0x10e, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000180)={'bond0\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x3, "7988575801915db29080407e348bd865ca94564bb317d44acb1676d2abc229dc", "a5857bc37aa7c1095d077b38512303291a95b5b09a636eef1a9f90cebd547f9e", "db2c2dc5ea4ad56c028ce741339656e6103d6d812fbae8c104e3835184c6138c", "828c66f67aba6ed78dcd61f7bd7570d458ce4a318928273faf5cdfafc0497ee8", "8cbbcb8943da47021c48642dd5d88ce097557bee945473d41ff5ce8ec9874658", "6f8887adedf20abcbc58386c", 0xfff, 0x651, 0xe, 0x1, 0x2}}) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000040)={{0x1, 0x1, 0x7fffffff}}) ioctl$SNDRV_TIMER_IOCTL_INFO(r6, 0x80e85411, &(0x7f0000001240)) r7 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000240)={0x312bf234138af3d7, 0x2, 0x17, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$vim2m_VIDIOC_QBUF(r7, 0xc058560f, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1, 0x4) syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000afe000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0) 9m26.483873182s ago: executing program 32 (id=519): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x10, 0x2, 0x0) openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = getpid() syz_pidfd_open(r4, 0x0) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x920421, 0x0) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) fsetxattr$trusted_overlay_upper(r5, &(0x7f00000002c0), &(0x7f0000000480)={0x0, 0xfb, 0x10e, 0x6, 0x36, "466b9da060cb02cb57a1903b5fd2adb3", "b7ba845b06582a01d8b0cc75cd15358e3c5035a1b68d8c269d8dd85f000de22c31eafefc811ab59a68163d8c0765d05a85737ce7073bef80e8ce8fb98a6f9182c4d93297735cb61b48b553785a59627ea91fa888d94f848c9710d588de23bde0de50ec5ab47c30d40e400869a425aae8e6c0b2d7659bfe6fcf3cb264fefa21af8898e1ab718daf87363b6836b18820fcf6a50740b30c12a8cfbc1a84eea07bf061cce9ffabe27203ea418be3b9ff85610213c9541c7d3a3ca38c21361cb7287ab5a9ee2bb45c11ae7b716badf76ff44143def7ad0dd83f180331f450b45ef40e0b4ab505976d8891bed1560808fb8fa115311f6ba3ebc688bf"}, 0x10e, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000180)={'bond0\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x3, "7988575801915db29080407e348bd865ca94564bb317d44acb1676d2abc229dc", "a5857bc37aa7c1095d077b38512303291a95b5b09a636eef1a9f90cebd547f9e", "db2c2dc5ea4ad56c028ce741339656e6103d6d812fbae8c104e3835184c6138c", "828c66f67aba6ed78dcd61f7bd7570d458ce4a318928273faf5cdfafc0497ee8", "8cbbcb8943da47021c48642dd5d88ce097557bee945473d41ff5ce8ec9874658", "6f8887adedf20abcbc58386c", 0xfff, 0x651, 0xe, 0x1, 0x2}}) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000040)={{0x1, 0x1, 0x7fffffff}}) ioctl$SNDRV_TIMER_IOCTL_INFO(r6, 0x80e85411, &(0x7f0000001240)) r7 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000240)={0x312bf234138af3d7, 0x2, 0x17, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$vim2m_VIDIOC_QBUF(r7, 0xc058560f, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1, 0x4) syz_kvm_setup_cpu$x86(r8, 0xffffffffffffffff, &(0x7f0000afe000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0) 2m35.941725586s ago: executing program 1 (id=523): socket$inet(0xa, 0x801, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r6 = dup3(r4, r5, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb) ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0)) r8 = fanotify_init(0x8, 0x8000) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0) r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) read$FUSE(r10, 0x0, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0) 2m33.736983421s ago: executing program 0 (id=1348): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc}) write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10) socket$inet(0x2, 0x3, 0x6) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 1m59.286898184s ago: executing program 1 (id=523): socket$inet(0xa, 0x801, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r6 = dup3(r4, r5, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb) ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0)) r8 = fanotify_init(0x8, 0x8000) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0) r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) read$FUSE(r10, 0x0, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0) 1m58.01285341s ago: executing program 0 (id=1348): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc}) write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10) socket$inet(0x2, 0x3, 0x6) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 1m26.215404183s ago: executing program 0 (id=1348): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc}) write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10) socket$inet(0x2, 0x3, 0x6) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 1m23.730540291s ago: executing program 1 (id=523): socket$inet(0xa, 0x801, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r6 = dup3(r4, r5, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb) ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0)) r8 = fanotify_init(0x8, 0x8000) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0) r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) read$FUSE(r10, 0x0, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0) 57.23848699s ago: executing program 0 (id=1348): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc}) write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10) socket$inet(0x2, 0x3, 0x6) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 55.839107379s ago: executing program 1 (id=523): socket$inet(0xa, 0x801, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r6 = dup3(r4, r5, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb) ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0)) r8 = fanotify_init(0x8, 0x8000) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0) r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) read$FUSE(r10, 0x0, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0) 49.646311876s ago: executing program 1 (id=523): socket$inet(0xa, 0x801, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r6 = dup3(r4, r5, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb) ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0)) r8 = fanotify_init(0x8, 0x8000) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0) r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) read$FUSE(r10, 0x0, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0) 29.644770381s ago: executing program 0 (id=1348): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc}) write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10) socket$inet(0x2, 0x3, 0x6) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 28.127390197s ago: executing program 1 (id=523): socket$inet(0xa, 0x801, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000000c0)={0x0, 0x0}) sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) r6 = dup3(r4, r5, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000140)={'#! ', './file0'}, 0xb) ioctl$MON_IOCG_STATS(r6, 0xc0109207, &(0x7f00000001c0)) r8 = fanotify_init(0x8, 0x8000) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r8, 0x455, 0x8000001, r9, 0x0) r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x100) read$FUSE(r10, 0x0, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x40, r12, 0x8, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x6, 0x6, 0x2, 0x1, 0x7, 0x1, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x4, 0x7, 0x1}]}]}]}, 0x40}}, 0x0) 15.283234672s ago: executing program 3 (id=1670): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$vimc1(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$PTP_PIN_SETFUNC(r1, 0x40603d07, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10) 10.831746655s ago: executing program 5 (id=1678): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) close(0xffffffffffffffff) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x8, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e}}) ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x300, 0xfffe, 0x101}}) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201400203010902120001000c00000004000000dfb98bc0f6287cfbb1bc"], 0x0) r5 = syz_open_dev$loop(&(0x7f00000000c0), 0x1abe, 0x210000) ioctl$BLKROGET(r5, 0x125e, &(0x7f0000000180)) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000e68000)={0x2, 0x4e24, @empty}, 0x10) r6 = socket$rxrpc(0x21, 0x2, 0xa) r7 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r7, &(0x7f0000000380)=@pppol2tpv3in6={0x18, 0x1, {0x0, r6, 0x3, 0x0, 0x4, 0x0, {0xa, 0x4e24, 0xa, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x100}}}, 0x3a) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r1, &(0x7f00000000c0), 0x0, 0x20040014) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r1, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, 0x0) 9.395506134s ago: executing program 3 (id=1680): r0 = syz_open_dev$swradio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, 0x0) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x0, r2}) readv(r0, &(0x7f0000001440)=[{&(0x7f0000000240)=""/4084, 0xff4}, {&(0x7f0000000040)=""/45, 0x2d}], 0x2) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_LINK_CREATE(0x8, &(0x7f00000006c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x2b, 0x0, @val=@tracing={0x0, 0x2}}, 0x20) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810388"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) r5 = creat(&(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) getsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f00000014c0)={@local, 0x0}, &(0x7f0000001500)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000001640)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001600)={&(0x7f0000001540)=@newtclass={0x48, 0x28, 0x1, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r8, {0xa, 0x4}, {0x1, 0x3}, {0x5, 0x8}}, [@tclass_kind_options=@c_sfb={0x8}, @TCA_RATE={0x6, 0x5, {0x0, 0x7}}, @TCA_RATE={0x6, 0x5, {0x0, 0x4}}, @tclass_kind_options=@c_mqprio={0xb}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x20000180) writev(0xffffffffffffffff, 0x0, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000100)) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r9 = socket$inet6_mptcp(0xa, 0x1, 0x106) r10 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x2}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r11, r12, &(0x7f0000000440)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r9, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x8000}) io_uring_enter(r10, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) fcntl$addseals(r5, 0x409, 0x8) syz_usb_control_io$hid(r4, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00221c1304000000b3f96086e00bf4f1ffff8b6e259261"], 0x0}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}, @IFLA_GENEVE_PORT={0x6, 0x5, 0x4e21}]}}}]}, 0x44}}, 0x4000) 7.720096732s ago: executing program 5 (id=1681): r0 = syz_open_procfs(0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000240), 0x1ff, 0x20c103) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x181040, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f000001aa40)=""/102400, 0x19000) r4 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r4, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x22, 0x0, 0x0) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x2, @empty}, 0x27) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) readv(r5, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xfa}], 0x1) ioctl$DRM_IOCTL_MODE_CURSOR(r1, 0xc01c64a3, &(0x7f0000000280)={0x3, 0x0, 0x1, 0xfffd, 0xa, 0x1ff, 0x1}) move_mount(r4, 0x0, r0, &(0x7f0000000180)='./mnt\x00', 0x214) r6 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000fcdbdf25120000001800018014000200766574683000000000000000000000000800090000001000080008"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x2004c0a0) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r8, 0x0, 0x15, 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r6, 0x800c5011, &(0x7f0000000100)) 6.898733472s ago: executing program 5 (id=1683): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (fail_nth: 7) 6.758955013s ago: executing program 5 (id=1684): bpf$PROG_LOAD(0x5, 0x0, 0x0) readv(0xffffffffffffffff, &(0x7f00000017c0), 0x0) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000002c0)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000240)}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) sendto$packet(0xffffffffffffffff, &(0x7f0000000740)=' ', 0x1, 0x20008801, 0x0, 0x0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x40, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) r2 = gettid() sched_setaffinity(r2, 0x8, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) socket$kcm(0x29, 0x5, 0x0) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000200)={0x1000001, "56600e1e324551c423170000000099faec52328074c1000000000000ebff0100", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x5, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f00000000c0)={"3c2486910284ed923431d4c5d5fbf514fd00", r8}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f00000000c0)={"766cace9c303653f121a2d892000", 0x0, 0x0, {0x81, 0x50000a}, {0x7, 0x8}, 0x5, [0x3, 0x3, 0x4, 0x6, 0x0, 0x400, 0xffffffffffff0001, 0x2, 0x8, 0x7, 0x80000000, 0x81, 0x10, 0x522586f, 0xfffffffffffffffb, 0x7]}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, 0x0) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r4, 0x3ba0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r5, 0x0, 0x0, 0x0, 0x0, 0x1}) setreuid(0x0, 0xee00) 5.664227957s ago: executing program 2 (id=1686): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x8}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet_tcp(0x2, 0x1, 0x0) r2 = openat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FITRIM(r2, 0x40106e8c, 0x0) r3 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r3, 0x84, 0x1e, &(0x7f0000000000), 0x10) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)="d80000001000810468f70082db44b904021d080b01000000e8fe55a11800150006001400000000120800040043000000a80016000a00014006000d00036010fab94dcf5c0461c1d67f6f94000534cf6ee08000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88ac417898516277ce06bbace80177ccbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d0080000000000000b57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb14feb9f5588a63644caf1ce1bd6c769ad809d52a9ecbee", 0xd8}], 0x1}, 0x20000004) (fail_nth: 6) 5.533781244s ago: executing program 3 (id=1687): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = dup(r2) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x5}}, &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='contention_end\x00', r4, 0x0, 0x8001}, 0x18) socket$inet(0x2, 0x6, 0x2) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000010000100"/20, @ANYRES32=0x0, @ANYBLOB="000000e601"], 0x20}}, 0x4000040) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="0e030e00c4e8120006001e0089", 0xd, 0x28000000, 0x0, 0x0) ptrace(0x10, r7) ptrace$setregs(0xd, r7, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r7, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70}) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r3) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0xf4, r8, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xcbc}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3ff}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}]}, 0xf4}, 0x1, 0x0, 0x0, 0x8804}, 0x1) r9 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) ioctl$KVM_SET_CPUID2(r9, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r6]) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000003c0)="5c00000013006bcd9e3fe3dceb48aa31086b8703110000001fa1ff0000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 4.771471211s ago: executing program 2 (id=1688): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x48840) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) r3 = socket$kcm(0x29, 0x5, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000080)) r9 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02bb27dd4e7d5775a40a9cdf411c82212aa163f23c0c6e9da730df09b21815a35418b0dac6419d47c90fb04a5909504f8b90be90eb3afe851e1f50dbec0255dc21dcdec7554c23539f6445da05c8810bed395f5196bb5b5fc2f7c37b61bcf34fba0adaa12bc2461edc7aaf76922c66cd1d2e1424c3bac6b5f9ea787dbca0d0a46a3ce35e0f7caa9c1b78a380672662cb5c0d7571a95d82a3866494d1c914c92c466ccd2163e1fdbf96993f1cba639cce6ec50186ab22f0dcd939a715afd4bf37da8f5c7a5158c0134ee9ed7dcf0330fdedc5f9fc3958110944ccaa68612ed5d7865ecfddeda455196fb77d449ec6736d87dce620bfb14464ef80ce9c", @ANYRES16=r9, @ANYBLOB="010300000000000000000100ee7d817a1686d242f9492d06e706577115e96e668c3cdf82eab3a8acf11abdfbf872fa1af9b4c21f5d38ac7c62dadf612029fb866a9bbff21c83c8296dd1a4572035bfd0d598b16dc2fcf04ee8ab948d297a859372f90f07d4318ba8d609b2757f0a0d541d5622ad3191be45cff07e595cc0cd6f2081195e141cc95468d6498128005c39b29e28bba089681b9a08712f35ecafd4f73b28f34b1e25afe476598eadf82d1677fb72", @ANYRES32=r3, @ANYRESDEC=r4], 0x20}, 0x1, 0x0, 0x0, 0x64}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000001c0)={0x2, 0x0, 0x1ffe, 0x2000, &(0x7f0000ff2000/0x2000)=nil}) r10 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r10, 0x3292e291) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r10, 0x40505412, &(0x7f00000000c0)={0x1, 0x4, 0xa, 0x0, 0x5}) ioctl$BINDER_FREEZE(r0, 0x400c620e, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x90}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r12, 0xae60) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"]) munmap(&(0x7f0000456000/0x2000)=nil, 0x2000) close_range(r0, 0xffffffffffffffff, 0x0) 4.355944722s ago: executing program 2 (id=1689): socket(0x10, 0x803, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x2}, 0x0) add_key(&(0x7f0000000500)='big_key\x00', &(0x7f0000000540)={'syz', 0x3}, &(0x7f0000000580)="a5", 0x1, 0xfffffffffffffffe) add_key(&(0x7f0000000500)='big_key\x00', &(0x7f0000000540)={'syz', 0x3}, &(0x7f0000000580)="a5", 0x1, 0xfffffffffffffffe) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], 0x0, 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) close(r0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x34, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0xffffffff, 0x0]}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}]}]}, 0x34}}, 0x0) 4.277256745s ago: executing program 5 (id=1690): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$vimc1(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$PTP_PIN_SETFUNC(r1, 0x40603d07, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000000)={r3, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10) 4.030267093s ago: executing program 2 (id=1691): rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001380)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f139046a23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8bf3145144f8df253f85eb6f1c853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e012533719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c024ed6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df00415312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c556059efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e3e4cd129d5f0cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9ff90400000000000000d64285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f151421ffff57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd113b1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be29010000bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad95971030000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6136497a622d2ca7e72e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000000000009546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f637d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65e000000002a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r1 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) io_setup(0x4, &(0x7f0000000340)) flock(r1, 0x5) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r3, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rseq_update\x00', r0}, 0x10) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) 3.976765347s ago: executing program 3 (id=1692): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000480)={r2, @in6={{0xa, 0x4e20, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0xaea}}, [0x9, 0x1, 0x4, 0xe347, 0x81, 0x4, 0x8, 0x2, 0xa, 0x7, 0x346ce683, 0x4, 0x401, 0x80000001, 0x40000008]}, &(0x7f0000000240)=0x100) connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0x15, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'vcan0\x00'}}, 0x1e) sendmmsg(0xffffffffffffffff, &(0x7f0000003880)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000003b80)="870b", 0x2}], 0x1}}], 0x1, 0x4080) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1}) r4 = gettid() timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) 2.913485103s ago: executing program 0 (id=1348): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000017c0), 0x8400, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000500), 0x20182) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000006c0)={0x3, 0x3, 0x0, 'queue0\x00', 0x9}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r1, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f", 0x0, 0xfffffffc}) write$sndseq(r1, &(0x7f00000000c0)=[{0x5, 0x3, 0x0, 0x1, @time, {}, {0x0, 0x10}, @note={0xfa, 0x7, 0x88, 0x0, 0x2}}], 0x1c) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000001800)=0x10) socket$inet(0x2, 0x3, 0x6) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0x6}, 0x18) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x80}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 1.356137553s ago: executing program 2 (id=1693): sendto$unix(0xffffffffffffffff, &(0x7f00000001c0)="8287783e623ea00a1e6474d9e40d42144f837f145aadc7a4ba5c329a925be7218ebd204080ccfba4630b4a8decb822cd13b196538c33c1cf394d707a1eda4238055032f6ba47f68e53a17f6871e1ffb8fb33f49a76", 0x55, 0x4082, 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000b40)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b00)={0xffffffffffffffff}, 0x2, 0x8}}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[], 0x0, 0x66}, 0x28) symlinkat(0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB=',\x00'], 0x2c}}, 0x800) recvmmsg(r5, &(0x7f0000007700), 0x318, 0xfc0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f00000003c0)=0x6, r1, 0x0, 0x0, 0x1}}, 0x20) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="08000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) 1.355353962s ago: executing program 3 (id=1694): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x2c9ab000) r2 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r2, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) sendmsg$sock(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)='k', 0x1}, {0x0}, {&(0x7f0000000040)="fe07e4ad9a397dadc913c79649675cd17df8bf86309a", 0x16}, {&(0x7f00000001c0)}], 0x4, &(0x7f0000000080)=[@timestamping={{0x14, 0x1, 0x25, 0x303}}], 0x18}, 0x4000081) fadvise64(r1, 0x2, 0x106, 0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x1000) 1.069380157s ago: executing program 3 (id=1695): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000003c0)={'das16m1\x00', [0x7ff, 0x20, 0x1, 0xd, 0x0, 0x6, 0x1, 0xaa9, 0x1000, 0x1, 0x8, 0x5, 0x407, 0x2, 0x80000003, 0x6, 0x80000004, 0x9, 0xfffffffd, 0x67c, 0x10003ff, 0x3, 0x800, 0xe2df, 0x2, 0x1, 0x6, 0x4000, 0x7, 0x6091, 0x5]}) 65.316306ms ago: executing program 2 (id=1696): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f00000005c0)='smaps_rollup\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socket$can_bcm(0x1d, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) r4 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000600)={0x2, @pix={0x80000000, 0xbb46, 0x34324142, 0x0, 0x0, 0x2c9, 0x0, 0xfffffffd}}) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000100)={0x410000, 0x2, 0x2}) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000080)={0x2, @sliced={0x8, [0x1, 0x7, 0x5, 0x3ff, 0x0, 0x2, 0x6, 0x9, 0x1ff, 0xdd, 0x494, 0x139, 0x7, 0x5, 0x5, 0x7, 0x6, 0x9, 0x2, 0x5, 0x1, 0x1, 0xd, 0x6, 0x9, 0x8, 0xf6, 0x5, 0x7, 0x9, 0x4, 0x5, 0x9, 0xe, 0x5, 0x258d, 0x2, 0x9, 0x6, 0x4, 0xe, 0x40, 0x7ff, 0x7, 0x0, 0xdea, 0x5, 0xbb], 0x80000000}}) sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x10) getsockopt$IP_VS_SO_GET_DAEMON(r3, 0x0, 0x487, &(0x7f0000000000), &(0x7f00000000c0)=0x30) socket(0x29, 0x400000000080803, 0x0) landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f0000000100)={0x1, 0x4}, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$I2C_SLAVE(0xffffffffffffffff, 0x703, 0x3b0) bind$inet(0xffffffffffffffff, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) 0s ago: executing program 5 (id=1697): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x2, 0x80805, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r5, 0x0, &(0x7f0000000040)) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x503, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21111, 0x8831}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_WINDOW={0x8, 0x5, 0x3}]}}}, @IFLA_LINK={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x48890}, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r3, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) kernel console output (not intermixed with test programs): netdevsim0: renamed from eth0 [ 741.323644][T11972] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 742.007386][T11972] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 742.017797][T12176] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1461'. [ 742.161281][ T5835] usb 4-1: Using ep0 maxpacket: 16 [ 742.189026][T11972] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 742.249843][ T5835] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 742.281648][ T5835] usb 4-1: can't read configurations, error -71 [ 742.460284][T11982] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 742.636422][T11982] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 742.651633][T11982] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 742.665518][T11982] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 742.932087][ T5835] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 743.105884][ T5835] usb 4-1: Using ep0 maxpacket: 16 [ 743.127842][ T5835] usb 4-1: config 0 has an invalid interface number: 4 but max is 1 [ 743.144418][ T5835] usb 4-1: config 0 has an invalid interface number: 4 but max is 1 [ 743.161868][ T5835] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 743.186271][ T5835] usb 4-1: config 0 has no interface number 0 [ 743.189937][T11972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 743.201530][ T5835] usb 4-1: config 0 interface 4 altsetting 9 endpoint 0xF has an invalid bInterval 255, changing to 11 [ 743.217592][T11982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 743.231614][ T5835] usb 4-1: config 0 interface 4 altsetting 4 endpoint 0xE has invalid wMaxPacketSize 0 [ 743.261404][ T5835] usb 4-1: config 0 interface 4 altsetting 4 bulk endpoint 0xE has invalid maxpacket 0 [ 743.281880][ T5835] usb 4-1: config 0 interface 4 has no altsetting 0 [ 743.285917][T11972] 8021q: adding VLAN 0 to HW filter on device team0 [ 743.297819][ T5835] usb 4-1: config 0 interface 4 has no altsetting 1 [ 743.306794][ T5835] usb 4-1: New USB device found, idVendor=eb1a, idProduct=2750, bcdDevice=e2.82 [ 743.308736][T11982] 8021q: adding VLAN 0 to HW filter on device team0 [ 743.326606][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.342656][ T5835] usb 4-1: config 0 descriptor?? [ 743.354039][ T5986] bridge0: port 1(bridge_slave_0) entered blocking state [ 743.361303][ T5986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 743.406289][ T6848] bridge0: port 1(bridge_slave_0) entered blocking state [ 743.413555][ T6848] bridge0: port 1(bridge_slave_0) entered forwarding state [ 743.461535][ T6848] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.468771][ T6848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 743.487464][ T6848] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.494777][ T6848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 743.647157][T12188] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1463'. [ 743.679685][T12188] geneve1: entered promiscuous mode [ 743.749171][ T5835] usb 4-1: string descriptor 0 read error: -71 [ 744.512684][T12204] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1466'. [ 744.535522][ T5835] usb 4-1: USB disconnect, device number 27 [ 744.921277][ T5835] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 745.229346][T12220] fuse: Unknown parameter '0x00000000000000070000000000000000000000000000000000000000' [ 745.471302][ T5835] usb 4-1: Using ep0 maxpacket: 8 [ 745.492357][ T5835] usb 4-1: config 0 has no interfaces? [ 745.520336][ T5835] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 745.594553][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 745.700453][ T5835] usb 4-1: config 0 descriptor?? [ 745.753733][T11972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 745.900001][T11972] veth0_vlan: entered promiscuous mode [ 745.938285][T11982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 745.948086][T12207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 745.957176][T12207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 745.966999][T12224] syzkaller1: entered promiscuous mode [ 745.974113][T12224] syzkaller1: entered allmulticast mode [ 745.979024][ T5835] usb 4-1: USB disconnect, device number 28 [ 746.017618][T11972] veth1_vlan: entered promiscuous mode [ 746.024564][T12226] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1471'. [ 746.054820][T12226] SET target dimension over the limit! [ 746.133601][T11982] veth0_vlan: entered promiscuous mode [ 746.154518][T11972] veth0_macvtap: entered promiscuous mode [ 746.194324][T11972] veth1_macvtap: entered promiscuous mode [ 746.239187][T11982] veth1_vlan: entered promiscuous mode [ 746.496783][T11972] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 747.187483][T12233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1472'. [ 747.212822][T11972] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 747.230990][T11982] veth0_macvtap: entered promiscuous mode [ 747.263659][T11972] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.311001][T11972] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.340829][T11972] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.351323][T11972] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.389457][T11982] veth1_macvtap: entered promiscuous mode [ 747.474367][T11982] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 747.506077][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.512624][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.706256][T12241] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 748.066381][T11982] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 748.103433][T11982] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 748.147170][T11982] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 748.176301][T11982] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 748.210272][T11982] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 749.177461][T12247] sit0: entered promiscuous mode [ 749.185630][T12247] netlink: 'syz.5.1477': attribute type 1 has an invalid length. [ 749.193443][T12247] netlink: 1 bytes leftover after parsing attributes in process `syz.5.1477'. [ 749.439285][ T6848] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 749.467531][ T6848] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 749.513656][ T7540] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 749.536566][ T7540] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 749.589860][ T5986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 749.618530][ T5986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 749.681411][ T6910] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 749.770233][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 749.793835][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 749.864829][ T6910] usb 6-1: Using ep0 maxpacket: 32 [ 749.886916][ T6910] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 749.898997][ T6910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 749.922993][ T6910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 749.933633][ T6910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 749.945644][ T6910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 749.962528][ T6910] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 749.973324][ T6910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 750.016988][ T6910] usb 6-1: Product: syz [ 750.021670][ T6910] usb 6-1: Manufacturer: syz [ 750.026559][ T6910] usb 6-1: SerialNumber: syz [ 750.203384][T12261] fuse: Unknown parameter '0x00000000000000070000000000000000000000000000000000000000' [ 750.579569][ T6910] usb 6-1: config 0 descriptor?? [ 750.854086][ T65] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.045842][ T65] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.086700][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -32 [ 751.093671][ T6910] input input32: Device does not respond to id packet M [ 751.106448][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -32 [ 751.118032][ T6910] input input32: Device does not respond to id packet P [ 751.131635][ T6910] input input32: Device does not respond to id packet B [ 751.336683][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 751.371435][ T6910] input input32: Device does not respond to id packet N [ 751.381398][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 751.389865][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 751.405475][ T65] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.417884][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 751.425950][ T6910] iforce 6-1:0.0: usb_submit_urb failed: -71 [ 751.453627][ T6910] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input32 [ 751.505578][ T6910] usb 6-1: USB disconnect, device number 23 [ 751.676683][ T65] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 753.133637][T12275] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1484'. [ 753.370488][ T65] bridge_slave_1: left allmulticast mode [ 753.377237][ T65] bridge_slave_1: left promiscuous mode [ 753.386651][ T65] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.302786][ T65] bridge_slave_0: left allmulticast mode [ 754.308657][ T65] bridge_slave_0: left promiscuous mode [ 754.319419][ T65] bridge0: port 1(bridge_slave_0) entered disabled state [ 754.389170][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 754.400020][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 754.408994][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 754.418968][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 754.427427][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 754.462851][ T9644] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 754.473320][ T9644] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 754.482649][ T9644] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 754.492079][ T9644] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 754.500817][ T9644] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 754.630905][T12290] Bluetooth: MGMT ver 1.23 [ 754.891293][T11216] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 754.896486][ T5835] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 754.997291][ T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 755.008838][ T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 755.019674][ T65] bond0 (unregistering): Released all slaves [ 755.052933][ T5835] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 755.063765][T11216] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 755.070005][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 755.085973][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 755.089975][T11216] usb 3-1: config 0 interface 0 has no altsetting 0 [ 755.110161][ T5835] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 755.127076][ T5835] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 755.137468][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 755.146501][T11216] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 755.163937][T11216] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 755.172455][T11216] usb 3-1: Product: syz [ 755.177667][T11216] usb 3-1: Manufacturer: syz [ 755.193502][T11216] usb 3-1: SerialNumber: syz [ 755.193881][ T5835] usb 4-1: config 0 descriptor?? [ 755.201891][T11216] usb 3-1: config 0 descriptor?? [ 755.214528][T11216] usb 3-1: selecting invalid altsetting 0 [ 755.429444][T12292] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1489'. [ 755.437533][ T6910] usb 4-1: USB disconnect, device number 29 [ 755.446074][T11216] usb 3-1: USB disconnect, device number 46 [ 755.536244][ T65] hsr_slave_0: left promiscuous mode [ 755.546741][ T65] hsr_slave_1: left promiscuous mode [ 755.552867][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 755.560376][ T65] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 755.569859][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 755.577620][ T65] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 755.602564][ T65] veth1_macvtap: left promiscuous mode [ 755.608237][ T65] veth0_macvtap: left promiscuous mode [ 755.614089][ T65] veth1_vlan: left promiscuous mode [ 755.619691][ T65] veth0_vlan: left promiscuous mode [ 756.238516][T12302] fuse: Unknown parameter '0x00000000000000070000000000000000000000000000000000000000' [ 756.487016][ T9644] Bluetooth: hci0: command tx timeout [ 756.551736][ T9644] Bluetooth: hci4: command tx timeout [ 756.925893][T12307] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1493'. [ 757.129131][ T65] team0 (unregistering): Port device team_slave_1 removed [ 757.267044][T12308] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 757.371864][ T65] team0 (unregistering): Port device team_slave_0 removed [ 758.552385][ T9644] Bluetooth: hci0: command tx timeout [ 758.633114][ T9644] Bluetooth: hci4: command tx timeout [ 760.008164][T12325] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1496'. [ 760.481108][T12285] chnl_net:caif_netlink_parms(): no params data found [ 760.631398][ T9644] Bluetooth: hci0: command tx timeout [ 760.648557][T12283] chnl_net:caif_netlink_parms(): no params data found [ 760.711276][ T9644] Bluetooth: hci4: command tx timeout [ 761.081221][T11216] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 761.123680][T12285] bridge0: port 1(bridge_slave_0) entered blocking state [ 761.134331][T12285] bridge0: port 1(bridge_slave_0) entered disabled state [ 761.142289][T12285] bridge_slave_0: entered allmulticast mode [ 761.150610][T12285] bridge_slave_0: entered promiscuous mode [ 761.600230][T11216] usb 3-1: Using ep0 maxpacket: 16 [ 761.613725][T11216] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 761.625355][T11216] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 761.636536][T11216] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 761.638293][T12283] bridge0: port 1(bridge_slave_0) entered blocking state [ 761.653134][T11216] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 761.659252][T12283] bridge0: port 1(bridge_slave_0) entered disabled state [ 761.670703][T12283] bridge_slave_0: entered allmulticast mode [ 761.678779][T11216] usb 3-1: config 0 descriptor?? [ 761.680271][T12283] bridge_slave_0: entered promiscuous mode [ 761.693777][T11216] usbhid 3-1:0.0: can't add hid device: -22 [ 761.699857][T11216] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 761.711416][T12285] bridge0: port 2(bridge_slave_1) entered blocking state [ 761.721536][T12285] bridge0: port 2(bridge_slave_1) entered disabled state [ 761.730246][T12285] bridge_slave_1: entered allmulticast mode [ 761.737990][T12285] bridge_slave_1: entered promiscuous mode [ 761.760605][T12283] bridge0: port 2(bridge_slave_1) entered blocking state [ 761.786018][T12283] bridge0: port 2(bridge_slave_1) entered disabled state [ 761.798514][T12283] bridge_slave_1: entered allmulticast mode [ 761.807650][T12283] bridge_slave_1: entered promiscuous mode [ 761.905527][ T24] usb 3-1: USB disconnect, device number 47 [ 761.907647][ T65] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 761.955094][T12285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 761.989398][T12283] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 762.017039][ T65] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.032632][ T6910] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 762.048061][T12285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 762.060141][T12283] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 762.101601][ T5835] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 762.132874][T12283] team0: Port device team_slave_0 added [ 762.159198][T12283] team0: Port device team_slave_1 added [ 762.186090][ T65] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.196519][ T6910] usb 6-1: Using ep0 maxpacket: 16 [ 762.212606][ T6910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 762.228313][T12285] team0: Port device team_slave_0 added [ 762.236390][ T6910] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 762.246421][ T6910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 762.255501][T12285] team0: Port device team_slave_1 added [ 762.261328][ T6910] usb 6-1: Product: syz [ 762.261352][ T6910] usb 6-1: Manufacturer: syz [ 762.261369][ T6910] usb 6-1: SerialNumber: syz [ 762.264623][ T6910] usb 6-1: config 0 descriptor?? [ 762.283043][ T5835] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 762.295027][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 762.308525][ T6910] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 762.321573][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 762.331776][ T6910] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 762.338085][ T5835] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 762.352372][ T5835] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 762.361920][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.380634][ T5835] usb 4-1: config 0 descriptor?? [ 762.383793][T12283] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 762.394714][T12283] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 762.421611][T12283] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 762.467240][ T65] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 762.526902][T12283] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 762.534056][T12283] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 762.559962][ C1] vkms_vblank_simulate: vblank timer overrun [ 762.567356][T12283] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 762.578286][ T6910] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 762.692051][T12355] fuse: Unknown parameter '0x00000000000000070000000000000000000000000000000000000000' [ 762.702404][ T5835] usb 4-1: USB disconnect, device number 30 [ 762.703215][ T9644] Bluetooth: hci0: command tx timeout [ 762.781269][ T9644] Bluetooth: hci4: command tx timeout [ 763.022482][ T6910] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 763.110022][ T6910] em28xx 6-1:0.0: board has no eeprom [ 763.111972][T12285] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 763.136535][T12285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 763.187067][ T6910] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 763.195265][ T6910] em28xx 6-1:0.0: dvb set to bulk mode. [ 763.205239][T12285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 763.223426][ T6244] em28xx 6-1:0.0: Binding DVB extension [ 763.238599][T12285] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 763.239438][ T6910] usb 6-1: USB disconnect, device number 24 [ 763.271211][T12285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 763.278755][ T6910] em28xx 6-1:0.0: Disconnecting em28xx [ 763.339011][T12285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 763.380694][ T6244] em28xx 6-1:0.0: Registering input extension [ 763.388072][ T6910] em28xx 6-1:0.0: Closing input extension [ 763.434966][ T6910] em28xx 6-1:0.0: Freeing device [ 763.501174][T12361] ieee802154 phy0 wpan0: encryption failed: -22 [ 763.698722][T12285] hsr_slave_0: entered promiscuous mode [ 763.906200][T12285] hsr_slave_1: entered promiscuous mode [ 763.912954][T12285] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 763.921437][T12285] Cannot create hsr debugfs directory [ 763.953194][T12369] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 763.962048][ T6244] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 764.720850][T12283] hsr_slave_0: entered promiscuous mode [ 764.732981][T12283] hsr_slave_1: entered promiscuous mode [ 764.739631][T12283] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 764.748061][T12283] Cannot create hsr debugfs directory [ 764.754099][ T6244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 764.771499][ T6244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 764.791494][ T6244] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.4d [ 764.805567][ T6244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.816818][T12370] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1507'. [ 764.946187][ T6244] usb 3-1: config 0 descriptor?? [ 765.234197][ T65] bridge_slave_1: left allmulticast mode [ 765.239936][ T65] bridge_slave_1: left promiscuous mode [ 765.259931][ T65] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.281048][ T65] bridge_slave_0: left allmulticast mode [ 765.289429][ T65] bridge_slave_0: left promiscuous mode [ 765.295634][ T65] bridge0: port 1(bridge_slave_0) entered disabled state [ 765.346129][T12379] FAULT_INJECTION: forcing a failure. [ 765.346129][T12379] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 765.359365][T12379] CPU: 1 UID: 0 PID: 12379 Comm: syz.3.1511 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) [ 765.359394][T12379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 765.359408][T12379] Call Trace: [ 765.359422][T12379] [ 765.359432][T12379] dump_stack_lvl+0x189/0x250 [ 765.359462][T12379] ? __pfx____ratelimit+0x10/0x10 [ 765.359493][T12379] ? __pfx_dump_stack_lvl+0x10/0x10 [ 765.359515][T12379] ? __pfx__printk+0x10/0x10 [ 765.359556][T12379] should_fail_ex+0x414/0x560 [ 765.359592][T12379] _copy_to_user+0x31/0xb0 [ 765.359627][T12379] simple_read_from_buffer+0xe1/0x170 [ 765.359665][T12379] proc_fail_nth_read+0x1df/0x250 [ 765.359691][T12379] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 765.359716][T12379] ? rw_verify_area+0x258/0x650 [ 765.359744][T12379] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 765.359768][T12379] vfs_read+0x200/0x980 [ 765.359802][T12379] ? __pfx___mutex_lock+0x10/0x10 [ 765.359824][T12379] ? __pfx_vfs_read+0x10/0x10 [ 765.359853][T12379] ? __fget_files+0x2a/0x420 [ 765.359878][T12379] ? __fget_files+0x3a0/0x420 [ 765.359895][T12379] ? __fget_files+0x2a/0x420 [ 765.359925][T12379] ksys_read+0x145/0x250 [ 765.359956][T12379] ? __pfx_ksys_read+0x10/0x10 [ 765.359982][T12379] ? rcu_is_watching+0x15/0xb0 [ 765.360011][T12379] ? do_syscall_64+0xbe/0x3b0 [ 765.360037][T12379] do_syscall_64+0xfa/0x3b0 [ 765.360056][T12379] ? lockdep_hardirqs_on+0x9c/0x150 [ 765.360088][T12379] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.360110][T12379] ? clear_bhb_loop+0x60/0xb0 [ 765.360135][T12379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.360156][T12379] RIP: 0033:0x7fdf4958d33c [ 765.360175][T12379] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 765.360194][T12379] RSP: 002b:00007fdf4a46a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 765.360218][T12379] RAX: ffffffffffffffda RBX: 00007fdf497b5fa0 RCX: 00007fdf4958d33c [ 765.360234][T12379] RDX: 000000000000000f RSI: 00007fdf4a46a0a0 RDI: 0000000000000003 [ 765.360247][T12379] RBP: 00007fdf4a46a090 R08: 0000000000000000 R09: 0000000000000000 [ 765.360260][T12379] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001 [ 765.360272][T12379] R13: 0000000000000000 R14: 00007fdf497b5fa0 R15: 00007ffdda252b88 [ 765.360300][T12379] [ 765.592247][ C1] vkms_vblank_simulate: vblank timer overrun [ 766.098710][ T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 766.110422][ T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 766.121697][ T65] bond0 (unregistering): Released all slaves [ 766.335631][T12385] input: syz0 as /devices/virtual/input/input34 [ 766.403281][ T6244] usb 3-1: string descriptor 0 read error: -71 [ 766.423647][ T6244] hdpvr 3-1:0.0: Could not find bulk-in endpoint [ 766.430083][ T6244] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12 [ 766.445300][ T6244] usb 3-1: USB disconnect, device number 48 [ 766.638763][T12388] input: syz1 as /devices/virtual/input/input35 [ 766.763164][ T65] hsr_slave_0: left promiscuous mode [ 766.770481][ T65] hsr_slave_1: left promiscuous mode [ 766.788834][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 766.830133][ T65] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 766.859237][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 766.905728][ T65] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 767.063609][ T65] veth1_macvtap: left promiscuous mode [ 767.069448][ T65] veth0_macvtap: left promiscuous mode [ 767.087470][ T65] veth1_vlan: left promiscuous mode [ 767.099951][ T65] veth0_vlan: left promiscuous mode [ 767.463466][T12392] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 767.611036][T12395] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1516'. [ 767.647470][T12395] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1516'. [ 769.531579][ T65] team0 (unregistering): Port device team_slave_1 removed [ 769.607532][ T65] team0 (unregistering): Port device team_slave_0 removed [ 770.849812][T12412] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1519'. [ 771.013096][T12415] FAULT_INJECTION: forcing a failure. [ 771.013096][T12415] name failslab, interval 1, probability 0, space 0, times 0 [ 771.094531][T12415] CPU: 0 UID: 0 PID: 12415 Comm: syz.3.1520 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) [ 771.094563][T12415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 771.094584][T12415] Call Trace: [ 771.094593][T12415] [ 771.094603][T12415] dump_stack_lvl+0x189/0x250 [ 771.094633][T12415] ? __pfx____ratelimit+0x10/0x10 [ 771.094666][T12415] ? __pfx_dump_stack_lvl+0x10/0x10 [ 771.094689][T12415] ? __pfx__printk+0x10/0x10 [ 771.094724][T12415] ? __pfx___might_resched+0x10/0x10 [ 771.094746][T12415] ? fs_reclaim_acquire+0x7d/0x100 [ 771.094773][T12415] should_fail_ex+0x414/0x560 [ 771.094808][T12415] should_failslab+0xa8/0x100 [ 771.094842][T12415] __kmalloc_noprof+0xcb/0x4f0 [ 771.094870][T12415] ? ovs_meter_cmd_set+0x218/0x1650 [ 771.094907][T12415] ovs_meter_cmd_set+0x218/0x1650 [ 771.094953][T12415] ? __pfx_ovs_meter_cmd_set+0x10/0x10 [ 771.094984][T12415] ? __nla_parse+0x40/0x60 [ 771.095009][T12415] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 771.095059][T12415] genl_family_rcv_msg_doit+0x212/0x300 [ 771.095098][T12415] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 771.095145][T12415] ? bpf_lsm_capable+0x9/0x20 [ 771.095167][T12415] ? security_capable+0x7e/0x2e0 [ 771.095197][T12415] genl_rcv_msg+0x60e/0x790 [ 771.095236][T12415] ? __pfx_genl_rcv_msg+0x10/0x10 [ 771.095263][T12415] ? ref_tracker_free+0x63a/0x7d0 [ 771.095293][T12415] ? __pfx_ovs_meter_cmd_set+0x10/0x10 [ 771.095325][T12415] ? __pfx_ref_tracker_free+0x10/0x10 [ 771.095368][T12415] netlink_rcv_skb+0x208/0x470 [ 771.095395][T12415] ? __pfx_genl_rcv_msg+0x10/0x10 [ 771.095427][T12415] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 771.095472][T12415] ? down_read+0x1ad/0x2e0 [ 771.095498][T12415] genl_rcv+0x28/0x40 [ 771.095525][T12415] netlink_unicast+0x759/0x8e0 [ 771.095561][T12415] netlink_sendmsg+0x805/0xb30 [ 771.095598][T12415] ? __pfx_netlink_sendmsg+0x10/0x10 [ 771.095632][T12415] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 771.095662][T12415] ? __pfx_netlink_sendmsg+0x10/0x10 [ 771.095688][T12415] __sock_sendmsg+0x219/0x270 [ 771.095725][T12415] ____sys_sendmsg+0x505/0x830 [ 771.095758][T12415] ? __pfx_____sys_sendmsg+0x10/0x10 [ 771.095796][T12415] ? import_iovec+0x74/0xa0 [ 771.095826][T12415] ___sys_sendmsg+0x21f/0x2a0 [ 771.095855][T12415] ? __pfx____sys_sendmsg+0x10/0x10 [ 771.095925][T12415] ? __fget_files+0x2a/0x420 [ 771.095943][T12415] ? __fget_files+0x3a0/0x420 [ 771.095975][T12415] __x64_sys_sendmsg+0x19b/0x260 [ 771.096005][T12415] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 771.096044][T12415] ? __pfx_ksys_write+0x10/0x10 [ 771.096076][T12415] ? rcu_is_watching+0x15/0xb0 [ 771.096106][T12415] ? do_syscall_64+0xbe/0x3b0 [ 771.096130][T12415] do_syscall_64+0xfa/0x3b0 [ 771.096149][T12415] ? lockdep_hardirqs_on+0x9c/0x150 [ 771.096179][T12415] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.096200][T12415] ? clear_bhb_loop+0x60/0xb0 [ 771.096226][T12415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.096246][T12415] RIP: 0033:0x7fdf4958e929 [ 771.096265][T12415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 771.096283][T12415] RSP: 002b:00007fdf4a46a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 771.096306][T12415] RAX: ffffffffffffffda RBX: 00007fdf497b5fa0 RCX: 00007fdf4958e929 [ 771.096321][T12415] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 771.096335][T12415] RBP: 00007fdf4a46a090 R08: 0000000000000000 R09: 0000000000000000 [ 771.096348][T12415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 771.096360][T12415] R13: 0000000000000000 R14: 00007fdf497b5fa0 R15: 00007ffdda252b88 [ 771.096394][T12415] [ 771.502258][ T9644] Bluetooth: hci1: command 0x0c1a tx timeout [ 771.636051][T12418] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 772.620137][ T5846] Bluetooth: hci1: SCO packet for unknown connection handle 200 [ 773.000316][T12285] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 773.023367][T12285] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 773.039599][T12285] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 773.075291][T12285] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 773.251644][T12285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 773.272243][T11216] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 773.308274][T12285] 8021q: adding VLAN 0 to HW filter on device team0 [ 773.362233][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.369502][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 773.411046][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.418364][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 773.434721][T11216] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 773.454357][T11216] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 773.466179][T11216] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.4d [ 773.476696][T11216] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 773.494381][T11216] usb 6-1: config 0 descriptor?? [ 773.517644][T12283] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 773.534839][T12283] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 773.547906][T12283] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 773.564938][T12283] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 773.755369][T12283] 8021q: adding VLAN 0 to HW filter on device bond0 [ 773.788477][T12283] 8021q: adding VLAN 0 to HW filter on device team0 [ 773.814778][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.822127][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 773.862583][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.869864][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 774.075053][T12459] tmpfs: Unknown parameter '¥{2~ [ 774.075053][T12459] ¯' [ 774.092237][T12460] tmpfs: Unknown parameter '¥{2~ [ 774.092237][T12460] ¯' [ 774.096344][ C0] vcan0: j1939_tp_rxtimer: 0xffff888034fb8800: rx timeout, send abort [ 774.106494][T12285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 774.108435][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888034fb8800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 774.413898][T12285] veth0_vlan: entered promiscuous mode [ 774.427694][T12285] veth1_vlan: entered promiscuous mode [ 774.479910][T12285] veth0_macvtap: entered promiscuous mode [ 775.494105][T12285] veth1_macvtap: entered promiscuous mode [ 775.518494][T12285] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 775.570554][T12285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 775.628872][T12285] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 775.671502][T11216] usb 6-1: string descriptor 0 read error: -71 [ 775.802401][T12285] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 775.811293][T12285] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 775.820051][T12285] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 775.832446][T11216] hdpvr 6-1:0.0: Could not find bulk-in endpoint [ 775.838920][T11216] hdpvr 6-1:0.0: probe with driver hdpvr failed with error -12 [ 776.481596][T11216] usb 6-1: USB disconnect, device number 25 [ 776.827695][T12477] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 777.206919][T12283] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 777.894793][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 777.920918][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 777.961097][T12283] veth0_vlan: entered promiscuous mode [ 778.040710][T12485] Bluetooth: hci0: service_discovery: too big uuid_count value 14336 [ 778.978161][T12283] veth1_vlan: entered promiscuous mode [ 779.003397][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 779.023298][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 779.218725][T12283] veth0_macvtap: entered promiscuous mode [ 782.877383][T12283] veth1_macvtap: entered promiscuous mode [ 782.943942][T12283] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 782.958788][T12283] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 783.045102][T12283] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.095805][T12283] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.124623][T12505] input: syz1 as /devices/virtual/input/input36 [ 783.127580][T12283] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.151280][T12283] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.198811][T12507] FAULT_INJECTION: forcing a failure. [ 783.198811][T12507] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 783.221247][T12507] CPU: 1 UID: 0 PID: 12507 Comm: syz.3.1539 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) [ 783.221279][T12507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 783.221293][T12507] Call Trace: [ 783.221302][T12507] [ 783.221312][T12507] dump_stack_lvl+0x189/0x250 [ 783.221343][T12507] ? __pfx____ratelimit+0x10/0x10 [ 783.221376][T12507] ? __pfx_dump_stack_lvl+0x10/0x10 [ 783.221401][T12507] ? __pfx__printk+0x10/0x10 [ 783.221428][T12507] ? __might_fault+0xb0/0x130 [ 783.221472][T12507] should_fail_ex+0x414/0x560 [ 783.221509][T12507] _copy_from_user+0x2d/0xb0 [ 783.221535][T12507] input_event_from_user+0xb2/0x280 [ 783.221568][T12507] ? __pfx_input_event_from_user+0x10/0x10 [ 783.221605][T12507] ? input_event+0x8c/0xc0 [ 783.221629][T12507] uinput_write+0x279/0xfc0 [ 783.221673][T12507] ? __pfx_uinput_write+0x10/0x10 [ 783.221705][T12507] ? bpf_lsm_file_permission+0x9/0x20 [ 783.221725][T12507] ? security_file_permission+0x75/0x290 [ 783.221758][T12507] ? rw_verify_area+0x258/0x650 [ 783.221786][T12507] ? __pfx_uinput_write+0x10/0x10 [ 783.221819][T12507] vfs_write+0x27e/0xa90 [ 783.221865][T12507] ? __pfx_vfs_write+0x10/0x10 [ 783.221896][T12507] ? __fget_files+0x2a/0x420 [ 783.221919][T12507] ? __fget_files+0x2a/0x420 [ 783.221937][T12507] ? __fget_files+0x3a0/0x420 [ 783.221955][T12507] ? __fget_files+0x2a/0x420 [ 783.221985][T12507] ksys_write+0x145/0x250 [ 783.222017][T12507] ? __pfx_ksys_write+0x10/0x10 [ 783.222052][T12507] ? do_syscall_64+0xbe/0x3b0 [ 783.222078][T12507] do_syscall_64+0xfa/0x3b0 [ 783.222097][T12507] ? lockdep_hardirqs_on+0x9c/0x150 [ 783.222128][T12507] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 783.222149][T12507] ? clear_bhb_loop+0x60/0xb0 [ 783.222176][T12507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 783.222197][T12507] RIP: 0033:0x7fdf4958e929 [ 783.222217][T12507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 783.222236][T12507] RSP: 002b:00007fdf4a449038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 783.222258][T12507] RAX: ffffffffffffffda RBX: 00007fdf497b6080 RCX: 00007fdf4958e929 [ 783.222274][T12507] RDX: 0000000000006672 RSI: 0000200000000000 RDI: 0000000000000003 [ 783.222288][T12507] RBP: 00007fdf4a449090 R08: 0000000000000000 R09: 0000000000000000 [ 783.222302][T12507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 783.222314][T12507] R13: 0000000000000001 R14: 00007fdf497b6080 R15: 00007ffdda252b88 [ 783.222348][T12507] [ 783.507895][T12509] nullb0: AHDI p1 [ 783.587111][T12510] sctp: [Deprecated]: syz.5.1540 (pid 12510) Use of struct sctp_assoc_value in delayed_ack socket option. [ 783.587111][T12510] Use struct sctp_sack_info instead [ 783.604058][ T49] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 783.607524][T12511] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1541'. [ 783.688884][ T49] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 783.745432][ T7540] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 783.760585][ T7540] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 783.797961][ T49] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 783.852825][ T1085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 783.867512][ T1085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 783.898633][ T49] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 785.023829][T12522] netlink: 'syz.3.1543': attribute type 4 has an invalid length. [ 785.660469][ T49] bridge_slave_1: left allmulticast mode [ 785.667530][ T49] bridge_slave_1: left promiscuous mode [ 785.705690][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 786.207249][ T49] bridge_slave_0: left allmulticast mode [ 786.227633][ T49] bridge_slave_0: left promiscuous mode [ 786.254628][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 786.572324][ T9644] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 786.583274][ T9644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 786.591889][ T9644] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 786.602836][ T9644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 786.610808][ T9644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 787.273026][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 787.284991][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 787.298224][ T49] bond0 (unregistering): Released all slaves [ 787.626044][ T49] hsr_slave_0: left promiscuous mode [ 787.632227][ T49] hsr_slave_1: left promiscuous mode [ 787.638413][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 787.648058][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 787.656761][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 787.668298][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 787.691021][ T49] veth1_macvtap: left promiscuous mode [ 787.696740][ T49] veth0_macvtap: left promiscuous mode [ 787.702657][ T49] veth1_vlan: left promiscuous mode [ 787.708030][ T49] veth0_vlan: left promiscuous mode [ 788.222424][ T49] team0 (unregistering): Port device team_slave_1 removed [ 788.277240][ T49] team0 (unregistering): Port device team_slave_0 removed [ 788.715365][ T9644] Bluetooth: hci0: command tx timeout [ 789.191737][ T9644] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 789.541272][ T24] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 789.840222][ T9644] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 789.856269][ T9644] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 789.866520][ T9644] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 789.875334][ T9644] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 789.887819][ T9644] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 789.893829][ T24] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 789.914604][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 789.930502][ T24] usb 3-1: config 0 descriptor?? [ 790.101397][ T5953] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 790.241380][ T5953] usb 6-1: device descriptor read/64, error -71 [ 790.364294][T12528] chnl_net:caif_netlink_parms(): no params data found [ 790.481628][ T5953] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 790.616358][T12528] bridge0: port 1(bridge_slave_0) entered blocking state [ 790.621534][ T5953] usb 6-1: device descriptor read/64, error -71 [ 790.623953][T12528] bridge0: port 1(bridge_slave_0) entered disabled state [ 790.638060][T12528] bridge_slave_0: entered allmulticast mode [ 790.647157][T12528] bridge_slave_0: entered promiscuous mode [ 790.688383][T12528] bridge0: port 2(bridge_slave_1) entered blocking state [ 790.699305][T12528] bridge0: port 2(bridge_slave_1) entered disabled state [ 790.709961][T12528] bridge_slave_1: entered allmulticast mode [ 790.725780][T12528] bridge_slave_1: entered promiscuous mode [ 790.747888][ T5953] usb usb6-port1: attempt power cycle [ 790.781744][ T9644] Bluetooth: hci0: command tx timeout [ 790.831018][T12528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 790.846204][T12528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 791.091323][ T5953] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 791.123810][ T5953] usb 6-1: device descriptor read/8, error -71 [ 791.225486][T12563] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 791.272855][T12528] team0: Port device team_slave_0 added [ 791.391889][ T5953] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 791.476212][ T5953] usb 6-1: device descriptor read/8, error -71 [ 791.547479][T12528] team0: Port device team_slave_1 added [ 791.595282][ T5953] usb usb6-port1: unable to enumerate USB device [ 791.664732][ T24] usb 3-1: Cannot set autoneg [ 791.679858][ T24] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 791.698022][ T24] usb 3-1: USB disconnect, device number 49 [ 791.753231][T12528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 791.760254][T12528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 791.815467][T12528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 791.834659][T12528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 791.847867][T12528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 791.879929][T12528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 791.939578][ T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 791.969587][T12548] chnl_net:caif_netlink_parms(): no params data found [ 791.981472][ T9644] Bluetooth: hci4: command tx timeout [ 792.031822][ T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 792.109111][T12528] hsr_slave_0: entered promiscuous mode [ 792.117221][T12528] hsr_slave_1: entered promiscuous mode [ 792.125659][T12528] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 792.133667][T12528] Cannot create hsr debugfs directory [ 792.356440][ T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 793.193231][ T9644] Bluetooth: hci0: command tx timeout [ 793.954966][ T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 794.065915][ T9644] Bluetooth: hci4: command tx timeout [ 794.107092][T12548] bridge0: port 1(bridge_slave_0) entered blocking state [ 794.115835][T12548] bridge0: port 1(bridge_slave_0) entered disabled state [ 794.129867][T12548] bridge_slave_0: entered allmulticast mode [ 794.138020][T12596] netlink: 'syz.3.1561': attribute type 2 has an invalid length. [ 794.141882][T12548] bridge_slave_0: entered promiscuous mode [ 794.148504][T12596] netlink: 'syz.3.1561': attribute type 2 has an invalid length. [ 794.205099][T12548] bridge0: port 2(bridge_slave_1) entered blocking state [ 794.235699][T12548] bridge0: port 2(bridge_slave_1) entered disabled state [ 794.262669][T12548] bridge_slave_1: entered allmulticast mode [ 794.284317][T12548] bridge_slave_1: entered promiscuous mode [ 795.276818][ T9644] Bluetooth: hci0: command tx timeout [ 795.882769][T12548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 795.896372][T12548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 795.957945][T12605] tun0: tun_chr_ioctl cmd 1074025681 [ 796.151388][ T9644] Bluetooth: hci4: command tx timeout [ 796.603077][T12548] team0: Port device team_slave_0 added [ 796.649849][T12548] team0: Port device team_slave_1 added [ 797.578473][T12548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 797.686577][T12548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 797.713056][T12548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 797.726184][T12548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 797.733374][T12548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 797.759818][T12548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 797.890581][T12548] hsr_slave_0: entered promiscuous mode [ 798.046399][T12548] hsr_slave_1: entered promiscuous mode [ 798.150937][T12548] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 798.221293][ T9644] Bluetooth: hci4: command tx timeout [ 798.233651][T12548] Cannot create hsr debugfs directory [ 798.353392][ T49] bridge_slave_1: left allmulticast mode [ 798.411259][ T49] bridge_slave_1: left promiscuous mode [ 798.417166][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 798.471651][T12634] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 799.215142][ T49] bridge_slave_0: left allmulticast mode [ 799.220865][ T49] bridge_slave_0: left promiscuous mode [ 799.231374][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 800.588639][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 800.600142][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 800.610851][ T49] bond0 (unregistering): Released all slaves [ 800.643572][T12637] FAULT_INJECTION: forcing a failure. [ 800.643572][T12637] name failslab, interval 1, probability 0, space 0, times 0 [ 800.656569][T12637] CPU: 0 UID: 0 PID: 12637 Comm: syz.5.1574 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) [ 800.656617][T12637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 800.656627][T12637] Call Trace: [ 800.656635][T12637] [ 800.656642][T12637] dump_stack_lvl+0x189/0x250 [ 800.656664][T12637] ? __pfx____ratelimit+0x10/0x10 [ 800.656688][T12637] ? __pfx_dump_stack_lvl+0x10/0x10 [ 800.656704][T12637] ? __pfx__printk+0x10/0x10 [ 800.656729][T12637] ? __pfx___might_resched+0x10/0x10 [ 800.656744][T12637] ? fs_reclaim_acquire+0x7d/0x100 [ 800.656763][T12637] should_fail_ex+0x414/0x560 [ 800.656788][T12637] ? alloc_netdev_mqs+0xa6/0x11e0 [ 800.656808][T12637] should_failslab+0xa8/0x100 [ 800.656832][T12637] __kvmalloc_node_noprof+0x161/0x5f0 [ 800.656855][T12637] ? alloc_netdev_mqs+0xa6/0x11e0 [ 800.656874][T12637] ? snprintf+0xda/0x120 [ 800.656894][T12637] ? __pfx_macvlan_setup+0x10/0x10 [ 800.656915][T12637] alloc_netdev_mqs+0xa6/0x11e0 [ 800.656935][T12637] ? __pfx_macvlan_setup+0x10/0x10 [ 800.656956][T12637] ? __pfx_snprintf+0x10/0x10 [ 800.656978][T12637] rtnl_create_link+0x31f/0xd10 [ 800.657006][T12637] rtnl_newlink_create+0x25c/0xb00 [ 800.657028][T12637] ? __mutex_lock+0x51b/0xe80 [ 800.657047][T12637] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 800.657063][T12637] ? rtnl_newlink+0x8db/0x1c70 [ 800.657086][T12637] ? __pfx___mutex_lock+0x10/0x10 [ 800.657109][T12637] ? ns_capable+0x8a/0xf0 [ 800.657128][T12637] rtnl_newlink+0x16d6/0x1c70 [ 800.657145][T12637] ? netlink_sendmsg+0x805/0xb30 [ 800.657174][T12637] ? __pfx_rtnl_newlink+0x10/0x10 [ 800.657214][T12637] ? kasan_quarantine_put+0xdd/0x220 [ 800.657233][T12637] ? lockdep_hardirqs_on+0x9c/0x150 [ 800.657261][T12637] ? nlmon_xmit+0xb0/0x100 [ 800.657274][T12637] ? kmem_cache_free+0x18f/0x400 [ 800.657302][T12637] ? __local_bh_enable_ip+0x12d/0x1c0 [ 800.657318][T12637] ? lockdep_hardirqs_on+0x9c/0x150 [ 800.657341][T12637] ? __local_bh_enable_ip+0x12d/0x1c0 [ 800.657357][T12637] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 800.657375][T12637] ? __dev_queue_xmit+0x27e/0x3a70 [ 800.657396][T12637] ? __dev_queue_xmit+0x27e/0x3a70 [ 800.657415][T12637] ? __dev_queue_xmit+0x27e/0x3a70 [ 800.657442][T12637] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 800.657467][T12637] ? __lock_acquire+0xab9/0xd20 [ 800.657510][T12637] ? __pfx_rtnl_newlink+0x10/0x10 [ 800.657532][T12637] rtnetlink_rcv_msg+0x7cf/0xb70 [ 800.657559][T12637] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 800.657581][T12637] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 800.657600][T12637] ? ref_tracker_free+0x63a/0x7d0 [ 800.657631][T12637] ? __copy_skb_header+0xa7/0x550 [ 800.657653][T12637] ? __pfx_ref_tracker_free+0x10/0x10 [ 800.657675][T12637] ? __skb_clone+0x63/0x7a0 [ 800.657701][T12637] netlink_rcv_skb+0x208/0x470 [ 800.657720][T12637] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 800.657743][T12637] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 800.657772][T12637] ? netlink_deliver_tap+0x2e/0x1b0 [ 800.657789][T12637] ? netlink_deliver_tap+0x2e/0x1b0 [ 800.657811][T12637] netlink_unicast+0x759/0x8e0 [ 800.657836][T12637] netlink_sendmsg+0x805/0xb30 [ 800.657862][T12637] ? __pfx_netlink_sendmsg+0x10/0x10 [ 800.657888][T12637] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 800.657909][T12637] ? __pfx_netlink_sendmsg+0x10/0x10 [ 800.657927][T12637] __sock_sendmsg+0x219/0x270 [ 800.657956][T12637] ____sys_sendmsg+0x505/0x830 [ 800.657980][T12637] ? __pfx_____sys_sendmsg+0x10/0x10 [ 800.658007][T12637] ? import_iovec+0x74/0xa0 [ 800.658031][T12637] ___sys_sendmsg+0x21f/0x2a0 [ 800.658053][T12637] ? __pfx____sys_sendmsg+0x10/0x10 [ 800.658102][T12637] ? __fget_files+0x2a/0x420 [ 800.658115][T12637] ? __fget_files+0x3a0/0x420 [ 800.658138][T12637] __x64_sys_sendmsg+0x19b/0x260 [ 800.658160][T12637] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 800.658188][T12637] ? __pfx_ksys_write+0x10/0x10 [ 800.658211][T12637] ? rcu_is_watching+0x15/0xb0 [ 800.658233][T12637] ? do_syscall_64+0xbe/0x3b0 [ 800.658250][T12637] do_syscall_64+0xfa/0x3b0 [ 800.658263][T12637] ? lockdep_hardirqs_on+0x9c/0x150 [ 800.658285][T12637] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.658299][T12637] ? clear_bhb_loop+0x60/0xb0 [ 800.658318][T12637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.658332][T12637] RIP: 0033:0x7f537c38e929 [ 800.658346][T12637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 800.658359][T12637] RSP: 002b:00007f537d1fe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 800.658375][T12637] RAX: ffffffffffffffda RBX: 00007f537c5b5fa0 RCX: 00007f537c38e929 [ 800.658387][T12637] RDX: 0000000004000894 RSI: 0000200000000240 RDI: 0000000000000004 [ 800.658396][T12637] RBP: 00007f537d1fe090 R08: 0000000000000000 R09: 0000000000000000 [ 800.658405][T12637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 800.658414][T12637] R13: 0000000000000000 R14: 00007f537c5b5fa0 R15: 00007fff664a09b8 [ 800.658438][T12637] [ 801.660475][ T49] hsr_slave_0: left promiscuous mode [ 801.677630][ T49] hsr_slave_1: left promiscuous mode [ 801.702291][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 801.709754][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 801.745587][T12657] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 801.749661][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 801.762680][T12657] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 801.772628][T12657] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 801.791904][T12657] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 801.794151][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 801.863669][ T49] veth1_macvtap: left promiscuous mode [ 801.869412][ T49] veth0_macvtap: left promiscuous mode [ 801.879048][ T49] veth1_vlan: left promiscuous mode [ 801.885975][ T49] veth0_vlan: left promiscuous mode [ 803.268513][ T49] team0 (unregistering): Port device team_slave_1 removed [ 803.435693][ T49] team0 (unregistering): Port device team_slave_0 removed [ 804.252312][T11215] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 804.415614][T11215] usb 4-1: Using ep0 maxpacket: 16 [ 804.423844][T11215] usb 4-1: config 252 has an invalid interface number: 15 but max is 0 [ 804.436196][T11215] usb 4-1: config 252 has no interface number 0 [ 804.454474][T11215] usb 4-1: config 252 interface 15 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 804.479590][T11215] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29 [ 804.488961][T11215] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 804.497406][T11215] usb 4-1: Product: syz [ 804.514166][T11215] usb 4-1: Manufacturer: syz [ 804.521457][T11215] usb 4-1: SerialNumber: syz [ 804.631661][T11215] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 805.032666][T11214] usb 4-1: USB disconnect, device number 31 [ 805.042064][ T13] usb 4-1: Failed to submit usb control message: -71 [ 805.049242][ T13] usb 4-1: unable to send the bmi data to the device: -71 [ 805.057617][ T13] usb 4-1: unable to get target info from device [ 805.065457][ T13] usb 4-1: could not get target info (-71) [ 805.082843][ T13] usb 4-1: could not probe fw (-71) [ 805.221273][T11215] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 805.394234][T11215] usb 6-1: Using ep0 maxpacket: 32 [ 805.653722][T12528] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 806.448418][T12528] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 806.481555][T12528] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 806.649419][T12528] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 806.724696][T12692] FAULT_INJECTION: forcing a failure. [ 806.724696][T12692] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 806.738178][T12692] CPU: 1 UID: 0 PID: 12692 Comm: syz.2.1587 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) [ 806.738207][T12692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 806.738221][T12692] Call Trace: [ 806.738231][T12692] [ 806.738241][T12692] dump_stack_lvl+0x189/0x250 [ 806.738271][T12692] ? __pfx____ratelimit+0x10/0x10 [ 806.738313][T12692] ? __pfx_dump_stack_lvl+0x10/0x10 [ 806.738337][T12692] ? __pfx__printk+0x10/0x10 [ 806.738365][T12692] ? __might_fault+0xb0/0x130 [ 806.738409][T12692] should_fail_ex+0x414/0x560 [ 806.738446][T12692] _copy_from_user+0x2d/0xb0 [ 806.738472][T12692] ucma_query+0xe0/0x1280 [ 806.738510][T12692] ? __lock_acquire+0xab9/0xd20 [ 806.738531][T12692] ? __pfx_ucma_query+0x10/0x10 [ 806.738576][T12692] ? is_bpf_text_address+0x26/0x2b0 [ 806.738611][T12692] ? __lock_acquire+0xab9/0xd20 [ 806.738652][T12692] ? __lock_acquire+0xab9/0xd20 [ 806.738686][T12692] ? __might_fault+0xb0/0x130 [ 806.738740][T12692] ucma_write+0x246/0x2e0 [ 806.738767][T12692] ? __pfx_ucma_write+0x10/0x10 [ 806.738790][T12692] ? security_file_permission+0x75/0x290 [ 806.738824][T12692] ? rw_verify_area+0x258/0x650 [ 806.738852][T12692] ? __pfx_ucma_write+0x10/0x10 [ 806.738877][T12692] vfs_write+0x27e/0xa90 [ 806.738915][T12692] ? __pfx_vfs_write+0x10/0x10 [ 806.738946][T12692] ? __fget_files+0x2a/0x420 [ 806.738968][T12692] ? __fget_files+0x2a/0x420 [ 806.738986][T12692] ? __fget_files+0x3a0/0x420 [ 806.739004][T12692] ? __fget_files+0x2a/0x420 [ 806.739034][T12692] ksys_write+0x145/0x250 [ 806.739065][T12692] ? __pfx_ksys_write+0x10/0x10 [ 806.739092][T12692] ? rcu_is_watching+0x15/0xb0 [ 806.739125][T12692] ? do_syscall_64+0xbe/0x3b0 [ 806.739151][T12692] do_syscall_64+0xfa/0x3b0 [ 806.739169][T12692] ? lockdep_hardirqs_on+0x9c/0x150 [ 806.739200][T12692] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.739222][T12692] ? clear_bhb_loop+0x60/0xb0 [ 806.739248][T12692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 806.739267][T12692] RIP: 0033:0x7f752998e929 [ 806.739286][T12692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 806.739311][T12692] RSP: 002b:00007f752a81c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 806.739339][T12692] RAX: ffffffffffffffda RBX: 00007f7529bb5fa0 RCX: 00007f752998e929 [ 806.739356][T12692] RDX: 0000000000000018 RSI: 0000200000000000 RDI: 0000000000000003 [ 806.739370][T12692] RBP: 00007f752a81c090 R08: 0000000000000000 R09: 0000000000000000 [ 806.739383][T12692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 806.739396][T12692] R13: 0000000000000000 R14: 00007f7529bb5fa0 R15: 00007ffdcae56918 [ 806.739429][T12692] [ 807.028579][T12677] cgroup: fork rejected by pids controller in /syz5 [ 807.215020][T12548] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 807.256942][T13316] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 807.294379][T12548] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 807.353323][T13316] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1588'. [ 807.398297][T12548] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 807.425818][T12548] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 807.895722][T12528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 808.392101][T12528] 8021q: adding VLAN 0 to HW filter on device team0 [ 808.446022][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state [ 808.453225][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 808.476433][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state [ 808.483734][ T7540] bridge0: port 2(bridge_slave_1) entered forwarding state [ 808.545859][T11215] usb 6-1: unable to get BOS descriptor or descriptor too short [ 808.591250][T11215] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 808.629567][T11215] usb 6-1: can't read configurations, error -71 [ 808.668656][T12548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 808.905594][T12548] 8021q: adding VLAN 0 to HW filter on device team0 [ 808.968252][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.974718][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.991166][ T5986] bridge0: port 1(bridge_slave_0) entered blocking state [ 808.998349][ T5986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 809.054271][ T5986] bridge0: port 2(bridge_slave_1) entered blocking state [ 809.061544][ T5986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 810.399211][T12528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 810.484785][T14243] Bluetooth: MGMT ver 1.23 [ 810.537786][T12528] veth0_vlan: entered promiscuous mode [ 810.551939][T11215] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 810.568466][T12528] veth1_vlan: entered promiscuous mode [ 810.639716][T12528] veth0_macvtap: entered promiscuous mode [ 810.657138][T12528] veth1_macvtap: entered promiscuous mode [ 810.697339][T12528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 810.729239][T12528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 810.753002][T12528] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.766338][T12528] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.778874][T12528] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.793341][T12528] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 810.824405][T12548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 810.851805][T11215] usb 6-1: Using ep0 maxpacket: 32 [ 811.393014][T11215] usb 6-1: unable to get BOS descriptor or descriptor too short [ 811.416163][T11215] usb 6-1: config 12 has an invalid interface number: 184 but max is 0 [ 811.425738][T11215] usb 6-1: config 12 has an invalid descriptor of length 0, skipping remainder of the config [ 811.436548][T11969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 811.445736][T11215] usb 6-1: config 12 has no interface number 0 [ 811.453680][T11215] usb 6-1: config 12 interface 184 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 811.470026][T11215] usb 6-1: New USB device found, idVendor=0499, idProduct=100d, bcdDevice=84.a2 [ 811.471312][T11969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 811.600026][T11215] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.608223][T11215] usb 6-1: Product: syz [ 811.608494][T14253] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1599'. [ 811.631304][T11215] usb 6-1: Manufacturer: syz [ 811.636005][T11215] usb 6-1: SerialNumber: syz [ 811.665989][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 811.685146][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 811.780044][T12548] veth0_vlan: entered promiscuous mode [ 811.805416][T12548] veth1_vlan: entered promiscuous mode [ 811.873720][T12548] veth0_macvtap: entered promiscuous mode [ 811.900877][T12548] veth1_macvtap: entered promiscuous mode [ 811.938931][T12548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 811.986787][T12548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 812.096519][T12548] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.113517][T12548] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.126095][T12548] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.140094][T12548] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 812.217557][T11215] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 812.270833][T11215] snd-usb-audio 6-1:12.184: probe with driver snd-usb-audio failed with error -2 [ 812.283031][T11215] usb 6-1: USB disconnect, device number 32 [ 812.426225][T11969] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.663740][T11969] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.767004][T11969] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.791628][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 812.799906][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 812.835318][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 812.846511][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 813.061081][T11969] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 813.534549][T14270] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 813.546360][T14270] UDF-fs: Scanning with blocksize 512 failed [ 813.610310][T14270] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 813.618650][T14270] UDF-fs: Scanning with blocksize 1024 failed [ 813.661410][T14270] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 813.669474][T14270] UDF-fs: Scanning with blocksize 2048 failed [ 813.693752][T14270] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 813.701868][T14270] UDF-fs: Scanning with blocksize 4096 failed [ 814.269018][T11969] bridge_slave_1: left allmulticast mode [ 814.294369][T11969] bridge_slave_1: left promiscuous mode [ 814.300246][T11969] bridge0: port 2(bridge_slave_1) entered disabled state [ 814.354864][T11969] bridge_slave_0: left allmulticast mode [ 814.360601][T11969] bridge_slave_0: left promiscuous mode [ 814.389485][T11969] bridge0: port 1(bridge_slave_0) entered disabled state [ 815.180715][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 815.201634][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 815.210472][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 815.218867][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 815.226740][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 815.600461][T11969] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 815.611821][T11969] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 815.622264][T11969] bond0 (unregistering): Released all slaves [ 815.905112][T14277] chnl_net:caif_netlink_parms(): no params data found [ 815.959556][T11969] hsr_slave_0: left promiscuous mode [ 815.965799][T11969] hsr_slave_1: left promiscuous mode [ 815.972295][T11969] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 815.979782][T11969] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 815.988657][T11969] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 815.997555][T11969] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 816.019994][T11969] veth1_macvtap: left promiscuous mode [ 816.025740][T11969] veth0_macvtap: left promiscuous mode [ 816.031545][T11969] veth1_vlan: left promiscuous mode [ 816.036934][T11969] veth0_vlan: left promiscuous mode [ 817.263191][ T5846] Bluetooth: hci0: command tx timeout [ 818.068217][T14295] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 818.629053][T14302] sctp: [Deprecated]: syz.5.1610 (pid 14302) Use of struct sctp_assoc_value in delayed_ack socket option. [ 818.629053][T14302] Use struct sctp_sack_info instead [ 819.381496][ T5846] Bluetooth: hci0: command tx timeout [ 819.614806][T11969] team0 (unregistering): Port device team_slave_1 removed [ 819.619903][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 819.637590][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 819.648003][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 819.656429][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 819.664341][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 819.677480][T14318] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 819.820193][T11969] team0 (unregistering): Port device team_slave_0 removed [ 820.670496][T14277] bridge0: port 1(bridge_slave_0) entered blocking state [ 820.677960][T14277] bridge0: port 1(bridge_slave_0) entered disabled state [ 820.687751][T14277] bridge_slave_0: entered allmulticast mode [ 820.695152][T14277] bridge_slave_0: entered promiscuous mode [ 820.707635][T14277] bridge0: port 2(bridge_slave_1) entered blocking state [ 820.716241][T14277] bridge0: port 2(bridge_slave_1) entered disabled state [ 820.723712][T14277] bridge_slave_1: entered allmulticast mode [ 820.731576][T14277] bridge_slave_1: entered promiscuous mode [ 820.815063][T14277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 820.828445][T14277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 820.870100][T14277] team0: Port device team_slave_0 added [ 820.879655][T14277] team0: Port device team_slave_1 added [ 820.918619][T14277] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 820.925943][T14277] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 820.953691][T14277] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 820.969061][T14277] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 820.976185][T14277] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 821.002167][T14277] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 821.052803][T14277] hsr_slave_0: entered promiscuous mode [ 821.059282][T14277] hsr_slave_1: entered promiscuous mode [ 821.065619][T14277] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 821.074090][T14277] Cannot create hsr debugfs directory [ 821.115148][T11969] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 821.193125][T11969] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 821.270747][T11969] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 821.365913][T11969] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 821.421457][ T9644] Bluetooth: hci0: command tx timeout [ 821.509766][T11969] bridge_slave_1: left allmulticast mode [ 821.518398][T11969] bridge_slave_1: left promiscuous mode [ 821.528054][T11969] bridge0: port 2(bridge_slave_1) entered disabled state [ 821.539051][T11969] bridge_slave_0: left allmulticast mode [ 821.545212][T11969] bridge_slave_0: left promiscuous mode [ 821.550977][T11969] bridge0: port 1(bridge_slave_0) entered disabled state [ 822.311172][T14341] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 822.324984][T14341] UDF-fs: Scanning with blocksize 512 failed [ 822.362717][T14341] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 822.370669][T14341] UDF-fs: Scanning with blocksize 1024 failed [ 822.396365][T14341] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 822.405887][T14341] UDF-fs: Scanning with blocksize 2048 failed [ 822.424486][T14341] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 822.432523][T14341] UDF-fs: Scanning with blocksize 4096 failed [ 822.681553][ T5843] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 822.871510][ T5843] usb 3-1: Using ep0 maxpacket: 8 [ 822.894562][ T5843] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 822.913192][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 822.945350][ T5843] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 822.981389][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 823.011170][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 823.052780][ T5843] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 823.064688][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 823.107430][T14347] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1619'. [ 823.121690][ T5843] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 823.145761][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 823.948649][T11969] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 823.960514][ T9644] Bluetooth: hci0: command tx timeout [ 823.970717][ T9644] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 823.980367][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 823.998901][ T5843] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 824.006687][ T9644] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 824.007135][T11969] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 824.015527][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 824.034164][ T5843] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 824.046047][ T9644] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 824.054182][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 824.067722][ T5843] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 824.078614][ T9644] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 824.087950][ T9644] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 824.090411][T11969] bond0 (unregistering): Released all slaves [ 824.106247][ T5843] usb 3-1: string descriptor 0 read error: -22 [ 824.123600][ T5843] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 824.135442][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 824.159661][ T5843] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 824.433444][ T5843] usb 3-1: USB disconnect, device number 50 [ 824.466312][T14347] team0 (unregistering): Port device team_slave_0 removed [ 824.501629][T14347] team0 (unregistering): Port device team_slave_1 removed [ 824.961755][T14359] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 824.969464][T14359] UDF-fs: Scanning with blocksize 512 failed [ 824.991573][T14359] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 824.999332][T14359] UDF-fs: Scanning with blocksize 1024 failed [ 825.031412][T14359] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 825.039173][T14359] UDF-fs: Scanning with blocksize 2048 failed [ 825.059820][T14359] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 825.067765][T14359] UDF-fs: Scanning with blocksize 4096 failed [ 825.555060][T11969] hsr_slave_0: left promiscuous mode [ 825.563608][T11969] hsr_slave_1: left promiscuous mode [ 825.572598][T11969] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 825.580189][T11969] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 825.592144][T11969] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 825.599626][T11969] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 825.628544][T11969] veth1_macvtap: left promiscuous mode [ 825.638504][T11969] veth0_macvtap: left promiscuous mode [ 825.648044][T11969] veth1_vlan: left promiscuous mode [ 825.654716][T11969] veth0_vlan: left promiscuous mode [ 826.143392][ T5846] Bluetooth: hci4: command tx timeout [ 826.611440][ T5953] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 826.797209][ T5953] usb 6-1: Using ep0 maxpacket: 32 [ 826.841731][ T5953] usb 6-1: config 8 has an invalid interface number: 203 but max is 0 [ 826.849969][ T5953] usb 6-1: config 8 has no interface number 0 [ 826.858144][ T5953] usb 6-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83 [ 826.879083][ T5953] usb 6-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024 [ 826.889415][ T5953] usb 6-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023 [ 826.912886][ T5953] usb 6-1: config 8 interface 203 has no altsetting 0 [ 826.928691][ T5953] usb 6-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 826.941076][ T5953] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 826.949213][ T5953] usb 6-1: Product: syz [ 826.959664][ T5953] usb 6-1: Manufacturer: syz [ 826.964628][ T5953] usb 6-1: SerialNumber: syz [ 826.984205][T14373] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 826.991832][T14373] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 827.027508][T11969] team0 (unregistering): Port device team_slave_1 removed [ 827.084811][T11969] team0 (unregistering): Port device team_slave_0 removed [ 827.400307][T14374] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1623'. [ 828.227466][ T5846] Bluetooth: hci4: command tx timeout [ 828.366107][T14362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1621'. [ 828.560130][T14277] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 828.630567][T14277] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 828.763106][T14277] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 828.808679][T14277] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 829.026851][T14352] chnl_net:caif_netlink_parms(): no params data found [ 829.239398][T14404] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 829.247245][T14404] UDF-fs: Scanning with blocksize 512 failed [ 829.263564][T14404] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 829.271257][T14404] UDF-fs: Scanning with blocksize 1024 failed [ 829.282386][T14404] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 829.290174][T14404] UDF-fs: Scanning with blocksize 2048 failed [ 829.298513][T14404] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 829.306245][T14404] UDF-fs: Scanning with blocksize 4096 failed [ 829.818293][ C1] port100 6-1:8.203: NFC: Urb failure (status -71) [ 829.824951][ C1] port100 6-1:8.203: NFC: Urb failure (status -71) [ 829.848081][ T5953] port100 6-1:8.203: NFC: Could not get supported command types [ 829.866715][ T5953] usb 6-1: USB disconnect, device number 33 [ 829.944169][T14352] bridge0: port 1(bridge_slave_0) entered blocking state [ 830.125738][T14352] bridge0: port 1(bridge_slave_0) entered disabled state [ 830.206041][T14352] bridge_slave_0: entered allmulticast mode [ 830.315943][ T5846] Bluetooth: hci4: command tx timeout [ 830.339011][T14352] bridge_slave_0: entered promiscuous mode [ 830.934372][T14352] bridge0: port 2(bridge_slave_1) entered blocking state [ 830.974609][T14352] bridge0: port 2(bridge_slave_1) entered disabled state [ 831.012286][T14352] bridge_slave_1: entered allmulticast mode [ 832.039623][T14352] bridge_slave_1: entered promiscuous mode [ 832.170001][T14414] fuse: Bad value for 'fd' [ 832.226210][T14277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 832.237584][T14352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 832.464074][T14352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 832.481318][ T5846] Bluetooth: hci4: command tx timeout [ 832.889526][ T6244] usb 3-1: new full-speed USB device number 51 using dummy_hcd [ 832.907548][T14277] 8021q: adding VLAN 0 to HW filter on device team0 [ 832.937893][T14352] team0: Port device team_slave_0 added [ 832.957860][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state [ 832.965100][ T7540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 832.978330][T14352] team0: Port device team_slave_1 added [ 833.038719][T14352] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 833.045968][T14352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 833.077189][T14352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 833.124240][T14352] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 833.135612][T14352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 833.177098][ T6244] usb 3-1: config 0 has an invalid interface number: 128 but max is 0 [ 833.185774][ T6244] usb 3-1: config 0 has no interface number 0 [ 833.194347][ T6244] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 833.196910][T14352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 833.203688][ T6244] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 833.203717][ T6244] usb 3-1: Product: syz [ 833.203733][ T6244] usb 3-1: Manufacturer: syz [ 833.203749][ T6244] usb 3-1: SerialNumber: syz [ 833.207099][ T6244] usb 3-1: config 0 descriptor?? [ 833.248084][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state [ 833.255375][ T7540] bridge0: port 2(bridge_slave_1) entered forwarding state [ 833.347690][T14352] hsr_slave_0: entered promiscuous mode [ 833.357169][T14352] hsr_slave_1: entered promiscuous mode [ 833.363967][T14352] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 833.371932][T14352] Cannot create hsr debugfs directory [ 833.458695][T14431] sctp: [Deprecated]: syz.3.1634 (pid 14431) Use of struct sctp_assoc_value in delayed_ack socket option. [ 833.458695][T14431] Use struct sctp_sack_info instead [ 833.461950][T14412] 9pnet_virtio: no channels available for device syz [ 833.785350][T14277] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 833.878631][T14277] veth0_vlan: entered promiscuous mode [ 833.897323][T14277] veth1_vlan: entered promiscuous mode [ 833.945889][T14277] veth0_macvtap: entered promiscuous mode [ 833.963652][T14277] veth1_macvtap: entered promiscuous mode [ 834.041444][ T6244] usb 3-1: Firmware version (0.0) predates our first public release. [ 834.055587][ T6244] usb 3-1: Please update to version 0.2 or newer [ 834.069118][T14277] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 834.120266][T14277] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 834.135873][ T6244] usb 3-1: USB disconnect, device number 51 [ 834.180398][T14352] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 834.226733][T14352] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 834.262093][T14352] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 834.273711][T14352] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 834.362609][T14277] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 834.377710][T14277] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 834.387188][T14277] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 834.400568][T14277] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 835.057033][ T5846] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 835.189299][T11969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 835.367019][T11969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 835.530960][ T5987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 835.564221][ T5987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 835.815980][T14352] 8021q: adding VLAN 0 to HW filter on device bond0 [ 836.519552][T14352] 8021q: adding VLAN 0 to HW filter on device team0 [ 836.908569][T14462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 836.958123][T14462] UDF-fs: Scanning with blocksize 512 failed [ 836.979598][T14462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 837.087416][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state [ 837.094616][ T7540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 837.145617][T14462] UDF-fs: Scanning with blocksize 1024 failed [ 837.145946][ T7540] bridge0: port 2(bridge_slave_1) entered blocking state [ 837.159197][ T7540] bridge0: port 2(bridge_slave_1) entered forwarding state [ 837.200119][T14462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 837.221291][T14462] UDF-fs: Scanning with blocksize 2048 failed [ 837.233576][T14462] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 837.248528][T14462] UDF-fs: Scanning with blocksize 4096 failed [ 837.608596][T14352] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 838.158389][T14352] veth0_vlan: entered promiscuous mode [ 838.274497][T14352] veth1_vlan: entered promiscuous mode [ 838.396953][T14352] veth0_macvtap: entered promiscuous mode [ 838.503891][T14352] veth1_macvtap: entered promiscuous mode [ 838.669797][T14352] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 838.682022][T14352] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 838.694574][T14352] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 838.703794][T14352] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 838.716261][T14352] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 838.734412][T14352] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 839.626744][T11969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 839.639360][T11969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 839.708486][ T8998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 839.726850][ T8998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 839.755880][T14495] sctp: [Deprecated]: syz.3.1645 (pid 14495) Use of struct sctp_assoc_value in delayed_ack socket option. [ 839.755880][T14495] Use struct sctp_sack_info instead [ 839.972534][ T5953] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 840.019878][ T7540] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 840.143840][ T5953] usb 3-1: Using ep0 maxpacket: 32 [ 840.172047][ T5953] usb 3-1: config 8 has an invalid interface number: 203 but max is 0 [ 840.193513][ T5953] usb 3-1: config 8 has no interface number 0 [ 840.200307][ T5953] usb 3-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83 [ 840.204077][ T7540] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 840.231238][ T5953] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024 [ 840.242013][ T5953] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023 [ 840.277824][ T5953] usb 3-1: config 8 interface 203 has no altsetting 0 [ 840.305643][ T5953] usb 3-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 840.314956][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 840.323813][ T5953] usb 3-1: Product: syz [ 840.328130][ T5953] usb 3-1: Manufacturer: syz [ 840.339492][ T5953] usb 3-1: SerialNumber: syz [ 840.377979][T14492] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 840.425890][ T7540] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 840.438765][T14492] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 840.575885][ T7540] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 840.863767][T14497] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1646'. [ 841.442491][ T7540] bridge_slave_1: left allmulticast mode [ 841.468880][ T7540] bridge_slave_1: left promiscuous mode [ 841.496719][ T7540] bridge0: port 2(bridge_slave_1) entered disabled state [ 841.608289][T14502] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 842.093894][ T7540] bridge_slave_0: left allmulticast mode [ 842.121570][ T7540] bridge_slave_0: left promiscuous mode [ 842.142061][ T7540] bridge0: port 1(bridge_slave_0) entered disabled state [ 842.695843][ T9644] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 842.709332][ T9644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 842.731714][ T9644] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 842.749291][ T9644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 842.766508][ T9644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 843.004960][ T7540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 843.016695][ T7540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 843.028521][ T7540] bond0 (unregistering): Released all slaves [ 843.075812][ C1] port100 3-1:8.203: NFC: Urb failure (status -71) [ 843.082430][ C1] port100 3-1:8.203: NFC: Urb failure (status -71) [ 843.089447][ T5953] port100 3-1:8.203: NFC: Could not get supported command types [ 843.111762][ T5953] usb 3-1: USB disconnect, device number 52 [ 843.378230][T14503] chnl_net:caif_netlink_parms(): no params data found [ 843.427246][ T7540] hsr_slave_0: left promiscuous mode [ 843.435136][ T7540] hsr_slave_1: left promiscuous mode [ 843.441049][ T7540] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 843.449646][ T7540] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 843.458470][ T7540] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 843.466686][ T7540] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 843.490055][ T7540] veth1_macvtap: left promiscuous mode [ 843.495832][ T7540] veth0_macvtap: left promiscuous mode [ 843.502535][ T7540] veth1_vlan: left promiscuous mode [ 843.508748][ T7540] veth0_vlan: left promiscuous mode [ 844.026456][ T7540] team0 (unregistering): Port device team_slave_1 removed [ 844.079035][ T7540] team0 (unregistering): Port device team_slave_0 removed [ 844.982594][ T9644] Bluetooth: hci0: command tx timeout [ 845.986803][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 846.000723][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 846.015753][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 846.030129][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 846.042625][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 847.031424][ T5846] Bluetooth: hci0: command tx timeout [ 847.967275][T14503] bridge0: port 1(bridge_slave_0) entered blocking state [ 847.981412][T14503] bridge0: port 1(bridge_slave_0) entered disabled state [ 847.988813][T14503] bridge_slave_0: entered allmulticast mode [ 847.998624][T14542] FAULT_INJECTION: forcing a failure. [ 847.998624][T14542] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 848.033142][T14503] bridge_slave_0: entered promiscuous mode [ 848.040649][T14542] CPU: 0 UID: 0 PID: 14542 Comm: syz.2.1655 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) [ 848.040682][T14542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 848.040696][T14542] Call Trace: [ 848.040705][T14542] [ 848.040715][T14542] dump_stack_lvl+0x189/0x250 [ 848.040745][T14542] ? __pfx____ratelimit+0x10/0x10 [ 848.040779][T14542] ? __pfx_dump_stack_lvl+0x10/0x10 [ 848.040803][T14542] ? __pfx__printk+0x10/0x10 [ 848.040845][T14542] should_fail_ex+0x414/0x560 [ 848.040881][T14542] _copy_to_user+0x31/0xb0 [ 848.040909][T14542] simple_read_from_buffer+0xe1/0x170 [ 848.040948][T14542] proc_fail_nth_read+0x1df/0x250 [ 848.040974][T14542] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 848.041000][T14542] ? rw_verify_area+0x258/0x650 [ 848.041027][T14542] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 848.041051][T14542] vfs_read+0x200/0x980 [ 848.041090][T14542] ? __pfx___mutex_lock+0x10/0x10 [ 848.041110][T14542] ? __pfx_vfs_read+0x10/0x10 [ 848.041154][T14542] ? __fget_files+0x2a/0x420 [ 848.041179][T14542] ? __fget_files+0x3a0/0x420 [ 848.041196][T14542] ? __fget_files+0x2a/0x420 [ 848.041225][T14542] ksys_read+0x145/0x250 [ 848.041255][T14542] ? __pfx_ksys_read+0x10/0x10 [ 848.041280][T14542] ? rcu_is_watching+0x15/0xb0 [ 848.041310][T14542] ? do_syscall_64+0xbe/0x3b0 [ 848.041334][T14542] do_syscall_64+0xfa/0x3b0 [ 848.041352][T14542] ? lockdep_hardirqs_on+0x9c/0x150 [ 848.041382][T14542] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 848.041403][T14542] ? clear_bhb_loop+0x60/0xb0 [ 848.041428][T14542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 848.041448][T14542] RIP: 0033:0x7f752998d33c [ 848.041467][T14542] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 848.041485][T14542] RSP: 002b:00007f752a81c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 848.041508][T14542] RAX: ffffffffffffffda RBX: 00007f7529bb5fa0 RCX: 00007f752998d33c [ 848.041524][T14542] RDX: 000000000000000f RSI: 00007f752a81c0a0 RDI: 0000000000000006 [ 848.041537][T14542] RBP: 00007f752a81c090 R08: 0000000000000000 R09: 0000000000000000 [ 848.041551][T14542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 848.041564][T14542] R13: 0000000000000000 R14: 00007f7529bb5fa0 R15: 00007ffdcae56918 [ 848.041598][T14542] [ 848.359036][T14503] bridge0: port 2(bridge_slave_1) entered blocking state [ 848.366488][T14503] bridge0: port 2(bridge_slave_1) entered disabled state [ 848.373823][T14503] bridge_slave_1: entered allmulticast mode [ 848.381242][ T5846] Bluetooth: hci4: command tx timeout [ 848.388260][T14503] bridge_slave_1: entered promiscuous mode [ 848.433487][T14503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 848.529527][T14503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 848.947734][T14503] team0: Port device team_slave_0 added [ 849.013155][T14503] team0: Port device team_slave_1 added [ 849.105665][ T5846] Bluetooth: hci0: command tx timeout [ 849.160279][T14503] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 849.177348][T14503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 849.208618][T14503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 849.244776][T14503] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 849.261937][T14503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 849.289440][T14503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 849.635599][T14503] hsr_slave_0: entered promiscuous mode [ 849.642440][T14503] hsr_slave_1: entered promiscuous mode [ 849.658958][T14503] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 849.670202][T14503] Cannot create hsr debugfs directory [ 850.036576][ T7540] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 850.428889][ T7540] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 850.462362][ T5846] Bluetooth: hci4: command tx timeout [ 851.186289][ T5846] Bluetooth: hci0: command tx timeout [ 851.337146][T14528] chnl_net:caif_netlink_parms(): no params data found [ 851.368236][ T5953] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 851.439895][ T7540] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.551171][ T5953] usb 3-1: Using ep0 maxpacket: 16 [ 851.568220][ T5953] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 851.598051][ T5953] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 851.609371][ T7540] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 851.621676][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 851.629750][ T5953] usb 3-1: Product: syz [ 851.641351][ T5953] usb 3-1: Manufacturer: syz [ 851.646179][ T5953] usb 3-1: SerialNumber: syz [ 851.666905][ T5953] usb 3-1: config 0 descriptor?? [ 851.675344][T14598] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 851.694483][ T5953] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 851.703922][ T5953] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 851.945026][ T5953] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 851.974443][T14528] bridge0: port 1(bridge_slave_0) entered blocking state [ 851.987225][T14528] bridge0: port 1(bridge_slave_0) entered disabled state [ 852.002140][T14528] bridge_slave_0: entered allmulticast mode [ 852.010134][T14528] bridge_slave_0: entered promiscuous mode [ 852.051375][ T5953] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 852.059473][ T5953] em28xx 3-1:0.0: board has no eeprom [ 852.096263][T14528] bridge0: port 2(bridge_slave_1) entered blocking state [ 852.103772][T14528] bridge0: port 2(bridge_slave_1) entered disabled state [ 852.121855][T14528] bridge_slave_1: entered allmulticast mode [ 852.129889][T14528] bridge_slave_1: entered promiscuous mode [ 852.151229][ T5953] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 852.159137][ T5953] em28xx 3-1:0.0: dvb set to bulk mode. [ 852.186478][ T5835] em28xx 3-1:0.0: Binding DVB extension [ 852.196377][ T5953] usb 3-1: USB disconnect, device number 53 [ 852.213285][ T5953] em28xx 3-1:0.0: Disconnecting em28xx [ 852.330628][T14596] syz.5.1666: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 852.376271][T14596] CPU: 1 UID: 0 PID: 14596 Comm: syz.5.1666 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) [ 852.376304][T14596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 852.376319][T14596] Call Trace: [ 852.376328][T14596] [ 852.376339][T14596] dump_stack_lvl+0x189/0x250 [ 852.376373][T14596] ? __pfx_dump_stack_lvl+0x10/0x10 [ 852.376398][T14596] ? __pfx__printk+0x10/0x10 [ 852.376426][T14596] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 852.376455][T14596] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 852.376483][T14596] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 852.376514][T14596] warn_alloc+0x214/0x310 [ 852.376543][T14596] ? __pfx_warn_alloc+0x10/0x10 [ 852.376576][T14596] ? __get_vm_area_node+0x28f/0x300 [ 852.376610][T14596] ? vb2_vmalloc_alloc+0xef/0x340 [ 852.376641][T14596] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 852.376710][T14596] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 852.376748][T14596] ? __kasan_kmalloc+0x93/0xb0 [ 852.376782][T14596] vmalloc_user_noprof+0xad/0xf0 [ 852.376815][T14596] ? vb2_vmalloc_alloc+0xef/0x340 [ 852.376842][T14596] vb2_vmalloc_alloc+0xef/0x340 [ 852.376869][T14596] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 852.376896][T14596] __vb2_queue_alloc+0x9bf/0x15a0 [ 852.376949][T14596] vb2_core_reqbufs+0xc31/0x1420 [ 852.376993][T14596] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 852.377016][T14596] ? vb2_verify_memory_type+0x1fc/0x570 [ 852.377051][T14596] ? vb2_reqbufs+0x3a9/0x630 [ 852.377083][T14596] v4l2_m2m_ioctl_reqbufs+0x10d/0x200 [ 852.377118][T14596] __video_do_ioctl+0xc9b/0xdb0 [ 852.377157][T14596] ? __pfx___video_do_ioctl+0x10/0x10 [ 852.377200][T14596] video_usercopy+0x86e/0x14f0 [ 852.377240][T14596] ? __pfx___video_do_ioctl+0x10/0x10 [ 852.377267][T14596] ? __pfx_video_usercopy+0x10/0x10 [ 852.377291][T14596] ? smack_file_ioctl+0x2a9/0x340 [ 852.377339][T14596] ? __fget_files+0x2a/0x420 [ 852.377357][T14596] ? __fget_files+0x3a0/0x420 [ 852.377381][T14596] v4l2_ioctl+0x18a/0x1e0 [ 852.377408][T14596] ? __pfx_v4l2_ioctl+0x10/0x10 [ 852.377433][T14596] __se_sys_ioctl+0xfc/0x170 [ 852.377465][T14596] do_syscall_64+0xfa/0x3b0 [ 852.377486][T14596] ? lockdep_hardirqs_on+0x9c/0x150 [ 852.377516][T14596] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.377539][T14596] ? clear_bhb_loop+0x60/0xb0 [ 852.377565][T14596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.377587][T14596] RIP: 0033:0x7f537c38e929 [ 852.377606][T14596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 852.377624][T14596] RSP: 002b:00007f537d1fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 852.377645][T14596] RAX: ffffffffffffffda RBX: 00007f537c5b5fa0 RCX: 00007f537c38e929 [ 852.377659][T14596] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000006 [ 852.377672][T14596] RBP: 00007f537c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 852.377685][T14596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 852.377699][T14596] R13: 0000000000000000 R14: 00007f537c5b5fa0 R15: 00007fff664a09b8 [ 852.377733][T14596] [ 852.378587][T14596] Mem-Info: [ 852.400167][ T5835] em28xx 3-1:0.0: Registering input extension [ 852.727316][ T5846] Bluetooth: hci4: command tx timeout [ 852.761420][T14596] active_anon:276 inactive_anon:6265 isolated_anon:0 [ 852.761420][T14596] active_file:6470 inactive_file:36047 isolated_file:0 [ 852.761420][T14596] unevictable:768 dirty:132 writeback:0 [ 852.761420][T14596] slab_reclaimable:10987 slab_unreclaimable:119335 [ 852.761420][T14596] mapped:32559 shmem:4152 pagetables:1069 [ 852.761420][T14596] sec_pagetables:0 bounce:0 [ 852.761420][T14596] kernel_misc_reclaimable:0 [ 852.761420][T14596] free:1287187 free_pcp:7272 free_cma:0 [ 852.814541][T14596] Node 0 active_anon:1104kB inactive_anon:25360kB active_file:25680kB inactive_file:144188kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130536kB dirty:524kB writeback:0kB shmem:15272kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11636kB pagetables:4152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 852.852996][T14596] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 852.866823][ T5953] em28xx 3-1:0.0: Closing input extension [ 852.886243][T14596] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 852.924656][T14528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 852.928967][ T5953] em28xx 3-1:0.0: Freeing device [ 852.941363][T14596] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 852.947915][T14596] Node 0 DMA32 free:1213892kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1100kB inactive_anon:25416kB active_file:23908kB inactive_file:144128kB unevictable:1536kB writepending:420kB present:3129332kB managed:2560896kB mlocked:0kB bounce:0kB free_pcp:26740kB local_pcp:6208kB free_cma:0kB [ 852.964442][T14528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 853.011383][T14596] lowmem_reserve[]: 0 0 1 1 1 [ 853.020691][T14596] Node 0 Normal free:8kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1772kB inactive_file:60kB unevictable:0kB writepending:4kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 853.065662][T14596] lowmem_reserve[]: 0 0 0 0 0 [ 853.081156][T14596] Node 1 Normal free:3919360kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:2624kB local_pcp:2624kB free_cma:0kB [ 853.163697][T14596] lowmem_reserve[]: 0 0 0 0 0 [ 853.169651][T14596] Node 0 DMA: [ 853.170619][ T7540] bridge_slave_1: left allmulticast mode [ 853.178951][T14596] 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 853.182209][ T7540] bridge_slave_1: left promiscuous mode [ 853.198525][T14596] Node 0 DMA32: 15*4kB (UE) 19*8kB (ME) 200*16kB (ME) 284*32kB (UME) 107*64kB (UME) 75*128kB (UM) 136*256kB (UM) 94*512kB (UME) 26*1024kB (UME) 11*2048kB (UM) 257*4096kB (UM) = 1213716kB [ 853.227398][T14596] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 853.245397][T14596] Node 1 Normal: 150*4kB (UM) 45*8kB (UME) 42*16kB (UME) 221*32kB (UME) 82*64kB (UME) 33*128kB (UME) 9*256kB (UME) 3*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 950*4096kB (M) = 3919360kB [ 853.269736][T14596] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 853.286943][T14596] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 853.296545][T14596] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 853.312137][T14596] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 853.322648][ T7540] bridge0: port 2(bridge_slave_1) entered disabled state [ 853.325875][T14596] 46761 total pagecache pages [ 853.336971][ T7540] bridge_slave_0: left allmulticast mode [ 853.340046][T14596] 0 pages in swap cache [ 853.344635][ T7540] bridge_slave_0: left promiscuous mode [ 853.359410][T14596] Free swap = 124996kB [ 853.361463][ T7540] bridge0: port 1(bridge_slave_0) entered disabled state [ 853.367248][T14596] Total swap = 124996kB [ 853.378738][T14596] 2097051 pages RAM [ 853.385920][T14596] 0 pages HighMem/MovableOnly [ 853.390784][T14596] 424720 pages reserved [ 853.398021][T14596] 0 pages cma reserved [ 853.480467][ T5953] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 853.661278][ T5953] usb 3-1: Using ep0 maxpacket: 32 [ 853.693519][ T5953] usb 3-1: config 8 has an invalid interface number: 203 but max is 0 [ 853.702040][ T5953] usb 3-1: config 8 has no interface number 0 [ 853.708196][ T5953] usb 3-1: config 8 interface 203 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83 [ 853.741155][ T5953] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 1024 [ 853.771244][ T5953] usb 3-1: config 8 interface 203 altsetting 1 bulk endpoint 0xB has invalid maxpacket 1023 [ 853.801215][ T5953] usb 3-1: config 8 interface 203 has no altsetting 0 [ 853.822800][ T5953] usb 3-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a [ 853.847581][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 853.866437][ T5953] usb 3-1: Product: syz [ 853.880400][ T5953] usb 3-1: Manufacturer: syz [ 853.892673][ T5953] usb 3-1: SerialNumber: syz [ 853.911227][T14607] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 853.925199][T14607] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 854.350963][T14612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1669'. [ 854.781723][ T5846] Bluetooth: hci4: command tx timeout [ 855.047704][ T7540] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 855.249010][ T7540] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 855.261780][ T7540] bond0 (unregistering): Released all slaves [ 855.336716][T14528] team0: Port device team_slave_0 added [ 855.426943][T14616] hsr0: entered promiscuous mode [ 855.453575][T14528] team0: Port device team_slave_1 added [ 855.464572][ C1] port100 3-1:8.203: NFC: Urb failure (status -71) [ 855.471236][ C1] port100 3-1:8.203: NFC: Urb failure (status -71) [ 855.483304][ T5953] port100 3-1:8.203: NFC: Could not get supported command types [ 855.526040][ T5953] usb 3-1: USB disconnect, device number 54 [ 855.845798][T14528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 855.856916][T14528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 855.884298][T14528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 855.985060][T14528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 856.005824][T14528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 856.040077][T14528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 856.136659][ T7540] hsr_slave_0: left promiscuous mode [ 856.164346][ T7540] hsr_slave_1: left promiscuous mode [ 856.193580][ T7540] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 856.203759][ T7540] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 856.226432][ T7540] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 856.248389][ T7540] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 856.323875][ T7540] veth1_macvtap: left promiscuous mode [ 856.339003][ T7540] veth0_macvtap: left promiscuous mode [ 856.354985][ T7540] veth1_vlan: left promiscuous mode [ 856.444226][ T7540] veth0_vlan: left promiscuous mode [ 858.930516][ T7540] team0 (unregistering): Port device team_slave_1 removed [ 859.221217][T11216] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 859.289894][ T7540] team0 (unregistering): Port device team_slave_0 removed [ 859.351566][T11216] usb 6-1: device descriptor read/64, error -71 [ 859.597585][T11216] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 859.731250][T11216] usb 6-1: device descriptor read/64, error -71 [ 859.843537][T11216] usb usb6-port1: attempt power cycle [ 859.905389][T14528] hsr_slave_0: entered promiscuous mode [ 859.913947][T14528] hsr_slave_1: entered promiscuous mode [ 859.920124][T14528] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 859.928100][T14528] Cannot create hsr debugfs directory [ 859.937431][T14613] hsr0: left promiscuous mode [ 860.100796][T14503] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 860.128684][T14503] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 860.140979][T14503] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 860.182422][T11216] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 860.207390][T14503] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 860.219333][T11216] usb 6-1: device descriptor read/8, error -71 [ 860.363459][ T6910] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 860.462130][T11216] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 860.503461][T11216] usb 6-1: device descriptor read/8, error -71 [ 860.541480][ T6910] usb 4-1: Using ep0 maxpacket: 16 [ 860.573926][ T6910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 41096, setting to 1024 [ 860.585559][ T6910] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 860.601264][ T6910] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 860.611609][ T6910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 860.631943][T11216] usb usb6-port1: unable to enumerate USB device [ 860.642436][ T6910] usb 4-1: config 0 descriptor?? [ 860.670511][T14503] 8021q: adding VLAN 0 to HW filter on device bond0 [ 860.728239][T14503] 8021q: adding VLAN 0 to HW filter on device team0 [ 860.759196][ T7540] bridge0: port 1(bridge_slave_0) entered blocking state [ 860.766501][ T7540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 860.786437][T11969] bridge0: port 2(bridge_slave_1) entered blocking state [ 860.793771][T11969] bridge0: port 2(bridge_slave_1) entered forwarding state [ 860.990571][T14528] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 861.024453][T14528] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 861.057112][T14528] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 861.083517][T14528] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 861.529107][T14671] geneve3: entered allmulticast mode [ 861.569173][T14528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 861.668423][T14528] 8021q: adding VLAN 0 to HW filter on device team0 [ 861.708201][T14503] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 862.265729][ T5987] bridge0: port 1(bridge_slave_0) entered blocking state [ 862.273018][ T5987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 862.316048][ T5987] bridge0: port 2(bridge_slave_1) entered blocking state [ 862.323353][ T5987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 862.525834][T14682] overlay: ./bus is not a directory [ 862.660795][T14503] veth0_vlan: entered promiscuous mode [ 862.698215][T14503] veth1_vlan: entered promiscuous mode [ 863.002684][T14503] veth0_macvtap: entered promiscuous mode [ 863.691291][ T6910] usbhid 4-1:0.0: can't add hid device: -71 [ 863.700541][ T6910] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 863.715974][T14503] veth1_macvtap: entered promiscuous mode [ 863.724024][ T6910] usb 4-1: USB disconnect, device number 32 [ 863.816234][T14693] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 863.855656][T14503] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 864.003342][T14695] FAULT_INJECTION: forcing a failure. [ 864.003342][T14695] name failslab, interval 1, probability 0, space 0, times 0 [ 864.016123][T14695] CPU: 1 UID: 0 PID: 14695 Comm: syz.2.1686 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) [ 864.016152][T14695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 864.016165][T14695] Call Trace: [ 864.016173][T14695] [ 864.016182][T14695] dump_stack_lvl+0x189/0x250 [ 864.016209][T14695] ? __pfx____ratelimit+0x10/0x10 [ 864.016242][T14695] ? __pfx_dump_stack_lvl+0x10/0x10 [ 864.016264][T14695] ? __pfx__printk+0x10/0x10 [ 864.016297][T14695] ? __pfx___might_resched+0x10/0x10 [ 864.016319][T14695] ? fs_reclaim_acquire+0x7d/0x100 [ 864.016343][T14695] should_fail_ex+0x414/0x560 [ 864.016375][T14695] should_failslab+0xa8/0x100 [ 864.016404][T14695] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 864.016431][T14695] ? rtnl_prop_list_size+0x1ba/0x1e0 [ 864.016458][T14695] ? __alloc_skb+0x112/0x2d0 [ 864.016483][T14695] __alloc_skb+0x112/0x2d0 [ 864.016508][T14695] rtmsg_ifinfo_build_skb+0x84/0x260 [ 864.016544][T14695] rtnetlink_event+0x1b7/0x270 [ 864.016568][T14695] notifier_call_chain+0x1b6/0x3e0 [ 864.016597][T14695] netif_set_mtu_ext+0x438/0x620 [ 864.016627][T14695] ? __pfx_netif_set_mtu_ext+0x10/0x10 [ 864.016664][T14695] ? validate_linkmsg+0x765/0x950 [ 864.016697][T14695] do_setlink+0x91a/0x41c0 [ 864.016722][T14695] ? __kernel_text_address+0xd/0x40 [ 864.016752][T14695] ? arch_stack_walk+0xfc/0x150 [ 864.016779][T14695] ? __pfx_do_setlink+0x10/0x10 [ 864.016817][T14695] ? __lock_acquire+0xab9/0xd20 [ 864.016843][T14695] ? __mutex_trylock_common+0x153/0x260 [ 864.016868][T14695] ? __pfx___mutex_trylock_common+0x10/0x10 [ 864.016895][T14695] ? rcu_is_watching+0x15/0xb0 [ 864.016923][T14695] ? trace_contention_end+0x39/0x120 [ 864.016946][T14695] ? __mutex_lock+0x330/0xe80 [ 864.016974][T14695] ? rtnl_newlink+0x8db/0x1c70 [ 864.016991][T14695] ? rcu_is_watching+0x15/0xb0 [ 864.017012][T14695] ? __pfx___mutex_lock+0x10/0x10 [ 864.017039][T14695] ? ns_capable+0x8a/0xf0 [ 864.017060][T14695] ? rtnl_link_get_net_capable+0x16a/0x350 [ 864.017085][T14695] rtnl_newlink+0x160b/0x1c70 [ 864.017117][T14695] ? __pfx_rtnl_newlink+0x10/0x10 [ 864.017135][T14695] ? is_bpf_text_address+0x26/0x2b0 [ 864.017161][T14695] ? __lock_acquire+0xab9/0xd20 [ 864.017190][T14695] ? __lock_acquire+0xab9/0xd20 [ 864.017226][T14695] ? is_bpf_text_address+0x26/0x2b0 [ 864.017249][T14695] ? is_bpf_text_address+0x292/0x2b0 [ 864.017266][T14695] ? is_bpf_text_address+0x26/0x2b0 [ 864.017287][T14695] ? kernel_text_address+0xa5/0xe0 [ 864.017314][T14695] ? __kernel_text_address+0xd/0x40 [ 864.017340][T14695] ? unwind_get_return_address+0x4d/0x90 [ 864.017359][T14695] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 864.017383][T14695] ? arch_stack_walk+0xfc/0x150 [ 864.017408][T14695] ? __lock_acquire+0xab9/0xd20 [ 864.017449][T14695] ? __pfx_rtnl_newlink+0x10/0x10 [ 864.017468][T14695] rtnetlink_rcv_msg+0x7cf/0xb70 [ 864.017491][T14695] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 864.017509][T14695] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 864.017545][T14695] netlink_rcv_skb+0x208/0x470 [ 864.017568][T14695] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 864.017589][T14695] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 864.017624][T14695] ? netlink_deliver_tap+0x2e/0x1b0 [ 864.017645][T14695] ? netlink_deliver_tap+0x2e/0x1b0 [ 864.017673][T14695] netlink_unicast+0x759/0x8e0 [ 864.017703][T14695] netlink_sendmsg+0x805/0xb30 [ 864.017735][T14695] ? __pfx_netlink_sendmsg+0x10/0x10 [ 864.017765][T14695] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 864.017791][T14695] ? __pfx_netlink_sendmsg+0x10/0x10 [ 864.017814][T14695] __sock_sendmsg+0x219/0x270 [ 864.017846][T14695] ____sys_sendmsg+0x505/0x830 [ 864.017875][T14695] ? __pfx_____sys_sendmsg+0x10/0x10 [ 864.017913][T14695] ? import_iovec+0x74/0xa0 [ 864.017938][T14695] ___sys_sendmsg+0x21f/0x2a0 [ 864.017964][T14695] ? __pfx____sys_sendmsg+0x10/0x10 [ 864.018023][T14695] ? __fget_files+0x2a/0x420 [ 864.018039][T14695] ? __fget_files+0x3a0/0x420 [ 864.018067][T14695] __x64_sys_sendmsg+0x19b/0x260 [ 864.018094][T14695] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 864.018127][T14695] ? __pfx_ksys_write+0x10/0x10 [ 864.018158][T14695] ? do_syscall_64+0xbe/0x3b0 [ 864.018180][T14695] do_syscall_64+0xfa/0x3b0 [ 864.018196][T14695] ? lockdep_hardirqs_on+0x9c/0x150 [ 864.018223][T14695] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.018242][T14695] ? clear_bhb_loop+0x60/0xb0 [ 864.018264][T14695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.018282][T14695] RIP: 0033:0x7f752998e929 [ 864.018299][T14695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 864.018314][T14695] RSP: 002b:00007f752a81c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 864.018334][T14695] RAX: ffffffffffffffda RBX: 00007f7529bb5fa0 RCX: 00007f752998e929 [ 864.018347][T14695] RDX: 0000000020000004 RSI: 0000200000000480 RDI: 0000000000000007 [ 864.018359][T14695] RBP: 00007f752a81c090 R08: 0000000000000000 R09: 0000000000000000 [ 864.018371][T14695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 864.018382][T14695] R13: 0000000000000000 R14: 00007f7529bb5fa0 R15: 00007ffdcae56918 [ 864.018411][T14695] [ 864.020157][T14695] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 864.667295][T14503] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 864.728590][T14503] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 864.782101][T14503] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 864.831209][T14503] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 864.887236][T14503] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 865.063052][T14703] netlink: 'syz.3.1687': attribute type 10 has an invalid length. [ 865.071444][T14703] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1687'. [ 865.105831][T14703] dummy0: entered promiscuous mode [ 865.134245][T14703] bridge0: port 3(dummy0) entered blocking state [ 865.171432][T14703] bridge0: port 3(dummy0) entered disabled state [ 865.178063][T14703] dummy0: entered allmulticast mode [ 865.227973][T14703] bridge0: port 3(dummy0) entered blocking state [ 865.234678][T14703] bridge0: port 3(dummy0) entered forwarding state [ 865.397849][T14712] hsr0: entered promiscuous mode [ 865.454944][T14528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 865.474617][ T5987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 865.497390][ T5987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 865.625204][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 865.640797][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 865.804155][T14528] veth0_vlan: entered promiscuous mode [ 865.906914][T14528] veth1_vlan: entered promiscuous mode [ 866.072027][T14528] veth0_macvtap: entered promiscuous mode [ 866.516831][T14528] veth1_macvtap: entered promiscuous mode [ 866.736247][ T5987] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 866.952082][ T5987] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.065039][T14528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 867.170113][ T5987] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.245116][T14528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 867.346044][ T5987] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 867.395067][T14528] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.404396][T14528] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.415071][T14528] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.424152][T14528] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 867.727644][T14709] hsr0: left promiscuous mode [ 867.748392][T11969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 867.769158][T11969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 867.780841][ T5987] bridge_slave_1: left allmulticast mode [ 867.786854][ T5987] bridge_slave_1: left promiscuous mode [ 867.794008][ T5987] bridge0: port 2(bridge_slave_1) entered disabled state [ 867.803531][ T5987] bridge_slave_0: left allmulticast mode [ 867.809210][ T5987] bridge_slave_0: left promiscuous mode [ 867.816481][ T5987] bridge0: port 1(bridge_slave_0) entered disabled state [ 869.411442][T14727] ------------[ cut here ]------------ [ 869.417404][T14727] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/das16m1.c:525:9 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 869.461897][T14727] shift exponent 32 is too large for 32-bit type 'int' [ 869.492922][T14727] CPU: 1 UID: 0 PID: 14727 Comm: syz.3.1695 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) [ 869.492964][T14727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 869.492981][T14727] Call Trace: [ 869.492993][T14727] [ 869.493006][T14727] dump_stack_lvl+0x189/0x250 [ 869.493044][T14727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 869.493072][T14727] ? __pfx__printk+0x10/0x10 [ 869.493120][T14727] ubsan_epilogue+0xa/0x40 [ 869.493152][T14727] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 869.493197][T14727] ? __comedi_request_region+0x74/0x140 [ 869.493239][T14727] das16m1_attach+0x8ee/0xb20 [ 869.493289][T14727] comedi_device_attach+0x520/0x670 [ 869.493323][T14727] comedi_unlocked_ioctl+0x686/0xf40 [ 869.493366][T14727] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 869.493416][T14727] ? __pfx_smack_log+0x10/0x10 [ 869.493444][T14727] ? smk_access+0x14c/0x4e0 [ 869.493479][T14727] ? smk_tskacc+0x2fc/0x370 [ 869.493512][T14727] ? smack_file_ioctl+0x24a/0x340 [ 869.493547][T14727] ? __pfx_smack_file_ioctl+0x10/0x10 [ 869.493598][T14727] ? __fget_files+0x2a/0x420 [ 869.493620][T14727] ? __fget_files+0x3a0/0x420 [ 869.493640][T14727] ? __fget_files+0x2a/0x420 [ 869.493667][T14727] ? bpf_lsm_file_ioctl+0x9/0x20 [ 869.493690][T14727] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 869.493721][T14727] __se_sys_ioctl+0xfc/0x170 [ 869.493755][T14727] do_syscall_64+0xfa/0x3b0 [ 869.493776][T14727] ? lockdep_hardirqs_on+0x9c/0x150 [ 869.493811][T14727] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.493843][T14727] ? clear_bhb_loop+0x60/0xb0 [ 869.493872][T14727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.493895][T14727] RIP: 0033:0x7fdf4958e929 [ 869.493917][T14727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 869.493938][T14727] RSP: 002b:00007fdf4a46a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 869.493972][T14727] RAX: ffffffffffffffda RBX: 00007fdf497b5fa0 RCX: 00007fdf4958e929 [ 869.493990][T14727] RDX: 00002000000003c0 RSI: 0000000040946400 RDI: 0000000000000003 [ 869.494030][T14727] RBP: 00007fdf49610b39 R08: 0000000000000000 R09: 0000000000000000 [ 869.494046][T14727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 869.494062][T14727] R13: 0000000000000000 R14: 00007fdf497b5fa0 R15: 00007ffdda252b88 [ 869.494099][T14727] [ 869.494181][T14727] ---[ end trace ]--- [ 869.747377][T14727] Kernel panic - not syncing: UBSAN: panic_on_warn set ... [ 869.754664][T14727] CPU: 1 UID: 0 PID: 14727 Comm: syz.3.1695 Not tainted 6.16.0-rc5-syzkaller-00276-g5d5d62298b8b #0 PREEMPT(full) [ 869.766787][T14727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 869.776901][T14727] Call Trace: [ 869.780239][T14727] [ 869.783229][T14727] dump_stack_lvl+0x99/0x250 [ 869.787881][T14727] ? __asan_memcpy+0x40/0x70 [ 869.792528][T14727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 869.797765][T14727] ? __pfx__printk+0x10/0x10 [ 869.802410][T14727] panic+0x2db/0x790 [ 869.806339][T14727] ? __pfx_panic+0x10/0x10 [ 869.810778][T14727] ? _printk+0xcf/0x120 [ 869.814969][T14727] ? __pfx__printk+0x10/0x10 [ 869.819619][T14727] check_panic_on_warn+0x89/0xb0 [ 869.824596][T14727] __ubsan_handle_shift_out_of_bounds+0x386/0x410 [ 869.831064][T14727] ? __comedi_request_region+0x74/0x140 [ 869.836672][T14727] das16m1_attach+0x8ee/0xb20 [ 869.841385][T14727] comedi_device_attach+0x520/0x670 [ 869.846619][T14727] comedi_unlocked_ioctl+0x686/0xf40 [ 869.851945][T14727] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 869.857790][T14727] ? __pfx_smack_log+0x10/0x10 [ 869.862580][T14727] ? smk_access+0x14c/0x4e0 [ 869.867118][T14727] ? smk_tskacc+0x2fc/0x370 [ 869.871650][T14727] ? smack_file_ioctl+0x24a/0x340 [ 869.876704][T14727] ? __pfx_smack_file_ioctl+0x10/0x10 [ 869.882122][T14727] ? __fget_files+0x2a/0x420 [ 869.886727][T14727] ? __fget_files+0x3a0/0x420 [ 869.891420][T14727] ? __fget_files+0x2a/0x420 [ 869.896066][T14727] ? bpf_lsm_file_ioctl+0x9/0x20 [ 869.901028][T14727] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 869.906871][T14727] __se_sys_ioctl+0xfc/0x170 [ 869.911494][T14727] do_syscall_64+0xfa/0x3b0 [ 869.916107][T14727] ? lockdep_hardirqs_on+0x9c/0x150 [ 869.921350][T14727] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.927439][T14727] ? clear_bhb_loop+0x60/0xb0 [ 869.932140][T14727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.938054][T14727] RIP: 0033:0x7fdf4958e929 [ 869.942503][T14727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 869.962144][T14727] RSP: 002b:00007fdf4a46a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 869.970606][T14727] RAX: ffffffffffffffda RBX: 00007fdf497b5fa0 RCX: 00007fdf4958e929 [ 869.978607][T14727] RDX: 00002000000003c0 RSI: 0000000040946400 RDI: 0000000000000003 [ 869.986603][T14727] RBP: 00007fdf49610b39 R08: 0000000000000000 R09: 0000000000000000 [ 869.994597][T14727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 870.002588][T14727] R13: 0000000000000000 R14: 00007fdf497b5fa0 R15: 00007ffdda252b88 [ 870.010596][T14727] [ 870.013806][T14727] Kernel Offset: disabled [ 870.018204][T14727] Rebooting in 86400 seconds..