last executing test programs: 29m29.594867377s ago: executing program 2 (id=223): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000000)=0x7) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000100)={0x4}) close_range(r1, 0xffffffffffffffff, 0x0) 29m29.368383453s ago: executing program 2 (id=227): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000}, 0x94) 29m25.95868121s ago: executing program 2 (id=231): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a00000004000000dd0000000a"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]}) 29m25.627540718s ago: executing program 2 (id=235): r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00') read$FUSE(r0, &(0x7f0000006380)={0x2020}, 0x2020) pread64(r1, &(0x7f00000006c0)=""/143, 0x4d, 0xfffffffd) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) 29m25.214087873s ago: executing program 2 (id=240): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_getattr(0x0, &(0x7f0000000440)={0x38}, 0x38, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sysctl=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) madvise(&(0x7f00005ac000/0x3000)=nil, 0x3000, 0x2) syz_open_procfs(0x0, &(0x7f00000001c0)='numa_maps\x00') prctl$PR_SET_SECUREBITS(0x1c, 0x15) setuid(0xee00) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xf, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = dup(r3) sendmsg$inet_sctp(r5, &(0x7f0000001280)={&(0x7f0000000000)=@in6={0xa, 0x4e24, 0x100, @loopback, 0x3}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000040)="99", 0x1}], 0x1, &(0x7f00000012c0)=[@sndrcv={0x30, 0x84, 0x1, {0x2, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0xb4ed}}, @init={0x18, 0x84, 0x0, {0xfff8, 0x3, 0xe, 0x2}}], 0x48, 0x4855}, 0x8850) setgroups(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x7, 0x4, 0x8, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) 29m23.778867698s ago: executing program 2 (id=243): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r1) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988cafb", 0xf}, {&(0x7f0000000500)="e98314d58ce4b24ee137cea9c243c2", 0xf}], 0x2) 29m18.585619074s ago: executing program 3 (id=271): mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x1800044, &(0x7f00000011c0)={[], [{@euid_eq}, {@context={'context', 0x3d, 'unconfined_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x0, 0x65, 0x62, 0x37, 0x37, 0x66, 0x4], 0x2d, [0x65, 0x33, 0x33, 0x33], 0x2d, [0x62, 0x39, 0x54, 0x61], 0x2d, [0x34, 0x37, 0x62, 0x32], 0x2d, [0x33, 0x39, 0x33, 0x33, 0x61, 0x65, 0x33, 0x66]}}}, {@fowner_gt}, {@fsuuid={'fsuuid', 0x3d, {[0x30, 0x33, 0x38, 0x39, 0x32, 0x65, 0x39, 0x64], 0x2d, [0x62, 0x64, 0x66, 0x32], 0x2d, [0x34, 0x66, 0x52, 0x63], 0x2d, [0x64, 0x64, 0x36, 0x65], 0x2d, [0x33, 0x63, 0x65, 0x36, 0x66, 0x66, 0x66, 0x34]}}}, {@hash}, {@fowner_eq}]}) 29m18.472574242s ago: executing program 3 (id=272): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001680)=@newtfilter={0x24, 0x24, 0xd2b, 0x70bd29, 0x35dfdbfb, {0x0, 0x0, 0x0, r1, {0xf}, {}, {0x7, 0xfff3}}}, 0x24}}, 0x24040084) 29m18.37498962s ago: executing program 3 (id=273): socket$nl_netfilter(0x10, 0x3, 0xc) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000400)={@local, @random="df00004000", @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@ssrr={0x89, 0x7, 0xa2, [@broadcast]}, @timestamp={0x44, 0x4, 0x5, 0x3}, @cipso={0x86, 0x6, 0x1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000280)=""/250) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000180)='ufs\x00', 0x1a0c099, 0x0) 29m17.328557184s ago: executing program 3 (id=274): lremovexattr(0x0, 0x0) unshare(0x28000600) r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) setpgid(0x0, r0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {0x1}}, './file0\x00'}) 29m17.175931266s ago: executing program 3 (id=275): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 29m8.754330719s ago: executing program 32 (id=243): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r1) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988cafb", 0xf}, {&(0x7f0000000500)="e98314d58ce4b24ee137cea9c243c2", 0xf}], 0x2) 29m7.342362159s ago: executing program 3 (id=287): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 29m6.872806523s ago: executing program 33 (id=287): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 28m32.269300036s ago: executing program 1 (id=393): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, 0x0, 0x20000806) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x80100, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4048aec9, &(0x7f0000000040)={0x6, 0x4, 0x2, 0x7f, 0x8000000000000000}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/partitions\x00', 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0xc, 0x2, 0x1, 0x0, 0x2}) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='clear_refs\x00') writev(r4, &(0x7f0000000100)=[{&(0x7f00000000c0)='4', 0x1}], 0x1) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r6 = getpgid(0x0) prlimit64(r6, 0xd, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() 28m27.31281919s ago: executing program 1 (id=399): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00'}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x840}, 0x8c0) 28m27.186874183s ago: executing program 1 (id=400): openat(0xffffffffffffff9c, 0x0, 0x101042, 0x15) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, 0x0, 0x20044840) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x20048810) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x2000018c) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000"], 0x70}}, 0x0) sendmmsg(r3, &(0x7f0000000180), 0x3ef, 0x0) 28m25.800204612s ago: executing program 1 (id=404): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0x7, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) clock_getres(0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x44000006, 0x0}, 0x0, 0x8, &(0x7f0000000440)) fsetxattr$trusted_overlay_opaque(r0, 0x0, &(0x7f0000000200), 0x2, 0x0) r7 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) fallocate(r7, 0x0, 0x3ffffffffffffff, 0x10) 28m24.374925554s ago: executing program 1 (id=406): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24ff70ca2f8ef53773c5cbdf4a583f81fdc8719dbe967b0690a3ed3f314c3e2ceebb3e29d00c2c1053d1e8b32d8a8be1bb9786746e0ee564306c80d7045747165005fa3528b5ac1e35e03b69cb54111dfcebc6d585aacdd57c351ef1aa8050274b122a21b47432f17a0cacfd9524d9cb09029", 0x147}], 0x1}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000800)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c1fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbdd600fba37c5a31d095500e91d02256f101e82447e34733220cdaaabc947f5b815080b5214c94a06fe96450ea42f48006c032b24d9e8d722841b7c7244b1d2c", 0x135}], 0x1}}], 0x3, 0x2010) clock_nanosleep(0x0, 0x1, &(0x7f0000000ac0), 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 28m24.194364464s ago: executing program 1 (id=408): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x2, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x8c0) 28m7.869188645s ago: executing program 34 (id=408): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x2, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x8c0) 15m35.130537451s ago: executing program 0 (id=1706): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x2a242, 0x0) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1f000801}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltaction={0x54, 0x18, 0x1, 0x70bd2a, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x40, 0x1, [{0xc, 0x8f, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x37}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x20040844) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r1, 0x0, 0x0) fchdir(r6) getsockopt$inet6_opts(r6, 0x29, 0x39, &(0x7f0000000100)=""/255, &(0x7f0000000040)=0xff) ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, &(0x7f0000000200)={0xc, 0x9fb3}) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f0000000000)={0x0, 0xd6}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2) 15m30.333740295s ago: executing program 0 (id=1716): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000002c0)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='illinois', 0x8) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @sack_perm, @window={0x3, 0x3, 0x401}, @window], 0x63) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0xc, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) r1 = socket$unix(0x1, 0x1, 0x0) poll(&(0x7f0000000080)=[{r1, 0x8400}], 0x1, 0x8) r2 = socket(0x2, 0x80805, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$bt_hci(r2, 0x84, 0x81, 0x0, &(0x7f00000010c0)) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x4007, @fd, 0xffffffffffffffff, 0x0}) recvfrom$inet(r0, &(0x7f0000000100)=""/24, 0xfffffffffffffd5b, 0xc9100120, 0x0, 0xfffffffffffffd25) 15m30.26924617s ago: executing program 0 (id=1717): r0 = socket$kcm(0xa, 0x1, 0x106) setsockopt$sock_attach_bpf(r0, 0x29, 0x1a, 0x0, 0x4) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) select(0x40, &(0x7f0000000240)={0xc, 0x7, 0xfffb, 0x0, 0x0, 0x1000}, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x2}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x10, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000016000000000000b708000000000000007b8af8ff00000000b7080000341200007b8af0ff00000000bfa100050000000007010000f8ffffffbfa400000000000007040000f0ffffff0200000000000000182300", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000000c0)={0x1, @vbi={0x174, 0xfffff800, 0x31384142, 0x31303453, [0x6, 0xa], [0x58e3, 0x741], 0x1}}) r5 = syz_open_dev$video4linux(&(0x7f0000000ac0), 0x2, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r5, 0xc0585605, &(0x7f0000002700)={0x0, 0x0, {0x9, 0xfffffffd, 0x3011, 0x8, 0xa, 0x1, 0x1, 0x5}}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r6, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x5, 0x0, 0x81, 0xffffffff}) fsconfig$FSCONFIG_SET_PATH(r6, 0x3, &(0x7f00000002c0)='/dev/vim2m\x00', &(0x7f0000000300)='./file0\x00', 0xffffffffffffffff) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000000)={0xc}) 15m29.015497854s ago: executing program 0 (id=1719): setregid(0xee00, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="6c0000000002010400000000000000e6eef2088a3b1df0bd200024000280"], 0x6c}}, 0x800) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$rds(0x15, 0x5, 0x0) bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r2, &(0x7f0000000740)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x52, 0x0, 0x0, &(0x7f0000004680)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000002bc0)=[{&(0x7f0000001900)=""/135, 0x87}, {0xfffffffffffffffe, 0x2}], 0x2}}], 0x48}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="38000000070a010100000006000000000a0040010900010073797a3100000000090002"], 0x38}, 0x1, 0x0, 0x0, 0x20040850}, 0x44054) setsockopt$inet_tcp_int(r0, 0x6, 0x25, &(0x7f0000000080)=0x400000, 0x4) r3 = getgid() syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x43, 0x24, 0x21, 0x8, 0x13d8, 0x1, 0x3062, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2f, 0x97, 0x9d}}]}}]}}, 0x0) syz_usb_disconnect(0xffffffffffffffff) r4 = syz_open_dev$usbfs(0x0, 0x76, 0x101301) ioctl$USBDEVFS_DISCSIGNAL(r4, 0x8008550e, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000001d00)={0x18, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x2}}, 0x18) setresgid(0x0, r3, 0x0) epoll_create1(0x80000) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@ipv4={""/10, ""/2, @local}}}, &(0x7f0000000140)=0xe8) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r6, 0xc018937b, &(0x7f0000000180)={{0x1, 0x1, 0x18, r7, {r8, r3}}, './file0\x00'}) 15m24.925910254s ago: executing program 0 (id=1728): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00001ffc002000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000040), &(0x7f0000000140)=0x8) 15m24.811332341s ago: executing program 0 (id=1729): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r1}, 0x8) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0xe0, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0}) 15m9.54685115s ago: executing program 35 (id=1729): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r1}, 0x8) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0xe0, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0}) 14.923902494s ago: executing program 7 (id=3777): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f00000004c0)=0x6) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x94, 0x3, 0x8, 0x801, 0x0, 0x0, {0x0, 0x0, 0x3}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x80f3}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x883e}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x201}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8863}, @CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x5114}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x200000}, @CTA_TIMEOUT_GRE_REPLIED={0x8}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000180}, 0x8004) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c) syz_clone(0x80, &(0x7f0000000240)="f8e90f9435480ae4a82c4b3505a050b41df2a87a313705aeb69197b69680f086eab333000da9474b958d43ef9a4e128370f8bac919d063b7c901fcee54828bf1aaeec450cf7ed9ebffb85fdb76ab2129fe93e42f389775b4b0e6577e25a66e5f519524f951f90ee144830102f9bb3b9477dfce5a11ada023214279d89148fb9dd69a82d68fd1f13bdec8f31c", 0x8c, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000300)="fa033d0c354eb9f7a3fc158960a0686d7f8e4fb84e9cd323403c74590507a3d73a618df4c73ea188c9e0b9f5009839f6de7f5b92b82fd388d2df39b485df7e0e2aa62cff915a2c799cb859cd5bccc85c500f9a7d1336bf5ba718dbaf4a0d0e842aeea322a116c23f75bddc7c9ca69b9c07cf11691f3fb5c5a3eec99be9de5c473eee474310415e122ce3cac2872ccf9d26fbcfcc01ac4fb2e4be49b0ba0bfee90fe9a4d1a779544f21f105453580e914fcf236a9abb7792cb6f17e9a57165ba6a43a3703bf6e4d8a9994271cea0577f5641eff5e744bfb39db0c27859351ef19d966c73dba0c4ebbe3676dccc2e28efb82569c162744083719c8bc4ee395") r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f0000000400000004000000a2"], 0x50) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140), 0x4) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000001c0)={'wg2\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@delqdisc={0x2c, 0x25, 0x100, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0xe, 0xfff2}, {0x8, 0xffff}, {0xffe0, 0x5}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x40) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000900)={r2, &(0x7f00000047c0), &(0x7f0000000980)=@tcp6=r0}, 0x20) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e5876e4040200516940a0000000109022400010000000009040000025883b200090585"], 0x0) 14.862987618s ago: executing program 8 (id=3778): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha384)\x00'}, 0x58) sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00042dbd7000fd"], 0x14}, 0x1, 0x0, 0x0, 0x2010}, 0x4001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000000100)=0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0xbeeb0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r3 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo\x00') getdents64(r3, &(0x7f0000002f40)=""/4084, 0x1007) 11.676592676s ago: executing program 8 (id=3785): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYRESHEX=r0, @ANYRES8=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x140xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r3, &(0x7f0000000100)={{0x3, @default, 0x40000001}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @null, @null]}, 0x48) (fail_nth: 1) 9.785603704s ago: executing program 6 (id=3788): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x4040000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r2 = socket(0x40000000015, 0x5, 0x0) bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10) sendmsg(r2, &(0x7f0000000200)={&(0x7f0000000040)=@in={0x2, 0x4e23, @loopback}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="10"], 0x20}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3801000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000000001000107144e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd700004350000020001002000000000000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000054e87277357ebf8d7700623105b37f60af94226e48011ff0d093ef45ab380daf117c5aafb4f78d5bbcb95e6b5281b19c97987426"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000018000100feffffff0001000000000000000000000000ffffe0000002fc0100ff0001000000000000000000010001071c4e2300050000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000ac1e000100000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c250800000000000c00000000000000fcffffffffffffff0000000000000000ffffffffffffffff00004000000000001f00000000000000feffffffffffffff03000000fcffffff020000008000000000350000020001002200000000000000480003006465666c61746500"/240], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) setrlimit(0x0, &(0x7f0000000100)={0x6, 0x40}) syz_open_dev$tty1(0xc, 0x4, 0x2) sched_setaffinity(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 9.736162136s ago: executing program 4 (id=3789): syz_emit_vhci(0x0, 0x21) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r2 = socket$netlink(0x10, 0x3, 0xc) getsockopt$netlink(r2, 0x10e, 0x9, 0x0, &(0x7f0000000040)) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r4}, 0x18) r5 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r5, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000000)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r6) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="ec000000", @ANYRES16=r7, @ANYBLOB="33fafdfffffffbdbdf250700000008000300", @ANYRES32=r8, @ANYBLOB="0c0099000000000067000000140004006361696630000000000000000000000008000500060000001c00e700e8943fa79fc71b27d936dd16d8b9f248994824d61fab5cde0a00e800ffffffffffff0000040017800a00e80008021100000000001c00e700aec40a292aea768861e0675f4584bdddae9c689c518705c61c00e7003a1e54482d8d8a8e394dab547c992bd183272e1721b9437d2c001780040002000400030004000300040001"], 0xec}, 0x1, 0x0, 0x0, 0xc044}, 0xc2010) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0x5000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, 0x0, &(0x7f0000000100)=""/104, &(0x7f0000000800)=""/90}) r9 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r9, &(0x7f0000000200)={0xa, 0x2, 0x1000, @local}, 0x1c) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000980)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r10 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r10, &(0x7f000001b000)=""/102400, 0x19000) 9.429054763s ago: executing program 8 (id=3790): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) close(0x4) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, 0x0) r5 = syz_io_uring_setup(0x49b, &(0x7f0000000200)={0x0, 0x104661, 0x400, 0x2, 0x288}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r5, 0x40f6, 0x4f7c, 0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r8 = syz_genetlink_get_family_id$batadv(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010029bd7000fddb9f250f00000008003c00ff0f000008002b000100010008000300", @ANYRES32, @ANYBLOB="050030000100000005002a"], 0x68}, 0x1, 0x0, 0x0, 0x40040}, 0x40) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 8.723425155s ago: executing program 6 (id=3791): socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x10000080) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) read$alg(r1, &(0x7f0000000300)=""/74, 0x4a) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x10000003, 0x0, 0x81, 0x1ff, 0x1}, 0x1c) recvmmsg(r2, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)=""/82, 0x52}], 0x1}, 0x81}], 0x1, 0x2100, 0x0) recvmmsg$unix(r2, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default]}) socket$inet_smc(0x2b, 0x1, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="09000000000000000000020000001400018005000200013c61f4f12176eaeb3d379e098ae33a53ece5790d81a296feaf9d93abcb2a525235da2750bfefe52e3ac59a37888c43d88998c24a91370cd0925cc74cab6e3432328f88d05a6b3c5602d02553af1dc2c05721ffa1f39ed2e8c7df17be91fae92ac97828556ddcf1a0ddba4a66b4a5fb3af46ddad3ae781f077fb20ad868d01739c99ccd450a75673f564ddd47ba1e9432bdfe0d8aa469c53c7c64863883d6890efa2a8448fca03d612420052545495e3b5172d9e77153"], 0x28}}, 0x0) 8.047025606s ago: executing program 4 (id=3793): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) openat$ocfs2_control(0xffffffffffffff9c, 0x0, 0x181000, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) lseek(0xffffffffffffffff, 0xfffffffffffffffe, 0x3) syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x7) (fail_nth: 1) 6.735511772s ago: executing program 4 (id=3795): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha384)\x00'}, 0x58) sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00042dbd7000fd"], 0x14}, 0x1, 0x0, 0x0, 0x2010}, 0x4001) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000000100)=0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0xbeeb0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r3 = syz_open_procfs(0x0, &(0x7f0000000300)='fdinfo\x00') getdents64(r3, &(0x7f0000002f40)=""/4084, 0x1007) 6.460663311s ago: executing program 8 (id=3796): r0 = gettid() r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0) readv(r1, &(0x7f0000000380)=[{&(0x7f0000000080)=""/59, 0x3b}, {&(0x7f0000000300)=""/69, 0x45}], 0x2) r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r2, 0xc0286415, &(0x7f00000003c0)={&(0x7f0000ffc000/0x4000)=nil, 0x5, 0x4, 0x81}) tkill(r0, 0x8) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) bind$netlink(r4, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x4000}, 0xc) bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x104001}, 0xc) unshare(0x400) r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) r6 = openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$smackfs_logging(r6, &(0x7f0000000080)=0x1, 0x14) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r5, 0xf, 0x2c, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="00060000", @ANYRES32=0x0, @ANYBLOB="a428040000000000050011005c00000014001680100001800c00040041000000000400001400030062726964676530000000000000000000"], 0x50}}, 0x20048000) prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil) r7 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r7, &(0x7f00000001c0)={0x2a, 0xffffffff, 0x1}, 0xc) getsockopt$sock_buf(r7, 0x1, 0x1c, &(0x7f0000005440)=""/136, &(0x7f0000005500)=0x88) r8 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getpeername$netrom(r8, &(0x7f0000000080)={{0x3, @default}, [@netrom, @netrom, @default, @null, @remote, @netrom, @bcast, @netrom]}, &(0x7f0000000000)=0x48) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) 6.280912819s ago: executing program 6 (id=3797): ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(0xffffffffffffffff, 0xc1004110, &(0x7f0000000000)={0x4000c, [0x6, 0x4, 0x3], [{0x0, 0xffffffff, 0x0, 0x1}, {0x35, 0x35}, {0x2, 0x100000c}, {0xffffffff}, {0x0, 0x40004}, {0x3, 0x200}, {0x0, 0xfffffffd}, {0xfffffff8, 0x10000}, {0x0, 0x82}, {0x1000000, 0x6}, {0x1, 0xffffffff}, {0x3, 0x81}], 0xc}) 6.054824873s ago: executing program 6 (id=3798): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000040)={'sit0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x1, 0x700, 0x7fffffff, 0x10001, {{0xd, 0x4, 0x1, 0x38, 0x34, 0x66, 0x0, 0x3, 0x4, 0x0, @remote, @rand_addr=0x64010100, {[@noop, @cipso={0x86, 0x15, 0xffffffffffffffff, [{0x7, 0x3, '.'}, {0x5, 0x2}, {0x7, 0x3, '}'}, {0x1, 0x5, "7dc308"}, {0x5, 0x2}]}, @lsrr={0x83, 0x7, 0x8e, [@dev={0xac, 0x14, 0x14, 0x2d}]}]}}}}}) socket$kcm(0x2, 0x200000000000001, 0x106) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000100)={0x3, 0x7f, 0x8208, 0x2, 0x7, 0x5, 0xe, 0x9}, &(0x7f00000002c0)=0x20) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r3, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x9, "c46e9fd1a84b7fefa0bf2cca6beb9363a680b652a86bcf56a1b9f4e6b54cc6beca5462202c484c10ca5386103a5ccbe47b7b9aa6d8d701a3ba6a6c0ce8b978", 0x1}, 0x60) r4 = dup(r3) getsockopt$inet_buf(r4, 0x118, 0x1, 0x0, &(0x7f0000000000)) r5 = fsopen(&(0x7f0000000240)='btrfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) 5.972195967s ago: executing program 8 (id=3799): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r5, 0x7a5, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(0xffffffffffffffff, 0x40f6, 0x4f7c, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_SET_MESH(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7000fddb9f250f00000008003c00ff0f000008002b000100010008000300", @ANYRES32, @ANYBLOB="050030000100000005002a"], 0x68}, 0x1, 0x0, 0x0, 0x40040}, 0x40) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 5.960656322s ago: executing program 7 (id=3800): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006180)="3ea4e4305830d12dd9009ddb857b480e92a48b3e45093694091ed788285937ce7b2473522335a690d828b02ab613f956aecae781037db019ffda49138a514ee99a088fd6a2a0028ea055aef75e65cdadd3589c49eb6088bdec10b6d405a915a037c1f8037e1b9301fe4296ab789db8c69c3636af08fbaffd5106dd3788c626c35510cc0ebafc64e8b300d0ffa3bcea4d2e036bbc8dae2e46312e9a637b3002b8931a66cbc28a30ee3287a18f1d162a5985f7ef467a43a807cb75d34504dce996e2a3f1bb43e867f141ed07ef08e0aea605cb5b10346efd6b41a23ea6741dba1e2416380b330788486bba4e359fc0d094cc5301530c1228fcd0e378e0260dbdd56788ad718cac668467d4c50a9878c501cabe3389dcf76acf0267489de4aec621656bdd3878de387af2a3dfa7dbf460daffbef878ce2536a57b05bc44a1e01ef54cca3ad250298c95a52ae9927030eb1096e00f265283a30b4ede2c934dc62c46929761e230567d2ba5999495a5a0977e3156a44365b177a07cae07864be9765ba56bc7ecb29264e6dad2e41eebfeb1ef4115b923c49a8e0919db1de67b1cc4c2f30a672d64efac91e63d7bbf75784aa49346338b22504452b36266eb5e924d4b215ce5037da7b98f09a8dcd086f36787cdd6fab9ce916d12b7b939f113be8b1872a75aa0d8977fe598227998c8b5fa3be8831006f6071d2522b1c9be03873844b0a6e2ca1489f2391981ed762f743e4bc35fd1ca7158bd995a7b801d8525ce381de5497916d59183636f72e9b58c72179f678d1d4434a1fd39d304c3b62cfca763ee8c6108bdca364a438145775a76462927207a7ae654801635dfe3c1915d2ab57a11675724b17c0becb9b20f95d5beea1dd5a6eb66ea864a7d22bdefdc6e13a2a4a8c7780b4250c92dd9bd99453f24268cedca6963ab64c024e56e6f3ae74cf8d1eb5bc3c7292f5fc7d37b4c48ca981b8f54528dedac99a19c1181698b1982668c49b1a6b55142944a0edf891659ea82570ceefe2ca50a95e7df6496acb6bd979ae4b5b6327a201288b8ddadfe0cb91bdd64e74f06deb0133385f5c9cb6e8e554e4fd29126f550adc440e6d42de1bd3ba0ed5d0ebc91bdaeecc7f253190a21eeb51a14b2d949fe86626a88fd33ccd40379f67de81341d225a116e60770ab972ed872c124cd7c0db88709a48487c1c9fa6442997431b99a1ac224a8523430ddcfd699ad27e16bbb54db40785b869328e8e804ed5fc2f4b3e4548a9e60d5b73b2ac8564e8424e0dd292924feb14fb76ed19b1d76edafb1bd5585717a9eb73a8bef605e3ef3f6f8518faab6559f5b4b7d2c07f73edf67d3780d8b5b2042788e5d2f7c7184a80a1951323632b62101094bd80acfae621e56cef19cd059c9ff72fe564944bf8063137fdc7905cb63489cf8d250bda94f453c94fb2f6f33f972c0ffc4830bc8d7fb98c4ed8ef2fa6e147002d488d97122d579a9b214b09f792279021a20a36a05c74c9a668bbc4ee5bba0d8f7e96fe9a61feb01b7c0537e47894c3e7b5d19ce1568f8d9f49f3adf9c02ac941a3edf68c841f29fbe82450c2bbdcb7270dd2f5722666bd21c0839541c907ff43da0a10a05e47ac636d4f9c59e2abfb00d31621ac3f0455723563e402bd3ec56a2b7e59a82262119b02eedda2baef71a5d5efd2533b7e6fc01d6cae9d514fe63b30fdbd92548760f876f8d77e7fd8500f83e6f4e6290e4df64c73d6ab61737797b05235dea939163cf55f322939014acef81d248baa46e1ffbca5a699f0824988b4313ae222bc8d3a3c1e875054a9494c9beac817179749b5cceabbb7cc40bdb8e18d598b683943a61fe105b868896d78e1e3a802774170ef3c1f339b6d20cfb5a260fa197aad2e18146ef53fa9c783772dc9e251c2140fe89709d007c5343681cdf4569d5f3190c0d799504aa0a9001e26a11708fbe929f63ff691a3a0c7a06125d3b3d13b3241abee4fa8c6d27b26eaa58b454e34fe20128a15cf7f96bfec32904af4b2e04c26bf9393d45b0d66a1a2f15780a67ff34daa1bad27262ec78f27f9ff77157ed5201bf257e1d1d06f2cd3a4cbc02bb9003caebc7e7e9fe7a256de9fc2cce105644c833ee659e3f6d526142d154a881cb70ba8df353a5714bfee5480cf8bff86c62c3a56d45f821d99413f8ea8207a41b7d577e5a1788d051c8c19cc1fc8be844f18227b7eeed330a213a58009c7ea3cfd5c77093b5315c90d36fe15ecd9d9e7e4208aac31abc3928d162449ee68f04aa2aaf5b8711529b97944a873085ed6b59b53b2ef8a397733d5207eb27a81c646eb7079aff7403181b0d658abcdc3445096844b3139ee23cb30f9527b5c84105604e8aa57b32e0470dffa95719415b74ce519ac27b20a38045a9792043d3c5b426deb70b3418d9475c6b85580e7e414c5a9ff35ce7c6fe2f2d5ee8d0aef619d8c2c06e0af87a9bad9dfa2f6ddb57c2e636563a9ee58c8613be2b329f4c16efbe56ae671e712e90712cc4f519276cd7cfa3e421e87ace7e5469665b4345322c77de68639a6f561a0d203d4823d4c3a84f1b2b04c60cd2fe855652c1000b0f5e1bcc2355496522a5046a849d407b5d86123432a41d64b549c1713dc3f0b4a787420c9d3dd3052dbac55dc15ca6584d08bbcc7ece7144fc179d302c5e0833b1f667e0f4110ad9b31f5b7e19e11fc1bf5ea0f9a81806ab5bfa8caff29b84c53c04a85d175c05a74d55b548ae69bb365760ebd841cfd094ce2d7cbf447285f53f5e7cb4ccda0a607c9cf7c3aec55966aca8b8ce33eb30a138c3e4d85e4def697e0e00defa03f2c501010baa3470450bec0acdfcdc7f530584e7c2600ba58722303a11c9387edcfbdc85f1128155374f9844f381c2a8a15bb7df67db46f30b9232d3d6037d86dbbbed316bcc5be6fb3ab78a19c9df2889188c7321ffed7795dfd67f3853e516cbaef5d079aac33cbd2cd920b560945744ae03611257ccc66e9523de5282efbf9871092795c05685cfe8749ff4a4cf42aa19fe4f935a71ba462860f1243824fc2888cccc6866f1c81f05bf993b58621cc8f9c6e72a7db971e1bb40632d75c119acbcdcb88b5f1ed4fa5162da82ea66c21f2064867d86abf308a1c65c0a16879d56e2e76ac4110acca20be3abb731effad3aef7f0da4acb9aed0283111670d5ceeba5a551dff13de90acc9dc3176923ad1791a73eb41a3f5c260e4df26a1b8782fa85e5cbf5c20a62bec97da4096264fafafc9f5dcb9a8ca2990a144d6bd138cddcba35fe3cd2609f0189d37e2d76f6d96ea2ba1d5ec9b42c94f254904cd938ea2004b43a111c2f5b53eca1bdb68f8e84fb5834098ea5dd6388d41c987763c8b2c9733f758dd74ce5eeda6cf28137a4d83a66f05d90fb1c9acb0214eb7e5d0869b201330b6fd1a2948e0ad0af0c4f3deb08fa875223ba27f1d42f63da665eaeac81ea9eca52ae1afaed3f4252976019de7d61059e29c8220e88a2d9a4e6202839c74dda2ae43ee2514b55aa812889e4f8e153f9859af16f130053024a8bac43fad387cd526ef42bea5cad61230bbf89db7946a03101d18dc1ae46d046212ec5285564e65d876283fb937d6e38caaceb5716c8b2628b3a349058fe27fa58d53d6e5a769996217960e50846b2cd1b9fbc686f157e19d69a2050098097d45c2879e89e6fa3c5c79339fa3881fd228c29588befa5eb769a1cc1b67e8426b386ee0e6a80d7dd261b0ffb14b321190f1a390c6a0e8052a750d4cb587720ae43f6ffbd7f9328985b2aece118d4838c2eb55e8592823f74550b5d49377464890903f2650999fecb01fce6f6e51eae4f193bfab5f35b854cb0221e75898f111e94d5861fb15086889a5f804df2f7fd41cd49b663d352c59c6e8455f8287aab47cfba4d860c81ae1f61eb8bba8f18bfec3da3eec80bf39a6ff8d028650da69c108f98cdd8359756ff2b911fa688131121523187f1e449baeb64e332558c9d5ad9794e514a4239fe3277749506d69b3ba9df2c48d0111c526674e1ec144de88c58c93ef06da80e14675d0b14842a1ca644af3d7fd5907a46ae58df07f060088573683d14ab5310d471e139a47f8080fc282f16eae908671f35a9c1a7b2941ec86e85e15207e824437f8f79b173cde14b9fdcb9ecd82b224d45f724df18760a2913d907ed48a696367985713ab99d2416213f9991766161ce075aa6da4a7fba3a47c67d04ad7e669afada886f046363fb03a0cc795e5a1840e419967b1a19f40be8bf2a512015d486d00c4026ea86324b5b541ef8388f070800421c137d8ebe7c9a539b529a4af69165c1a6ea23534ce8efa7efb2ac55969df429f3b32d2f2aecb5087359c1b83224e4cfa2c583a1e147dc0202334a2c953383cc69e3a807299d86358b6f42a499eaa5d5680cd670fb49af6488c7cce6efae45682f98d63371eced65de02a82bf560a335ba630283dd77bd3d15296bc21bc337fc1b6d34d77ea7f681055459447f01b65623218dbadbd1958a249ebb76fea35d56299a017c4d7920fb0433d5769bc5130d8a5ed950f8084ba0036078374b82ad14a232f137214bcaa82ea7fcf7393ff4226aa1effda1d44a6100896ebcffb9414baf53c77c84113ef99f89f9f282b19b0e057893ef9c81399e1db0e3a25549dbdc69895e5eebbc545e468401d18dd20afd2913f89c3c0d95d54d5145f5cf434287e01b73b2646a7dc42e0f64fcdc1f3853aa41a6242c6cbafebfd62d147dce9368259beefe4d28179750893fcbdab5956f582372c1c616db2a23537a353e08e275fece1a7c0c0bd9483160fc643ceed9d687d520e944923f1eeccfe7f2e5e1c5876810efa0deb7f00c8f606ca5c14e3bab922243d013288622cad6667696e6759742376f7546339ad37a9246c98a6500686aaec51e2391285e7bdac34fbd4a1df2147bbee2d56c7189b4aeb3880bbc63e6b922b27133497be09318b064166ee8b5ca1c360dc510592bb3077293ff7e48bbfd2221a8c823eef8e677b51b40c7a8bfed1def9e19af5a418b65567ad9cecf4c16232683740dfceef0bde563a0942db0d77493b2d683d413d9fbd0ac8fca1ecaf6e57fd7ae680a493d8c697d3cc038cfcfc55a9a30152ce450dfec029a4edbd38f10222149a87d358f881847d4daf8b182d6b1313d616a767dbd9d71c7a3ca896021216665fcb2c8fbddb593013118cc8ab5044bd6f99bb278ad871917c9b1684cecb2d0e8babaf33fd98c02d8451aa48f3b2a6d6e9a5d12910c7aff613cbcdda418a76abff697229b47783577d0ce2f0041e1360a10f607612405b9b06180d85617ff9c5993a986b32071cf4c43b97f53eef9311929cb8035ec5c2f65cdc40bd757d612de5b9a7eca6e7e70365dd47256ff9f8922e91ff22bbbee51e153d5321dc76ee8a664505da2039da1fc87e3727f085a47ce3eb52b95edb41ea295b79752c672348621e4d49c48b7d065d116cd1ebe6203e9ed62a9d3367eec2ed7cf3e4762b5f71c6ab34a953482414b762a455ded6e0ede9e07c3b9915aa51aded822c57a72ee3ed236b7c8c3b26db5092baba5d4d385d1e3c0e0d860da91b33a85c20e30da31b890f85a88a5c105e8aa32d6033beafff9ff510a7c7fa566b86eb473c702fcf08449c581650c42b90843b1baabbe95b476983fc98397abb52450a65505212b25c94a2fe3d64816eb9a76e8e8e945b7dd544aa039e61fc6331d88ee4ba297bf0d59a04c95579b62f316da65064247cc1d45792f1510103708d636c53f201b1dc2004a479bccef0bab9bff46eaaedbaa445417ee040c568ca95e606d9d9431798e91491f48434551cb8d8b4b81b389d43845e04d98dc0edbb74eae8d13ef3f662a26d7e548218952bfb4d697bd5c3700cea776ac3eb0ebae5c101bc341688371e31bda8cf7819ff4fa3a478faf97582d497112e510b2986f4238d3d4219024ac82eddc2dfe6d42dd1652ec09548768cb0a46e475493a75a75c54c47ec1e6265d34a87634e09394c77a41b01f374a79333951eec0423e037e0a5dd3cd12dbcc25fbb028613aa7382bade63c1d300b0a6d021f65fca7905e622eb54bde35d59c169f970e3de01272229e78382c7e87cc052da8b7b2dda1d29bc42fd2b7091feab28c14dd9cca5c8946afd8a466c681025128d3f752a8bfd2a8bc0c1bd89c01ad7803d8fe9ea1247e25d8ec18e0c18b8e6293b85cca5535a075b799519623d98a9bb393df5f17065a7f11142320e3138fae891346ca10040fda33128909b485ca1fa733f7d44e424d8dabe3f38d4249c3cb3f22d10521e536be978ff2dee276098db46b56e782596a68d5144ea1f2dff227956f4f860135ec2e0cee212a51b63c60e775fa2e0a7dbcb6f3d27f09dbaf55343bd2af3aee72ed39e15919d3e5b2bc67710c88a68806f1713313887e72e6af52f7de7009399b81cadfe76bff2b61e53b259218bf854d52644bd8e722e170bf9b109ee819b960b8d9da0d2dacf48083bd8a766d3818eae48ba408e18c63c8b59e282553a71f62083e6a007ffa6ce8ad271b7202da28f1d6be4332f404c1e2b98acc4d783785c1eab14361db6382594a9bbc3304f121f198948c91fe58d96aa6a8e12cc3f46f283e635548d96341fe3052aed45be1970010bb76325873b7902f0f73bf21fbe0a5cef6ec0b50902174c3515c89421a496737024b22db73916c4a41d294b8eec3913421b784a2629132461d4e6d5498a88b87abe2e385df8688b70b075e2139def62c18c60f96c1715e203850155ea7bc8d67e77428e9c96a3edf06d984f29959217633a907e7aa0f9792313fd30c6f767b79981ccbf1bf87942cf082090761f9faf5afb90f56a80908cdf34387d3c9ac4d27321b8b2c64f66eb3bc0f7937b0771b68eee977d5f3682fedb04e51868e4e588eb625a71db0057655af47806eaa6b875304738f1129d95ef85921db8b584af8e389297c8d59eb4f5f784474e5e293f48c5cc45e490878c31d32bcbfc88d51f96eee3cfaaea0e443505825a52603a06aa8cdc8920af575650833e7715dc2205ecba7e304eb121cb0d65609b853974fe9ddee9b9cb9fe4d1c08fed5b2f3d0f51e104635dba4857520e0cf319438659cb765bbbe6bed3a6451a85e3efe32707b2c84d7fbb99cd80b3529605b221b808cf34bfe776607cb4074cb9371306c74f3c38a4b48f8a8da8a02be28a08f5a0da463aa85863ef54276c4f414667d3812deb6b0e882381932585e3d08c6f3c2c13b9987088b345e1216b3d525c99820c0b6688d9c0271f648da1881e58fbf5bc02acf226d9e90a64911ebb27b415f3ff4f7bdeb9fdd5bb1f39a99f909f80af444b902d1bd96562882da6e0ce9efb2adfdcd78803164a5ebacd12d6246571066e8f05a37d9eebbf41a88926b6bcb287f4ef47728ec00bd96ccd72eefd5815fa9e2840a100e08be686e6b664c938a0eaa7588e87d69809af59268f3c4e92a98a663f83481668e0f3ee684a6728fa38c75cf66ac73dcee17dfa5ca94601b1e5ff91215492270e24c4abe4dce8686e99d3c64e7c3f5972152da99388bb59e282a1e300627e542cfea5a390dd11f0c95f52702982c0e8c690c1e7bca2ecffb7287b617090ace76f818fa8a9078978e1e249a7f4fa281fb3174fec950f6b9afaabb3279e22c9c37a4ea1c05df6c49c1b89b2ed23ca3673f388f502edd3edc358549c039eeec6ca4ae3404bbfb688c3d90cbd4a092e035ec48c3bb1ef08e2b1b6326622419356669a8399954dcbeddb197de9fb5407e105d800b6cfa91de41b2eb3ad2ead5487b9c7b11e76f2ad08711b00cb8f3da6794398a961853bdcbde90086ff13d69154442c8caa36d56862581a9f326f85c6722be613caf2329d4ff9734c99016390e793b6ef90c540ad3c7478d7b221a71e0f10575ce5f666e2425903f3c358c4dc5b29133da5027b541898b501cfa144e166d1b1d7470d05aeda051a1cd5bc3bafee7ccf8564682cd728d0dfaa4f731438de2ca3095f105c0bad8f3b039a427729ba1f96238403e3d1c8a2bdf1730253d6c78e42f4dc5a6079e95ea5013a9d335e628ee7d2dd1c7f2d25342b2be5c9fef9fd5eeddc8665c1a39705231538d0f3a19e9c021a7d6d2d1c6b3f4b483e6198ca6d269db9e82746c5ea36c70f29fc98462ecaeed27547de6435a82112b2ec9a8c1e759f82d04810824d97f1ca45071f6ac242b90b218f2c2c9b4cd42b56dbeb5e947a8e8b476749ab8cc7d910fdb17529440107a565737b69440cac0b418858d62fb7af804c5e483faa849a6375ea62581eff9c4dd3ccacdbab7af9fe9b2be75cb2e322c296cb91a792ab424f77ff348d07dfc2a5c5af476cc7c44de169dc1702ddbd5e4d7fb11172d8eab6df3b70c7b66fec5177a533ed44641c291ed9d8cea6832c24c3cd279c9f3bbb355fe47364d23af48cf8a86d27727ab2adf771641ff447291fa9ba99cf5c2cec5c968d565aabe16cd07d752f7d5b2c78e77cbd2dcb2bc151a35207026c98b755eb0e6fdc94628de7653f7a461e0b51f5c089fc4db6deca2243e3e5532bcc279dfccd2651db61565968dfce800e995626a4bf045e3522b996dee4bd10980ede518f4a5d986f41c53f0e2820853337869645c31c41c9563f1c01ce651e916f7472b04929feecd09ff768bdf74f0b40a0c58555f2a390db9bb7990dc31f995ac4bbf1f90271cd4b90ef7fcd096c34040fbd4a74aefdc5a6b8edf38da8084c87564b10e6e2cd7d0ea6849cff02c06e4df741c278f0d29ed6c6c739376e1c262f9d780fec67aeb519cfa669c9d6487ba527e0ccf5012954dbb3ecdbd3f5be1c018784cf83b3bd040e7116be8401e760f82cfc86ac19a18f28c894662f8dd13b1aea577c81bf2447753b57853765eae4353b65475e10c3b36bf0d0dc3199dabff76a06f70b173fac295db1f52100547050f052b9d287155bc8b04435ef35902395ae894bed80080fd3becba14c51da2cf34e2999cdbbf652dc6862e8e65f675b1d7e5da57fbfb497e8111dfe77164372d707a5857325c47afb462f7a38f617d158e8a28fda6d121e532e44b2ca9cef3c34a7a8d748c4edd061b62f6ab7344317b0dbd8ce4836142719a7c0835901236180840246527f3ba39cb64614e95d4af008d281b53853532abdc663051d041af7d1aa9766ab185efb77fcf278f09577e01e507a2034f435b66cab7692a1733d1ad3d5d566396fcacfd1bbdf542e35136a49e2d3cbc21ce157ff051a0c1b636b159f370366565a8ddadaa1502b425ef27a1ff070c52bd17595ee507dc984aeb14d2aba07fe786f3733e3527d5bbfcacfb09d3d5cf94738d1b13d2590b1bb1ea2eb400e9605f90b4b23c125622da85ece62e4493938099a4058e0b3dda2532c6d62bd033ee7a1cd7683620a6501e3ca420f9a64f462bbd4f125d154beff38c8f4a1278f9d6194289234d7e9fd397feb24fe1a8636e334d1342fa590b4578b3c677aae57119bea99ff7a5635b98ee867a282e5f3444b70415c0c33942f041c28589ba0de67d7b7ebe43ec6656f60c82c9d75bc8dac80791cd59a9c576ccf726cc97befcb9aeedf32b9ec6f4aaf043ab9bfc4712ee6bc4906dcd9766658ce56fea361518bb54ccca4bbb82eb64e417a37899ab31736ffddf51f97aa710b29f18ada97a200bd65d655364149db2c41cf32bac2c4bf799bb2356335a4fa01016da72bc7dd99b3f902f8b80a89d19bb04f8c49cdc5a78b17b52d52c06f18baa9839332f3ae59909748cd4dac49c1901f3c2dec64ccb40a49fed1699fe1140f8602384a930fed2ed6f9c120c9e6158aae34d8ec8a4fb0cb7ae19c2865e3939b499b5a08183c342ff4af2b3400980879aaa6e29784e90bfc915b9f31e79b742420952bda798a8b88c77134cc5752630e57fa23f9b174535e3244c9fa475d1b2829fdb768d22d6564e55556fd3750bbb223f3b5748a57c899d324f359c3842fddf8055e1b40588365393b84aa798fcc8b321ba1eeac33d340eda01fdf697e81bb5b55852f6b355a7dd2082cf087949cf9fbbf697af8f81c20f25a1c0b92fcb06dddc50c5d9e989a15a2fb7d0544f1844e3f46711165bab1658615f440b71f93ddb713ba91e8f4d91dd17243082d61cf43fd08861d42f41f1ebc68be633bfcc79b14cdfd7b171ed4b282a926055ce26e7fcf40d1e8e7d05ce6660fdb825dff76d735bce7b43c98e5b6c4763ccff99b45c1439859ccfc61756c298eef7424c465aadcd71455448827e39e5ec21293f2007617fae73b74de8efe349c726a9dac11524720fed5214101b4f26ad6fec2215a54980512a57358545899c6898692d805134d606b3022d16954747d247db0093dbec65fa7d101439ccee58a8790ee0daec0976a743d8f7aabbaf8d9945e95ceede27387e2faebe8d1eae6feedb78cdf016c6c5888e56ab4830b002513f87aed9bb4988784c0debd8f566ea9c8467bab4a52a52de9e262f16ffe222ac1ac6f6d5de557eead4554f03bc8ebd681daa2ae6cf93587d32dcf53a184f5019f0fad0729095a5788b04fc6987064b80c6bba46e36fdd767ca9c6819445e95ec7d60c3f9b2716c206a589e413fd7bf1d8fd3f1245ff54d6db4d7b45f20cb4f6dc8bcde65484d70ac38921f89261d27fc85203b801867850457a3b61fd55e805bd3c40a336bf87101d8914d21c8c968e934ce265cca3efe21d3ae1b78848f7b50a9a2e9b51bfca2ff7e0292ede0aa013af1c09242d6e53f23a216b8ccc64402a46eef3411c06cabb5435b1d2d8ddffc2c3dbbbb0e707e03ae0c518414dc7304dec25084891255011dd133d235e663ff38ee78c9abb93c9f692c5195222c881e35431d638367c7e570c962646424dae41fa2b2af118a93add1e088aaf7e1dd108c7096f4f9868a8af02cc15db7493ef011d320c6d64f6de56a51748e9dc4b7bd1bd515d3e9522a65e87e25477f71a6bddaf7ee5a01d424ac153efaa52f1e56fbef9f66efe5642f7dae41e419a64be65635a088885717942d475daa806ab151b087525446227d0d75a493d5a98486365b3981b3bb77a7c6c6ed44a120a98d0f2d35e8ce83837004c39bf09ac5723b1d7d7392f6e94462e86de853c6841027c697236331e19aa45693b2dbeffea7b00f0b284e49b04935327b9808576b397cb48d6b1960d06058f1cf2d0641d7c99e79dc9d47efd1d5bde85bb51ffe4a687c2d364713ee0ca4981f371c7a418b61118431984324f84f8cdd6e2849c00c1f14b1732a08ffa08d39c312dd809f15c8a651cbec053e870ac04c131946d80a8e684c8f309881f98220d7e532773d4d8304ae53428390ca7914a408030fae3b07619352d8a1edc33856530f806b8efe61bedcbe199aca4dbe79bdacb08b361e31f59c00463071fb19edbc0cb84c59130770fcd17643f7c37c1f54753f40fbeeeee31b22d89944ac6ee913e63145e3e35f804d2cbd08d9f2e278be717872a4fae63d8a8b462f715c3191d394a67a724fab2e4ec31c439fb2fa01295aeb56910fd406316bdfed587c1b42a733542a55793303e59dc23a40bc9b9f5713a3dc21b95b591ac9863f31a4ecd160e7d9b7b2ec2b137e67", 0x2000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0x80, {0x0, 0x0, 0x1}}}) 5.945609882s ago: executing program 5 (id=3801): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0x5, 0x0, 0xa}}, 0x14}}, 0x4) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="38000000070a0101"], 0x38}, 0x1, 0x0, 0x0, 0x20040850}, 0x44054) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x5, 0xc, &(0x7f0000000600)=ANY=[@ANYRESHEX=r0, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01000000", @ANYRES32, @ANYBLOB="0000002b2789e2dad4e4a51f46be01e4225c0000241b71552b3d574a149d1eb34f", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010000304000000000400000000007400", @ANYRES32=0x0, @ANYBLOB="0000000003120100280012800b00010062726964676500001800028005002c00020000000c002e"], 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r2 = socket(0x400000000010, 0x3, 0x0) write(r2, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030004000500e1000c0400070080000900", 0x33a) 4.407738568s ago: executing program 6 (id=3802): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000780)={0x28, 0x3, 0x8, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x16}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x800) pipe(&(0x7f0000000200)) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x800, 0x0, 0x0, 0x81, 0xffffffff, 0x9}) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r2, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r2, &(0x7f0000000080)={0x18, 0x2, {0x0, @broadcast}}, 0x1e) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0) add_key(0x0, &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = syz_usb_connect(0x3, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0x21, 0xac, 0xb8, 0x20, 0x9e1, 0x5121, 0x7448, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x3, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc9, 0x2, 0x0, 0x65, 0xd9, 0x6b}}]}}]}}, 0x0) syz_usb_control_io(r4, &(0x7f00000001c0)={0x2c, &(0x7f0000000000)={0x0, 0x31, 0x2, {0x2, 0xc}}, &(0x7f0000000040)={0x0, 0x3, 0x3a, @string={0x3a, 0x3, "4fbf6c8c7bdeabf6276aa89e09cdd4f61b7b3beb54998c91dd591e1522a8e8194906809e405f5e90a47fc0607694580adc9c6d73c8b44ea0"}}, 0x0, 0x0, 0x0}, 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x20) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = syz_io_uring_setup(0x3a, &(0x7f0000000640)={0x0, 0xaddc, 0x10100, 0x0, 0x203}, &(0x7f0000000380), &(0x7f00000003c0)) io_uring_enter(r6, 0xd81, 0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f00000009c0)={0x8, 0x7, {0x2, @struct={0xfffffff1, 0x5}, 0x0, 0x5, 0x7fffffff, 0xb8e0, 0x3, 0x0, 0x18, @struct={0x1, 0x3}, 0x2, 0x30000, [0x333b, 0x7, 0x3, 0x4, 0xa, 0x2]}, {0x8, @usage=0xfffffffffffff192, 0x0, 0xe, 0xd32b, 0x1ff, 0xff, 0x33791ca0, 0x4, @usage=0xc4c5, 0x3, 0x100, [0x5, 0x5, 0x2, 0x400, 0x1, 0x3]}, {0x3, @usage=0x1, 0x0, 0x4, 0xe11d, 0xfffffffffffffffb, 0x100000001, 0x10, 0x0, @usage=0xd, 0x9, 0x1, [0x4c9, 0x0, 0x9, 0x5, 0x6, 0x7]}, {0x3, 0x2, 0x3}}) ioctl$BTRFS_IOC_RESIZE(r5, 0x50009403, &(0x7f00000001c0)={{r6}, {@val={r7}, @actul_num={@val=0x2b, 0x8000000000000000, 0x6b}}}) select(0x17, &(0x7f0000000980)={0x7f}, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r8}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r8, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) ioctl$IOMMU_IOAS_UNMAP$ALL(r1, 0x3b86, &(0x7f0000000040)={0x18, r8}) 4.364019284s ago: executing program 7 (id=3803): r0 = epoll_create(0xd) r1 = timerfd_create(0x0, 0x80800) setuid(0xee01) ioctl$SIOCX25GCAUSEDIAG(0xffffffffffffffff, 0x89e6, &(0x7f0000000080)={0x80, 0x8}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x300, r1, &(0x7f0000000040)={0x32000000}) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="64000000100001040300"/20, @ANYRES32=0x0, @ANYBLOB="000000000080000014000300697036746e6c30000000000000000000300012800b000100697036746e6c0000200002801400020000000075"], 0x64}}, 0x20000084) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095", @ANYRESDEC=r4, @ANYBLOB="44f75e68166e646f7c9502ab62f38096234d7681dfb9d6c751c374705ae8df4131f129b936c4d7928f534bc62c5d7118130b4a3f5fa4756ea6e3e0dd74b3c6fad242c4351b89f3f5b52abd12adeb25fd094aa021038464a9e9bc2a8d3f09d5b7e38c2d2e2144ff9104ad535e17ada0908ff1399d8a6536ede65027a1a3f520dea74384eaa32011a1888fe9238b37d5b9da0e68511759fe9b31052917e02a"], &(0x7f00000000c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r5}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="6c0000002c00070100000000ffdbdf25037c00004800018041000000b68fe76f82e4540d2ce34be40cb271187443a3ece4c2b3bc4607197415f3721ccf9e97275a29de68113509db0975fe772bc1ba1bb7564b1f5ceb24ed61000000100002800c0001"], 0x6c}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) syz_usb_connect(0x5, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a0000090505"], 0x0) syz_usb_connect(0x5, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12014101afb4f2102505a0a4f12b010203010902240001fe00c0000904eb02027f9c1f000905060220000200020905ffff"], 0x0) 4.227974423s ago: executing program 8 (id=3804): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x6) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000280)={0xbe, 0x0, 0x1}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x8, @mcast1, 0x6cb}, 0x1c) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0xd, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) exit(0x400) read$eventfd(r0, &(0x7f0000000080), 0x8) exit(0x7) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000010ff0592024000110203010902240001060000000904000000030102000921000000012200000905810300498c438a00000000"], 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000004000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007100000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close_range(r5, r4, 0x2) 4.227550651s ago: executing program 5 (id=3805): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1) (fail_nth: 1) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf100eeff0000a2c2000100000000002000"}) r1 = syz_open_pts(r0, 0x101) r2 = dup3(r1, r0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$vsock_stream(0x28, 0x1, 0x0) syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xc8c7, 0x0, 0xfffffffd, 0x2}, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x200000400000000, 0x4, 0x344}, 0x0, 0x0) write$UHID_INPUT(r2, &(0x7f0000002440)={0xa, {"08c39ee52f329f1698b1c4865f8b540a5eee9f496a0809c3d20325867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76023256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c6029455091676c214569a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d040700ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e99b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0xe24}}, 0xffffff5c) 4.000734645s ago: executing program 4 (id=3806): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4007fff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x7}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r4}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000380)={0x1, r5, r4}) 3.650729937s ago: executing program 7 (id=3807): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20004041, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x10000080) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) read$alg(r1, &(0x7f0000000300)=""/74, 0x4a) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x10000003, 0x0, 0x81, 0x1ff, 0x1}, 0x1c) recvmmsg(r2, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)=""/82, 0x52}], 0x1}, 0x81}], 0x1, 0x2100, 0x0) recvmmsg$unix(r2, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) ioctl$sock_ax25_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default]}) socket$inet_smc(0x2b, 0x1, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="09000000000000000000020000001400018005000200013c61f4f12176eaeb3d379e098ae33a53ece5790d81a296feaf9d93abcb2a525235da2750bfefe52e3ac59a37888c43d88998c24a91370cd0925cc74cab6e3432328f88d05a6b3c5602d02553af1dc2c05721ffa1f39ed2e8c7df17be91fae92ac97828556ddcf1a0ddba4a66b4a5fb3af46ddad3ae781f077fb20ad868d01739c99ccd450a75673f564ddd47ba1e9432bdfe0d8aa469c53c7c64863883d6890efa2a8448fca03d612420052545495e3b5172d9e77153"], 0x28}}, 0x0) 3.002912556s ago: executing program 5 (id=3808): ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(0xffffffffffffffff, 0xc1004110, &(0x7f0000000000)={0x4000c, [0x6, 0x4, 0x3], [{0x0, 0xffffffff, 0x0, 0x1}, {0x35, 0x35}, {0x2, 0x100000c}, {0xffffffff}, {0x0, 0x40004}, {0x3, 0x200}, {0x0, 0xfffffffd}, {0xfffffff8, 0x10000}, {0x0, 0x82}, {0x1000000, 0x6}, {0x1, 0xffffffff}, {0x3, 0x81}], 0xc}) 2.914398124s ago: executing program 5 (id=3809): ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x42, 0x4f, 0x19, 0x7, 0xc0, 0x1, 0x2, 0x6, 0xc, 0x0, 0x9}, {0x5, 0xaef3, 0x10, 0x0, 0x9, 0xff, 0x8, 0x3, 0x4, 0xd, 0x1, 0x6, 0x1bd}, {0x1fb, 0x7, 0xfc, 0x10, 0x25, 0x9, 0xd, 0x0, 0x4, 0x1, 0x1, 0x3, 0x40000000000004}], 0x9}) r0 = openat$kvm(0xffffff9c, 0x0, 0x800, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) splice(r2, 0x0, r4, 0x0, 0xf, 0x8) tee(r1, r4, 0xec8, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) writev(r1, &(0x7f0000000300)=[{&(0x7f0000000140)="3751f02b82f73ccfc7c431617753f5732f765c975ebce8947e5388c4ff26fa3893119fd1478a576d9456136ab5f15493d175754e4b666e989869d01d418adc376ca22d8077c1b54bea92b5977a41d70ebcc4735ce6c012a5fe5ab7fef98e864216699a235d615ded3292397894b34a79", 0x70}], 0x1) close(0x3) 2.782935764s ago: executing program 4 (id=3810): ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x42, 0x4f, 0x19, 0x7, 0xc0, 0x1, 0x2, 0x6, 0xc, 0x0, 0x9}, {0x5, 0xaef3, 0x10, 0x0, 0x9, 0xff, 0x8, 0x3, 0x4, 0xd, 0x1, 0x6, 0x1bd}, {0x1fb, 0x7, 0xfc, 0x10, 0x25, 0x9, 0xd, 0x0, 0x4, 0x1, 0x1, 0x3, 0x40000000000004}], 0x9}) r0 = openat$kvm(0xffffff9c, 0x0, 0x800, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, 0x0) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) splice(r2, 0x0, r4, 0x0, 0xf, 0x8) tee(r1, r4, 0xec8, 0xe) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) writev(r1, &(0x7f0000000300)=[{&(0x7f0000000140)="3751f02b82f73ccfc7c431617753f5732f765c975ebce8947e5388c4ff26fa3893119fd1478a576d9456136ab5f15493d175754e4b666e989869d01d418adc376ca22d8077c1b54bea92b5977a41d70ebcc4735ce6c012a5fe5ab7fef98e864216699a235d615ded3292397894b34a79", 0x70}], 0x1) (fail_nth: 1) close(0x3) 2.031681165s ago: executing program 7 (id=3811): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='freezer.state\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) (async) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, 0x0) (async) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000002c0)={0x1, @pix={0x0, 0x0, 0x42474752, 0x0, 0x0, 0x0, 0x6, 0xfeedcafe, 0x3, 0x0, 0x1, 0x5}}) r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000000181057e2da0700000000000109022400010000ba00090400000903000000092100000001223d0009058103", @ANYRESDEC, @ANYRES16, @ANYRES16=r0, @ANYRESHEX], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) (async, rerun: 64) syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00222200000049e9b31ce93ee9070c000000290495b9585dde83000000000b09007a15b3"], 0x0}, 0x0) (async, rerun: 64) syz_open_dev$hidraw(&(0x7f0000002300), 0x0, 0x14e040) (async) r2 = syz_open_dev$loop(&(0x7f0000000000), 0x7, 0x400) ioctl$BLKIOMIN(r2, 0x1278, &(0x7f0000000040)) (async) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f00000000c0)={0xbfe, 0x936}) (async) r3 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000004c0)={0x9, 0x591, 0x5, {0x9, @sliced={0x2, [0xf, 0x2, 0x7, 0x1000, 0xfc, 0x0, 0xf9cd, 0x9, 0x3, 0x3, 0x7, 0xee, 0x4, 0xd873, 0x1, 0x9e51, 0xf, 0x6, 0x4, 0xacc5, 0x1, 0xff00, 0x9, 0x1, 0x3a0, 0x0, 0x8, 0x0, 0xfe5, 0x4870, 0x7fff, 0x9, 0x4, 0x0, 0xb68, 0x2, 0xfffa, 0x8001, 0x4, 0x7, 0x5, 0x8a42, 0x1, 0x2, 0x5, 0x580, 0x0, 0x7ff], 0x401}}, 0x9}) 1.156730322s ago: executing program 5 (id=3812): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x9, 0x29, &(0x7f0000000280)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x3}, @generic={0x74, 0xc, 0x7, 0x4, 0x2}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xd}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x3, 0xe2, &(0x7f0000000400)=""/226, 0x40f00, 0x40, '\x00', 0x0, @cgroup_sock=0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x5, 0x1}, 0x8, 0x10, &(0x7f00000001c0)={0x1, 0x2, 0x6, 0x7}, 0x10, 0x0, 0xffffffffffffffff, 0x3, &(0x7f0000000500)=[0x1, 0x1, 0x1], &(0x7f0000000540)=[{0x4, 0x4, 0x8, 0x8}, {0x4, 0x5, 0x1, 0x4}, {0x2, 0x3, 0x10, 0x3}], 0x10, 0x6}, 0x94) pwrite64(r0, &(0x7f0000000640)="91c89611ac20d0feb31f413d0569e78367bd83d7588b213b207e31e7084618a4e443b5b5a6f68895277fa98e5b77ce1ab9c9136c17bbd73f2e0b17d88df50ce6d49167fb67374c6cfbc0c54b42eb6e6a6f90fd91923185224419130cd2b5394864773347c4cf222568f103c91f289ae010205422f5c06b42259378677d5796ab00141329aba1f0fc58bd1e30b15da53bb5221f6ceacba22845b8738d261cf8565aa1dd4ca00dabe703ede08244b78d4540d74360f5b4434b82fbbff60ce554871153aa267997d1ab8e2254a4a22a30b20d98a549b07ce6f4b5f9", 0xda, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f00000007c0)={0x0, @bt={0xa8d, 0x870, 0x1, 0x1, 0xd59f82, 0x19f5, 0x4, 0xb, 0x0, 0x3, 0x27fd, 0x2800, 0x440, 0x3, 0xd, 0x1, {0x45, 0x80}, 0xcd, 0x3}}) 1.137744883s ago: executing program 6 (id=3813): ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x80000000, 0x200, 0x42, 0x50, 0x19, 0x80, 0xc0, 0x1, 0x2, 0x6, 0xc, 0x0, 0x9}, {0x5, 0xaef3, 0x10, 0x0, 0x9, 0xff, 0x8, 0x3, 0x4, 0xd, 0x1, 0x6, 0x1bd}, {0x1fb, 0x7, 0xfc, 0x10, 0x25, 0x9, 0xd, 0x0, 0x4, 0x1, 0x1, 0x3, 0x40000000000004}], 0x4}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xffffffffffffffff) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x7) ioctl$KDSKBENT(r3, 0x4b47, &(0x7f00000000c0)={0x41, 0x7d, 0x3}) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = gettid() socket(0x2b, 0x1, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) splice(r4, 0x0, r6, 0x0, 0xf, 0x8) prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000032680)=""/102392, 0x18ff8) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, 0x0, 0x0) writev(r2, &(0x7f0000000300)=[{&(0x7f0000000140)="3751f02b82f73ccfc7c431617753f5732f765c975ebce8947e5388c4ff26fa3893119fd1478a576d9456136ab5f15493d175754e4b666e989869d01d418adc376ca22d8077c1b54bea92b5977a41d70ebcc4735ce6c012a5fe5ab7fef98e864216699a235d615ded3292397894b34a794bc14a2edfdc6978c0c97bcb02de69", 0x7f}], 0x1) 1.050472169s ago: executing program 4 (id=3814): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006180)="3ea4e4305830d12dd9009ddb857b480e92a48b3e45093694091ed788285937ce7b2473522335a690d828b02ab613f956aecae781037db019ffda49138a514ee99a088fd6a2a0028ea055aef75e65cdadd3589c49eb6088bdec10b6d405a915a037c1f8037e1b9301fe4296ab789db8c69c3636af08fbaffd5106dd3788c626c35510cc0ebafc64e8b300d0ffa3bcea4d2e036bbc8dae2e46312e9a637b3002b8931a66cbc28a30ee3287a18f1d162a5985f7ef467a43a807cb75d34504dce996e2a3f1bb43e867f141ed07ef08e0aea605cb5b10346efd6b41a23ea6741dba1e2416380b330788486bba4e359fc0d094cc5301530c1228fcd0e378e0260dbdd56788ad718cac668467d4c50a9878c501cabe3389dcf76acf0267489de4aec621656bdd3878de387af2a3dfa7dbf460daffbef878ce2536a57b05bc44a1e01ef54cca3ad250298c95a52ae9927030eb1096e00f265283a30b4ede2c934dc62c46929761e230567d2ba5999495a5a0977e3156a44365b177a07cae07864be9765ba56bc7ecb29264e6dad2e41eebfeb1ef4115b923c49a8e0919db1de67b1cc4c2f30a672d64efac91e63d7bbf75784aa49346338b22504452b36266eb5e924d4b215ce5037da7b98f09a8dcd086f36787cdd6fab9ce916d12b7b939f113be8b1872a75aa0d8977fe598227998c8b5fa3be8831006f6071d2522b1c9be03873844b0a6e2ca1489f2391981ed762f743e4bc35fd1ca7158bd995a7b801d8525ce381de5497916d59183636f72e9b58c72179f678d1d4434a1fd39d304c3b62cfca763ee8c6108bdca364a438145775a76462927207a7ae654801635dfe3c1915d2ab57a11675724b17c0becb9b20f95d5beea1dd5a6eb66ea864a7d22bdefdc6e13a2a4a8c7780b4250c92dd9bd99453f24268cedca6963ab64c024e56e6f3ae74cf8d1eb5bc3c7292f5fc7d37b4c48ca981b8f54528dedac99a19c1181698b1982668c49b1a6b55142944a0edf891659ea82570ceefe2ca50a95e7df6496acb6bd979ae4b5b6327a201288b8ddadfe0cb91bdd64e74f06deb0133385f5c9cb6e8e554e4fd29126f550adc440e6d42de1bd3ba0ed5d0ebc91bdaeecc7f253190a21eeb51a14b2d949fe86626a88fd33ccd40379f67de81341d225a116e60770ab972ed872c124cd7c0db88709a48487c1c9fa6442997431b99a1ac224a8523430ddcfd699ad27e16bbb54db40785b869328e8e804ed5fc2f4b3e4548a9e60d5b73b2ac8564e8424e0dd292924feb14fb76ed19b1d76edafb1bd5585717a9eb73a8bef605e3ef3f6f8518faab6559f5b4b7d2c07f73edf67d3780d8b5b2042788e5d2f7c7184a80a1951323632b62101094bd80acfae621e56cef19cd059c9ff72fe564944bf8063137fdc7905cb63489cf8d250bda94f453c94fb2f6f33f972c0ffc4830bc8d7fb98c4ed8ef2fa6e147002d488d97122d579a9b214b09f792279021a20a36a05c74c9a668bbc4ee5bba0d8f7e96fe9a61feb01b7c0537e47894c3e7b5d19ce1568f8d9f49f3adf9c02ac941a3edf68c841f29fbe82450c2bbdcb7270dd2f5722666bd21c0839541c907ff43da0a10a05e47ac636d4f9c59e2abfb00d31621ac3f0455723563e402bd3ec56a2b7e59a82262119b02eedda2baef71a5d5efd2533b7e6fc01d6cae9d514fe63b30fdbd92548760f876f8d77e7fd8500f83e6f4e6290e4df64c73d6ab61737797b05235dea939163cf55f322939014acef81d248baa46e1ffbca5a699f0824988b4313ae222bc8d3a3c1e875054a9494c9beac817179749b5cceabbb7cc40bdb8e18d598b683943a61fe105b868896d78e1e3a802774170ef3c1f339b6d20cfb5a260fa197aad2e18146ef53fa9c783772dc9e251c2140fe89709d007c5343681cdf4569d5f3190c0d799504aa0a9001e26a11708fbe929f63ff691a3a0c7a06125d3b3d13b3241abee4fa8c6d27b26eaa58b454e34fe20128a15cf7f96bfec32904af4b2e04c26bf9393d45b0d66a1a2f15780a67ff34daa1bad27262ec78f27f9ff77157ed5201bf257e1d1d06f2cd3a4cbc02bb9003caebc7e7e9fe7a256de9fc2cce105644c833ee659e3f6d526142d154a881cb70ba8df353a5714bfee5480cf8bff86c62c3a56d45f821d99413f8ea8207a41b7d577e5a1788d051c8c19cc1fc8be844f18227b7eeed330a213a58009c7ea3cfd5c77093b5315c90d36fe15ecd9d9e7e4208aac31abc3928d162449ee68f04aa2aaf5b8711529b97944a873085ed6b59b53b2ef8a397733d5207eb27a81c646eb7079aff7403181b0d658abcdc3445096844b3139ee23cb30f9527b5c84105604e8aa57b32e0470dffa95719415b74ce519ac27b20a38045a9792043d3c5b426deb70b3418d9475c6b85580e7e414c5a9ff35ce7c6fe2f2d5ee8d0aef619d8c2c06e0af87a9bad9dfa2f6ddb57c2e636563a9ee58c8613be2b329f4c16efbe56ae671e712e90712cc4f519276cd7cfa3e421e87ace7e5469665b4345322c77de68639a6f561a0d203d4823d4c3a84f1b2b04c60cd2fe855652c1000b0f5e1bcc2355496522a5046a849d407b5d86123432a41d64b549c1713dc3f0b4a787420c9d3dd3052dbac55dc15ca6584d08bbcc7ece7144fc179d302c5e0833b1f667e0f4110ad9b31f5b7e19e11fc1bf5ea0f9a81806ab5bfa8caff29b84c53c04a85d175c05a74d55b548ae69bb365760ebd841cfd094ce2d7cbf447285f53f5e7cb4ccda0a607c9cf7c3aec55966aca8b8ce33eb30a138c3e4d85e4def697e0e00defa03f2c501010baa3470450bec0acdfcdc7f530584e7c2600ba58722303a11c9387edcfbdc85f1128155374f9844f381c2a8a15bb7df67db46f30b9232d3d6037d86dbbbed316bcc5be6fb3ab78a19c9df2889188c7321ffed7795dfd67f3853e516cbaef5d079aac33cbd2cd920b560945744ae03611257ccc66e9523de5282efbf9871092795c05685cfe8749ff4a4cf42aa19fe4f935a71ba462860f1243824fc2888cccc6866f1c81f05bf993b58621cc8f9c6e72a7db971e1bb40632d75c119acbcdcb88b5f1ed4fa5162da82ea66c21f2064867d86abf308a1c65c0a16879d56e2e76ac4110acca20be3abb731effad3aef7f0da4acb9aed0283111670d5ceeba5a551dff13de90acc9dc3176923ad1791a73eb41a3f5c260e4df26a1b8782fa85e5cbf5c20a62bec97da4096264fafafc9f5dcb9a8ca2990a144d6bd138cddcba35fe3cd2609f0189d37e2d76f6d96ea2ba1d5ec9b42c94f254904cd938ea2004b43a111c2f5b53eca1bdb68f8e84fb5834098ea5dd6388d41c987763c8b2c9733f758dd74ce5eeda6cf28137a4d83a66f05d90fb1c9acb0214eb7e5d0869b201330b6fd1a2948e0ad0af0c4f3deb08fa875223ba27f1d42f63da665eaeac81ea9eca52ae1afaed3f4252976019de7d61059e29c8220e88a2d9a4e6202839c74dda2ae43ee2514b55aa812889e4f8e153f9859af16f130053024a8bac43fad387cd526ef42bea5cad61230bbf89db7946a03101d18dc1ae46d046212ec5285564e65d876283fb937d6e38caaceb5716c8b2628b3a349058fe27fa58d53d6e5a769996217960e50846b2cd1b9fbc686f157e19d69a2050098097d45c2879e89e6fa3c5c79339fa3881fd228c29588befa5eb769a1cc1b67e8426b386ee0e6a80d7dd261b0ffb14b321190f1a390c6a0e8052a750d4cb587720ae43f6ffbd7f9328985b2aece118d4838c2eb55e8592823f74550b5d49377464890903f2650999fecb01fce6f6e51eae4f193bfab5f35b854cb0221e75898f111e94d5861fb15086889a5f804df2f7fd41cd49b663d352c59c6e8455f8287aab47cfba4d860c81ae1f61eb8bba8f18bfec3da3eec80bf39a6ff8d028650da69c108f98cdd8359756ff2b911fa688131121523187f1e449baeb64e332558c9d5ad9794e514a4239fe3277749506d69b3ba9df2c48d0111c526674e1ec144de88c58c93ef06da80e14675d0b14842a1ca644af3d7fd5907a46ae58df07f060088573683d14ab5310d471e139a47f8080fc282f16eae908671f35a9c1a7b2941ec86e85e15207e824437f8f79b173cde14b9fdcb9ecd82b224d45f724df18760a2913d907ed48a696367985713ab99d2416213f9991766161ce075aa6da4a7fba3a47c67d04ad7e669afada886f046363fb03a0cc795e5a1840e419967b1a19f40be8bf2a512015d486d00c4026ea86324b5b541ef8388f070800421c137d8ebe7c9a539b529a4af69165c1a6ea23534ce8efa7efb2ac55969df429f3b32d2f2aecb5087359c1b83224e4cfa2c583a1e147dc0202334a2c953383cc69e3a807299d86358b6f42a499eaa5d5680cd670fb49af6488c7cce6efae45682f98d63371eced65de02a82bf560a335ba630283dd77bd3d15296bc21bc337fc1b6d34d77ea7f681055459447f01b65623218dbadbd1958a249ebb76fea35d56299a017c4d7920fb0433d5769bc5130d8a5ed950f8084ba0036078374b82ad14a232f137214bcaa82ea7fcf7393ff4226aa1effda1d44a6100896ebcffb9414baf53c77c84113ef99f89f9f282b19b0e057893ef9c81399e1db0e3a25549dbdc69895e5eebbc545e468401d18dd20afd2913f89c3c0d95d54d5145f5cf434287e01b73b2646a7dc42e0f64fcdc1f3853aa41a6242c6cbafebfd62d147dce9368259beefe4d28179750893fcbdab5956f582372c1c616db2a23537a353e08e275fece1a7c0c0bd9483160fc643ceed9d687d520e944923f1eeccfe7f2e5e1c5876810efa0deb7f00c8f606ca5c14e3bab922243d013288622cad6667696e6759742376f7546339ad37a9246c98a6500686aaec51e2391285e7bdac34fbd4a1df2147bbee2d56c7189b4aeb3880bbc63e6b922b27133497be09318b064166ee8b5ca1c360dc510592bb3077293ff7e48bbfd2221a8c823eef8e677b51b40c7a8bfed1def9e19af5a418b65567ad9cecf4c16232683740dfceef0bde563a0942db0d77493b2d683d413d9fbd0ac8fca1ecaf6e57fd7ae680a493d8c697d3cc038cfcfc55a9a30152ce450dfec029a4edbd38f10222149a87d358f881847d4daf8b182d6b1313d616a767dbd9d71c7a3ca896021216665fcb2c8fbddb593013118cc8ab5044bd6f99bb278ad871917c9b1684cecb2d0e8babaf33fd98c02d8451aa48f3b2a6d6e9a5d12910c7aff613cbcdda418a76abff697229b47783577d0ce2f0041e1360a10f607612405b9b06180d85617ff9c5993a986b32071cf4c43b97f53eef9311929cb8035ec5c2f65cdc40bd757d612de5b9a7eca6e7e70365dd47256ff9f8922e91ff22bbbee51e153d5321dc76ee8a664505da2039da1fc87e3727f085a47ce3eb52b95edb41ea295b79752c672348621e4d49c48b7d065d116cd1ebe6203e9ed62a9d3367eec2ed7cf3e4762b5f71c6ab34a953482414b762a455ded6e0ede9e07c3b9915aa51aded822c57a72ee3ed236b7c8c3b26db5092baba5d4d385d1e3c0e0d860da91b33a85c20e30da31b890f85a88a5c105e8aa32d6033beafff9ff510a7c7fa566b86eb473c702fcf08449c581650c42b90843b1baabbe95b476983fc98397abb52450a65505212b25c94a2fe3d64816eb9a76e8e8e945b7dd544aa039e61fc6331d88ee4ba297bf0d59a04c95579b62f316da65064247cc1d45792f1510103708d636c53f201b1dc2004a479bccef0bab9bff46eaaedbaa445417ee040c568ca95e606d9d9431798e91491f48434551cb8d8b4b81b389d43845e04d98dc0edbb74eae8d13ef3f662a26d7e548218952bfb4d697bd5c3700cea776ac3eb0ebae5c101bc341688371e31bda8cf7819ff4fa3a478faf97582d497112e510b2986f4238d3d4219024ac82eddc2dfe6d42dd1652ec09548768cb0a46e475493a75a75c54c47ec1e6265d34a87634e09394c77a41b01f374a79333951eec0423e037e0a5dd3cd12dbcc25fbb028613aa7382bade63c1d300b0a6d021f65fca7905e622eb54bde35d59c169f970e3de01272229e78382c7e87cc052da8b7b2dda1d29bc42fd2b7091feab28c14dd9cca5c8946afd8a466c681025128d3f752a8bfd2a8bc0c1bd89c01ad7803d8fe9ea1247e25d8ec18e0c18b8e6293b85cca5535a075b799519623d98a9bb393df5f17065a7f11142320e3138fae891346ca10040fda33128909b485ca1fa733f7d44e424d8dabe3f38d4249c3cb3f22d10521e536be978ff2dee276098db46b56e782596a68d5144ea1f2dff227956f4f860135ec2e0cee212a51b63c60e775fa2e0a7dbcb6f3d27f09dbaf55343bd2af3aee72ed39e15919d3e5b2bc67710c88a68806f1713313887e72e6af52f7de7009399b81cadfe76bff2b61e53b259218bf854d52644bd8e722e170bf9b109ee819b960b8d9da0d2dacf48083bd8a766d3818eae48ba408e18c63c8b59e282553a71f62083e6a007ffa6ce8ad271b7202da28f1d6be4332f404c1e2b98acc4d783785c1eab14361db6382594a9bbc3304f121f198948c91fe58d96aa6a8e12cc3f46f283e635548d96341fe3052aed45be1970010bb76325873b7902f0f73bf21fbe0a5cef6ec0b50902174c3515c89421a496737024b22db73916c4a41d294b8eec3913421b784a2629132461d4e6d5498a88b87abe2e385df8688b70b075e2139def62c18c60f96c1715e203850155ea7bc8d67e77428e9c96a3edf06d984f29959217633a907e7aa0f9792313fd30c6f767b79981ccbf1bf87942cf082090761f9faf5afb90f56a80908cdf34387d3c9ac4d27321b8b2c64f66eb3bc0f7937b0771b68eee977d5f3682fedb04e51868e4e588eb625a71db0057655af47806eaa6b875304738f1129d95ef85921db8b584af8e389297c8d59eb4f5f784474e5e293f48c5cc45e490878c31d32bcbfc88d51f96eee3cfaaea0e443505825a52603a06aa8cdc8920af575650833e7715dc2205ecba7e304eb121cb0d65609b853974fe9ddee9b9cb9fe4d1c08fed5b2f3d0f51e104635dba4857520e0cf319438659cb765bbbe6bed3a6451a85e3efe32707b2c84d7fbb99cd80b3529605b221b808cf34bfe776607cb4074cb9371306c74f3c38a4b48f8a8da8a02be28a08f5a0da463aa85863ef54276c4f414667d3812deb6b0e882381932585e3d08c6f3c2c13b9987088b345e1216b3d525c99820c0b6688d9c0271f648da1881e58fbf5bc02acf226d9e90a64911ebb27b415f3ff4f7bdeb9fdd5bb1f39a99f909f80af444b902d1bd96562882da6e0ce9efb2adfdcd78803164a5ebacd12d6246571066e8f05a37d9eebbf41a88926b6bcb287f4ef47728ec00bd96ccd72eefd5815fa9e2840a100e08be686e6b664c938a0eaa7588e87d69809af59268f3c4e92a98a663f83481668e0f3ee684a6728fa38c75cf66ac73dcee17dfa5ca94601b1e5ff91215492270e24c4abe4dce8686e99d3c64e7c3f5972152da99388bb59e282a1e300627e542cfea5a390dd11f0c95f52702982c0e8c690c1e7bca2ecffb7287b617090ace76f818fa8a9078978e1e249a7f4fa281fb3174fec950f6b9afaabb3279e22c9c37a4ea1c05df6c49c1b89b2ed23ca3673f388f502edd3edc358549c039eeec6ca4ae3404bbfb688c3d90cbd4a092e035ec48c3bb1ef08e2b1b6326622419356669a8399954dcbeddb197de9fb5407e105d800b6cfa91de41b2eb3ad2ead5487b9c7b11e76f2ad08711b00cb8f3da6794398a961853bdcbde90086ff13d69154442c8caa36d56862581a9f326f85c6722be613caf2329d4ff9734c99016390e793b6ef90c540ad3c7478d7b221a71e0f10575ce5f666e2425903f3c358c4dc5b29133da5027b541898b501cfa144e166d1b1d7470d05aeda051a1cd5bc3bafee7ccf8564682cd728d0dfaa4f731438de2ca3095f105c0bad8f3b039a427729ba1f96238403e3d1c8a2bdf1730253d6c78e42f4dc5a6079e95ea5013a9d335e628ee7d2dd1c7f2d25342b2be5c9fef9fd5eeddc8665c1a39705231538d0f3a19e9c021a7d6d2d1c6b3f4b483e6198ca6d269db9e82746c5ea36c70f29fc98462ecaeed27547de6435a82112b2ec9a8c1e759f82d04810824d97f1ca45071f6ac242b90b218f2c2c9b4cd42b56dbeb5e947a8e8b476749ab8cc7d910fdb17529440107a565737b69440cac0b418858d62fb7af804c5e483faa849a6375ea62581eff9c4dd3ccacdbab7af9fe9b2be75cb2e322c296cb91a792ab424f77ff348d07dfc2a5c5af476cc7c44de169dc1702ddbd5e4d7fb11172d8eab6df3b70c7b66fec5177a533ed44641c291ed9d8cea6832c24c3cd279c9f3bbb355fe47364d23af48cf8a86d27727ab2adf771641ff447291fa9ba99cf5c2cec5c968d565aabe16cd07d752f7d5b2c78e77cbd2dcb2bc151a35207026c98b755eb0e6fdc94628de7653f7a461e0b51f5c089fc4db6deca2243e3e5532bcc279dfccd2651db61565968dfce800e995626a4bf045e3522b996dee4bd10980ede518f4a5d986f41c53f0e2820853337869645c31c41c9563f1c01ce651e916f7472b04929feecd09ff768bdf74f0b40a0c58555f2a390db9bb7990dc31f995ac4bbf1f90271cd4b90ef7fcd096c34040fbd4a74aefdc5a6b8edf38da8084c87564b10e6e2cd7d0ea6849cff02c06e4df741c278f0d29ed6c6c739376e1c262f9d780fec67aeb519cfa669c9d6487ba527e0ccf5012954dbb3ecdbd3f5be1c018784cf83b3bd040e7116be8401e760f82cfc86ac19a18f28c894662f8dd13b1aea577c81bf2447753b57853765eae4353b65475e10c3b36bf0d0dc3199dabff76a06f70b173fac295db1f52100547050f052b9d287155bc8b04435ef35902395ae894bed80080fd3becba14c51da2cf34e2999cdbbf652dc6862e8e65f675b1d7e5da57fbfb497e8111dfe77164372d707a5857325c47afb462f7a38f617d158e8a28fda6d121e532e44b2ca9cef3c34a7a8d748c4edd061b62f6ab7344317b0dbd8ce4836142719a7c0835901236180840246527f3ba39cb64614e95d4af008d281b53853532abdc663051d041af7d1aa9766ab185efb77fcf278f09577e01e507a2034f435b66cab7692a1733d1ad3d5d566396fcacfd1bbdf542e35136a49e2d3cbc21ce157ff051a0c1b636b159f370366565a8ddadaa1502b425ef27a1ff070c52bd17595ee507dc984aeb14d2aba07fe786f3733e3527d5bbfcacfb09d3d5cf94738d1b13d2590b1bb1ea2eb400e9605f90b4b23c125622da85ece62e4493938099a4058e0b3dda2532c6d62bd033ee7a1cd7683620a6501e3ca420f9a64f462bbd4f125d154beff38c8f4a1278f9d6194289234d7e9fd397feb24fe1a8636e334d1342fa590b4578b3c677aae57119bea99ff7a5635b98ee867a282e5f3444b70415c0c33942f041c28589ba0de67d7b7ebe43ec6656f60c82c9d75bc8dac80791cd59a9c576ccf726cc97befcb9aeedf32b9ec6f4aaf043ab9bfc4712ee6bc4906dcd9766658ce56fea361518bb54ccca4bbb82eb64e417a37899ab31736ffddf51f97aa710b29f18ada97a200bd65d655364149db2c41cf32bac2c4bf799bb2356335a4fa01016da72bc7dd99b3f902f8b80a89d19bb04f8c49cdc5a78b17b52d52c06f18baa9839332f3ae59909748cd4dac49c1901f3c2dec64ccb40a49fed1699fe1140f8602384a930fed2ed6f9c120c9e6158aae34d8ec8a4fb0cb7ae19c2865e3939b499b5a08183c342ff4af2b3400980879aaa6e29784e90bfc915b9f31e79b742420952bda798a8b88c77134cc5752630e57fa23f9b174535e3244c9fa475d1b2829fdb768d22d6564e55556fd3750bbb223f3b5748a57c899d324f359c3842fddf8055e1b40588365393b84aa798fcc8b321ba1eeac33d340eda01fdf697e81bb5b55852f6b355a7dd2082cf087949cf9fbbf697af8f81c20f25a1c0b92fcb06dddc50c5d9e989a15a2fb7d0544f1844e3f46711165bab1658615f440b71f93ddb713ba91e8f4d91dd17243082d61cf43fd08861d42f41f1ebc68be633bfcc79b14cdfd7b171ed4b282a926055ce26e7fcf40d1e8e7d05ce6660fdb825dff76d735bce7b43c98e5b6c4763ccff99b45c1439859ccfc61756c298eef7424c465aadcd71455448827e39e5ec21293f2007617fae73b74de8efe349c726a9dac11524720fed5214101b4f26ad6fec2215a54980512a57358545899c6898692d805134d606b3022d16954747d247db0093dbec65fa7d101439ccee58a8790ee0daec0976a743d8f7aabbaf8d9945e95ceede27387e2faebe8d1eae6feedb78cdf016c6c5888e56ab4830b002513f87aed9bb4988784c0debd8f566ea9c8467bab4a52a52de9e262f16ffe222ac1ac6f6d5de557eead4554f03bc8ebd681daa2ae6cf93587d32dcf53a184f5019f0fad0729095a5788b04fc6987064b80c6bba46e36fdd767ca9c6819445e95ec7d60c3f9b2716c206a589e413fd7bf1d8fd3f1245ff54d6db4d7b45f20cb4f6dc8bcde65484d70ac38921f89261d27fc85203b801867850457a3b61fd55e805bd3c40a336bf87101d8914d21c8c968e934ce265cca3efe21d3ae1b78848f7b50a9a2e9b51bfca2ff7e0292ede0aa013af1c09242d6e53f23a216b8ccc64402a46eef3411c06cabb5435b1d2d8ddffc2c3dbbbb0e707e03ae0c518414dc7304dec25084891255011dd133d235e663ff38ee78c9abb93c9f692c5195222c881e35431d638367c7e570c962646424dae41fa2b2af118a93add1e088aaf7e1dd108c7096f4f9868a8af02cc15db7493ef011d320c6d64f6de56a51748e9dc4b7bd1bd515d3e9522a65e87e25477f71a6bddaf7ee5a01d424ac153efaa52f1e56fbef9f66efe5642f7dae41e419a64be65635a088885717942d475daa806ab151b087525446227d0d75a493d5a98486365b3981b3bb77a7c6c6ed44a120a98d0f2d35e8ce83837004c39bf09ac5723b1d7d7392f6e94462e86de853c6841027c697236331e19aa45693b2dbeffea7b00f0b284e49b04935327b9808576b397cb48d6b1960d06058f1cf2d0641d7c99e79dc9d47efd1d5bde85bb51ffe4a687c2d364713ee0ca4981f371c7a418b61118431984324f84f8cdd6e2849c00c1f14b1732a08ffa08d39c312dd809f15c8a651cbec053e870ac04c131946d80a8e684c8f309881f98220d7e532773d4d8304ae53428390ca7914a408030fae3b07619352d8a1edc33856530f806b8efe61bedcbe199aca4dbe79bdacb08b361e31f59c00463071fb19edbc0cb84c59130770fcd17643f7c37c1f54753f40fbeeeee31b22d89944ac6ee913e63145e3e35f804d2cbd08d9f2e278be717872a4fae63d8a8b462f715c3191d394a67a724fab2e4ec31c439fb2fa01295aeb56910fd406316bdfed587c1b42a733542a55793303e59dc23a40bc9b9f5713a3dc21b95b591ac9863f31a4ecd160e7d9b7b2ec2b137e67", 0x2000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0x80, {0x0, 0x0, 0x1}}}) 0s ago: executing program 5 (id=3815): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x3) ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@gettaction={0x148, 0x32, 0x800, 0x70bd27, 0x25dfdbfb, {}, [@action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfffffc00}}, {0x10, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x10, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7fff}, @action_gd=@TCA_ACT_TAB={0x34, 0x1, [{0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}, {0xc, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'nat\x00'}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}]}, @action_gd=@TCA_ACT_TAB={0x90, 0x1, [{0xc, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0x10, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0x10, 0x19, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0x10, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x2, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0x10, 0x18, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x16, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1, 0x1}}]}, 0x148}, 0x1, 0x0, 0x0, 0x4840}, 0x8000) writev(r1, &(0x7f0000000680)=[{&(0x7f00000002c0)="93acae", 0x3}, {&(0x7f0000000480)="c363e4d9aa", 0x5}], 0x2) kernel console output (not intermixed with test programs): 69][T18777] pim6reg: entered allmulticast mode [ 1752.886546][ C1] vkms_vblank_simulate: vblank timer overrun [ 1753.499637][T18801] CIFS: Unable to determine destination address [ 1754.046869][T18804] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3460'. [ 1754.152111][ C1] vkms_vblank_simulate: vblank timer overrun [ 1754.246523][ C1] vkms_vblank_simulate: vblank timer overrun [ 1754.247792][T18802] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3459'. [ 1754.333201][ T5886] usb 7-1: new high-speed USB device number 116 using dummy_hcd [ 1754.333557][T18813] FAULT_INJECTION: forcing a failure. [ 1754.333557][T18813] name failslab, interval 1, probability 0, space 0, times 0 [ 1754.333586][T18813] CPU: 1 UID: 0 PID: 18813 Comm: syz.5.3462 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1754.333608][T18813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1754.333620][T18813] Call Trace: [ 1754.333628][T18813] [ 1754.333637][T18813] dump_stack_lvl+0x189/0x250 [ 1754.333668][T18813] ? __pfx____ratelimit+0x10/0x10 [ 1754.333693][T18813] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1754.333720][T18813] ? __pfx__printk+0x10/0x10 [ 1754.333748][T18813] ? __pfx___might_resched+0x10/0x10 [ 1754.333767][T18813] ? fs_reclaim_acquire+0x7d/0x100 [ 1754.333804][T18813] should_fail_ex+0x46c/0x600 [ 1754.333833][T18813] ? __alloc_skb+0x112/0x2d0 [ 1754.333851][T18813] should_failslab+0xa8/0x100 [ 1754.333878][T18813] ? __alloc_skb+0x112/0x2d0 [ 1754.333894][T18813] kmem_cache_alloc_node_noprof+0x78/0x6e0 [ 1754.333926][T18813] __alloc_skb+0x112/0x2d0 [ 1754.333948][T18813] alloc_skb_with_frags+0xca/0x890 [ 1754.333985][T18813] sock_alloc_send_pskb+0x859/0x990 [ 1754.334029][T18813] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 1754.334052][T18813] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 1754.334081][T18813] ? __might_fault+0xb0/0x130 [ 1754.334109][T18813] hci_sock_sendmsg+0x207/0xef0 [ 1754.334143][T18813] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 1754.334173][T18813] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1754.334197][T18813] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 1754.334223][T18813] __sock_sendmsg+0x21c/0x270 [ 1754.334251][T18813] sock_write_iter+0x27f/0x370 [ 1754.334277][T18813] ? __pfx_sock_write_iter+0x10/0x10 [ 1754.334326][T18813] vfs_write+0x5d5/0xb40 [ 1754.334354][T18813] ? __pfx_sock_write_iter+0x10/0x10 [ 1754.334378][T18813] ? __pfx_vfs_write+0x10/0x10 [ 1754.334412][T18813] ? __fget_files+0x2a/0x420 [ 1754.334448][T18813] ksys_write+0x14b/0x260 [ 1754.334478][T18813] ? __pfx_ksys_write+0x10/0x10 [ 1754.334505][T18813] ? do_syscall_64+0xbe/0xfa0 [ 1754.334535][T18813] do_syscall_64+0xfa/0xfa0 [ 1754.334557][T18813] ? lockdep_hardirqs_on+0x9c/0x150 [ 1754.334581][T18813] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1754.334599][T18813] ? clear_bhb_loop+0x60/0xb0 [ 1754.334622][T18813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1754.334641][T18813] RIP: 0033:0x7fa8fe57efc9 [ 1754.334659][T18813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1754.334677][T18813] RSP: 002b:00007fa8fc7de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1754.334699][T18813] RAX: ffffffffffffffda RBX: 00007fa8fe7d5fa0 RCX: 00007fa8fe57efc9 [ 1754.334714][T18813] RDX: 000000000000000d RSI: 0000200000000000 RDI: 000000000000001f [ 1754.334728][T18813] RBP: 00007fa8fc7de090 R08: 0000000000000000 R09: 0000000000000000 [ 1754.334741][T18813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1754.334752][T18813] R13: 00007fa8fe7d6038 R14: 00007fa8fe7d5fa0 R15: 00007ffdea4d0ee8 [ 1754.334786][T18813] [ 1754.484031][ T5886] usb 7-1: Using ep0 maxpacket: 8 [ 1754.543209][T11145] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 1754.614470][ T5886] usb 7-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62 [ 1754.614650][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1754.614673][ T5886] usb 7-1: Product: syz [ 1754.614689][ T5886] usb 7-1: Manufacturer: syz [ 1754.614705][ T5886] usb 7-1: SerialNumber: syz [ 1754.621596][ T5886] usb 7-1: config 0 descriptor?? [ 1754.683415][T11145] usb 5-1: device descriptor read/64, error -71 [ 1755.334857][ T5886] usb 7-1: selecting invalid altsetting 3 [ 1755.334881][ T5886] comedi comedi4: could not set alternate setting 3 in high speed [ 1755.334898][ T5886] usbdux 7-1:0.0: driver 'usbdux' failed to auto-configure device. [ 1755.341628][ T5886] usbdux 7-1:0.0: probe with driver usbdux failed with error -22 [ 1755.353538][T11145] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1755.513675][T11145] usb 5-1: device descriptor read/64, error -71 [ 1755.526274][ T5886] usb 7-1: USB disconnect, device number 116 [ 1755.628563][T11145] usb usb5-port1: attempt power cycle [ 1756.328158][ C1] vkms_vblank_simulate: vblank timer overrun [ 1756.393788][T11145] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 1756.474823][T18829] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1756.475028][T18829] overlayfs: missing 'lowerdir' [ 1757.000554][T11145] usb 5-1: device descriptor read/8, error -71 [ 1757.084210][ C1] vkms_vblank_simulate: vblank timer overrun [ 1757.087454][T18822] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3464'. [ 1757.393556][T11145] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 1757.478813][ C1] vkms_vblank_simulate: vblank timer overrun [ 1757.523334][T11145] usb 5-1: device descriptor read/8, error -71 [ 1757.638232][T11145] usb usb5-port1: unable to enumerate USB device [ 1757.893793][ C1] vkms_vblank_simulate: vblank timer overrun [ 1758.133821][T18835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3470'. [ 1758.133850][T18835] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3470'. [ 1758.326267][ C1] vkms_vblank_simulate: vblank timer overrun [ 1758.596820][ C1] vkms_vblank_simulate: vblank timer overrun [ 1759.579099][ C1] vkms_vblank_simulate: vblank timer overrun [ 1760.216836][T18853] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 1760.331281][ C1] vkms_vblank_simulate: vblank timer overrun [ 1760.806605][T18857] CIFS: Unable to determine destination address [ 1760.881091][T18862] FAULT_INJECTION: forcing a failure. [ 1760.881091][T18862] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1760.881118][T18862] CPU: 0 UID: 0 PID: 18862 Comm: syz.6.3474 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1760.881132][T18862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1760.881139][T18862] Call Trace: [ 1760.881144][T18862] [ 1760.881149][T18862] dump_stack_lvl+0x189/0x250 [ 1760.881171][T18862] ? __pfx____ratelimit+0x10/0x10 [ 1760.881185][T18862] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1760.881201][T18862] ? __pfx__printk+0x10/0x10 [ 1760.881217][T18862] ? __might_fault+0xb0/0x130 [ 1760.881249][T18862] should_fail_ex+0x46c/0x600 [ 1760.881278][T18862] _copy_from_user+0x2d/0xb0 [ 1760.881299][T18862] __sys_bpf+0x1e3/0x860 [ 1760.881324][T18862] ? __pfx___sys_bpf+0x10/0x10 [ 1760.881344][T18862] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1760.881378][T18862] ? ksys_write+0x230/0x260 [ 1760.881402][T18862] ? __pfx_ksys_write+0x10/0x10 [ 1760.881429][T18862] __x64_sys_bpf+0x7c/0x90 [ 1760.881454][T18862] do_syscall_64+0xfa/0xfa0 [ 1760.881476][T18862] ? lockdep_hardirqs_on+0x9c/0x150 [ 1760.881501][T18862] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1760.881521][T18862] ? clear_bhb_loop+0x60/0xb0 [ 1760.881544][T18862] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1760.881563][T18862] RIP: 0033:0x7fa60843efc9 [ 1760.881581][T18862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1760.881598][T18862] RSP: 002b:00007fa60669e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1760.881619][T18862] RAX: ffffffffffffffda RBX: 00007fa608695fa0 RCX: 00007fa60843efc9 [ 1760.881634][T18862] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a [ 1760.881647][T18862] RBP: 00007fa60669e090 R08: 0000000000000000 R09: 0000000000000000 [ 1760.881659][T18862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1760.881671][T18862] R13: 00007fa608696038 R14: 00007fa608695fa0 R15: 00007ffdcb542458 [ 1760.881705][T18862] [ 1762.405972][T18874] FAULT_INJECTION: forcing a failure. [ 1762.405972][T18874] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1762.406006][T18874] CPU: 1 UID: 0 PID: 18874 Comm: syz.6.3479 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1762.406030][T18874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1762.406041][T18874] Call Trace: [ 1762.406049][T18874] [ 1762.406059][T18874] dump_stack_lvl+0x189/0x250 [ 1762.406089][T18874] ? __pfx____ratelimit+0x10/0x10 [ 1762.406114][T18874] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1762.406141][T18874] ? __pfx__printk+0x10/0x10 [ 1762.406164][T18874] ? __might_fault+0xb0/0x130 [ 1762.406201][T18874] should_fail_ex+0x46c/0x600 [ 1762.406233][T18874] _copy_from_user+0x2d/0xb0 [ 1762.406255][T18874] __sys_bind+0x19f/0x3e0 [ 1762.406277][T18874] ? __pfx___sys_bind+0x10/0x10 [ 1762.406309][T18874] ? __pfx_ksys_write+0x10/0x10 [ 1762.406339][T18874] __x64_sys_bind+0x7a/0x90 [ 1762.406359][T18874] do_syscall_64+0xfa/0xfa0 [ 1762.406383][T18874] ? lockdep_hardirqs_on+0x9c/0x150 [ 1762.406406][T18874] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1762.406426][T18874] ? clear_bhb_loop+0x60/0xb0 [ 1762.406450][T18874] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1762.406469][T18874] RIP: 0033:0x7fa60843efc9 [ 1762.406487][T18874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1762.406505][T18874] RSP: 002b:00007fa60669e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 1762.406526][T18874] RAX: ffffffffffffffda RBX: 00007fa608695fa0 RCX: 00007fa60843efc9 [ 1762.406542][T18874] RDX: 0000000000000002 RSI: 0000200000000140 RDI: 0000000000000003 [ 1762.406555][T18874] RBP: 00007fa60669e090 R08: 0000000000000000 R09: 0000000000000000 [ 1762.406568][T18874] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1762.406581][T18874] R13: 00007fa608696038 R14: 00007fa608695fa0 R15: 00007ffdcb542458 [ 1762.406614][T18874] [ 1763.833652][T11976] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 1764.101696][T11976] usb 5-1: device descriptor read/64, error -71 [ 1764.403271][T11976] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 1764.535177][T11976] usb 5-1: device descriptor read/64, error -71 [ 1764.770763][T11976] usb usb5-port1: attempt power cycle [ 1765.359766][T11976] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 1765.376015][T11976] usb 5-1: device descriptor read/8, error -71 [ 1765.503784][T13813] usb 7-1: new high-speed USB device number 117 using dummy_hcd [ 1765.548348][T18901] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3486'. [ 1765.567756][T18901] gtp0: entered promiscuous mode [ 1765.567783][T18901] gtp0: entered allmulticast mode [ 1765.589682][T18901] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3486'. [ 1765.623343][T11976] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 1765.664614][T11976] usb 5-1: device descriptor read/8, error -71 [ 1765.743067][T13813] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1765.743100][T13813] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1765.743123][T13813] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1765.743164][T13813] usb 7-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 1765.743188][T13813] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1765.757653][T13813] usb 7-1: config 0 descriptor?? [ 1765.776032][T11976] usb usb5-port1: unable to enumerate USB device [ 1765.828640][T18904] CIFS: Unable to determine destination address [ 1767.149627][T13813] pantherlord 0003:0810:0002.001F: item fetching failed at offset 5/7 [ 1767.150442][T13813] pantherlord 0003:0810:0002.001F: parse failed [ 1767.150517][T13813] pantherlord 0003:0810:0002.001F: probe with driver pantherlord failed with error -22 [ 1767.244814][T18915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1767.245296][T18915] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1767.438357][T18926] FAULT_INJECTION: forcing a failure. [ 1767.438357][T18926] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1767.438393][T18926] CPU: 1 UID: 0 PID: 18926 Comm: syz.7.3492 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1767.438416][T18926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1767.438429][T18926] Call Trace: [ 1767.438438][T18926] [ 1767.438447][T18926] dump_stack_lvl+0x189/0x250 [ 1767.438488][T18926] ? __pfx____ratelimit+0x10/0x10 [ 1767.438513][T18926] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1767.438540][T18926] ? __pfx__printk+0x10/0x10 [ 1767.438579][T18926] should_fail_ex+0x46c/0x600 [ 1767.438611][T18926] _copy_to_user+0x31/0xb0 [ 1767.438636][T18926] simple_read_from_buffer+0xe1/0x170 [ 1767.438668][T18926] proc_fail_nth_read+0x1b6/0x220 [ 1767.438693][T18926] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1767.438718][T18926] ? rw_verify_area+0x2ac/0x4e0 [ 1767.438740][T18926] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1767.438763][T18926] vfs_read+0x206/0xa30 [ 1767.438795][T18926] ? __pfx_vfs_read+0x10/0x10 [ 1767.438814][T18926] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1767.438846][T18926] ? mutex_lock_nested+0x154/0x1d0 [ 1767.438865][T18926] ? fdget_pos+0x253/0x320 [ 1767.438899][T18926] ksys_read+0x14b/0x260 [ 1767.438930][T18926] ? __pfx_ksys_read+0x10/0x10 [ 1767.438957][T18926] ? do_syscall_64+0xbe/0xfa0 [ 1767.438985][T18926] do_syscall_64+0xfa/0xfa0 [ 1767.439008][T18926] ? lockdep_hardirqs_on+0x9c/0x150 [ 1767.439031][T18926] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1767.439051][T18926] ? clear_bhb_loop+0x60/0xb0 [ 1767.439075][T18926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1767.439093][T18926] RIP: 0033:0x7f3edaaed9dc [ 1767.439111][T18926] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1767.439128][T18926] RSP: 002b:00007f3ed8d4e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1767.439149][T18926] RAX: ffffffffffffffda RBX: 00007f3edad45fa0 RCX: 00007f3edaaed9dc [ 1767.439164][T18926] RDX: 000000000000000f RSI: 00007f3ed8d4e0a0 RDI: 0000000000000004 [ 1767.439177][T18926] RBP: 00007f3ed8d4e090 R08: 0000000000000000 R09: 0000000000000000 [ 1767.439190][T18926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1767.439201][T18926] R13: 00007f3edad46038 R14: 00007f3edad45fa0 R15: 00007fff2362b418 [ 1767.439235][T18926] [ 1767.683177][T11976] usb 9-1: new high-speed USB device number 55 using dummy_hcd [ 1767.755039][T13813] usb 6-1: new full-speed USB device number 104 using dummy_hcd [ 1767.917801][T13813] usb 6-1: config 5 has an invalid interface number: 123 but max is 0 [ 1767.917833][T13813] usb 6-1: config 5 has no interface number 0 [ 1767.917880][T13813] usb 6-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1767.918207][T13813] usb 6-1: config 5 interface 123 altsetting 7 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1767.918233][T13813] usb 6-1: config 5 interface 123 has no altsetting 0 [ 1767.923924][T13813] usb 6-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7 [ 1767.923958][T13813] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1767.923981][T13813] usb 6-1: Product: syz [ 1767.923997][T13813] usb 6-1: Manufacturer: syz [ 1767.924013][T13813] usb 6-1: SerialNumber: syz [ 1768.976341][T13813] ni6501 6-1:5.123: driver 'ni6501' failed to auto-configure device. [ 1768.993682][T13813] usb 6-1: USB disconnect, device number 104 [ 1769.536474][T11976] usb 9-1: new full-speed USB device number 56 using dummy_hcd [ 1770.268797][T13814] usb 7-1: USB disconnect, device number 117 [ 1770.341143][T11976] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1770.341174][T11976] usb 9-1: config 0 interface 0 has no altsetting 0 [ 1770.345540][T11976] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1770.345574][T11976] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1770.345595][T11976] usb 9-1: Product: syz [ 1770.345612][T11976] usb 9-1: Manufacturer: syz [ 1770.345628][T11976] usb 9-1: SerialNumber: syz [ 1770.649852][T11976] usb 9-1: config 0 descriptor?? [ 1772.623714][T18951] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3497'. [ 1772.623745][T18951] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3497'. [ 1772.681762][T11976] usb 9-1: can't set config #0, error -71 [ 1772.693475][T11976] usb 9-1: USB disconnect, device number 56 [ 1773.913397][T13814] usb 6-1: new full-speed USB device number 105 using dummy_hcd [ 1774.107647][T13814] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1774.107668][T13814] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1774.107679][T13814] usb 6-1: Product: syz [ 1774.107688][T13814] usb 6-1: Manufacturer: syz [ 1774.107696][T13814] usb 6-1: SerialNumber: syz [ 1774.112987][T13814] usb 6-1: config 0 descriptor?? [ 1774.243586][T11145] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 1774.295158][T18972] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3505'. [ 1774.363800][T13814] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1774.440374][T11145] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1774.440701][T11145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1774.440869][T11145] usb 5-1: Product: syz [ 1774.440887][T11145] usb 5-1: Manufacturer: syz [ 1774.440961][T11145] usb 5-1: SerialNumber: syz [ 1775.109692][T11145] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1775.219998][T13813] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1776.584702][T13813] usb 5-1: Service connection timeout for: 256 [ 1776.584720][T13813] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1776.600401][T11145] usb 5-1: USB disconnect, device number 100 [ 1776.614001][T13813] ath9k_htc: Failed to initialize the device [ 1776.614558][T11145] usb 5-1: ath9k_htc: USB layer deinitialized [ 1776.654950][ C0] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 1776.705622][T13814] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1776.709224][T13814] usb 6-1: USB disconnect, device number 105 [ 1777.845132][T18986] FAULT_INJECTION: forcing a failure. [ 1777.845132][T18986] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1777.845166][T18986] CPU: 0 UID: 0 PID: 18986 Comm: syz.5.3509 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1777.845190][T18986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1777.845203][T18986] Call Trace: [ 1777.845211][T18986] [ 1777.845221][T18986] dump_stack_lvl+0x189/0x250 [ 1777.845253][T18986] ? __pfx____ratelimit+0x10/0x10 [ 1777.845279][T18986] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1777.845305][T18986] ? __pfx__printk+0x10/0x10 [ 1777.845329][T18986] ? __might_fault+0xb0/0x130 [ 1777.845371][T18986] should_fail_ex+0x46c/0x600 [ 1777.845409][T18986] _copy_from_user+0x2d/0xb0 [ 1777.845432][T18986] __sys_bpf+0x1e3/0x860 [ 1777.845459][T18986] ? __pfx___sys_bpf+0x10/0x10 [ 1777.845481][T18986] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1777.845520][T18986] ? ksys_write+0x230/0x260 [ 1777.845546][T18986] ? __pfx_ksys_write+0x10/0x10 [ 1777.845576][T18986] __x64_sys_bpf+0x7c/0x90 [ 1777.845600][T18986] do_syscall_64+0xfa/0xfa0 [ 1777.845623][T18986] ? lockdep_hardirqs_on+0x9c/0x150 [ 1777.845647][T18986] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1777.845667][T18986] ? clear_bhb_loop+0x60/0xb0 [ 1777.845691][T18986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1777.845710][T18986] RIP: 0033:0x7fa8fe57efc9 [ 1777.845727][T18986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1777.845745][T18986] RSP: 002b:00007fa8fc7de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1777.845766][T18986] RAX: ffffffffffffffda RBX: 00007fa8fe7d5fa0 RCX: 00007fa8fe57efc9 [ 1777.845780][T18986] RDX: 0000000000000078 RSI: 0000200000000440 RDI: 0000000000000005 [ 1777.845794][T18986] RBP: 00007fa8fc7de090 R08: 0000000000000000 R09: 0000000000000000 [ 1777.845808][T18986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1777.845820][T18986] R13: 00007fa8fe7d6038 R14: 00007fa8fe7d5fa0 R15: 00007ffdea4d0ee8 [ 1777.845854][T18986] [ 1778.335029][T19001] bond2: entered allmulticast mode [ 1778.337611][T19006] netlink: 'syz.5.3514': attribute type 29 has an invalid length. [ 1778.338223][T19006] netlink: 'syz.5.3514': attribute type 29 has an invalid length. [ 1778.338954][T19006] netlink: 500 bytes leftover after parsing attributes in process `syz.5.3514'. [ 1778.524157][ T5818] usb 7-1: new full-speed USB device number 118 using dummy_hcd [ 1778.653129][T12798] usb 6-1: new low-speed USB device number 106 using dummy_hcd [ 1778.690985][ T5818] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1778.691533][ T5818] usb 7-1: not running at top speed; connect to a high speed hub [ 1778.692566][ T5818] usb 7-1: config 17 has an invalid interface number: 8 but max is 1 [ 1778.692586][ T5818] usb 7-1: config 17 has 1 interface, different from the descriptor's value: 2 [ 1778.692604][ T5818] usb 7-1: config 17 has no interface number 0 [ 1778.692645][ T5818] usb 7-1: config 17 interface 8 altsetting 6 endpoint 0x3 has an invalid bInterval 0, changing to 4 [ 1778.692667][ T5818] usb 7-1: config 17 interface 8 has no altsetting 0 [ 1778.707387][ T5818] usb 7-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff [ 1778.707419][ T5818] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1778.707439][ T5818] usb 7-1: Product: syz [ 1778.707453][ T5818] usb 7-1: Manufacturer: syz [ 1778.707468][ T5818] usb 7-1: SerialNumber: syz [ 1778.803152][T12798] usb 6-1: Invalid ep0 maxpacket: 64 [ 1778.842512][T19015] binder: 19012:19015 ioctl 400c620e 200000000380 returned -22 [ 1779.005269][T12798] usb 6-1: new low-speed USB device number 107 using dummy_hcd [ 1779.374874][ T5818] usb 7-1: selecting invalid altsetting 0 [ 1779.374998][ T5818] usb 7-1: 8:6 : no UAC_FORMAT_TYPE desc [ 1779.375018][ T5818] usb 7-1: selecting invalid altsetting 0 [ 1779.396243][ T5818] usb 7-1: USB disconnect, device number 118 [ 1779.414812][T12798] usb 6-1: Invalid ep0 maxpacket: 64 [ 1779.415654][T12798] usb usb6-port1: attempt power cycle [ 1780.523147][T12798] usb 6-1: new low-speed USB device number 108 using dummy_hcd [ 1780.606869][T12798] usb 6-1: Invalid ep0 maxpacket: 64 [ 1780.753267][T12798] usb 6-1: new low-speed USB device number 109 using dummy_hcd [ 1780.784126][T12798] usb 6-1: Invalid ep0 maxpacket: 64 [ 1780.784638][T12798] usb usb6-port1: unable to enumerate USB device [ 1780.786347][T19027] FAULT_INJECTION: forcing a failure. [ 1780.786347][T19027] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1780.786380][T19027] CPU: 0 UID: 0 PID: 19027 Comm: syz.8.3521 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1780.786404][T19027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1780.786415][T19027] Call Trace: [ 1780.786423][T19027] [ 1780.786432][T19027] dump_stack_lvl+0x189/0x250 [ 1780.786463][T19027] ? __pfx____ratelimit+0x10/0x10 [ 1780.786487][T19027] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1780.786514][T19027] ? __pfx__printk+0x10/0x10 [ 1780.786535][T19027] ? __might_fault+0xb0/0x130 [ 1780.786571][T19027] should_fail_ex+0x46c/0x600 [ 1780.786602][T19027] _copy_from_user+0x2d/0xb0 [ 1780.786624][T19027] ___sys_sendmsg+0x158/0x2a0 [ 1780.786650][T19027] ? __pfx____sys_sendmsg+0x10/0x10 [ 1780.786709][T19027] ? __fget_files+0x2a/0x420 [ 1780.786733][T19027] ? __fget_files+0x3a6/0x420 [ 1780.786768][T19027] __x64_sys_sendmsg+0x1a1/0x260 [ 1780.786793][T19027] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1780.786825][T19027] ? __pfx_ksys_write+0x10/0x10 [ 1780.786859][T19027] ? do_syscall_64+0xbe/0xfa0 [ 1780.786888][T19027] do_syscall_64+0xfa/0xfa0 [ 1780.786910][T19027] ? lockdep_hardirqs_on+0x9c/0x150 [ 1780.786934][T19027] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1780.786954][T19027] ? clear_bhb_loop+0x60/0xb0 [ 1780.786976][T19027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1780.786995][T19027] RIP: 0033:0x7f472ab0efc9 [ 1780.787013][T19027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1780.787030][T19027] RSP: 002b:00007f4728d76038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1780.787052][T19027] RAX: ffffffffffffffda RBX: 00007f472ad65fa0 RCX: 00007f472ab0efc9 [ 1780.787068][T19027] RDX: 0000000000000040 RSI: 0000200000000180 RDI: 0000000000000004 [ 1780.787081][T19027] RBP: 00007f4728d76090 R08: 0000000000000000 R09: 0000000000000000 [ 1780.787094][T19027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1780.787106][T19027] R13: 00007f472ad66038 R14: 00007f472ad65fa0 R15: 00007fffbdee9d38 [ 1780.787140][T19027] [ 1781.333145][T13814] usb 7-1: new high-speed USB device number 119 using dummy_hcd [ 1781.492535][T13814] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1781.492554][T13814] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1781.492566][T13814] usb 7-1: Product: syz [ 1781.492574][T13814] usb 7-1: Manufacturer: syz [ 1781.492583][T13814] usb 7-1: SerialNumber: syz [ 1781.570525][T13814] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1781.642457][ T5886] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1781.934672][T19039] FAULT_INJECTION: forcing a failure. [ 1781.934672][T19039] name failslab, interval 1, probability 0, space 0, times 0 [ 1781.935111][T19039] CPU: 1 UID: 0 PID: 19039 Comm: syz.4.3524 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1781.935137][T19039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1781.935149][T19039] Call Trace: [ 1781.935158][T19039] [ 1781.935168][T19039] dump_stack_lvl+0x189/0x250 [ 1781.935200][T19039] ? __pfx____ratelimit+0x10/0x10 [ 1781.935224][T19039] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1781.935251][T19039] ? __pfx__printk+0x10/0x10 [ 1781.935281][T19039] ? __pfx___might_resched+0x10/0x10 [ 1781.935308][T19039] should_fail_ex+0x46c/0x600 [ 1781.935339][T19039] should_failslab+0xa8/0x100 [ 1781.935368][T19039] __kmalloc_noprof+0xcc/0x7d0 [ 1781.935392][T19039] ? kfree+0x51/0x950 [ 1781.935411][T19039] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1781.935442][T19039] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1781.935467][T19039] ? tomoyo_domain+0xda/0x130 [ 1781.935496][T19039] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1781.935525][T19039] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1781.935556][T19039] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1781.935589][T19039] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1781.935614][T19039] ? lockdep_hardirqs_on+0x9c/0x150 [ 1781.935669][T19039] ? __fget_files+0x2a/0x420 [ 1781.935703][T19039] ? __fget_files+0x3a6/0x420 [ 1781.935727][T19039] ? __fget_files+0x2a/0x420 [ 1781.935756][T19039] security_file_ioctl+0xcb/0x2d0 [ 1781.935779][T19039] __se_sys_ioctl+0x47/0x170 [ 1781.935805][T19039] do_syscall_64+0xfa/0xfa0 [ 1781.935825][T19039] ? lockdep_hardirqs_on+0x9c/0x150 [ 1781.935849][T19039] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1781.935868][T19039] ? clear_bhb_loop+0x60/0xb0 [ 1781.935892][T19039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1781.935925][T19039] RIP: 0033:0x7f6930c6efc9 [ 1781.935949][T19039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1781.935966][T19039] RSP: 002b:00007f692eead038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1781.935988][T19039] RAX: ffffffffffffffda RBX: 00007f6930ec6090 RCX: 00007f6930c6efc9 [ 1781.936003][T19039] RDX: 0000000080000000 RSI: 0000000000005425 RDI: 0000000000000003 [ 1781.936016][T19039] RBP: 00007f692eead090 R08: 0000000000000000 R09: 0000000000000000 [ 1781.936028][T19039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1781.936040][T19039] R13: 00007f6930ec6128 R14: 00007f6930ec6090 R15: 00007ffe3d7abf48 [ 1781.936102][T19039] [ 1781.946748][T19039] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1782.111151][T12798] usb 7-1: USB disconnect, device number 119 [ 1782.872764][T19046] netlink: 'syz.8.3526': attribute type 11 has an invalid length. [ 1782.872874][T19046] netlink: 'syz.8.3526': attribute type 11 has an invalid length. [ 1782.872921][T19046] netlink: 224 bytes leftover after parsing attributes in process `syz.8.3526'. [ 1783.506285][ T5886] usb 7-1: Service connection timeout for: 256 [ 1783.506310][ T5886] ath9k_htc 7-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1783.510507][ T5886] ath9k_htc: Failed to initialize the device [ 1783.543212][T12798] usb 7-1: ath9k_htc: USB layer deinitialized [ 1783.643176][T11976] usb 9-1: new high-speed USB device number 57 using dummy_hcd [ 1783.758552][T19055] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1783.800874][T11976] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1783.800907][T11976] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1783.800944][T11976] usb 9-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 1783.800967][T11976] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1783.898176][T11976] usb 9-1: config 0 descriptor?? [ 1784.134724][ C1] vkms_vblank_simulate: vblank timer overrun [ 1784.230217][T19065] FAULT_INJECTION: forcing a failure. [ 1784.230217][T19065] name failslab, interval 1, probability 0, space 0, times 0 [ 1784.230241][T19065] CPU: 1 UID: 0 PID: 19065 Comm: syz.5.3533 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1784.230254][T19065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1784.230261][T19065] Call Trace: [ 1784.230266][T19065] [ 1784.230273][T19065] dump_stack_lvl+0x189/0x250 [ 1784.230300][T19065] ? __pfx____ratelimit+0x10/0x10 [ 1784.230328][T19065] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1784.230354][T19065] ? __pfx__printk+0x10/0x10 [ 1784.230380][T19065] ? __pfx___might_resched+0x10/0x10 [ 1784.230395][T19065] should_fail_ex+0x46c/0x600 [ 1784.230414][T19065] should_failslab+0xa8/0x100 [ 1784.230431][T19065] __kmalloc_noprof+0xcc/0x7d0 [ 1784.230445][T19065] ? kfree+0x51/0x950 [ 1784.230456][T19065] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1784.230473][T19065] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1784.230494][T19065] ? tomoyo_domain+0xda/0x130 [ 1784.230528][T19065] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1784.230555][T19065] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1784.230583][T19065] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1784.230615][T19065] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1784.230634][T19065] ? lockdep_hardirqs_on+0x9c/0x150 [ 1784.230664][T19065] ? __fget_files+0x2a/0x420 [ 1784.230682][T19065] ? __fget_files+0x3a6/0x420 [ 1784.230695][T19065] ? __fget_files+0x2a/0x420 [ 1784.230712][T19065] security_file_ioctl+0xcb/0x2d0 [ 1784.230725][T19065] __se_sys_ioctl+0x47/0x170 [ 1784.230739][T19065] do_syscall_64+0xfa/0xfa0 [ 1784.230755][T19065] ? lockdep_hardirqs_on+0x9c/0x150 [ 1784.230768][T19065] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1784.230779][T19065] ? clear_bhb_loop+0x60/0xb0 [ 1784.230792][T19065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1784.230802][T19065] RIP: 0033:0x7fa8fe57efc9 [ 1784.230813][T19065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1784.230823][T19065] RSP: 002b:00007fa8fc7de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1784.230836][T19065] RAX: ffffffffffffffda RBX: 00007fa8fe7d5fa0 RCX: 00007fa8fe57efc9 [ 1784.230843][T19065] RDX: 00002000000001c0 RSI: 00000000c06864b8 RDI: 0000000000000003 [ 1784.230851][T19065] RBP: 00007fa8fc7de090 R08: 0000000000000000 R09: 0000000000000000 [ 1784.230858][T19065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1784.230864][T19065] R13: 00007fa8fe7d6038 R14: 00007fa8fe7d5fa0 R15: 00007ffdea4d0ee8 [ 1784.230882][T19065] [ 1784.230955][T19065] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1784.497793][T11976] arvo 0003:1E7D:30D4.0020: unbalanced collection at end of report description [ 1784.498337][T11976] arvo 0003:1E7D:30D4.0020: parse failed [ 1784.498381][T11976] arvo 0003:1E7D:30D4.0020: probe with driver arvo failed with error -22 [ 1784.638811][T13814] IPVS: starting estimator thread 0... [ 1784.723213][T19066] IPVS: using max 8 ests per chain, 19200 per kthread [ 1785.174981][ C1] vkms_vblank_simulate: vblank timer overrun [ 1785.800393][ C1] vkms_vblank_simulate: vblank timer overrun [ 1785.833240][T19076] bond0: (slave gretap0): Opening slave failed [ 1788.009138][T19094] FAULT_INJECTION: forcing a failure. [ 1788.009138][T19094] name failslab, interval 1, probability 0, space 0, times 0 [ 1788.009182][T19094] CPU: 0 UID: 0 PID: 19094 Comm: syz.5.3540 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1788.009205][T19094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1788.009217][T19094] Call Trace: [ 1788.009225][T19094] [ 1788.009235][T19094] dump_stack_lvl+0x189/0x250 [ 1788.009267][T19094] ? __pfx____ratelimit+0x10/0x10 [ 1788.009292][T19094] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1788.009319][T19094] ? __pfx__printk+0x10/0x10 [ 1788.009349][T19094] ? __pfx___might_resched+0x10/0x10 [ 1788.009375][T19094] ? fs_reclaim_acquire+0x7d/0x100 [ 1788.009405][T19094] should_fail_ex+0x46c/0x600 [ 1788.009435][T19094] ? sock_alloc_inode+0x28/0xc0 [ 1788.009459][T19094] should_failslab+0xa8/0x100 [ 1788.009486][T19094] ? sock_alloc_inode+0x28/0xc0 [ 1788.009508][T19094] kmem_cache_alloc_lru_noprof+0x74/0x6b0 [ 1788.009532][T19094] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1788.009557][T19094] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1788.009581][T19094] sock_alloc_inode+0x28/0xc0 [ 1788.009604][T19094] alloc_inode+0x6a/0x1b0 [ 1788.009631][T19094] __sock_create+0x12d/0x9f0 [ 1788.009655][T19094] ? fput+0xa0/0xd0 [ 1788.009683][T19094] __sys_socket+0xd7/0x1b0 [ 1788.009714][T19094] __x64_sys_socket+0x7a/0x90 [ 1788.009742][T19094] do_syscall_64+0xfa/0xfa0 [ 1788.009765][T19094] ? lockdep_hardirqs_on+0x9c/0x150 [ 1788.009789][T19094] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1788.009808][T19094] ? clear_bhb_loop+0x60/0xb0 [ 1788.009832][T19094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1788.009850][T19094] RIP: 0033:0x7fa8fe57efc9 [ 1788.009867][T19094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1788.009884][T19094] RSP: 002b:00007fa8fc7bd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1788.009907][T19094] RAX: ffffffffffffffda RBX: 00007fa8fe7d6090 RCX: 00007fa8fe57efc9 [ 1788.009922][T19094] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000002a [ 1788.009935][T19094] RBP: 00007fa8fc7bd090 R08: 0000000000000000 R09: 0000000000000000 [ 1788.009949][T19094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1788.009961][T19094] R13: 00007fa8fe7d6128 R14: 00007fa8fe7d6090 R15: 00007ffdea4d0ee8 [ 1788.009995][T19094] [ 1788.010201][T19094] socket: no more sockets [ 1789.507714][T19098] netlink: 68 bytes leftover after parsing attributes in process `syz.6.3541'. [ 1789.635462][T19104] netlink: 'syz.5.3543': attribute type 1 has an invalid length. [ 1789.754976][T19104] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1789.836137][T19105] bond3: (slave veth0_to_bond): making interface the new active one [ 1789.849794][T19105] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 1790.467607][T11145] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 1790.661205][T11145] usb 5-1: Using ep0 maxpacket: 16 [ 1791.239295][T11145] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1791.239328][T11145] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1791.239350][T11145] usb 5-1: Product: syz [ 1791.239365][T11145] usb 5-1: Manufacturer: syz [ 1791.239380][T11145] usb 5-1: SerialNumber: syz [ 1791.265803][T11145] usb 5-1: config 0 descriptor?? [ 1791.474933][T19112] FAULT_INJECTION: forcing a failure. [ 1791.474933][T19112] name failslab, interval 1, probability 0, space 0, times 0 [ 1791.474958][T19112] CPU: 0 UID: 0 PID: 19112 Comm: syz.4.3544 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1791.474971][T19112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1791.474978][T19112] Call Trace: [ 1791.474983][T19112] [ 1791.474989][T19112] dump_stack_lvl+0x189/0x250 [ 1791.475010][T19112] ? __pfx____ratelimit+0x10/0x10 [ 1791.475035][T19112] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1791.475051][T19112] ? __pfx__printk+0x10/0x10 [ 1791.475068][T19112] ? __pfx___might_resched+0x10/0x10 [ 1791.475083][T19112] should_fail_ex+0x46c/0x600 [ 1791.475101][T19112] should_failslab+0xa8/0x100 [ 1791.475119][T19112] __kmalloc_noprof+0xcc/0x7d0 [ 1791.475134][T19112] ? kfree+0x51/0x950 [ 1791.475144][T19112] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1791.475162][T19112] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1791.475175][T19112] ? tomoyo_domain+0xda/0x130 [ 1791.475191][T19112] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1791.475208][T19112] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1791.475226][T19112] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1791.475244][T19112] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1791.475259][T19112] ? lockdep_hardirqs_on+0x9c/0x150 [ 1791.475289][T19112] ? __fget_files+0x2a/0x420 [ 1791.475306][T19112] ? __fget_files+0x3a6/0x420 [ 1791.475320][T19112] ? __fget_files+0x2a/0x420 [ 1791.475336][T19112] security_file_ioctl+0xcb/0x2d0 [ 1791.475349][T19112] __se_sys_ioctl+0x47/0x170 [ 1791.475363][T19112] do_syscall_64+0xfa/0xfa0 [ 1791.475378][T19112] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1791.475388][T19112] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1791.475398][T19112] ? clear_bhb_loop+0x60/0xb0 [ 1791.475411][T19112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1791.475421][T19112] RIP: 0033:0x7f6930c6efc9 [ 1791.475431][T19112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1791.475441][T19112] RSP: 002b:00007f692eece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1791.475478][T19112] RAX: ffffffffffffffda RBX: 00007f6930ec5fa0 RCX: 00007f6930c6efc9 [ 1791.475486][T19112] RDX: 00002000000011c0 RSI: 0000000080dc5521 RDI: 0000000000000004 [ 1791.475493][T19112] RBP: 00007f692eece090 R08: 0000000000000000 R09: 0000000000000000 [ 1791.475500][T19112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1791.475506][T19112] R13: 00007f6930ec6038 R14: 00007f6930ec5fa0 R15: 00007ffe3d7abf48 [ 1791.475524][T19112] [ 1791.475529][T19112] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1791.530390][ T5818] usb 5-1: USB disconnect, device number 101 [ 1791.782815][T19116] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3546'. [ 1791.934990][T12798] usb 9-1: USB disconnect, device number 57 [ 1793.847230][T19130] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3550'. [ 1794.462053][T19143] FAULT_INJECTION: forcing a failure. [ 1794.462053][T19143] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1794.462086][T19143] CPU: 1 UID: 0 PID: 19143 Comm: syz.7.3553 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1794.462108][T19143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1794.462121][T19143] Call Trace: [ 1794.462129][T19143] [ 1794.462138][T19143] dump_stack_lvl+0x189/0x250 [ 1794.462169][T19143] ? __pfx____ratelimit+0x10/0x10 [ 1794.462193][T19143] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1794.462220][T19143] ? __pfx__printk+0x10/0x10 [ 1794.462243][T19143] ? __might_fault+0xb0/0x130 [ 1794.462278][T19143] should_fail_ex+0x46c/0x600 [ 1794.462309][T19143] _copy_from_user+0x2d/0xb0 [ 1794.462422][T19143] ___sys_sendmsg+0x158/0x2a0 [ 1794.462447][T19143] ? __pfx____sys_sendmsg+0x10/0x10 [ 1794.462507][T19143] ? __fget_files+0x2a/0x420 [ 1794.462532][T19143] ? __fget_files+0x3a6/0x420 [ 1794.462566][T19143] __x64_sys_sendmsg+0x1a1/0x260 [ 1794.462589][T19143] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1794.462620][T19143] ? __pfx_ksys_write+0x10/0x10 [ 1794.462646][T19143] ? do_syscall_64+0xbe/0xfa0 [ 1794.462674][T19143] do_syscall_64+0xfa/0xfa0 [ 1794.462696][T19143] ? lockdep_hardirqs_on+0x9c/0x150 [ 1794.462717][T19143] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1794.462736][T19143] ? clear_bhb_loop+0x60/0xb0 [ 1794.462758][T19143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1794.462776][T19143] RIP: 0033:0x7f3edaaeefc9 [ 1794.462795][T19143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1794.462812][T19143] RSP: 002b:00007f3ed8d4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1794.462834][T19143] RAX: ffffffffffffffda RBX: 00007f3edad45fa0 RCX: 00007f3edaaeefc9 [ 1794.462849][T19143] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 1794.462862][T19143] RBP: 00007f3ed8d4e090 R08: 0000000000000000 R09: 0000000000000000 [ 1794.462875][T19143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1794.462888][T19143] R13: 00007f3edad46038 R14: 00007f3edad45fa0 R15: 00007fff2362b418 [ 1794.462922][T19143] [ 1794.715593][T19137] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3551'. [ 1797.288972][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1797.289599][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1797.749591][T19151] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3556'. [ 1800.279157][T11976] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 1800.821723][T19192] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1801.337466][T19188] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3566'. [ 1801.422653][T11976] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1801.422686][T11976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1801.422706][T11976] usb 5-1: Product: syz [ 1801.422722][T11976] usb 5-1: Manufacturer: syz [ 1801.422738][T11976] usb 5-1: SerialNumber: syz [ 1801.467491][T11976] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1801.542243][T17316] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1803.532238][T19205] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1804.530140][T19222] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard [ 1804.539997][T19222] exFAT-fs (nullb0): invalid boot record signature [ 1804.540038][T19222] exFAT-fs (nullb0): failed to read boot sector [ 1804.540050][T19222] exFAT-fs (nullb0): failed to recognize exfat type [ 1804.797408][ T5886] usb 5-1: USB disconnect, device number 102 [ 1804.947281][T19227] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard [ 1804.947771][T19227] exFAT-fs (nullb0): invalid boot record signature [ 1804.947785][T19227] exFAT-fs (nullb0): failed to read boot sector [ 1804.947795][T19227] exFAT-fs (nullb0): failed to recognize exfat type [ 1804.976321][T17316] usb 5-1: Service connection timeout for: 256 [ 1804.976346][T17316] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1804.977062][T17316] ath9k_htc: Failed to initialize the device [ 1805.019932][ T5886] usb 5-1: ath9k_htc: USB layer deinitialized [ 1805.083270][T19229] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3578'. [ 1805.083300][T19229] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3578'. [ 1805.679525][T19241] vlan0: entered promiscuous mode [ 1805.704878][T19243] FAULT_INJECTION: forcing a failure. [ 1805.704878][T19243] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1805.704911][T19243] CPU: 0 UID: 0 PID: 19243 Comm: syz.8.3583 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1805.704933][T19243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1805.704944][T19243] Call Trace: [ 1805.704951][T19243] [ 1805.704959][T19243] dump_stack_lvl+0x189/0x250 [ 1805.704991][T19243] ? __pfx____ratelimit+0x10/0x10 [ 1805.705014][T19243] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1805.705041][T19243] ? __pfx__printk+0x10/0x10 [ 1805.705075][T19243] should_fail_ex+0x46c/0x600 [ 1805.705106][T19243] strncpy_from_user+0x36/0x290 [ 1805.705132][T19243] do_tcp_setsockopt+0x157/0x1f20 [ 1805.705159][T19243] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 1805.705190][T19243] ? __fget_files+0x2a/0x420 [ 1805.705217][T19243] ? sock_common_setsockopt+0x36/0xc0 [ 1805.705241][T19243] ? tcp_setsockopt+0x3d/0xe0 [ 1805.705258][T19243] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1805.705285][T19243] do_sock_setsockopt+0x17c/0x1b0 [ 1805.705311][T19243] __x64_sys_setsockopt+0x145/0x1b0 [ 1805.705338][T19243] do_syscall_64+0xfa/0xfa0 [ 1805.705360][T19243] ? lockdep_hardirqs_on+0x9c/0x150 [ 1805.705384][T19243] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1805.705403][T19243] ? clear_bhb_loop+0x60/0xb0 [ 1805.705425][T19243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1805.705443][T19243] RIP: 0033:0x7f472ab0efc9 [ 1805.705460][T19243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1805.705478][T19243] RSP: 002b:00007f4728d76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1805.705498][T19243] RAX: ffffffffffffffda RBX: 00007f472ad65fa0 RCX: 00007f472ab0efc9 [ 1805.705513][T19243] RDX: 000000000000000d RSI: 0000000000000006 RDI: 0000000000000003 [ 1805.705524][T19243] RBP: 00007f4728d76090 R08: 0000000000000002 R09: 0000000000000000 [ 1805.705536][T19243] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 1805.705548][T19243] R13: 00007f472ad66038 R14: 00007f472ad65fa0 R15: 00007fffbdee9d38 [ 1805.705591][T19243] [ 1806.116748][T19248] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1808.421139][ C0] vkms_vblank_simulate: vblank timer overrun [ 1809.193455][ C0] vkms_vblank_simulate: vblank timer overrun [ 1809.329640][ C0] vkms_vblank_simulate: vblank timer overrun [ 1809.556744][T19258] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3588'. [ 1809.727776][ C0] vkms_vblank_simulate: vblank timer overrun [ 1810.770216][ T37] audit: type=1326 audit(1762182288.322:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19276 comm="syz.7.3592" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3edaaeefc9 code=0x0 [ 1810.770759][ T37] audit: type=1326 audit(1762182288.322:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19276 comm="syz.7.3592" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3edaaeefc9 code=0x0 [ 1811.900518][T19294] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3597'. [ 1812.607697][T19293] bond1: entered allmulticast mode [ 1814.121177][T19312] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3601'. [ 1814.121231][T19312] netlink: 168 bytes leftover after parsing attributes in process `syz.7.3601'. [ 1814.395455][T19318] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1815.095733][T19320] FAULT_INJECTION: forcing a failure. [ 1815.095733][T19320] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1815.095767][T19320] CPU: 1 UID: 0 PID: 19320 Comm: syz.8.3603 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1815.095791][T19320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1815.095803][T19320] Call Trace: [ 1815.095812][T19320] [ 1815.095821][T19320] dump_stack_lvl+0x189/0x250 [ 1815.095853][T19320] ? __pfx____ratelimit+0x10/0x10 [ 1815.095878][T19320] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1815.095905][T19320] ? __pfx__printk+0x10/0x10 [ 1815.095928][T19320] ? __might_fault+0xb0/0x130 [ 1815.095966][T19320] should_fail_ex+0x46c/0x600 [ 1815.095997][T19320] _copy_from_user+0x2d/0xb0 [ 1815.096020][T19320] io_sync_cancel+0x19e/0x8d0 [ 1815.096047][T19320] ? __pfx_io_sync_cancel+0x10/0x10 [ 1815.096073][T19320] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1815.096105][T19320] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1815.096132][T19320] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1815.096162][T19320] ? mutex_lock_nested+0x154/0x1d0 [ 1815.096182][T19320] ? __se_sys_io_uring_register+0x189/0x1220 [ 1815.096207][T19320] __se_sys_io_uring_register+0xdac/0x1220 [ 1815.096235][T19320] ? __pfx___se_sys_io_uring_register+0x10/0x10 [ 1815.096255][T19320] ? ksys_write+0x230/0x260 [ 1815.096281][T19320] ? __pfx_ksys_write+0x10/0x10 [ 1815.096315][T19320] ? do_syscall_64+0xbe/0xfa0 [ 1815.096344][T19320] do_syscall_64+0xfa/0xfa0 [ 1815.096366][T19320] ? lockdep_hardirqs_on+0x9c/0x150 [ 1815.096390][T19320] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1815.096409][T19320] ? clear_bhb_loop+0x60/0xb0 [ 1815.096433][T19320] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1815.096452][T19320] RIP: 0033:0x7f472ab0efc9 [ 1815.096471][T19320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1815.096488][T19320] RSP: 002b:00007f4728d1a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab [ 1815.096509][T19320] RAX: ffffffffffffffda RBX: 00007f472ad66090 RCX: 00007f472ab0efc9 [ 1815.096524][T19320] RDX: 0000200000000000 RSI: 0000000000000018 RDI: 0000000000000004 [ 1815.096537][T19320] RBP: 00007f4728d1a090 R08: 0000000000000000 R09: 0000000000000000 [ 1815.096550][T19320] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 1815.096562][T19320] R13: 00007f472ad66128 R14: 00007f472ad66090 R15: 00007fffbdee9d38 [ 1815.096596][T19320] [ 1816.594488][T19325] FAULT_INJECTION: forcing a failure. [ 1816.594488][T19325] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1816.594523][T19325] CPU: 0 UID: 0 PID: 19325 Comm: syz.5.3604 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1816.594545][T19325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1816.594557][T19325] Call Trace: [ 1816.594566][T19325] [ 1816.594575][T19325] dump_stack_lvl+0x189/0x250 [ 1816.594607][T19325] ? __pfx____ratelimit+0x10/0x10 [ 1816.594632][T19325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1816.594659][T19325] ? __pfx__printk+0x10/0x10 [ 1816.594682][T19325] ? __might_fault+0xb0/0x130 [ 1816.594718][T19325] should_fail_ex+0x46c/0x600 [ 1816.594751][T19325] _copy_from_user+0x2d/0xb0 [ 1816.594774][T19325] sk_setsockopt+0x276/0x2a70 [ 1816.594802][T19325] ? lockdep_hardirqs_on+0x9c/0x150 [ 1816.594827][T19325] ? __pfx_sk_setsockopt+0x10/0x10 [ 1816.594848][T19325] ? __lock_acquire+0xab9/0xd20 [ 1816.594894][T19325] ? __fget_files+0x2a/0x420 [ 1816.594923][T19325] ? __fget_files+0x2a/0x420 [ 1816.594946][T19325] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 1816.595012][T19325] do_sock_setsockopt+0x11b/0x1b0 [ 1816.595039][T19325] __x64_sys_setsockopt+0x145/0x1b0 [ 1816.595067][T19325] do_syscall_64+0xfa/0xfa0 [ 1816.595090][T19325] ? lockdep_hardirqs_on+0x9c/0x150 [ 1816.595114][T19325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1816.595134][T19325] ? clear_bhb_loop+0x60/0xb0 [ 1816.595157][T19325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1816.595176][T19325] RIP: 0033:0x7fa8fe57efc9 [ 1816.595194][T19325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1816.595224][T19325] RSP: 002b:00007fa8fc7de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1816.595245][T19325] RAX: ffffffffffffffda RBX: 00007fa8fe7d5fa0 RCX: 00007fa8fe57efc9 [ 1816.595261][T19325] RDX: 0000000000000002 RSI: 0000000000000001 RDI: 0000000000000003 [ 1816.595273][T19325] RBP: 00007fa8fc7de090 R08: 0000000000000004 R09: 0000000000000000 [ 1816.595285][T19325] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 1816.595299][T19325] R13: 00007fa8fe7d6038 R14: 00007fa8fe7d5fa0 R15: 00007ffdea4d0ee8 [ 1816.595332][T19325] [ 1816.670225][T19332] FAULT_INJECTION: forcing a failure. [ 1816.670225][T19332] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1816.670260][T19332] CPU: 1 UID: 0 PID: 19332 Comm: syz.6.3605 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1816.670283][T19332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1816.670295][T19332] Call Trace: [ 1816.670304][T19332] [ 1816.670313][T19332] dump_stack_lvl+0x189/0x250 [ 1816.670344][T19332] ? __pfx____ratelimit+0x10/0x10 [ 1816.670369][T19332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1816.670395][T19332] ? __pfx__printk+0x10/0x10 [ 1816.670417][T19332] ? __might_fault+0xb0/0x130 [ 1816.670461][T19332] should_fail_ex+0x46c/0x600 [ 1816.670492][T19332] _copy_from_user+0x2d/0xb0 [ 1816.670514][T19332] ___sys_sendmsg+0x158/0x2a0 [ 1816.670538][T19332] ? __pfx____sys_sendmsg+0x10/0x10 [ 1816.670598][T19332] ? __fget_files+0x2a/0x420 [ 1816.670621][T19332] ? __fget_files+0x3a6/0x420 [ 1816.670657][T19332] __sys_sendmmsg+0x22d/0x430 [ 1816.670684][T19332] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1816.670717][T19332] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1816.670754][T19332] ? ksys_write+0x230/0x260 [ 1816.670780][T19332] ? __pfx_ksys_write+0x10/0x10 [ 1816.670808][T19332] __x64_sys_sendmmsg+0xa0/0xc0 [ 1816.670832][T19332] do_syscall_64+0xfa/0xfa0 [ 1816.670854][T19332] ? lockdep_hardirqs_on+0x9c/0x150 [ 1816.670877][T19332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1816.670896][T19332] ? clear_bhb_loop+0x60/0xb0 [ 1816.670919][T19332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1816.670938][T19332] RIP: 0033:0x7fa60843efc9 [ 1816.670955][T19332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1816.670971][T19332] RSP: 002b:00007fa60667d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1816.670992][T19332] RAX: ffffffffffffffda RBX: 00007fa608696090 RCX: 00007fa60843efc9 [ 1816.671006][T19332] RDX: 0000000000000318 RSI: 00002000000bd000 RDI: 0000000000000004 [ 1816.671019][T19332] RBP: 00007fa60667d090 R08: 0000000000000000 R09: 0000000000000000 [ 1816.671030][T19332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1816.671041][T19332] R13: 00007fa608696128 R14: 00007fa608696090 R15: 00007ffdcb542458 [ 1816.671074][T19332] [ 1817.442076][T19336] FAULT_INJECTION: forcing a failure. [ 1817.442076][T19336] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1817.442110][T19336] CPU: 0 UID: 0 PID: 19336 Comm: syz.4.3608 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1817.442156][T19336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1817.442169][T19336] Call Trace: [ 1817.442178][T19336] [ 1817.442188][T19336] dump_stack_lvl+0x189/0x250 [ 1817.442220][T19336] ? __pfx____ratelimit+0x10/0x10 [ 1817.442244][T19336] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1817.442271][T19336] ? __pfx__printk+0x10/0x10 [ 1817.442294][T19336] ? __might_fault+0xb0/0x130 [ 1817.442331][T19336] should_fail_ex+0x46c/0x600 [ 1817.442363][T19336] _copy_from_user+0x2d/0xb0 [ 1817.442385][T19336] __sys_bpf+0x1e3/0x860 [ 1817.442413][T19336] ? __pfx___sys_bpf+0x10/0x10 [ 1817.442435][T19336] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1817.442474][T19336] ? ksys_write+0x230/0x260 [ 1817.442500][T19336] ? __pfx_ksys_write+0x10/0x10 [ 1817.442529][T19336] __x64_sys_bpf+0x7c/0x90 [ 1817.442553][T19336] do_syscall_64+0xfa/0xfa0 [ 1817.442576][T19336] ? lockdep_hardirqs_on+0x9c/0x150 [ 1817.442600][T19336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1817.442620][T19336] ? clear_bhb_loop+0x60/0xb0 [ 1817.442643][T19336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1817.442662][T19336] RIP: 0033:0x7f6930c6efc9 [ 1817.442679][T19336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1817.442696][T19336] RSP: 002b:00007f692eece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1817.442718][T19336] RAX: ffffffffffffffda RBX: 00007f6930ec5fa0 RCX: 00007f6930c6efc9 [ 1817.442734][T19336] RDX: 0000000000000020 RSI: 0000200000000380 RDI: 0000000000000003 [ 1817.442747][T19336] RBP: 00007f692eece090 R08: 0000000000000000 R09: 0000000000000000 [ 1817.442759][T19336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1817.442771][T19336] R13: 00007f6930ec6038 R14: 00007f6930ec5fa0 R15: 00007ffe3d7abf48 [ 1817.442806][T19336] [ 1818.623191][T11145] usb 7-1: new full-speed USB device number 120 using dummy_hcd [ 1818.769658][T19368] FAULT_INJECTION: forcing a failure. [ 1818.769658][T19368] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1818.769694][T19368] CPU: 1 UID: 0 PID: 19368 Comm: syz.4.3618 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1818.769718][T19368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1818.769730][T19368] Call Trace: [ 1818.769738][T19368] [ 1818.769747][T19368] dump_stack_lvl+0x189/0x250 [ 1818.769770][T19368] ? __pfx____ratelimit+0x10/0x10 [ 1818.769785][T19368] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1818.769803][T19368] ? __pfx__printk+0x10/0x10 [ 1818.769826][T19368] ? __might_fault+0xb0/0x130 [ 1818.769862][T19368] should_fail_ex+0x46c/0x600 [ 1818.769894][T19368] _copy_from_user+0x2d/0xb0 [ 1818.769917][T19368] __sys_bpf+0x1e3/0x860 [ 1818.769937][T19368] ? __pfx___sys_bpf+0x10/0x10 [ 1818.769950][T19368] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1818.769986][T19368] ? ksys_write+0x230/0x260 [ 1818.770013][T19368] ? __pfx_ksys_write+0x10/0x10 [ 1818.770043][T19368] __x64_sys_bpf+0x7c/0x90 [ 1818.770067][T19368] do_syscall_64+0xfa/0xfa0 [ 1818.770089][T19368] ? lockdep_hardirqs_on+0x9c/0x150 [ 1818.770106][T19368] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1818.770116][T19368] ? clear_bhb_loop+0x60/0xb0 [ 1818.770129][T19368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1818.770140][T19368] RIP: 0033:0x7f6930c6efc9 [ 1818.770157][T19368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1818.770174][T19368] RSP: 002b:00007f692eece038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1818.770195][T19368] RAX: ffffffffffffffda RBX: 00007f6930ec5fa0 RCX: 00007f6930c6efc9 [ 1818.770210][T19368] RDX: 000000000000004c RSI: 0000200000000340 RDI: 000000000000000a [ 1818.770223][T19368] RBP: 00007f692eece090 R08: 0000000000000000 R09: 0000000000000000 [ 1818.770236][T19368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1818.770248][T19368] R13: 00007f6930ec6038 R14: 00007f6930ec5fa0 R15: 00007ffe3d7abf48 [ 1818.770276][T19368] [ 1819.099196][T11145] usb 7-1: config 0 has an invalid interface number: 113 but max is 0 [ 1819.099216][T11145] usb 7-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 1819.099228][T11145] usb 7-1: config 0 has no interface number 0 [ 1819.099260][T11145] usb 7-1: config 0 interface 113 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1819.099275][T11145] usb 7-1: config 0 interface 113 has no altsetting 0 [ 1819.223389][T11145] usb 7-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1819.223421][T11145] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1819.223442][T11145] usb 7-1: Product: syz [ 1819.223458][T11145] usb 7-1: Manufacturer: syz [ 1819.223473][T11145] usb 7-1: SerialNumber: syz [ 1819.235137][T11145] usb 7-1: config 0 descriptor?? [ 1819.276204][T11145] pn533_usb 7-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint [ 1820.041019][T19380] FAULT_INJECTION: forcing a failure. [ 1820.041019][T19380] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1820.041054][T19380] CPU: 0 UID: 0 PID: 19380 Comm: syz.4.3621 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1820.041077][T19380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1820.041090][T19380] Call Trace: [ 1820.041098][T19380] [ 1820.041117][T19380] dump_stack_lvl+0x189/0x250 [ 1820.041149][T19380] ? __pfx____ratelimit+0x10/0x10 [ 1820.041175][T19380] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1820.041206][T19380] ? __pfx__printk+0x10/0x10 [ 1820.041231][T19380] ? fs_reclaim_acquire+0x7d/0x100 [ 1820.041266][T19380] should_fail_ex+0x46c/0x600 [ 1820.041299][T19380] prepare_alloc_pages+0x213/0x670 [ 1820.041334][T19380] __alloc_frozen_pages_noprof+0x123/0x370 [ 1820.041367][T19380] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1820.041406][T19380] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1820.041437][T19380] alloc_pages_mpol+0xd1/0x380 [ 1820.041469][T19380] alloc_pages_noprof+0xcf/0x1e0 [ 1820.041499][T19380] anon_pipe_write+0xbf6/0x1460 [ 1820.041555][T19380] ? __pfx_anon_pipe_write+0x10/0x10 [ 1820.041578][T19380] ? __might_fault+0xb0/0x130 [ 1820.041606][T19380] ? _parse_integer_limit+0x1ae/0x1f0 [ 1820.041646][T19380] fifo_pipe_write+0x25/0x4b0 [ 1820.041675][T19380] do_iter_readv_writev+0x635/0x8d0 [ 1820.041707][T19380] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1820.041743][T19380] ? rw_verify_area+0x25b/0x4e0 [ 1820.041770][T19380] vfs_writev+0x323/0x970 [ 1820.041801][T19380] ? __lock_acquire+0xab9/0xd20 [ 1820.041829][T19380] ? __pfx_vfs_writev+0x10/0x10 [ 1820.041871][T19380] ? __fget_files+0x2a/0x420 [ 1820.041902][T19380] ? __fget_files+0x3a6/0x420 [ 1820.041926][T19380] ? __fget_files+0x2a/0x420 [ 1820.041961][T19380] do_writev+0x153/0x2d0 [ 1820.041991][T19380] ? __pfx_do_writev+0x10/0x10 [ 1820.042021][T19380] ? do_syscall_64+0xbe/0xfa0 [ 1820.042050][T19380] do_syscall_64+0xfa/0xfa0 [ 1820.042075][T19380] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1820.042094][T19380] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1820.042128][T19380] ? clear_bhb_loop+0x60/0xb0 [ 1820.042152][T19380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1820.042172][T19380] RIP: 0033:0x7f6930c6efc9 [ 1820.042190][T19380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1820.042207][T19380] RSP: 002b:00007f692eead038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1820.042228][T19380] RAX: ffffffffffffffda RBX: 00007f6930ec6090 RCX: 00007f6930c6efc9 [ 1820.042244][T19380] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000006 [ 1820.042257][T19380] RBP: 00007f692eead090 R08: 0000000000000000 R09: 0000000000000000 [ 1820.042270][T19380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1820.042282][T19380] R13: 00007f6930ec6128 R14: 00007f6930ec6090 R15: 00007ffe3d7abf48 [ 1820.042318][T19380] [ 1821.821365][T13814] usb 7-1: USB disconnect, device number 120 [ 1822.133223][T11145] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 1822.283193][T11145] usb 5-1: Using ep0 maxpacket: 8 [ 1822.287322][T11145] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1822.287341][T11145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1822.287352][T11145] usb 5-1: Product: syz [ 1822.287360][T11145] usb 5-1: Manufacturer: syz [ 1822.287368][T11145] usb 5-1: SerialNumber: syz [ 1822.291779][T11145] usb 5-1: config 0 descriptor?? [ 1822.336836][T11145] gspca_main: se401-2.14.0 probing 047d:5003 [ 1822.714907][T11145] gspca_se401: Too many frame sizes [ 1823.851349][T11976] usb 5-1: USB disconnect, device number 103 [ 1824.203346][T19414] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1824.892475][T19420] bond2: entered allmulticast mode [ 1825.104593][T19432] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1825.785678][ T5886] usb 9-1: new high-speed USB device number 58 using dummy_hcd [ 1826.246795][T19441] tty tty1: ldisc open failed (-12), clearing slot 0 [ 1826.523141][ T5886] usb 9-1: device descriptor read/64, error -71 [ 1827.853140][ T5886] usb 9-1: new high-speed USB device number 59 using dummy_hcd [ 1830.104133][T19473] FAULT_INJECTION: forcing a failure. [ 1830.104133][T19473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1830.104173][T19473] CPU: 1 UID: 0 PID: 19473 Comm: syz.8.3649 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1830.104216][T19473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1830.104228][T19473] Call Trace: [ 1830.104237][T19473] [ 1830.104247][T19473] dump_stack_lvl+0x189/0x250 [ 1830.104279][T19473] ? __pfx____ratelimit+0x10/0x10 [ 1830.104305][T19473] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1830.104332][T19473] ? __pfx__printk+0x10/0x10 [ 1830.104355][T19473] ? __might_fault+0xb0/0x130 [ 1830.104393][T19473] should_fail_ex+0x46c/0x600 [ 1830.104425][T19473] _copy_from_user+0x2d/0xb0 [ 1830.104447][T19473] ___sys_recvmsg+0x12e/0x510 [ 1830.104478][T19473] ? __pfx____sys_recvmsg+0x10/0x10 [ 1830.104528][T19473] ? __fget_files+0x3a6/0x420 [ 1830.104565][T19473] do_recvmmsg+0x30d/0x770 [ 1830.104597][T19473] ? __pfx_do_recvmmsg+0x10/0x10 [ 1830.104618][T19473] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1830.104643][T19473] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1830.104680][T19473] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 1830.104719][T19473] __x64_sys_recvmmsg+0x190/0x240 [ 1830.104747][T19473] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1830.104773][T19473] ? do_syscall_64+0xbe/0xfa0 [ 1830.104801][T19473] do_syscall_64+0xfa/0xfa0 [ 1830.104824][T19473] ? lockdep_hardirqs_on+0x9c/0x150 [ 1830.104847][T19473] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1830.104867][T19473] ? clear_bhb_loop+0x60/0xb0 [ 1830.104890][T19473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1830.104908][T19473] RIP: 0033:0x7f472ab0efc9 [ 1830.104925][T19473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1830.104941][T19473] RSP: 002b:00007f4728d76038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1830.104963][T19473] RAX: ffffffffffffffda RBX: 00007f472ad65fa0 RCX: 00007f472ab0efc9 [ 1830.104977][T19473] RDX: 0000000000000600 RSI: 0000200000003700 RDI: 0000000000000004 [ 1830.104989][T19473] RBP: 00007f4728d76090 R08: 0000000000000000 R09: 0000000000000000 [ 1830.105002][T19473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1830.105014][T19473] R13: 00007f472ad66038 R14: 00007f472ad65fa0 R15: 00007fffbdee9d38 [ 1830.105053][T19473] [ 1830.478560][T19482] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1831.012850][T19489] FAULT_INJECTION: forcing a failure. [ 1831.012850][T19489] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1831.012876][T19489] CPU: 0 UID: 0 PID: 19489 Comm: syz.8.3653 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1831.012890][T19489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1831.012897][T19489] Call Trace: [ 1831.012903][T19489] [ 1831.012909][T19489] dump_stack_lvl+0x189/0x250 [ 1831.012932][T19489] ? __pfx____ratelimit+0x10/0x10 [ 1831.012947][T19489] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1831.012963][T19489] ? __pfx__printk+0x10/0x10 [ 1831.012999][T19489] should_fail_ex+0x46c/0x600 [ 1831.013026][T19489] _copy_to_user+0x31/0xb0 [ 1831.013049][T19489] simple_read_from_buffer+0xe1/0x170 [ 1831.013071][T19489] proc_fail_nth_read+0x1b6/0x220 [ 1831.013087][T19489] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1831.013100][T19489] ? rw_verify_area+0x2ac/0x4e0 [ 1831.013114][T19489] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1831.013126][T19489] vfs_read+0x206/0xa30 [ 1831.013143][T19489] ? __pfx_vfs_read+0x10/0x10 [ 1831.013154][T19489] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1831.013171][T19489] ? mutex_lock_nested+0x154/0x1d0 [ 1831.013181][T19489] ? fdget_pos+0x253/0x320 [ 1831.013202][T19489] ksys_read+0x14b/0x260 [ 1831.013216][T19489] ? __pfx_ksys_read+0x10/0x10 [ 1831.013231][T19489] ? do_syscall_64+0xbe/0xfa0 [ 1831.013248][T19489] do_syscall_64+0xfa/0xfa0 [ 1831.013261][T19489] ? lockdep_hardirqs_on+0x9c/0x150 [ 1831.013275][T19489] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1831.013286][T19489] ? clear_bhb_loop+0x60/0xb0 [ 1831.013300][T19489] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1831.013310][T19489] RIP: 0033:0x7f472ab0d9dc [ 1831.013322][T19489] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1831.013332][T19489] RSP: 002b:00007f4728d55030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1831.013345][T19489] RAX: ffffffffffffffda RBX: 00007f472ad66090 RCX: 00007f472ab0d9dc [ 1831.013353][T19489] RDX: 000000000000000f RSI: 00007f4728d550a0 RDI: 0000000000000003 [ 1831.013360][T19489] RBP: 00007f4728d55090 R08: 0000000000000000 R09: 0000000000000000 [ 1831.013366][T19489] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 1831.013373][T19489] R13: 00007f472ad66128 R14: 00007f472ad66090 R15: 00007fffbdee9d38 [ 1831.013391][T19489] [ 1831.364207][T13814] usb 6-1: new high-speed USB device number 110 using dummy_hcd [ 1831.796493][T19494] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3656'. [ 1831.866766][T13814] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1831.866787][T13814] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1831.866799][T13814] usb 6-1: Product: syz [ 1831.866807][T13814] usb 6-1: Manufacturer: syz [ 1831.866816][T13814] usb 6-1: SerialNumber: syz [ 1831.872747][T13814] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1831.898615][T13813] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1832.342642][ C1] vkms_vblank_simulate: vblank timer overrun [ 1833.772109][ C1] vkms_vblank_simulate: vblank timer overrun [ 1833.788253][T19507] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3657'. [ 1833.820997][ T37] audit: type=1326 audit(1762182311.372:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19505 comm="syz.7.3659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1833.823731][ T37] audit: type=1326 audit(1762182311.372:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19505 comm="syz.7.3659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1833.826462][ T37] audit: type=1326 audit(1762182311.382:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19505 comm="syz.7.3659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1833.826752][ T37] audit: type=1326 audit(1762182311.382:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19505 comm="syz.7.3659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1833.909659][T19509] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1833.943343][ C1] vkms_vblank_simulate: vblank timer overrun [ 1834.134360][T13813] usb 6-1: Service connection timeout for: 256 [ 1834.134387][T13813] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1834.191136][ C1] vkms_vblank_simulate: vblank timer overrun [ 1834.313512][ T37] audit: type=1326 audit(1762182311.832:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19505 comm="syz.7.3659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1834.313576][ T37] audit: type=1326 audit(1762182311.832:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19505 comm="syz.7.3659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1834.486021][ C1] vkms_vblank_simulate: vblank timer overrun [ 1834.488130][ T37] audit: type=1326 audit(1762182312.042:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19505 comm="syz.7.3659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1834.488178][ T37] audit: type=1326 audit(1762182312.042:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19505 comm="syz.7.3659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1834.488938][ T37] audit: type=1326 audit(1762182312.042:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19505 comm="syz.7.3659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1834.488984][ T37] audit: type=1326 audit(1762182312.042:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19505 comm="syz.7.3659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1834.498914][T13813] ath9k_htc: Failed to initialize the device [ 1834.559135][T13813] usb 6-1: ath9k_htc: USB layer deinitialized [ 1834.663374][ T5886] usb 7-1: new high-speed USB device number 121 using dummy_hcd [ 1834.890075][ T5886] usb 7-1: Using ep0 maxpacket: 8 [ 1834.906699][ T5886] usb 7-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62 [ 1834.906731][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1834.906752][ T5886] usb 7-1: Product: syz [ 1834.906770][ T5886] usb 7-1: Manufacturer: syz [ 1834.906786][ T5886] usb 7-1: SerialNumber: syz [ 1834.914461][ C1] vkms_vblank_simulate: vblank timer overrun [ 1834.918755][T17316] usb 6-1: USB disconnect, device number 110 [ 1835.000731][ T5886] usb 7-1: config 0 descriptor?? [ 1835.165543][ T5886] usb 7-1: can't set config #0, error -71 [ 1835.176217][ T5886] usb 7-1: USB disconnect, device number 121 [ 1835.692845][ C1] vkms_vblank_simulate: vblank timer overrun [ 1835.720160][T13813] usb 6-1: new high-speed USB device number 111 using dummy_hcd [ 1835.892227][ C1] vkms_vblank_simulate: vblank timer overrun [ 1837.063675][T19526] netlink: 36 bytes leftover after parsing attributes in process `syz.8.3665'. [ 1837.063700][T19526] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3665'. [ 1837.153238][T13813] usb 6-1: Using ep0 maxpacket: 32 [ 1837.180083][T13813] usb 6-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 1837.180118][T13813] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1837.180140][T13813] usb 6-1: Product: syz [ 1837.180156][T13813] usb 6-1: Manufacturer: syz [ 1837.180171][T13813] usb 6-1: SerialNumber: syz [ 1837.331164][T13813] usb 6-1: config 0 descriptor?? [ 1837.713356][T13814] usb 7-1: new high-speed USB device number 122 using dummy_hcd [ 1837.885871][T13814] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1837.886316][T13814] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1837.886341][T13814] usb 7-1: Product: syz [ 1837.886353][T13814] usb 7-1: Manufacturer: syz [ 1837.886361][T13814] usb 7-1: SerialNumber: syz [ 1837.936554][T13814] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1837.986765][ T5886] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1838.034998][T13813] peak_usb 6-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 1838.104351][T19535] usb 9-1: new high-speed USB device number 60 using dummy_hcd [ 1838.303717][T19535] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1838.303749][T19535] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1838.304036][T19535] usb 9-1: Product: syz [ 1838.304053][T19535] usb 9-1: Manufacturer: syz [ 1838.304070][T19535] usb 9-1: SerialNumber: syz [ 1838.354047][T19535] usb 9-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1838.394923][T11145] usb 9-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1838.501096][T13813] peak_usb 6-1:0.0: probe with driver peak_usb failed with error -71 [ 1838.517532][T13813] usb 6-1: USB disconnect, device number 111 [ 1838.523269][T17316] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 1839.549518][T17316] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1839.549552][T17316] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1839.549575][T17316] usb 5-1: Product: syz [ 1839.549591][T17316] usb 5-1: Manufacturer: syz [ 1839.549608][T17316] usb 5-1: SerialNumber: syz [ 1839.599963][T17316] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1839.624205][T11976] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1839.686310][T11145] ath9k_htc 9-1:1.0: ath9k_htc: Target is unresponsive [ 1839.694375][T11145] ath9k_htc: Failed to initialize the device [ 1840.713512][T11976] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 1840.714843][T11976] ath9k_htc: Failed to initialize the device [ 1840.799853][T11976] usb 5-1: ath9k_htc: USB layer deinitialized [ 1841.463796][ T5886] usb 7-1: Service connection timeout for: 256 [ 1841.463820][ T5886] ath9k_htc 7-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1841.715450][T13814] usb 7-1: USB disconnect, device number 122 [ 1841.842494][ T5886] ath9k_htc: Failed to initialize the device [ 1841.893946][ C0] dummy_hcd dummy_hcd.8: timer fired with no URBs pending? [ 1842.002163][ T37] kauditd_printk_skb: 8 callbacks suppressed [ 1842.002182][ T37] audit: type=1326 audit(1762182319.542:1430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19549 comm="syz.6.3672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1842.002301][T13814] usb 7-1: ath9k_htc: USB layer deinitialized [ 1842.007787][ T37] audit: type=1326 audit(1762182319.562:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19549 comm="syz.6.3672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1842.007838][ T37] audit: type=1326 audit(1762182319.562:1432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19549 comm="syz.6.3672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1842.009385][ T37] audit: type=1326 audit(1762182319.562:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19549 comm="syz.6.3672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1842.014768][ T37] audit: type=1326 audit(1762182319.572:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19549 comm="syz.6.3672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1842.016259][ T37] audit: type=1326 audit(1762182319.572:1435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19549 comm="syz.6.3672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1842.017730][ T37] audit: type=1326 audit(1762182319.572:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19549 comm="syz.6.3672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1842.020049][ T37] audit: type=1326 audit(1762182319.572:1437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19549 comm="syz.6.3672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa60843d810 code=0x7ffc0000 [ 1842.037272][ T37] audit: type=1326 audit(1762182319.582:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19549 comm="syz.6.3672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fa6084407f7 code=0x7ffc0000 [ 1842.037326][ T37] audit: type=1326 audit(1762182319.592:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19549 comm="syz.6.3672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1842.105029][T19551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1842.112756][T19551] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1842.301814][T19551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1842.308940][T19551] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1842.321399][T11145] usb 9-1: ath9k_htc: USB layer deinitialized [ 1842.334860][T17316] usb 9-1: USB disconnect, device number 60 [ 1842.485088][T19554] program syz.5.3673 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1842.554840][T19558] FAULT_INJECTION: forcing a failure. [ 1842.554840][T19558] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1842.554872][T19558] CPU: 0 UID: 0 PID: 19558 Comm: syz.8.3674 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1842.554889][T19558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1842.554898][T19558] Call Trace: [ 1842.554905][T19558] [ 1842.554912][T19558] dump_stack_lvl+0x189/0x250 [ 1842.554939][T19558] ? __pfx____ratelimit+0x10/0x10 [ 1842.554958][T19558] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1842.554981][T19558] ? __pfx__printk+0x10/0x10 [ 1842.555004][T19558] ? __might_fault+0xb0/0x130 [ 1842.555036][T19558] should_fail_ex+0x46c/0x600 [ 1842.555068][T19558] _copy_from_user+0x2d/0xb0 [ 1842.555096][T19558] ___sys_sendmsg+0x158/0x2a0 [ 1842.555118][T19558] ? __pfx____sys_sendmsg+0x10/0x10 [ 1842.555172][T19558] ? __fget_files+0x2a/0x420 [ 1842.555195][T19558] ? __fget_files+0x3a6/0x420 [ 1842.555229][T19558] __x64_sys_sendmsg+0x1a1/0x260 [ 1842.555255][T19558] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1842.555285][T19558] ? __pfx_ksys_write+0x10/0x10 [ 1842.555312][T19558] ? do_syscall_64+0xbe/0xfa0 [ 1842.555338][T19558] do_syscall_64+0xfa/0xfa0 [ 1842.555358][T19558] ? lockdep_hardirqs_on+0x9c/0x150 [ 1842.555382][T19558] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1842.555401][T19558] ? clear_bhb_loop+0x60/0xb0 [ 1842.555425][T19558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1842.555443][T19558] RIP: 0033:0x7f472ab0efc9 [ 1842.555461][T19558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1842.555477][T19558] RSP: 002b:00007f4728d76038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1842.555508][T19558] RAX: ffffffffffffffda RBX: 00007f472ad65fa0 RCX: 00007f472ab0efc9 [ 1842.555524][T19558] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000000008 [ 1842.555537][T19558] RBP: 00007f4728d76090 R08: 0000000000000000 R09: 0000000000000000 [ 1842.555549][T19558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1842.555561][T19558] R13: 00007f472ad66038 R14: 00007f472ad65fa0 R15: 00007fffbdee9d38 [ 1842.555595][T19558] [ 1842.819344][T19554] loop4: detected capacity change from 0 to 7 [ 1842.860007][T19554] Dev loop4: unable to read RDB block 7 [ 1842.860066][T19554] loop4: unable to read partition table [ 1842.860467][T19554] loop4: partition table beyond EOD, truncated [ 1842.860489][T19554] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1843.278210][T13814] usb 5-1: USB disconnect, device number 104 [ 1844.413172][T19580] bond2: entered allmulticast mode [ 1844.451886][T19569] netlink: 44 bytes leftover after parsing attributes in process `syz.6.3676'. [ 1845.047941][ C0] vkms_vblank_simulate: vblank timer overrun [ 1845.120323][ C0] vkms_vblank_simulate: vblank timer overrun [ 1846.423749][T19593] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1847.826892][T13814] usb 6-1: new high-speed USB device number 112 using dummy_hcd [ 1847.871567][T19606] FAULT_INJECTION: forcing a failure. [ 1847.871567][T19606] name failslab, interval 1, probability 0, space 0, times 0 [ 1847.871631][T19606] CPU: 0 UID: 0 PID: 19606 Comm: syz.6.3685 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1847.871655][T19606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1847.871667][T19606] Call Trace: [ 1847.871675][T19606] [ 1847.871685][T19606] dump_stack_lvl+0x189/0x250 [ 1847.871717][T19606] ? __pfx____ratelimit+0x10/0x10 [ 1847.871742][T19606] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1847.871768][T19606] ? __pfx__printk+0x10/0x10 [ 1847.871814][T19606] ? __pfx___might_resched+0x10/0x10 [ 1847.871835][T19606] ? fs_reclaim_acquire+0x7d/0x100 [ 1847.871866][T19606] should_fail_ex+0x46c/0x600 [ 1847.871896][T19606] ? getname_flags+0xb8/0x540 [ 1847.871921][T19606] should_failslab+0xa8/0x100 [ 1847.871947][T19606] ? getname_flags+0xb8/0x540 [ 1847.871976][T19606] kmem_cache_alloc_noprof+0x6f/0x6b0 [ 1847.872009][T19606] getname_flags+0xb8/0x540 [ 1847.872039][T19606] user_path_at+0x24/0x60 [ 1847.872060][T19606] do_fchownat+0x105/0x270 [ 1847.872091][T19606] ? __pfx_do_fchownat+0x10/0x10 [ 1847.872127][T19606] __x64_sys_lchown+0x85/0xa0 [ 1847.872154][T19606] do_syscall_64+0xfa/0xfa0 [ 1847.872181][T19606] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1847.872199][T19606] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1847.872217][T19606] ? clear_bhb_loop+0x60/0xb0 [ 1847.872240][T19606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1847.872259][T19606] RIP: 0033:0x7fa60843efc9 [ 1847.872278][T19606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1847.872293][T19606] RSP: 002b:00007fa60665c038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 1847.872314][T19606] RAX: ffffffffffffffda RBX: 00007fa608696180 RCX: 00007fa60843efc9 [ 1847.872329][T19606] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 1847.872341][T19606] RBP: 00007fa60665c090 R08: 0000000000000000 R09: 0000000000000000 [ 1847.872354][T19606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1847.872366][T19606] R13: 00007fa608696218 R14: 00007fa608696180 R15: 00007ffdcb542458 [ 1847.872400][T19606] [ 1848.824217][T13814] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1848.824252][T13814] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1848.824275][T13814] usb 6-1: Product: syz [ 1848.824291][T13814] usb 6-1: Manufacturer: syz [ 1848.824306][T13814] usb 6-1: SerialNumber: syz [ 1848.905985][ T37] kauditd_printk_skb: 7 callbacks suppressed [ 1848.906003][ T37] audit: type=1326 audit(1762182326.462:1447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19609 comm="syz.7.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1848.906303][ T37] audit: type=1326 audit(1762182326.462:1448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19609 comm="syz.7.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1848.909648][ T37] audit: type=1326 audit(1762182326.462:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19609 comm="syz.7.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1848.909962][ T37] audit: type=1326 audit(1762182326.462:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19609 comm="syz.7.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1848.910265][ T37] audit: type=1326 audit(1762182326.462:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19609 comm="syz.7.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1848.910933][ T37] audit: type=1326 audit(1762182326.462:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19609 comm="syz.7.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1848.911598][ T37] audit: type=1326 audit(1762182326.462:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19609 comm="syz.7.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1848.912058][ T37] audit: type=1326 audit(1762182326.462:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19609 comm="syz.7.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1848.912359][ T37] audit: type=1326 audit(1762182326.462:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19609 comm="syz.7.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1848.912709][ T37] audit: type=1326 audit(1762182326.462:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19609 comm="syz.7.3687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3edaaeefc9 code=0x7ffc0000 [ 1849.088843][ C1] vkms_vblank_simulate: vblank timer overrun [ 1849.235770][T19614] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1849.346005][ C1] vkms_vblank_simulate: vblank timer overrun [ 1849.895737][ C1] vkms_vblank_simulate: vblank timer overrun [ 1850.045016][T13814] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1850.077209][ C1] vkms_vblank_simulate: vblank timer overrun [ 1850.380996][ T5886] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1850.442156][ C1] vkms_vblank_simulate: vblank timer overrun [ 1851.419941][ C1] vkms_vblank_simulate: vblank timer overrun [ 1851.433201][ T5886] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 1851.433574][ T5886] ath9k_htc: Failed to initialize the device [ 1851.495825][T13813] usb 6-1: USB disconnect, device number 112 [ 1851.510130][T13813] usb 6-1: ath9k_htc: USB layer deinitialized [ 1851.516328][ C0] dummy_hcd dummy_hcd.5: timer fired with no URBs pending? [ 1851.610723][ C1] vkms_vblank_simulate: vblank timer overrun [ 1851.766605][ C1] vkms_vblank_simulate: vblank timer overrun [ 1852.286237][ C1] vkms_vblank_simulate: vblank timer overrun [ 1852.384255][ C1] vkms_vblank_simulate: vblank timer overrun [ 1852.515754][T19631] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 1852.525329][ C1] vkms_vblank_simulate: vblank timer overrun [ 1852.924435][ C1] vkms_vblank_simulate: vblank timer overrun [ 1853.253902][ C1] vkms_vblank_simulate: vblank timer overrun [ 1853.262876][T11976] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 1853.957858][ C1] vkms_vblank_simulate: vblank timer overrun [ 1853.988894][T19640] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3695'. [ 1854.108905][T11976] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1854.108940][T11976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1854.108962][T11976] usb 5-1: Product: syz [ 1854.108978][T11976] usb 5-1: Manufacturer: syz [ 1854.108993][T11976] usb 5-1: SerialNumber: syz [ 1854.177813][T11976] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1854.223455][T17316] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1854.280254][T19649] FAULT_INJECTION: forcing a failure. [ 1854.280254][T19649] name failslab, interval 1, probability 0, space 0, times 0 [ 1854.280278][T19649] CPU: 1 UID: 0 PID: 19649 Comm: syz.5.3699 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1854.280292][T19649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1854.280300][T19649] Call Trace: [ 1854.280306][T19649] [ 1854.280311][T19649] dump_stack_lvl+0x189/0x250 [ 1854.280333][T19649] ? __pfx____ratelimit+0x10/0x10 [ 1854.280348][T19649] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1854.280370][T19649] ? __pfx__printk+0x10/0x10 [ 1854.280386][T19649] ? __pfx___might_resched+0x10/0x10 [ 1854.280402][T19649] should_fail_ex+0x46c/0x600 [ 1854.280420][T19649] should_failslab+0xa8/0x100 [ 1854.280437][T19649] __kmalloc_noprof+0xcc/0x7d0 [ 1854.280451][T19649] ? kfree+0x51/0x950 [ 1854.280462][T19649] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1854.280479][T19649] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1854.280493][T19649] ? tomoyo_domain+0xda/0x130 [ 1854.280509][T19649] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1854.280526][T19649] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1854.280544][T19649] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1854.280563][T19649] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1854.280578][T19649] ? lockdep_hardirqs_on+0x9c/0x150 [ 1854.280609][T19649] ? __fget_files+0x2a/0x420 [ 1854.280634][T19649] ? __fget_files+0x3a6/0x420 [ 1854.280648][T19649] ? __fget_files+0x2a/0x420 [ 1854.280665][T19649] security_file_ioctl+0xcb/0x2d0 [ 1854.280678][T19649] __se_sys_ioctl+0x47/0x170 [ 1854.280692][T19649] do_syscall_64+0xfa/0xfa0 [ 1854.280706][T19649] ? lockdep_hardirqs_on+0x9c/0x150 [ 1854.280719][T19649] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1854.280730][T19649] ? clear_bhb_loop+0x60/0xb0 [ 1854.280744][T19649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1854.280754][T19649] RIP: 0033:0x7fa8fe57efc9 [ 1854.280766][T19649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1854.280775][T19649] RSP: 002b:00007fa8fc7de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1854.280787][T19649] RAX: ffffffffffffffda RBX: 00007fa8fe7d5fa0 RCX: 00007fa8fe57efc9 [ 1854.280796][T19649] RDX: 0000200000000000 RSI: 00000000c1004110 RDI: 0000000000000003 [ 1854.280803][T19649] RBP: 00007fa8fc7de090 R08: 0000000000000000 R09: 0000000000000000 [ 1854.280810][T19649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1854.280816][T19649] R13: 00007fa8fe7d6038 R14: 00007fa8fe7d5fa0 R15: 00007ffdea4d0ee8 [ 1854.280834][T19649] [ 1854.281992][T19649] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1854.735470][ C1] vkms_vblank_simulate: vblank timer overrun [ 1855.917114][ C1] vkms_vblank_simulate: vblank timer overrun [ 1856.104119][ C1] vkms_vblank_simulate: vblank timer overrun [ 1856.792391][T19658] FAULT_INJECTION: forcing a failure. [ 1856.792391][T19658] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1856.792415][T19658] CPU: 1 UID: 0 PID: 19658 Comm: syz.5.3700 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1856.792431][T19658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1856.792439][T19658] Call Trace: [ 1856.792444][T19658] [ 1856.792449][T19658] dump_stack_lvl+0x189/0x250 [ 1856.792471][T19658] ? __pfx____ratelimit+0x10/0x10 [ 1856.792486][T19658] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1856.792502][T19658] ? __pfx__printk+0x10/0x10 [ 1856.792516][T19658] ? __might_fault+0xb0/0x130 [ 1856.792537][T19658] should_fail_ex+0x46c/0x600 [ 1856.792555][T19658] _copy_from_user+0x2d/0xb0 [ 1856.792568][T19658] ___sys_sendmsg+0x158/0x2a0 [ 1856.792583][T19658] ? __pfx____sys_sendmsg+0x10/0x10 [ 1856.792620][T19658] ? __fget_files+0x2a/0x420 [ 1856.792642][T19658] ? __fget_files+0x3a6/0x420 [ 1856.792675][T19658] __x64_sys_sendmsg+0x1a1/0x260 [ 1856.792700][T19658] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1856.792725][T19658] ? __pfx_ksys_write+0x10/0x10 [ 1856.792741][T19658] ? do_syscall_64+0xbe/0xfa0 [ 1856.792757][T19658] do_syscall_64+0xfa/0xfa0 [ 1856.792772][T19658] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1856.792783][T19658] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1856.792793][T19658] ? clear_bhb_loop+0x60/0xb0 [ 1856.792806][T19658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1856.792816][T19658] RIP: 0033:0x7fa8fe57efc9 [ 1856.792827][T19658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1856.792837][T19658] RSP: 002b:00007fa8fc7de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1856.792849][T19658] RAX: ffffffffffffffda RBX: 00007fa8fe7d5fa0 RCX: 00007fa8fe57efc9 [ 1856.792857][T19658] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004 [ 1856.792864][T19658] RBP: 00007fa8fc7de090 R08: 0000000000000000 R09: 0000000000000000 [ 1856.792871][T19658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1856.792877][T19658] R13: 00007fa8fe7d6038 R14: 00007fa8fe7d5fa0 R15: 00007ffdea4d0ee8 [ 1856.792895][T19658] [ 1857.830735][T17316] usb 5-1: Service connection timeout for: 256 [ 1857.830753][T17316] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1858.831228][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 1858.831278][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 1860.965730][T17316] ath9k_htc: Failed to initialize the device [ 1860.966034][ C1] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 1861.028722][T12798] usb 5-1: USB disconnect, device number 105 [ 1861.037676][T12798] usb 5-1: ath9k_htc: USB layer deinitialized [ 1861.132000][ T37] kauditd_printk_skb: 7 callbacks suppressed [ 1861.132019][ T37] audit: type=1326 audit(1762182338.682:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19660 comm="syz.6.3703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1861.132293][ T37] audit: type=1326 audit(1762182338.682:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19660 comm="syz.6.3703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1861.206716][ T37] audit: type=1326 audit(1762182338.722:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19660 comm="syz.6.3703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1861.206764][ T37] audit: type=1326 audit(1762182338.742:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19660 comm="syz.6.3703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1861.206802][ T37] audit: type=1326 audit(1762182338.742:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19660 comm="syz.6.3703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1861.206838][ T37] audit: type=1326 audit(1762182338.742:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19660 comm="syz.6.3703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1861.206876][ T37] audit: type=1326 audit(1762182338.742:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19660 comm="syz.6.3703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1861.206922][ T37] audit: type=1326 audit(1762182338.742:1471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19660 comm="syz.6.3703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1861.206961][ T37] audit: type=1326 audit(1762182338.742:1472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19660 comm="syz.6.3703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa60843efc9 code=0x7ffc0000 [ 1861.206998][ T37] audit: type=1326 audit(1762182338.752:1473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19660 comm="syz.6.3703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa60843d810 code=0x7ffc0000 [ 1861.331976][T19665] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1862.343041][ T5886] usb 9-1: new high-speed USB device number 61 using dummy_hcd [ 1862.450342][T19676] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1862.450373][T19676] bond0: (slave lo): Error: Device can not be enslaved while up [ 1862.501822][ T5886] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1862.501853][ T5886] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1862.501955][ T5886] usb 9-1: Product: syz [ 1862.501970][ T5886] usb 9-1: Manufacturer: syz [ 1862.501986][ T5886] usb 9-1: SerialNumber: syz [ 1862.520015][ T5886] usb 9-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1862.560659][T13813] usb 9-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1864.041047][T13813] ath9k_htc 9-1:1.0: ath9k_htc: Target is unresponsive [ 1864.041266][T13813] ath9k_htc: Failed to initialize the device [ 1864.163220][T19683] ceph: No mds server is up or the cluster is laggy [ 1864.244575][T17316] libceph: connect (1)[c::]:6789 error -101 [ 1864.256857][T17316] libceph: mon0 (1)[c::]:6789 connect error [ 1865.246247][T13813] usb 9-1: ath9k_htc: USB layer deinitialized [ 1865.597553][ T5818] libceph: connect (1)[c::]:6789 error -101 [ 1865.597763][ T5818] libceph: mon0 (1)[c::]:6789 connect error [ 1865.962798][ T5886] usb 9-1: USB disconnect, device number 61 [ 1866.074989][T19697] nbd: must specify a device to reconfigure [ 1867.628704][T17316] usb 7-1: new high-speed USB device number 123 using dummy_hcd [ 1867.780167][T17316] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1867.780198][T17316] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1867.780220][T17316] usb 7-1: Product: syz [ 1867.780236][T17316] usb 7-1: Manufacturer: syz [ 1867.780251][T17316] usb 7-1: SerialNumber: syz [ 1867.812740][T17316] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1867.860030][ T5818] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1868.831301][T19734] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1870.553173][ T5818] usb 7-1: Service connection timeout for: 256 [ 1870.553197][ T5818] ath9k_htc 7-1:1.0: ath9k_htc: Unable to initialize HTC services [ 1870.577769][ T5818] ath9k_htc: Failed to initialize the device [ 1870.646792][ T5818] usb 7-1: ath9k_htc: USB layer deinitialized [ 1870.775852][T13813] usb 7-1: USB disconnect, device number 123 [ 1874.464340][T19745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1876.776049][T19769] FAULT_INJECTION: forcing a failure. [ 1876.776049][T19769] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1876.776083][T19769] CPU: 0 UID: 0 PID: 19769 Comm: syz.7.3730 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1876.776106][T19769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1876.776118][T19769] Call Trace: [ 1876.776127][T19769] [ 1876.776136][T19769] dump_stack_lvl+0x189/0x250 [ 1876.776168][T19769] ? __pfx____ratelimit+0x10/0x10 [ 1876.776193][T19769] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1876.776220][T19769] ? __pfx__printk+0x10/0x10 [ 1876.776243][T19769] ? __might_fault+0xb0/0x130 [ 1876.776279][T19769] should_fail_ex+0x46c/0x600 [ 1876.776310][T19769] _copy_from_user+0x2d/0xb0 [ 1876.776341][T19769] ___sys_sendmsg+0x158/0x2a0 [ 1876.776368][T19769] ? __pfx____sys_sendmsg+0x10/0x10 [ 1876.776428][T19769] ? __fget_files+0x2a/0x420 [ 1876.776453][T19769] ? __fget_files+0x3a6/0x420 [ 1876.776488][T19769] __x64_sys_sendmsg+0x1a1/0x260 [ 1876.776514][T19769] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1876.776546][T19769] ? __pfx_ksys_write+0x10/0x10 [ 1876.776573][T19769] ? do_syscall_64+0xbe/0xfa0 [ 1876.776601][T19769] do_syscall_64+0xfa/0xfa0 [ 1876.776623][T19769] ? lockdep_hardirqs_on+0x9c/0x150 [ 1876.776646][T19769] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1876.776666][T19769] ? clear_bhb_loop+0x60/0xb0 [ 1876.776690][T19769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1876.776709][T19769] RIP: 0033:0x7f3edaaeefc9 [ 1876.776726][T19769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1876.776743][T19769] RSP: 002b:00007f3ed8d2d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1876.776764][T19769] RAX: ffffffffffffffda RBX: 00007f3edad46090 RCX: 00007f3edaaeefc9 [ 1876.776779][T19769] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004 [ 1876.776792][T19769] RBP: 00007f3ed8d2d090 R08: 0000000000000000 R09: 0000000000000000 [ 1876.776804][T19769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1876.776816][T19769] R13: 00007f3edad46128 R14: 00007f3edad46090 R15: 00007fff2362b418 [ 1876.776850][T19769] [ 1879.987543][T19792] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1881.182191][T19804] fuse: Bad value for 'rootmode' [ 1881.473281][T19804] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3741'. [ 1884.828703][T19826] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3746'. [ 1884.923532][T19829] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1885.660203][T19838] fuse: Bad value for 'fd' [ 1886.216572][T19854] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3752'. [ 1886.216600][T19854] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3752'. [ 1887.267382][T17316] libceph: connect (1)[c::]:6789 error -101 [ 1887.267516][T17316] libceph: mon0 (1)[c::]:6789 connect error [ 1887.464775][T19855] ceph: No mds server is up or the cluster is laggy [ 1888.314486][T15186] libceph: connect (1)[c::]:6789 error -101 [ 1888.314698][T15186] libceph: mon0 (1)[c::]:6789 connect error [ 1888.402177][ C0] vkms_vblank_simulate: vblank timer overrun [ 1889.644570][ C0] vkms_vblank_simulate: vblank timer overrun [ 1890.218836][ C0] vkms_vblank_simulate: vblank timer overrun [ 1890.368010][ C0] vkms_vblank_simulate: vblank timer overrun [ 1890.472069][ C0] vkms_vblank_simulate: vblank timer overrun [ 1890.579047][T19883] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1890.813891][T19884] FAULT_INJECTION: forcing a failure. [ 1890.813891][T19884] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1890.813924][T19884] CPU: 1 UID: 0 PID: 19884 Comm: syz.7.3759 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1890.813948][T19884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1890.813961][T19884] Call Trace: [ 1890.813970][T19884] [ 1890.813980][T19884] dump_stack_lvl+0x189/0x250 [ 1890.814013][T19884] ? __pfx____ratelimit+0x10/0x10 [ 1890.814038][T19884] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1890.814065][T19884] ? __pfx__printk+0x10/0x10 [ 1890.814103][T19884] should_fail_ex+0x46c/0x600 [ 1890.814136][T19884] _copy_to_user+0x31/0xb0 [ 1890.814160][T19884] simple_read_from_buffer+0xe1/0x170 [ 1890.814191][T19884] proc_fail_nth_read+0x1b6/0x220 [ 1890.814218][T19884] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1890.814243][T19884] ? rw_verify_area+0x2ac/0x4e0 [ 1890.814266][T19884] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1890.814289][T19884] vfs_read+0x206/0xa30 [ 1890.814321][T19884] ? __pfx_vfs_read+0x10/0x10 [ 1890.814340][T19884] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 1890.814371][T19884] ? mutex_lock_nested+0x154/0x1d0 [ 1890.814391][T19884] ? fdget_pos+0x253/0x320 [ 1890.814426][T19884] ksys_read+0x14b/0x260 [ 1890.814451][T19884] ? __pfx_ksys_read+0x10/0x10 [ 1890.814473][T19884] ? do_syscall_64+0xbe/0xfa0 [ 1890.814502][T19884] do_syscall_64+0xfa/0xfa0 [ 1890.814525][T19884] ? lockdep_hardirqs_on+0x9c/0x150 [ 1890.814548][T19884] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1890.814567][T19884] ? clear_bhb_loop+0x60/0xb0 [ 1890.814591][T19884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1890.814610][T19884] RIP: 0033:0x7f3edaaed9dc [ 1890.814628][T19884] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1890.814645][T19884] RSP: 002b:00007f3ed8d2d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1890.814673][T19884] RAX: ffffffffffffffda RBX: 00007f3edad46090 RCX: 00007f3edaaed9dc [ 1890.814688][T19884] RDX: 000000000000000f RSI: 00007f3ed8d2d0a0 RDI: 0000000000000007 [ 1890.814701][T19884] RBP: 00007f3ed8d2d090 R08: 0000000000000000 R09: 0000000000000000 [ 1890.814714][T19884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1890.814726][T19884] R13: 00007f3edad46128 R14: 00007f3edad46090 R15: 00007fff2362b418 [ 1890.814761][T19884] [ 1890.832523][ C0] vkms_vblank_simulate: vblank timer overrun [ 1890.839287][T17316] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 1890.839489][T15186] usb 6-1: new high-speed USB device number 113 using dummy_hcd [ 1890.930666][ C0] vkms_vblank_simulate: vblank timer overrun [ 1891.513068][T17316] usb 5-1: Using ep0 maxpacket: 8 [ 1891.513227][T15186] usb 6-1: Using ep0 maxpacket: 8 [ 1891.749949][T15186] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1891.750066][T15186] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1891.750088][T15186] usb 6-1: Product: syz [ 1891.750103][T15186] usb 6-1: Manufacturer: syz [ 1891.750119][T15186] usb 6-1: SerialNumber: syz [ 1891.892591][T17316] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1891.892623][T17316] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1891.892643][T17316] usb 5-1: Product: syz [ 1891.927819][T17316] usb 5-1: config 0 descriptor?? [ 1891.938293][T17316] usb 5-1: can't set config #0, error -71 [ 1891.942281][T15186] usb 6-1: config 0 descriptor?? [ 1891.957760][T17316] usb 5-1: USB disconnect, device number 106 [ 1891.973602][T15186] gspca_main: se401-2.14.0 probing 047d:5003 [ 1892.276898][ C0] vkms_vblank_simulate: vblank timer overrun [ 1892.496336][T19900] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1892.584271][T15186] gspca_se401: Too many frame sizes [ 1892.727187][T19905] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3766'. [ 1892.727234][T19905] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3766'. [ 1892.798224][ T5886] usb 6-1: USB disconnect, device number 113 [ 1894.994132][ C0] vkms_vblank_simulate: vblank timer overrun [ 1895.396956][ C0] vkms_vblank_simulate: vblank timer overrun [ 1895.597894][T19938] FAULT_INJECTION: forcing a failure. [ 1895.597894][T19938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1895.597929][T19938] CPU: 1 UID: 0 PID: 19938 Comm: syz.5.3776 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1895.597951][T19938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1895.597964][T19938] Call Trace: [ 1895.597972][T19938] [ 1895.597982][T19938] dump_stack_lvl+0x189/0x250 [ 1895.598014][T19938] ? __pfx____ratelimit+0x10/0x10 [ 1895.598039][T19938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1895.598065][T19938] ? __pfx__printk+0x10/0x10 [ 1895.598089][T19938] ? __might_fault+0xb0/0x130 [ 1895.598126][T19938] should_fail_ex+0x46c/0x600 [ 1895.598156][T19938] _copy_from_user+0x2d/0xb0 [ 1895.598186][T19938] ___sys_sendmsg+0x158/0x2a0 [ 1895.598213][T19938] ? __pfx____sys_sendmsg+0x10/0x10 [ 1895.598272][T19938] ? __fget_files+0x2a/0x420 [ 1895.598296][T19938] ? __fget_files+0x3a6/0x420 [ 1895.598331][T19938] __x64_sys_sendmsg+0x1a1/0x260 [ 1895.598357][T19938] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1895.598390][T19938] ? __pfx_ksys_write+0x10/0x10 [ 1895.598416][T19938] ? do_syscall_64+0xbe/0xfa0 [ 1895.598445][T19938] do_syscall_64+0xfa/0xfa0 [ 1895.598467][T19938] ? lockdep_hardirqs_on+0x9c/0x150 [ 1895.598491][T19938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1895.598510][T19938] ? clear_bhb_loop+0x60/0xb0 [ 1895.598533][T19938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1895.598553][T19938] RIP: 0033:0x7fa8fe57efc9 [ 1895.598571][T19938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1895.598589][T19938] RSP: 002b:00007fa8fc7de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1895.598610][T19938] RAX: ffffffffffffffda RBX: 00007fa8fe7d5fa0 RCX: 00007fa8fe57efc9 [ 1895.598625][T19938] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 1895.598638][T19938] RBP: 00007fa8fc7de090 R08: 0000000000000000 R09: 0000000000000000 [ 1895.598650][T19938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1895.598663][T19938] R13: 00007fa8fe7d6038 R14: 00007fa8fe7d5fa0 R15: 00007ffdea4d0ee8 [ 1895.598697][T19938] [ 1896.511510][T19954] FAULT_INJECTION: forcing a failure. [ 1896.511510][T19954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1896.511567][T19954] CPU: 0 UID: 0 PID: 19954 Comm: syz.4.3782 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1896.511591][T19954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1896.511603][T19954] Call Trace: [ 1896.511612][T19954] [ 1896.511622][T19954] dump_stack_lvl+0x189/0x250 [ 1896.511649][T19954] ? __pfx____ratelimit+0x10/0x10 [ 1896.511665][T19954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1896.511681][T19954] ? __pfx__printk+0x10/0x10 [ 1896.511695][T19954] ? __might_fault+0xb0/0x130 [ 1896.511716][T19954] should_fail_ex+0x46c/0x600 [ 1896.511734][T19954] _copy_from_user+0x2d/0xb0 [ 1896.511747][T19954] ___sys_sendmsg+0x158/0x2a0 [ 1896.511763][T19954] ? __pfx____sys_sendmsg+0x10/0x10 [ 1896.511795][T19954] ? __fget_files+0x2a/0x420 [ 1896.511809][T19954] ? __fget_files+0x3a6/0x420 [ 1896.511830][T19954] __x64_sys_sendmsg+0x1a1/0x260 [ 1896.511844][T19954] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1896.511862][T19954] ? __pfx_ksys_write+0x10/0x10 [ 1896.511878][T19954] ? do_syscall_64+0xbe/0xfa0 [ 1896.511894][T19954] do_syscall_64+0xfa/0xfa0 [ 1896.511909][T19954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1896.511919][T19954] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1896.511930][T19954] ? clear_bhb_loop+0x60/0xb0 [ 1896.511942][T19954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1896.511953][T19954] RIP: 0033:0x7f6930c6efc9 [ 1896.511963][T19954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1896.511973][T19954] RSP: 002b:00007f692eead038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1896.511986][T19954] RAX: ffffffffffffffda RBX: 00007f6930ec6090 RCX: 00007f6930c6efc9 [ 1896.511994][T19954] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 1896.512001][T19954] RBP: 00007f692eead090 R08: 0000000000000000 R09: 0000000000000000 [ 1896.512008][T19954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1896.512014][T19954] R13: 00007f6930ec6128 R14: 00007f6930ec6090 R15: 00007ffe3d7abf48 [ 1896.512032][T19954] [ 1899.079717][ C0] vkms_vblank_simulate: vblank timer overrun [ 1899.224404][ C0] vkms_vblank_simulate: vblank timer overrun [ 1899.315790][ C0] vkms_vblank_simulate: vblank timer overrun [ 1899.545649][ C0] vkms_vblank_simulate: vblank timer overrun [ 1900.624229][T17316] libceph: connect (1)[c::]:6789 error -101 [ 1900.624430][T17316] libceph: mon0 (1)[c::]:6789 connect error [ 1900.654652][T19968] ceph: No mds server is up or the cluster is laggy [ 1901.310584][T19977] netlink: 64 bytes leftover after parsing attributes in process `syz.6.3788'. [ 1902.803864][T19987] netlink: 44 bytes leftover after parsing attributes in process `syz.8.3790'. [ 1903.576313][T20008] FAULT_INJECTION: forcing a failure. [ 1903.576313][T20008] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1903.576358][T20008] CPU: 0 UID: 0 PID: 20008 Comm: syz.7.3787 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1903.576381][T20008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1903.576394][T20008] Call Trace: [ 1903.576402][T20008] [ 1903.576412][T20008] dump_stack_lvl+0x189/0x250 [ 1903.576444][T20008] ? __pfx____ratelimit+0x10/0x10 [ 1903.576468][T20008] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1903.576495][T20008] ? __pfx__printk+0x10/0x10 [ 1903.576518][T20008] ? __might_fault+0xb0/0x130 [ 1903.576557][T20008] should_fail_ex+0x46c/0x600 [ 1903.576588][T20008] _copy_from_user+0x2d/0xb0 [ 1903.576610][T20008] __sys_bind+0x19f/0x3e0 [ 1903.576632][T20008] ? __pfx___sys_bind+0x10/0x10 [ 1903.576664][T20008] ? __pfx_ksys_write+0x10/0x10 [ 1903.576695][T20008] __x64_sys_bind+0x7a/0x90 [ 1903.576715][T20008] do_syscall_64+0xfa/0xfa0 [ 1903.576738][T20008] ? lockdep_hardirqs_on+0x9c/0x150 [ 1903.576761][T20008] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1903.576782][T20008] ? clear_bhb_loop+0x60/0xb0 [ 1903.576804][T20008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1903.576824][T20008] RIP: 0033:0x7f3edaaeefc9 [ 1903.576842][T20008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1903.576859][T20008] RSP: 002b:00007f3ed8d0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 1903.576881][T20008] RAX: ffffffffffffffda RBX: 00007f3edad46180 RCX: 00007f3edaaeefc9 [ 1903.576896][T20008] RDX: 0000000000000048 RSI: 0000200000000100 RDI: 0000000000000006 [ 1903.576909][T20008] RBP: 00007f3ed8d0c090 R08: 0000000000000000 R09: 0000000000000000 [ 1903.576921][T20008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1903.576933][T20008] R13: 00007f3edad46218 R14: 00007f3edad46180 R15: 00007fff2362b418 [ 1903.576968][T20008] [ 1903.682868][T20009] sg_write: data in/out 65500/17 bytes for SCSI command 0x8-- guessing data in; [ 1903.682868][T20009] program syz.5.3794 not setting count and/or reply_len properly [ 1904.538030][T20024] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3801'. [ 1906.283169][ T5818] usb 7-1: new high-speed USB device number 124 using dummy_hcd [ 1906.318875][T20035] FAULT_INJECTION: forcing a failure. [ 1906.318875][T20035] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1906.318912][T20035] CPU: 1 UID: 0 PID: 20035 Comm: syz.5.3805 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1906.318937][T20035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1906.318948][T20035] Call Trace: [ 1906.318955][T20035] [ 1906.318966][T20035] dump_stack_lvl+0x189/0x250 [ 1906.318998][T20035] ? __pfx____ratelimit+0x10/0x10 [ 1906.319023][T20035] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1906.319049][T20035] ? __pfx__printk+0x10/0x10 [ 1906.319071][T20035] ? __might_fault+0xb0/0x130 [ 1906.319108][T20035] should_fail_ex+0x46c/0x600 [ 1906.319140][T20035] _copy_to_iter+0x1de/0x1790 [ 1906.319180][T20035] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 1906.319209][T20035] ? __pfx__copy_to_iter+0x10/0x10 [ 1906.319236][T20035] ? __pfx_woken_wake_function+0x10/0x10 [ 1906.319265][T20035] ? __lock_acquire+0xab9/0xd20 [ 1906.319298][T20035] tty_read+0x29e/0x690 [ 1906.319335][T20035] ? __pfx_tty_read+0x10/0x10 [ 1906.319369][T20035] ? __lock_acquire+0xab9/0xd20 [ 1906.319402][T20035] do_iter_readv_writev+0x635/0x8d0 [ 1906.319435][T20035] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1906.319469][T20035] ? rw_verify_area+0x2ac/0x4e0 [ 1906.319496][T20035] vfs_readv+0x259/0x850 [ 1906.319529][T20035] ? __pfx_vfs_readv+0x10/0x10 [ 1906.319571][T20035] ? __fget_files+0x2a/0x420 [ 1906.319601][T20035] ? __fget_files+0x3a6/0x420 [ 1906.319624][T20035] ? __fget_files+0x2a/0x420 [ 1906.319657][T20035] do_readv+0x153/0x2d0 [ 1906.319686][T20035] ? __pfx_do_readv+0x10/0x10 [ 1906.319715][T20035] ? do_syscall_64+0xbe/0xfa0 [ 1906.319744][T20035] do_syscall_64+0xfa/0xfa0 [ 1906.319766][T20035] ? lockdep_hardirqs_on+0x9c/0x150 [ 1906.319790][T20035] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1906.319809][T20035] ? clear_bhb_loop+0x60/0xb0 [ 1906.319833][T20035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1906.319851][T20035] RIP: 0033:0x7fa8fe57efc9 [ 1906.319871][T20035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1906.319887][T20035] RSP: 002b:00007fa8fc7de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1906.319909][T20035] RAX: ffffffffffffffda RBX: 00007fa8fe7d5fa0 RCX: 00007fa8fe57efc9 [ 1906.319924][T20035] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000004 [ 1906.319936][T20035] RBP: 00007fa8fc7de090 R08: 0000000000000000 R09: 0000000000000000 [ 1906.319949][T20035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1906.319961][T20035] R13: 00007fa8fe7d6038 R14: 00007fa8fe7d5fa0 R15: 00007ffdea4d0ee8 [ 1906.319994][T20035] [ 1906.438956][ T5818] usb 7-1: Using ep0 maxpacket: 32 [ 1906.445583][ T5818] usb 7-1: config 3 has an invalid interface number: 201 but max is 0 [ 1906.445613][ T5818] usb 7-1: config 3 has no interface number 0 [ 1906.445647][ T5818] usb 7-1: config 3 interface 201 has no altsetting 0 [ 1906.448787][ T5818] usb 7-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=74.48 [ 1906.448816][ T5818] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1906.448836][ T5818] usb 7-1: Product: syz [ 1906.448852][ T5818] usb 7-1: Manufacturer: syz [ 1906.448867][ T5818] usb 7-1: SerialNumber: syz [ 1907.579677][ T5818] int51x1 7-1:3.201: probe with driver int51x1 failed with error -22 [ 1907.633654][T17316] usb 9-1: new high-speed USB device number 62 using dummy_hcd [ 1908.152656][T17316] usb 9-1: Using ep0 maxpacket: 16 [ 1908.224083][T17316] usb 9-1: config 6 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1908.226211][T17316] usb 9-1: New USB device found, idVendor=05ff, idProduct=0292, bcdDevice= 0.40 [ 1908.226230][T17316] usb 9-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3 [ 1908.226242][T17316] usb 9-1: Product: syz [ 1908.226251][T17316] usb 9-1: Manufacturer: syz [ 1908.226259][T17316] usb 9-1: SerialNumber: syz [ 1908.301625][T20030] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1908.319494][T17316] usbhid 9-1:6.0: couldn't find an input interrupt endpoint [ 1908.782627][T20063] FAULT_INJECTION: forcing a failure. [ 1908.782627][T20063] name failslab, interval 1, probability 0, space 0, times 0 [ 1908.782650][T20063] CPU: 0 UID: 0 PID: 20063 Comm: syz.4.3810 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1908.782664][T20063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1908.782671][T20063] Call Trace: [ 1908.782676][T20063] [ 1908.782681][T20063] dump_stack_lvl+0x189/0x250 [ 1908.782702][T20063] ? __pfx____ratelimit+0x10/0x10 [ 1908.782716][T20063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1908.782732][T20063] ? __pfx__printk+0x10/0x10 [ 1908.782748][T20063] ? __pfx___might_resched+0x10/0x10 [ 1908.782763][T20063] should_fail_ex+0x46c/0x600 [ 1908.782782][T20063] should_failslab+0xa8/0x100 [ 1908.782799][T20063] __kmalloc_cache_noprof+0x6f/0x6c0 [ 1908.782815][T20063] ? snd_pcm_oss_change_params_locked+0x172/0x3e40 [ 1908.782838][T20063] snd_pcm_oss_change_params_locked+0x172/0x3e40 [ 1908.782860][T20063] ? register_lock_class+0x51/0x320 [ 1908.782878][T20063] ? __lock_acquire+0xab9/0xd20 [ 1908.782897][T20063] ? do_raw_spin_lock+0x121/0x290 [ 1908.782914][T20063] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1908.782930][T20063] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1908.782959][T20063] ? lockdep_hardirqs_on+0x9c/0x150 [ 1908.782981][T20063] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1908.783003][T20063] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1908.783034][T20063] ? mutex_lock_interruptible_nested+0x154/0x1d0 [ 1908.783053][T20063] ? snd_pcm_oss_write+0x295/0x11a0 [ 1908.783087][T20063] snd_pcm_oss_write+0x301/0x11a0 [ 1908.783110][T20063] ? __lock_acquire+0xab9/0xd20 [ 1908.783148][T20063] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1908.783167][T20063] ? __lock_acquire+0xab9/0xd20 [ 1908.783195][T20063] ? rw_verify_area+0x25b/0x4e0 [ 1908.783219][T20063] vfs_writev+0x4bf/0x970 [ 1908.783250][T20063] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1908.783271][T20063] ? __pfx_vfs_writev+0x10/0x10 [ 1908.783296][T20063] ? __fget_files+0x2a/0x420 [ 1908.783313][T20063] ? __fget_files+0x3a6/0x420 [ 1908.783327][T20063] ? __fget_files+0x2a/0x420 [ 1908.783346][T20063] do_writev+0x153/0x2d0 [ 1908.783364][T20063] ? __pfx_do_writev+0x10/0x10 [ 1908.783382][T20063] ? do_syscall_64+0xbe/0xfa0 [ 1908.783398][T20063] do_syscall_64+0xfa/0xfa0 [ 1908.783411][T20063] ? lockdep_hardirqs_on+0x9c/0x150 [ 1908.783424][T20063] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1908.783435][T20063] ? clear_bhb_loop+0x60/0xb0 [ 1908.783448][T20063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1908.783458][T20063] RIP: 0033:0x7f6930c6efc9 [ 1908.783469][T20063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1908.783479][T20063] RSP: 002b:00007f692ee8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1908.783491][T20063] RAX: ffffffffffffffda RBX: 00007f6930ec6180 RCX: 00007f6930c6efc9 [ 1908.783499][T20063] RDX: 0000000000000001 RSI: 0000200000000300 RDI: 0000000000000003 [ 1908.783506][T20063] RBP: 00007f692ee8c090 R08: 0000000000000000 R09: 0000000000000000 [ 1908.783513][T20063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1908.783520][T20063] R13: 00007f6930ec6218 R14: 00007f6930ec6180 R15: 00007ffe3d7abf48 [ 1908.783538][T20063] [ 1909.167391][ T5886] usb 7-1: USB disconnect, device number 124 [ 1909.371731][T20068] sp0: Synchronizing with TNC [ 1910.407425][ C1] ------------[ cut here ]------------ [ 1910.407441][ C1] refcount_t: addition on 0; use-after-free. [ 1910.408113][ C1] WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 [ 1910.408157][ C1] Modules linked in: [ 1910.408178][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1910.408203][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1910.408219][ C1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 1910.408249][ C1] Code: 00 00 e8 59 5c 45 fd 5b 41 5e e9 91 bb 4a 06 cc e8 4b 5c 45 fd c6 05 d6 08 47 0a 01 90 48 c7 c7 80 2e 3d 8b e8 57 a1 09 fd 90 <0f> 0b 90 90 eb d7 e8 2b 5c 45 fd c6 05 b7 08 47 0a 01 90 48 c7 c7 [ 1910.408270][ C1] RSP: 0018:ffffc90000a3f830 EFLAGS: 00010246 [ 1910.408289][ C1] RAX: fa7ffa7cc94b8400 RBX: 0000000000000002 RCX: ffff88801ba91e00 [ 1910.408308][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 1910.408322][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 1910.408337][ C1] R10: dffffc0000000000 R11: ffffed101712487b R12: 1ffff92000147f18 [ 1910.408354][ C1] R13: ffff888060441360 R14: ffff888060440f80 R15: dffffc0000000000 [ 1910.408372][ C1] FS: 0000000000000000(0000) GS:ffff888126ef9000(0000) knlGS:0000000000000000 [ 1910.408393][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1910.408409][ C1] CR2: 0000200000035000 CR3: 000000006c9fc000 CR4: 00000000003526f0 [ 1910.408428][ C1] Call Trace: [ 1910.408437][ C1] [ 1910.408451][ C1] mptcp_schedule_work+0x164/0x1a0 [ 1910.408480][ C1] mptcp_tout_timer+0x21/0xa0 [ 1910.408512][ C1] call_timer_fn+0x17e/0x5f0 [ 1910.408541][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 1910.408567][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 1910.408594][ C1] ? call_timer_fn+0xbe/0x5f0 [ 1910.408636][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 1910.408672][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 1910.408704][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 1910.408731][ C1] __run_timer_base+0x648/0x970 [ 1910.408774][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 1910.408819][ C1] run_timer_softirq+0xb7/0x180 [ 1910.408848][ C1] handle_softirqs+0x22f/0x710 [ 1910.408889][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1910.408938][ C1] run_ktimerd+0xcf/0x190 [ 1910.408968][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 1910.408995][ C1] ? schedule+0x91/0x360 [ 1910.409031][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 1910.409058][ C1] smpboot_thread_fn+0x542/0xa60 [ 1910.409089][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 1910.409125][ C1] kthread+0x711/0x8a0 [ 1910.409157][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 1910.409184][ C1] ? __pfx_kthread+0x10/0x10 [ 1910.409211][ C1] ? rt_spin_unlock+0x150/0x200 [ 1910.409242][ C1] ? rt_spin_unlock+0x161/0x200 [ 1910.409263][ C1] ? __pfx_kthread+0x10/0x10 [ 1910.409295][ C1] ret_from_fork+0x4bc/0x870 [ 1910.409326][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 1910.409363][ C1] ? __switch_to_asm+0x39/0x70 [ 1910.409384][ C1] ? __switch_to_asm+0x33/0x70 [ 1910.409406][ C1] ? __pfx_kthread+0x10/0x10 [ 1910.409438][ C1] ret_from_fork_asm+0x1a/0x30 [ 1910.409482][ C1] [ 1910.409500][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1910.409517][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1910.409543][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1910.409557][ C1] Call Trace: [ 1910.409566][ C1] [ 1910.409576][ C1] dump_stack_lvl+0x99/0x250 [ 1910.409608][ C1] ? __asan_memcpy+0x40/0x70 [ 1910.409636][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1910.409668][ C1] ? __pfx__printk+0x10/0x10 [ 1910.409711][ C1] vpanic+0x237/0x6d0 [ 1910.409733][ C1] ? __pfx_vpanic+0x10/0x10 [ 1910.409769][ C1] panic+0xb9/0xc0 [ 1910.409789][ C1] ? __pfx_panic+0x10/0x10 [ 1910.409833][ C1] __warn+0x31b/0x4b0 [ 1910.409853][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 1910.409880][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 1910.409910][ C1] report_bug+0x2be/0x4f0 [ 1910.409936][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 1910.409959][ C1] ? refcount_warn_saturate+0xfa/0x1d0 [ 1910.409983][ C1] ? refcount_warn_saturate+0xfc/0x1d0 [ 1910.410007][ C1] handle_bug+0x84/0x160 [ 1910.410039][ C1] exc_invalid_op+0x1a/0x50 [ 1910.410071][ C1] asm_exc_invalid_op+0x1a/0x20 [ 1910.410093][ C1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 1910.410119][ C1] Code: 00 00 e8 59 5c 45 fd 5b 41 5e e9 91 bb 4a 06 cc e8 4b 5c 45 fd c6 05 d6 08 47 0a 01 90 48 c7 c7 80 2e 3d 8b e8 57 a1 09 fd 90 <0f> 0b 90 90 eb d7 e8 2b 5c 45 fd c6 05 b7 08 47 0a 01 90 48 c7 c7 [ 1910.410138][ C1] RSP: 0018:ffffc90000a3f830 EFLAGS: 00010246 [ 1910.410156][ C1] RAX: fa7ffa7cc94b8400 RBX: 0000000000000002 RCX: ffff88801ba91e00 [ 1910.410173][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 1910.410188][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 1910.410202][ C1] R10: dffffc0000000000 R11: ffffed101712487b R12: 1ffff92000147f18 [ 1910.410218][ C1] R13: ffff888060441360 R14: ffff888060440f80 R15: dffffc0000000000 [ 1910.410259][ C1] mptcp_schedule_work+0x164/0x1a0 [ 1910.410286][ C1] mptcp_tout_timer+0x21/0xa0 [ 1910.410315][ C1] call_timer_fn+0x17e/0x5f0 [ 1910.410343][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 1910.410368][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 1910.410393][ C1] ? call_timer_fn+0xbe/0x5f0 [ 1910.410421][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 1910.410459][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 1910.410490][ C1] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 1910.410519][ C1] __run_timer_base+0x648/0x970 [ 1910.410565][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 1910.410612][ C1] run_timer_softirq+0xb7/0x180 [ 1910.410642][ C1] handle_softirqs+0x22f/0x710 [ 1910.410680][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1910.410720][ C1] run_ktimerd+0xcf/0x190 [ 1910.410749][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 1910.410776][ C1] ? schedule+0x91/0x360 [ 1910.410812][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 1910.410839][ C1] smpboot_thread_fn+0x542/0xa60 [ 1910.410868][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 1910.410913][ C1] kthread+0x711/0x8a0 [ 1910.410948][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 1910.410975][ C1] ? __pfx_kthread+0x10/0x10 [ 1910.411002][ C1] ? rt_spin_unlock+0x150/0x200 [ 1910.411031][ C1] ? rt_spin_unlock+0x161/0x200 [ 1910.411052][ C1] ? __pfx_kthread+0x10/0x10 [ 1910.411084][ C1] ret_from_fork+0x4bc/0x870 [ 1910.411110][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 1910.411142][ C1] ? __switch_to_asm+0x39/0x70 [ 1910.411164][ C1] ? __switch_to_asm+0x33/0x70 [ 1910.411185][ C1] ? __pfx_kthread+0x10/0x10 [ 1910.411217][ C1] ret_from_fork_asm+0x1a/0x30 [ 1910.411263][ C1] [ 1910.411720][ C1] Kernel Offset: disabled