last executing test programs: 12m52.613938368s ago: executing program 2 (id=376): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x31, 0x485, 0x0, 0x0) 12m49.8343025s ago: executing program 2 (id=381): socket$unix(0x1, 0x1, 0x0) bind$nfc_llcp(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce) r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x4c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x8, 0x8e}}]}, 0x4c}}, 0x0) r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) connect$nfc_llcp(r3, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) 12m48.804395017s ago: executing program 2 (id=383): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0) 12m47.71442044s ago: executing program 2 (id=384): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r0 = creat(0x0, 0x0) syz_emit_vhci(0x0, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r1, 0x0, 0x3}}, 0x20) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) sigaltstack(&(0x7f0000000340)={&(0x7f0000000400)=""/132, 0x1, 0x84}, &(0x7f0000000540)={&(0x7f00000004c0)=""/98, 0x0, 0x62}) r3 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_S_MODE(r3, 0x40046109, &(0x7f0000000300)=0xd0) semget$private(0x0, 0x207, 0x53) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000280)={0x7, 0x8, 0xfa00, {r1, 0x5}}, 0x10) socket$nl_route(0x10, 0x3, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x3}) bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x100000}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000580)={{&(0x7f0000ffb000/0x4000)=nil, 0x4000}, 0x3}) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r4, 0x1, 0x29, &(0x7f0000000300)=0x20, 0x4) write$binfmt_misc(r4, &(0x7f0000000300), 0x6) clock_settime(0x0, &(0x7f0000000040)) 12m46.890069405s ago: executing program 2 (id=386): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) readv(r0, &(0x7f0000000d00)=[{&(0x7f0000000700)=""/222, 0xde}, {0x0}], 0x2) ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x6, 0x2, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000080)="0000501ef663", 0x0, 0x2800004, 0x10030, 0x0, 0x0}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14}, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000300), 0x82880, 0x0) ioctl$FBIO_WAITFORVSYNC(r5, 0x40044620, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x44}}, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) r6 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r6, 0x0, 0xcb, &(0x7f00000000c0)={0x0, 0x8, 0x6, 0x7, @vifc_lcl_addr=@loopback, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) chdir(&(0x7f0000000080)='./file1\x00') r7 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000100)='pstore\x00', 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000cc0)=@delchain={0x1e4, 0x65, 0x2, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x8}, {0x0, 0x9}, {0x6}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @filter_kind_options=@f_route={{0xa}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x6, 0x22}}, @filter_kind_options=@f_route={{0xa}, {0x190, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0xf0, 0x6, [@m_vlan={0xec, 0x13, 0x0, 0x0, {{0x9}, {0xc, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0xb5, 0x6, "4536d5ba67cb41f3417191a0b4758169ba997e9dbec50e599419b7f290f4ee70efc0bdcb1d84cd2098b9c95fa81553821d25bbee1244fda18d438c3a5d696ee14197d17ea59071f0fd93760930ba453b3e23095f617d12282ec3f8190afeb1ac2e8d254fdac5b6ea11185f9256c3bab37a15cafe5f112d56723f0fb5c49b6449e58fc91a26d527012f701a9cfebef7787238f0d549914d85db8de6456cd08e0cd88f542f218759aebb2337e303783a52c6"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}, @TCA_ROUTE4_POLICE={0x84, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x7ff, 0xffffffffffffffff, 0x3, 0xa, 0x6, {0x7, 0x2, 0x1, 0x9, 0x0, 0x4}, {0x10, 0x2, 0x6, 0xfffe, 0x1, 0xeaa1}, 0x6, 0x200, 0x7}}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x8, 0xf4, 0x7fffffff, 0x7, {0x9, 0x0, 0x4, 0xd0c7, 0xffff, 0x86}, {0x10, 0x0, 0x0, 0x11, 0x1, 0xfffffffd}, 0x9, 0x80000, 0x9}}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xb}]}]}}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x81}, 0x8000) r8 = socket(0x10, 0x803, 0x0) sendto(r8, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r8, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x3a1}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) mount(0x0, &(0x7f0000000680)='./file1\x00', &(0x7f0000000700)='binder\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r7, 0x40049366, 0x0) 12m45.69027848s ago: executing program 2 (id=390): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan0\x00'}) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f0000000080)={{0x2, 0x4e22, @empty}, {0x306, @remote}, 0x2, {0x2, 0x4e20, @multicast2}, 'gre0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='%6b\xaa\xe3\x8fa\x8e\xdc\xcc\xb5\x05\x83?3\xf1\x9c\'\x84J\xd8\x04\x12\x9f\x05\x00\x00\x00\x83\xd8\xaa\xb4\xaa\x871Ojc\\Ox\xcc\xa0e\xb3\x86\v\x83\x84\x9c\v\xb9\x92\f\xb9\x82\xeb\x1bXA7y\xb4\x18g\xec\xe7\xd9h\xf2U\x83e\xba\xfe\x80\xbe\x92\xb5\xe2 !@\v\xe8\xc0\x9f\xaf\xcc\xc6\\\xa3^#\xccZ\x19\'OPH&s\x94\x91\x03\xf6\xd6\xa3$\x02\xf8^f\f`', 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000240), 0x8280, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0xffffffff, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000290000000b0000009b000000000000001900000000000000290000003200"/48, @ANYRES32=0x0, @ANYBLOB="0000004b231f4c72148693e5f2ee5590adce05a2c16924c85c9ee806fdd33d7fda8002ed3aa69ab9"], 0x40}, 0x0) getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f0000000000)) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) futex(&(0x7f0000000000)=0x1, 0x0, 0x0, &(0x7f0000000180)={0x77359400}, &(0x7f00000001c0), 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x10, 0xc}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205647, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90d, 0x0, '\x00', @string=0x0}}) 12m29.448349643s ago: executing program 32 (id=390): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wlan0\x00'}) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f0000000080)={{0x2, 0x4e22, @empty}, {0x306, @remote}, 0x2, {0x2, 0x4e20, @multicast2}, 'gre0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='%6b\xaa\xe3\x8fa\x8e\xdc\xcc\xb5\x05\x83?3\xf1\x9c\'\x84J\xd8\x04\x12\x9f\x05\x00\x00\x00\x83\xd8\xaa\xb4\xaa\x871Ojc\\Ox\xcc\xa0e\xb3\x86\v\x83\x84\x9c\v\xb9\x92\f\xb9\x82\xeb\x1bXA7y\xb4\x18g\xec\xe7\xd9h\xf2U\x83e\xba\xfe\x80\xbe\x92\xb5\xe2 !@\v\xe8\xc0\x9f\xaf\xcc\xc6\\\xa3^#\xccZ\x19\'OPH&s\x94\x91\x03\xf6\xd6\xa3$\x02\xf8^f\f`', 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000240), 0x8280, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0xffffffff, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000290000000b0000009b000000000000001900000000000000290000003200"/48, @ANYRES32=0x0, @ANYBLOB="0000004b231f4c72148693e5f2ee5590adce05a2c16924c85c9ee806fdd33d7fda8002ed3aa69ab9"], 0x40}, 0x0) getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f0000000000)) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) futex(&(0x7f0000000000)=0x1, 0x0, 0x0, &(0x7f0000000180)={0x77359400}, &(0x7f00000001c0), 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x10, 0xc}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r7, 0xc0205647, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90d, 0x0, '\x00', @string=0x0}}) 10m18.035582472s ago: executing program 3 (id=709): memfd_secret(0x80000) syz_open_dev$sg(0x0, 0x4, 0xc43) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000480)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x9, 0xfc, 0x2, '\x00', 0x8001}) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f00000002c0)=0x10000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10m15.076573712s ago: executing program 3 (id=714): mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001380)={0x6, 0x3, &(0x7f0000001180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000001080)='GPL\x00', 0x7, 0x17, &(0x7f0000001240)=""/23, 0x41100, 0x71, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) r3 = dup2(r2, r1) r4 = syz_io_uring_setup(0x4872, &(0x7f0000000480)={0x0, 0x0, 0x800, 0x3}, &(0x7f0000000040)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt(r7, 0x0, 0x1, &(0x7f0000000040)=""/53, &(0x7f0000000080)=0x35) io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0) readv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/81, 0x51}], 0x1) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000240)={0x0}) getresgid(0x0, 0x0, 0x0) r8 = syz_io_uring_setup(0xd3c, &(0x7f00000003c0)={0x0, 0x576, 0x0, 0x0, 0x386}, &(0x7f0000000700)=0x0, &(0x7f00000002c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r8, 0xce3, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r8, 0x4ac9, 0x3900, 0x1800000000000000, 0x0, 0x0) r10 = openat$smackfs_cipsonum(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/smackfs/direct\x00', 0x2, 0x0) writev(r10, &(0x7f00000003c0)=[{&(0x7f0000000100)='8', 0x1}, {&(0x7f00000002c0)='Ar', 0x2}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000000040000000b0000000b00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000704af8a879e405cbb72a36e1b9e50ecfd47c10044c6d5672c1bfb50dd1772540735b069c7dc9db590e7162bc1f1633eb54afc445f4c1f0d6a1c07c13e0a2586598daff8a18ac1b109feb4bd5e6cef718c98b532522178c9414efc9d8ff5df1a3fa85285e6ae7a497c9", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r11 = syz_open_procfs(0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x1f00, 0x50, '\x00', 0x0, 0x25, r11, 0x8, 0x0, 0x1c, 0x10, &(0x7f0000000100)={0x2, 0xa, 0xc8fe, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0), 0x10, 0x71, @void, @value}, 0x94) open(0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') 10m12.882518698s ago: executing program 3 (id=720): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r0, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x80002101}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x0, 0x0}) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0xd000943e, &(0x7f00000deec0)={0x0, 0x0, "0a65c65bb922bd68e6b3d2b0ffa539aad1a0b009a0654251a0296728426bcc9c50b892b6fe0d4a899bed8413eb73b72bfacf0cc6b42c7db466b7f51d9b3d2cf99c905ea2dc12920fbcea5e747ef05fc86b8aa748f3c447ddba2d39b19a24eca9f397fc88b651d3c44cd80acb1f31b19f05601e0945b6ea08df0d817c6be6351163deaa792b03838c1537985104930392de5650b90958d7baa2a8d2ede12065f3226535c1be12d31547e56d41902a0c235c875ede7a47f32babf5f064e52f3d3b37ad3e344d296a43675ffcb0aa81c76146696c79c121bb267fdb823b11d81e060b7b2f8fe255b042d8a9e1a98a55973a6c00e286c734001744dd9c9b43179727", "34def32f12bd5c9fc339bcad6ba98d3a24d8f3d7950567015ac7c78c2b80bb7eb643007a8ef617c94caac05b3c77b11b09234fd2c5dc31b77c8a6569abe3461f10a675f2b16853b344ee86fcb36da68763e0b918d679afffdf104addaebe283a1423c7c5d2049955777955af0b3559443dffd3cda019d0de9c332b113fdde1948b1328574144974f5fc66bc9c82d03a68784b388fa34190f4e4aa27f3ee59983fca9e5fece752c9f40dadaf13494c60bc5e3eb454a66425058406eb0e782271a3411b3d08b73970b3eeb0191e6ca78f6f4f1a789f11b7b6117abab9d3652bdd30cacae50030498d64b63c6b3de3f0be0791decd079a1b5d45f8eab0eab42bb46824cfb7b93bb431bf049e0bff283c207ea55a2c204cd5c71bf3e21a2ec50ceff1b5a6592df5310b766c75a65cea91ad06300bac5fc4075064b03f9ee87d2e459080f791b7a387ae0b40504b85a747da604df4672b62bddb29d79d1310619330240859d21ff8a4c5fff8549f4af4f6f32da7a651966fc6bc197e346f2ffc4c70f424b495c698e9ee4c90feb570b0feaa748b790ddbdf83ab4ea9cf36466598ba5829a17c244e5938e8d3ea96aeac88de177c0f1c3b9fcafde3965c684e5cc904fc117b7b09222700d7089f10db647a0315feafcbbb098f41377252113f4c575f222f774349e29b4cd65abaf3e7c8ca276dd658368f2acd785b76cc8bad54374cc9e8cf101185f0ef7658a9ace6b32a19ac0c940272689aba80020861bf69fc2f65513bfe52a64c90c1b400583e855bd48c13d158b11bbd54cc93fe5607149d8aab2b8b1fc9ea5221f91a09b335b87b56b213c10905f57d51624cc9c2b30f6f6b284f80e582f13cba0eb59263dda945357da345c3327668ba727c61174756bce2576daf5f40f7dc6b86b583e8269b1e0d032911d0f389b451b6e2f78963a512efa4ebda9424511ac7ea37099a7d10ce0ee863cb3ed3cf4e5729ed71c58291302a2053f86c4c7525127588f15d2b93e10cd4e95e557c962010c419c9b31ea97dc2b4587423eff48e754dae2efe940f76cfd77d5806f69b8380218082aee24150f9e20c36352de1f4b185f915efd4e9c4f3ab08ad13b685ab06637d33a8251934cd5ab749acb9abd94ea9301b16de66f96b6e7fc9db101a6c5e1b8c6de3cd5a629c9f46f8d1890a99121af90f2c49f7c2a52c89f892b9d547982ad3caf467617ce37b71db7a44ba273c55f048b8faef2fee10826ba13258c848adf0dfb128da9936fb140c63c86381ef16e812ce01e903b312630a0f135858311bc6447c6554e0ae8e0abac9747b37bfa2072e7d20bb8f732da9430606e23c349f775a2a0c0050f2074235eb2778854e4f8e8cccba79845dd1c6a58ecc03313e90a9e811596804d521898f14ee56746ca1c2cf3a640d43f24e3d665003739fcd2f0cd465542cb9def978e98c554fc47c640c27215b6b1f6875f11861d4e8efd857e251643c9deec1151673a635dd86820f028e1f0caf1c4abc0a82f4b648fd00b10b514a5335c62b8ad5c313cdbb5742a8c68055ac8781d072f78d880c4672f498e784ac8071449c8deb9a1a18aac4bdf0c480b1a7917b18f01f744dd2df74a73e5e620822e71e953f5c70be577ef989fcae591e4684af154acc7ccd8f85c85e73054e29d2af73bedead82d3f9657a514b25798a24d0ab92c25f03c0cef1cc99fc7bd9e18c9026b7c2ae9ed5f7339c3afa31eb27c34145dea54d1578518032f7bab095d423676bebbb7115e686986eb7f414921ebc6775180e436a829e92b83b5fa94c32ef86fcf8ee28d18aa11e3b89f438974186222ba232b4a7cd4b9396fe69e5d1a9b28b953fbc6e6d54d6f9fb6551493f7cf82d9ac3ba637bf03c55ee5a9bd8b5acb88a61d093303e62f934be4aaedff9e559d9f59da8e2ecb9af413b78c33b656296fd8173dca92cab79f0f7f8fdbed759864574ff952aff409fb3a1383b246cb5cadc6ed5d039cc2df9bc2e2de75965406f2c527d05092790d8c3cd05166a921668a9214e6c43adf5c82897e34772318821a5449038d7303cb9310d95350619e0eb91c427149dc9488af62e229a3524c4c0bc8e373a2e5fc12ecf8c4a3bc9f314026c8830e2a1b0dddbd37f59efdd7e97bd271a7e5ec580393eeed98a8e4880f7739d060312b91cef0dd6525a328e267cee7efa2a92212ee87cdd42db015e529351e71432e4789fcf45c0e1e67ce6a28c2346e9670661fd295818388c0f496a88e50cf2cc5d49785a46b0c2901d5b1329aa0c8cb00e098031d68901ed4783454e0213a8ff06926f320973cd9f84fa5cb0cda6660764f51af19469d94fdb5f1313f775168a1618d1252e2645b03ac9336954d7271ae0532e8266f6bcef2938a3c8762557ed52d82ce54c200675cb96b03eadfa799435e9dbaa3c4b1d20cadc2eb2096631c27bc2e158e77dfefe69b5b7c17266bab43688ebac280f9d6c70fc3d57bbdf41cd83aaecb730284978f884e839a8b171d2fd6f7f3053a421f25f2df7513720d5f92bd1a9799eb93014a007c2b5d82f3fc8522689dbe0da604ed60c6fa31d0526ccd930f7261c19184d0cec7625e497b5c98ff9e0e15f78c89ca712bad5f38f22a4e82c5873c1c6d02ca0a15826f06a14f11fc7cc16fd0eec1249698df2a097056ae8ef94314012130615eed4db703db5eba3be5fbad5a062278556a41f4c62e61265c249f1fb8fcf2a991adc0b319248c0fd82091d8b1c70d188f065fbe3c6b7ca5b1ec617b725316bcf132dfd927bc2f0d03f81dc3687a8d9a130f9573c2f6e564d629555ab34340adfa235a5077e65c6fd7b13811c88a62a22c67b72add13c8afe02b6d558462d84c5e63cac841e5c56d6bb4bc58b0d3d6fd38a9b40e2ca0fee169b553768fb87796480b618f68bc10ec05c1e52baac5e652ac9e8be579c4644662b7f04d21efcfa83fad1306f9b4c50fb38f225e598635416f00088826cd8a86b30d7ccc4dec2a87a25ba77fd0e0d716a785587629b415e753198dbb3f66d37ba3cb6d9ed4f692e907fd67c719ac1a78c17c8010e92fd1454788236b28460aa54437da58bb796ef1e37e2c76625d9ec8452fba20a241bde7403a3b118346e960a75dc4fde4dbc8e2c9c1a00086076c5c3eb40aca0c91288ff046130013b6ac9833f719b4ff4273dc40de1c6fd9226d34b586429bf74841f69f2b62d2a1e087bdfde9041a75248e0e3663fd059c4fc1cee1c852ddc152546cd69aeb2d1dbfbaf2ef39097e58183090693c9394b6c5e35d7f2459172862c52458342bf8f385e3cd1b1b4f5d0a99ab82ae28b6b1502508ccd41d797146f8b6df6c1529d1fb168c00be7e0325e3f115bd8ff39a93a043fc607ea713b70f6c121d66176f1a8c307294313e1f44092bff15637f770fae3cebf6e441897a45d8e3f3b0012e38198679ad8833de41a26dff9f0ca9e66ce684de0a43534dd2e44543df1c90dd65688cac208dcd6cd78da40cc7fdc3a941b3d257e6dd68cd95eca6005e7ba9ebaa71ddb5fa5581c80ceb3cf2867d3efd16dc7171e87e2fa574bb22bac94682d3e39d3b49ca5854a5fb97eaf2d3a35fde7bf62df05fde8ec1b5e1823c1d159621397018f572ba4344c530d80e469eb57312e94cccbeeb0cfd71f9e6b343a0feaf568a9b2aba86d47e0c5b6910c047b384a3de50f4bb7e532c18e86d3cd7ea665294c418d4e8f84273fed31f44154236dd6ab6c183f8b57ad6b3f8baee4e664401c6339e256615d21da26f86025b28c8a7d7d69d1c78551669c909f07eabb4ef64f1d413834eadd58eaa69148123a0c30828ecdf952c3cab9238c8d7ae6fa015310d3a700b9217c0209abf0fcce53bc40fae4640a353a5e643968ca28b5fe18a7ee9a8874efab14a07a18b7e90075ce27005578b557677d692b23bbc81390fa0aa265de617b620588760ed29139d4773f836403b038ff91374473d55d1320dde7161c1df8e97bda38ba691aa6506deb696a840dd753326c50e50565968ff8db2b687c996e500b505c1fdb46cc2f322bd6d8879f7d0df40c96f76549d5fafebaa852583660ef2a4836da13c767b723ae76ceee486e6b6b14a1f3450288b1aaf2e63fb2a70b47331bef92fcc284a578bfad8b88c17fba48a6fea450435ab5b8f53c19a5cba6b3793a5747463b5732dd46ba0b516dce0576b2746d5a220f4ed38c994033e79e053ab40d07629dd953d623aa8d15136d18a392b772f06d12c33fdaade9cdeb9d4d492c42a4dc28bb8efdf58992d25937d323b3ac44c7a6f7140098b1a8a8bd039deaa5517341f3b5c8ee3f50d91ab3cf15a096d2a6ca63009302d25d961c2ec5c905c66ea01ec491ccff6b620243419c56cff8a38774d9109e0afca600885f6d7cab5efd1fa8c48dfe53e8bc893f93b7e632f5a797c1f6f350976f5a00bc4c2c12934e6c507604771020fca257b5373c6ec8066384e23799490085c20dd07daf8a1faf510500d5f6e2ad023404c47f62f9f7f2f30f2157f6bea563a516253b6d18178097b45ae14f5f30f14f6a0eb5175ea8ac0bd5ce19f8c5d9326ff65cdebc5d899de2519f4e635362316344ac4c27195cd81f4c830182cfb816401db6f779de65c57cee7b6092d54fba581b43afb322aebfc8e343d40376cdf43496e40a9e22b08c9e52e61fb92120311b3066a20fc76893d8ddf0cceabfda314034702b7ce091b2908ea7b721644f43dd320a1664001779ffc76a478a9fd59749fc8ab831476b6062cc4f6dd9865c320cfb893db6c4ea047a10db70e82ef86e8b1267910f19ebcb6bb66a5320d7d7d6f2be147c751bb3ca82e025c32797ee1802be75be10b838f0c0dc9f9897f73479f0561ba7c0d1f67084566a9765ffbdc86aa0ae22cf7e5a5402ce55fd8738da7c3c3ca592496124be87fd0e30ec4e19d95397a06f943196df861f9d25d12c744ff15e4ecb4a27723b81375428001e56487115ebb7935a254c6b1c0f07b70b7f6591c8ef36b1c2855469dd21d6265bda8bd40dd6ea532c6d05f70f2e9b16d0bd880f8604a20004d524e9f884e55e8cbdc9715f27f4a73a7b659b3b7bda10c0d374be6557ed341083492590ebca7a613eed3dab1da763bd2c6a2edbe025c688855f3a2c55c28b650b17b53a733681ea1f0ddab5b88ccb917a4b87cc148149c65e493795d626b6bfb0be6226197af633aa256d0eecda358ae2127aa1a4c7802703501a46001214e0a0ec7845a5b02692f3da7a78a579147c20f3902d2af895b9d87a51aa346619027401ebc4c5494e1e98348cf878d1b4dcaf810f0e0175510d3abc3108deecce5c480a546857266ee1b2465dc1dbee5569d6c330921d5b0abd108a5d45955ea18b5d284b9c73f5c66c6f247bc7044c4ec9531d18c4ce7125574d29f5d2b2fe38fbd"}) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r8 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000140)=0xffffffffffffffff, 0x4) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r7, 0x81f8943c, &(0x7f0000000440)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH(r8, 0xd0009411, &(0x7f0000000640)={{r9, 0x8, 0xc00000, 0x2, 0xb2, 0x2, 0x7, 0xfffff800, 0x7, 0x3ff, 0x7, 0x0, 0x1, 0x0, 0xe}}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r5, 0xd000943d, &(0x7f00000dfec0)={0x8, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0xa2, "121a6160c50fb4"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000e0ec0)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x7, "723ed78e5f20d1"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, &(0x7f00000e1ec0)={0x3, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {r9, r10}, {0x0, r11}], 0x0, "69e5d8b90c4db8"}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r12 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r12, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r13, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r14, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r12, 0x8, &(0x7f0000000240)=0x2) r15 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={r1}) sendmsg$NL80211_CMD_SET_INTERFACE(r16, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000640)=ANY=[@ANYBLOB="90000000", @ANYRES16=0x0, @ANYBLOB="080029bd7000fddbdf250600000006000000050053000000000008000500060000001c00e700973d435966399dcef25d19d32ccaa792dda2d98738b0ed050a00e8000802110000000000050053000000000005005300010000000800050004000000080005000600000008000500000000000500530001000000"], 0x90}, 0x1, 0x0, 0x0, 0x10}, 0x0) ioctl$TIOCSETD(r15, 0x5423, &(0x7f0000000000)=0x3) ioctl$TIOCSLCKTRMIOS(r15, 0x5457, 0x0) 10m11.000188588s ago: executing program 3 (id=722): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000000), 0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x4e21, 0x7f, @mcast1, 0x5}, {0xa, 0x4e23, 0x80000000, @private1, 0x8}, 0x1, {[0x3ff, 0x9, 0x196d, 0x400, 0x8, 0x81, 0x6, 0x8]}}, 0x5c) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000600)={0x18, 0x1, 0x0, 0x0, r1}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000a40)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2}) listen(0xffffffffffffffff, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '@\x00', 0x14, 0x6, 0x1, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x7, 0x0, 0x0, 0xf}}}}}}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000540)=@bpf_tracing={0x1a, 0x10, &(0x7f0000000a80)=ANY=[@ANYBLOB="18000000fb0800000000006155fbb305288ceb61478045fc78008fb34422ba7197098cf69b1f67077983db8935ea905d547b0a7675283a4e3231204232920dc3de08009191348b8f687b712eca1df784e3fd8491a3325dc97fd3271deec9bf58a356e0f741b3356f53a8a8da385b4ca281f4dfe203fe5b599b5b495d5e5dd344e589819d6fc69942c5bc17d96e8d966fdc686afb5062b755814b9309eded8f653aeb1cef97bd0582e6deea6634b922cfc168a6bdb19c01e294c40325fb464e2c2fbd712758b244712134fd7ca6d2ce589805ea713a4108669ba94e2dfaaa85961cfb7e285a4ad987b701d9bf28ad186e", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000000000000850000008600000085000000600000001800000000000030000000000000000018400000040000000000000000000000852000000500000085100000feffffff180000000000000000000000010000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x50, 0x5b, &(0x7f0000000380)=""/91, 0x0, 0x20, '\x00', 0x0, 0x1a, r2, 0x8, &(0x7f0000000400)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000440)={0x4, 0xc, 0x7, 0x7}, 0x10, 0x1c9fd, r2, 0x6, &(0x7f0000000480)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f00000004c0)=[{0x4, 0x3, 0x0, 0x5}, {0x0, 0x3, 0x0, 0x3}, {0x1, 0x2, 0xf, 0x2}, {0x5, 0x4, 0x3, 0xb}, {0x0, 0x1, 0xb, 0x3}, {0x2, 0x2, 0x3, 0x3}], 0x10, 0x1, @void, @value}, 0x94) 10m9.747285886s ago: executing program 3 (id=725): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000003440)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x31a0}}) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000280)=@get={0x1, &(0x7f0000000200)=""/68, 0x5}) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000000c0)) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r4) sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, 0x0, 0x4000) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f00000085"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r5, 0x0, 0xbe}, 0x18) setxattr(0x0, 0x0, 0x0, 0x0, 0x3) r6 = socket(0x2, 0x80805, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x7a, &(0x7f0000000340)={r8, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r6, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r6, 0x84, 0x0, &(0x7f00000000c0)={0x0, 0x4, 0x1, 0x3}, &(0x7f0000000100)=0x10) 10m6.455949332s ago: executing program 3 (id=733): socket$kcm(0x10, 0x2, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, 0x0) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000000)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x840) syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r6, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r7 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r7, &(0x7f0000000480), 0x2e9, 0x0) 9m51.126939028s ago: executing program 33 (id=733): socket$kcm(0x10, 0x2, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, 0x0) sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x8, &(0x7f0000000000)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x840) syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r6, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r7 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8) sendmmsg(r7, &(0x7f0000000480), 0x2e9, 0x0) 19.472017161s ago: executing program 1 (id=1974): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb7000000000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r0}, 0x10) sched_getscheduler(0x0) 19.453709334s ago: executing program 5 (id=1975): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000140)}) r0 = socket$unix(0x1, 0x1, 0x0) shutdown(r0, 0x0) socket$inet6(0xa, 0x80002, 0x88) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6}]}) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[], 0x20) r1 = syz_open_dev$MSR(&(0x7f0000000500), 0x9, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') pwritev(r2, &(0x7f00000002c0)=[{&(0x7f0000000180)="ad2fcaaaa917", 0x6}, {0x0}], 0x2, 0x40004, 0x16cb) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4000002, 0x3032, 0xffffffffffffffff, 0x2a1cf000) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$FS_IOC_SETFSLABEL(r4, 0x41009432, &(0x7f0000000400)="7d8a25650b1dc90dc7833aaa171d34e30e2901ff3caecb332cbc0efd82a2cbab78435cd7da2f294885b6ddec18d6a370b7abcde108df55044dd1f99ea9ecf418da1ff8354ff1bf67c30db8f0689f770b4790ec5003cb1363581501ed41040fdf36924a6bd596c94f749702fabffe7a0652080d6f40e10ffc4481f6645fb7faed5e88c65701a3619f0573d6158e14e52006095d66041520118f1eadf4c570cbb0f50460461e967e7106dd89933e16d0bfcfab1d4efc5232260d384da1753e1f15b930ee2255950b39f87412d8775de095b6da324bfcf6d64c6d78c9b43f48b4e33fb3274bf08c4ec1bc281948a93f531428a73f2c994427e1260b957c7d014661") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='mm_page_free_batched\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18) mmap(&(0x7f000051e000/0x1000)=nil, 0x1000, 0x2800004, 0x11, r0, 0xe1cd9000) r5 = accept$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000140)=0x14) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f00000000c0)=@req={0xc, 0x5, 0x0, 0x4}, 0x10) mmap(&(0x7f000054a000/0x3000)=nil, 0x3000, 0x0, 0x110, r1, 0xa32f2000) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r5, 0x40047211, &(0x7f0000000100)=0x1) 18.525480233s ago: executing program 0 (id=1976): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0xffffffff, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x28}, 0x0) 16.982171639s ago: executing program 1 (id=1978): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000780)={0x14, r1, 0x701}, 0x14}}, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) syz_emit_ethernet(0x6e, &(0x7f00000010c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x38, 0x6, 0x0, @private0, @mcast2, {[], {{0x4e24, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0xe, 0x2, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "3013492b84f5757a1fec12bd6d555ead"}, @eol, @exp_smc={0xfe, 0x6}, @timestamp={0x8, 0xa, 0x3, 0xffffffff}]}}}}}}}}, 0x0) r3 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000003c0)=@qipcrtr={0x2a, 0x0, 0x7fff}}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000001d00)=@assoc_value={0x0, 0x100}, &(0x7f0000001d40)=0x8) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x273, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x2, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_connect$uac1(0x4, 0xa8, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x96, 0x3, 0x1, 0xe, 0x80, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7, 0x2b}, [@selector_unit={0x5, 0x24, 0x5, 0x5, 0xe9}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x201, 0x6, 0xb, 0x9, 0x6, 0x7}, @extension_unit={0xd, 0x24, 0x8, 0x5, 0x7, 0x0, "1a753d3bed58"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x4, 0x7, 0x53, '[< '}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x7, 0x1d28, 0x7, "b4d04532"}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x81, 0x3, 0x32, {0x7, 0x25, 0x1, 0x0, 0x7, 0xf}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x3, 0x0, 0x80, {0x7, 0x25, 0x1, 0x1, 0x6, 0xfffa}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0x4, 0xd, 0x3, 0x10, 0x2}, 0x76, &(0x7f0000000140)={0x5, 0xf, 0x76, 0x4, [@wireless={0xb, 0x10, 0x1, 0x4, 0x4, 0x7, 0x2, 0x7fff, 0xd}, @generic={0x4b, 0x10, 0xa, "05eceded0ecd27428851ade606af19659723b400a1bf45eec9591b11fdab5aa615858a995abcdeb9d7a20e12263ab878b0fbfa2817bd666c214a531450c0381c46b557438bc10dde"}, @ssp_cap={0x14, 0x10, 0xa, 0x8, 0x2, 0x0, 0x0, 0x6c0, [0x0, 0xff3f0f]}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x5, 0x5, 0x9}]}, 0x8, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x1409}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x41e}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x200a}}, {0x72, &(0x7f0000000280)=@string={0x72, 0x3, "58532f4745f93914de00e8494d0de325cf58526db642e051a13b480ad9ca0259881f1ff267240e250d3de6eb00924d7ce2666ffb4d179aa8258824f4587b76ccc8d19ab9e3e1e5c81f517f941adce9ffbe5727a0d3ed9ababb95af6c42d3bca038215fb3c9f48e42d65fca15772490d7"}}, {0x29, &(0x7f0000000300)=@string={0x29, 0x3, "5f725fc58ebd19d22b8adfec12467b64e057740b5bce6733e29a18d361bcbc278a8be680abd255"}}, {0xc0, &(0x7f0000000340)=@string={0xc0, 0x3, "febaf997b87803a164909707daffe1773475d9ac5c1e554f9373da85c05983d5df9bf827febee55919b8dec3b34c0f68307e6ed8aa257e716082289fb20efb147ac27abf921050b9b56dcedbc6e565b1714e043d717dab571f200d9a71a404471b5664ee8100a48888813f37529dbfd7b628ee86a342420fcf3055de4cfd245ccfc3f12287881239c0c06908f4c2f1d8115791ef9481ffd98b88b60a19c6ce2c0ea56a398f5d53604cf4e3260f14cc2034a9a837db913d5989f42bcb041d"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x2409}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x43e}}]}) 16.652308013s ago: executing program 0 (id=1979): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x3a, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r3, 0x112, 0x13, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000005c0)={0x0, 0x10c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x0, 0x100}, &(0x7f0000000240)=0x0, &(0x7f0000000380)=0x0) r7 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) syz_io_uring_submit(r5, r6, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) write$binfmt_aout(r8, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x200c9, 0x0, "0062005707f7ffffffff00"}) syz_open_pts(r8, 0x2000) ioctl$TCSETS(r8, 0x5402, &(0x7f0000000240)={0x202, 0x0, 0xf376, 0xe, 0xb, "764613e5f420bb31a74e44353513e29a308e28"}) 13.621464696s ago: executing program 0 (id=1981): bpf$MAP_CREATE(0x100000000000000, &(0x7f00000001c0)=ANY=[@ANYBLOB="0a00000000010000b30000007f00000000000200", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="3017d409000000bf02218f3a6100"/28], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000500)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) timer_create(0x5, 0x0, &(0x7f0000000140)) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000)=0x38, 0x4) socket(0x10, 0x3, 0x0) add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x9200000000000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan0\x00'}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40004) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r3, 0x101, 0x70bd2c, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') getrlimit(0x9, 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCGSID(r4, 0x5429, &(0x7f00000000c0)) socket$inet6_udplite(0xa, 0x2, 0x88) 13.270875438s ago: executing program 6 (id=1983): socket$inet6(0xa, 0x2, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async, rerun: 64) r0 = getpid() (rerun: 64) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) (async) recvmmsg(r1, &(0x7f0000000240), 0x0, 0x2, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) (async) setsockopt$RXRPC_MIN_SECURITY_LEVEL(0xffffffffffffffff, 0x110, 0x4, &(0x7f00000000c0)=0x1, 0x4) (async, rerun: 32) r4 = socket$inet_tcp(0x2, 0x1, 0x0) (rerun: 32) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000240)=[@timestamp, @mss={0x2, 0x3}, @window={0x3, 0x2, 0xbb}, @timestamp, @timestamp], 0x5) (async, rerun: 64) sendmsg$inet6(r3, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001) (rerun: 64) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) (async, rerun: 32) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8030, 0xffffffffffffffff, 0x0) (rerun: 32) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/timers\x00', 0x0, 0x0) (async) r8 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r8, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) 12.650166542s ago: executing program 5 (id=1984): socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs$pagemap(0x0, &(0x7f0000000140)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) socket$inet(0x2, 0x4000000805, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0) 11.628755067s ago: executing program 1 (id=1986): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xf59}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000740)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000007000000010001000800000001000000", @ANYRES32, @ANYRES16=r3, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) socket$netlink(0x10, 0x3, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x2000200, 0x0, 'queue1\x00'}) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000c00)=@usbdevfs_driver={0x8, 0x28000000, &(0x7f0000000bc0)='~'}) 11.302538182s ago: executing program 0 (id=1987): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r1 = accept4(r0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r3, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r4, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000400)=""/248, 0xf8}, {&(0x7f0000000a40)=""/4096, 0x1000}, {&(0x7f0000000540)=""/238, 0xee}, {&(0x7f0000001a40)=""/232, 0xe8}], 0x4}, 0x40003e00) sendmsg$tipc(r5, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) sendmsg$xdp(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="22f65ba8", 0x4}, {&(0x7f0000000440)="535ef01fc1c8dbd2d0bfabe9dd88b7500c81417e8dc7ace2a19d1bf8bef1c5d10533adb668b2b7fcdcd5e7017f2ec9b9bfb4f9f1ead1171921f5120e94969bbe", 0x40}], 0x2, 0x0, 0x0, 0x24000000}, 0x40) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x6c, 0x0, 0x1, 0x201, 0x0, 0x0, {0xa}, [@CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xab}}]}, @CTA_TUPLE_ORIG={0x40, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1002}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x3405}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4041}, 0x0) r7 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000280)={0x0, &(0x7f0000000640)=[@cpuid={0x2, 0x18, {0xe, 0x7}}, @uexit={0x0, 0x18, 0x6}, @uexit={0x0, 0x18, 0x72}, @uexit={0x0, 0x18, 0x8001}, @uexit={0x0, 0x18, 0xfffffffffffffffb}, @uexit={0x0, 0x18, 0x2}, @cpuid={0x2, 0x18, {0xf}}, @code={0x1, 0x4b, {"b805000000b900f000000f01d9f20f09410f01c38fe860a338180f0664670f01d6c421782802c4e1695fb904000000c46121e5e96465430f01c8"}}, @code={0x1, 0x5d, {"2ef30f0936660f3a61382b26676426470f01c3c744240000800000c744240200000000c7442406000000000f011424640f796a0065470f01cbf2af470f01cac42351486e824326460f00554c"}}, @code={0x1, 0x5a, {"f08026570fc71e0f14a3ba49000067f30f0129f042f61626260f23aac7442400d8000000c744240200000100ff1c24470f013766baf80cb8d8240e80ef66bafc0c66b8b3a366ef0f07"}}, @uexit={0x0, 0x18, 0x4}, @uexit={0x0, 0x18, 0xc}, @uexit={0x0, 0x18, 0xfff}, @cpuid={0x2, 0x18, {0x3, 0x40}}, @uexit={0x0, 0x18, 0x1}, @cpuid={0x2, 0x18, {0x2, 0x4}}, @cpuid={0x2, 0x18, {0x8, 0x18c2}}, @cpuid={0x2, 0x18, {0x6, 0xb}}, @code={0x1, 0x63, {"0f20c035000000400f22c0430f01c566470f38810626410fc76fda3667640feee465f30f52825e1ab2d7660f3882b51a000000c4829d08b888e90000c4e2edadf5b9f7030000b843000000ba000000000f30"}}, @uexit={0x0, 0x18, 0x40}, @uexit={0x0, 0x18, 0x9}, @cpuid={0x2, 0x18, {0x4, 0x7}}, @uexit={0x0, 0x18, 0x800}, @cpuid={0x2, 0x18, {0x6f, 0x800}}, @cpuid={0x2, 0x18, {0x5, 0xbd}}, @cpuid={0x2, 0x18, {0x733d94d9, 0x2}}, @uexit={0x0, 0x18, 0x1ffc000000000}, @uexit={0x0, 0x18, 0xa91}, @cpuid={0x2, 0x18, {0x5, 0xcba6}}, @uexit={0x0, 0x18, 0x16929a01}, @uexit={0x0, 0x18, 0x1}], 0x3ed}) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r8, 0x4b67, &(0x7f0000000080)={0x0, 0x0}) socket$nl_crypto(0x10, 0x3, 0x15) r9 = socket(0x1e, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x25, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @local}}}, 0x90) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_timeval(r10, 0x1, 0x4c, &(0x7f0000000180), &(0x7f0000000300)=0x10) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_WRITE_LOCAL_NAME={{0x5}, 0x5}}}, 0x7) 9.938135307s ago: executing program 1 (id=1988): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x15, 0x5, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) read(r2, &(0x7f0000000040)=""/148, 0xffffff96) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x48002) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000500)={'sit0\x00', 0x0, 0x700, 0x8000, 0x800, 0x7, {{0x20, 0x4, 0x0, 0x3, 0x80, 0x65, 0x0, 0x8, 0x29, 0x0, @loopback, @multicast1, {[@rr={0x7, 0x7, 0x54, [@private=0xa010100]}, @timestamp={0x44, 0x24, 0x7, 0x0, 0xc, [0x3, 0x1200000, 0x9, 0x9, 0x0, 0x2, 0x5, 0xffffffff]}, @rr={0x7, 0x7, 0x7e, [@initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp={0x44, 0x18, 0x25, 0x0, 0x9, [0x3, 0xd, 0x78, 0x16, 0x5]}, @generic={0x89, 0xe, "afe0e3f21150d7227b3defd6"}, @noop, @timestamp={0x44, 0x10, 0x1b, 0x0, 0xa, [0xef, 0xffffff3b, 0x3]}]}}}}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=@framed={{}, [@jmp={0x5, 0x0, 0xe, 0x0, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @jmp={0x5, 0x0, 0x2}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0xf, &(0x7f0000000080)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x39}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xba}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$IMGETDEVINFO(0xffffffffffffffff, 0x80044944, &(0x7f0000000180)={0xd02}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) 9.936516278s ago: executing program 5 (id=1989): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0xffffffff, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x28}, 0x0) 9.935927124s ago: executing program 6 (id=1990): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000001c0), 0x4000, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) statfs(&(0x7f0000000040)='./file0\x00', 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000380)={0x50, 0x0, r0}, 0x50) open_tree(0xffffffffffffffff, &(0x7f0000000780)='./file0\x00', 0x9000) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004280)="a8698fe7c840998ff296b8001083e08d47cea0b5f5f1d62a6ba00c56a0c7171b20205ff3584fc355d27b14eecab7f12ad31242e982fb39b2743e97a2fc6ef560628457aa60837cb3a82d524d5caf117589c672270bf81f62c59472b483f2611fccddc7e33bf672b042e6709191976c6e9b5e972b810283e6b0fc9397d6cfecc0a8d185070efa26b5f303e6d6f044724e6e8a06649fbc5386996890d81987967aee5b6d6c44b4227237dea6b294a61de053bc506515a72c42bc4f94d0dd6bc3ab26864e5a4bbff035d710fc1577fb49f54030f1b53ac978447740c20a124afe33a0bbe2453a3a7f8eeb6ae566d1ebb17181e275c76f687b003d5237d5005ce73c184233ca8a9602d6636302cf562104a968be14bb18a1b4a2e218af0f2ea71a14bfae6ddbed7aa920110602bfd51a5cb2250c54ca9b14e40dbea16326b331e33d4eba3553405901cedcbbc1fdb615359eba07771e56ef6acc517728df5f84c3d014fd273e9d89df12869cd21dc1d1515c064ff3dba3b6c8440b78c3c4dad9eb09333ba216b3d6d8babdc59d347e09d25cba13b1a691921a756d4e0f935a216293214b50339552a8a2fc4ef5b5513916c152004a2219f6052a74263b8d216c6cd2c84cff6d3e5ab8a2f0f2800c6974f31bd1dbbcfc3d014f31a7f9846c43521c23b96d6e2c7cc2bd5dc1749dd004ce2ee9c4e2638b0b5033a9e188f537b0c26a82612504b2af4e26ea39c743ef3a459162e4fddfaad79b85044d88d94774a50963114ab30d22ddda2b47ea713157bd770f4bdd0f9b829e6d44637b5a417c8880b62cfa51ade109a13e4906d86619252724f0bd8ba90f02154725470f144e3942de0749ee3f5eef7f5d63097739623f110a9eb4b21d2f74b34bb392f373e4d8ec727d65424b2b660c9abf1f668d7ccb04be1b76242412ed884df954679aa3746a34e011bd122a0d46c3a3bf9b6b436c96eb5993735b2cb4b56d376f0278a7b259e29f19e385198ba64810e5b8cc258edb07306077806fc261699f838a57db56359cec57e2cbf664b642348ecf74b0b5a08badc0d10ee9d04857c5524cb6589b481c44324ea73f2dc26a87883b89decea3bd3fb28a1959db90e239cd98215bfdf0b7e932582a6ac7d15c154a9e5143be9a499402ffeed79b21516c09f5837b55f118ca2d224ad6022c58af48e12c2d2dfa0299a2c2c0165d09de9180dbd9c201623f672387154011d878ab2817663553e3ab9c1c0507e0129261751318a6e07d54d1b90c90a097d994c551b552c88d418b127ed130de600f74ca3c23451abf5f09537851ca657e14bc6409bb511eafd812253b582f130294da973acb9e00700000aae980d211e40bc73c0a098cc349f90e5f3292f4873ce1cfb1c0d3aa92a510970f43d2772b57487cfe2e3cb70861aeb3efaf9efe735d10d9249043212a961348c1d7fdf36660927245a5bb079def6e5c9a1d8f54689e45573790c2155df64aa06c093e1fc974127e80d5b9da02954e18c292a52f962bb9f8785599b7e1a35fe153b6022f7bb195f8e3c609dafa52aa3eb6fb2eb82d9a09ab0de0a47f92ee97b05b279e55720e3c4743a6d56f151e5363473d46ce5fb1c5162601856f8c0b3eb7f4f5502928e4bb3ed94ce7446f64578c9faec8a8133e041df740acf6ce510ef7b70dcf7f12e7024ebdd115895f40e684f91003fad967935be2ac19cfa057f2b61a6e2a988e0381f23ea1b204013b0111db5f9b9d018598577acefd7c719b366b8bc575de20ee497c8ed02760275ea9ceb38568f78919df95765296d75a7ccce394016cb02881a3d37de32caf64972cfea2554a591f1b1600a9b5a834af504851fcb400156df3448d671c488e3aebd152d0cc81bf8e8bb57b1d045f11b558cbea0519757025fae2fc2d06250e689743eb8f138711194bfaecbe3512bf32959bc683e84ad6f85b5d7333961c2e5d609255ef0db2b8af4d9f1f80103ff6cb130e0b4d7a9570382683222b709fd6b34aa5884bf7f43e00c4060daae2426bc0c5557057ccd1127e156b5dcd4022d823fc4b10905ad08f956ff0e1e03eadee4b60a325ec1d97193beb3f0c060ac37f05f33a9d5336743178a195e36751b959e47e8fd3cbe8ef3b35da1a5da92f21c50ab22649e95df6533f306314b8b216421f8767fd460550cd759dd6449e31a4b587338ff11eec3080b2bd5c3b0e4882289f6bd4d6e722275c3e2be2520ab3416c7ea85fa8838fa988524fc2f64e3ac7db344b83e095a343ad16d607b4aa5abc687264ce36d4068d712850a47be005c28c07ee71abbe40927a3db0afa1f235e3133cb2743db39404f6ab7925a800fe5e2e2d7b2cc1cb20f53aeb418c1a2cd19ef2a92b9cf21ffb78c5278179132cf93e4e266fef95bce9d3b4bd3cbd6a030b6b8684fead87c1793e72c0b4c7baaca7372faf429ed2b73387b5aec20d9fc4ea6232ebf6cb0101660d8c7a4f8b44aa2f92a3609c1634df6e304e9629bd3c0b2e829490037a3af8129e5526ef1618aade56b9dc083a417f21e5ce3b7582060b610d4a002a3508f9b8f0b700440c79eaaa604984bf8334af9adcc04d8463a17db03683c029e1d6835d210730b308b413eb6ef86dc9769bcb51c6769bee39de193666fd9acdc7f66b7d07403117e43f47a0bc06544069720951eaba218ce8d07a825b0ce5270988ab67f53aaeec00f8f3eeeae428aaa5b8cb1bb14c85e664f7fad1cbe0edbb06e23ce924554ba09a570531ea1363cf257eee4c029ed38f18bdfebb0cc65f40bbe9827b1fe573efd1583187f3b55c7c5a0afbf40f5aa01e145a109bb5e9e75e8f3df23744c6ac79d61baa1164f8a3241d4e232dd6ad622d9a31ccf52686e261601c41895172b957ee12ac62fb53a70e18e597c553c02e49eb62283b39264971782b225f5f92bd87d6252bf87ea5643b167414ffc3b437053747163de0d47bfd60181817ec961a3202f374489826bff503fc342c8c42cd3a662efefd48644cacf9d9af8403ddb8bb75a1db603bb7cb106a9d3a0aafabf5b94a7430658ded8606fdc5ad179a6de2c0f8bca762a482682353ecdbb61b37a62c955fa0767d936d7af967ae19557827b931e7d78f740f8e04920e97e644e0bdbe04a6129fd502fc3105f9847bbe2aee780bf8c2c04814b5d1eb7a2914f55d962391c48e159a3068d0ba0d9fffeabbd3c5c614586fcae265131f5b5ee7722f08389402ed49030e233f163c4a9bf2fe2edb40c62a0b444df6d1f71d06143d0eaf77c2f21e18e87f515496d95ed5371375f5049809606ae868e8432f5faa150d55ca279a108e2a699c2f3c17da228c3d04c249e176a9e1417191313f87486683bfd76e0d22f6dc28293a2ffc0ed382b232e452100d54b7246c86ee78fa94523f523ac18102e9ab3be1001863552bc2aff00232341e90af12ac093bad608ad8e7f14662756cdde565ab4afad649fdbe4beaaee1a84b0e6feb5ce315c5b9758ff16660984b1e3e8d0fdc55fafd8c9e2776f8a2fd4b47cea52a4266a40e4a6f35dfb7d648857a1dcd2d3bbf5a97e11f4ea34a961b84b278fac3db0d898528514b6fa237bcc0e6244fb79d6bf65c45833cbed0a2909934d85c67dd48be04894c39c58e46993f8237d1a48db2bb799826fab1fe81cff37a11ce45fcac5f91ce6d2fd83189501434be495147f8263566a471c2872be6d1ab7587cd8db97e5f45b1cfee6a9ef315d79d30c3a2d2ae72c9d9bb20daaeea1b701d4a8437411fc6c26193b0fc1e477b4c467b0096e5b210d85a270fc72860ed79808e0f77f7742d6318dff9b4274a4972ff652a0f0c22533f00000019f339d7be0503a55aaf462e02d63f8b8651dddfa69373bb9856bdc549bc5248acdc0274ab5af5582047f235083b4a1d2f42162eb1d4bb2b31402c5126e4dc18a0af93f0e71fa036518eab354dfd56f5d0dff6bcfb300b673dd575389f7ec97329d31f94505a34ddbc307a8d428963f97cd548a2380ada5998e24243804777283d993f5bffca4b8775782ce58d8e8390d590455d0914413616b7b9fe90b929029ef89ea983fea1af656653841dd8d479fa1b2ed31baf83aa0da4f6c8fb37affecaab651d211cea279599f0b58707e86a979da10833079d9bd8cd1b7e9cfa7509a600b650dbb62fe3e8d91411baee677dd9eec3707ca3ea2a3fb30f4f4fef55e3bbfe09c0f25340d7bc414ca99b2bcfdfca87015cce9b2e2cdf8aab550185897270d862eb345db7df4286cfb85a9cfba5826d5d045d5696d75838ab4760caea3a20617734bf61e667356cee8cdbfecccd5f022500cecc844b804b65f5320b4841a4b18841cb6a1c684b539a2eae2f6f30d4c21f3dd3de6a1032b62d062c6a005c9b7a218f70de341dbf3cf18cb2b6262eff861eb979ccf88746cf100e04dc31cd26f115f8d504d71c43a03ce250dc29cb3a5bb984cdd3b63e1b5bc399075997a41b8bb463ab781661f2cba9801534fd3e4563eae755f2c077da501289dc81b9e6ec66911b1a019e9a48385feaebcbd2a792f615ea0f250876dc0e0f7bb62bb0eea9bfbf6fe5037178e4bd1354011edec082ae14e15e23174baa8eb4a27179181f656efe516db695358690b754ae31af5e4dc5f497a81281abc3cee25ad685ec660dcecd650f603fc39f626aabea34248cf67457bfb3d9fbf1e5c199dae306d272dffbc77a68cc7297cf9282912ed53e26b5bf0918e4eb01771c0cd637ca97c9368a5825ec364277872f9eb2a9d3642b09655eeb8e17718fcfc6de927705d919024916f2055e0b5ad201ac1dad1029e16b15f2b9d8dc60194f539f5af00adf01b1726e95e906226b53137a642ded6d86d1af43340e2ac88c5d3bd784beeab2a07a36f00736a01760118f7731c49a305b37b5510137efa315ce719f319f99e8b0d46ddc30922c548aa4ab0ad793da1e69ad7f1cda860e8bb11da86ce7cc35fe484aad7c9a213b1d6ac1e3472fbdd6ca17b4f8338a7ced68c257af1b46082f6561924727d90651967aff85b19153d67a6f16a6c1de1db5ffb6237f9d6c2b9d3e74fb4837c0015bdfa8dbbb6dc2f5a87e34ff5169a61c7ced56e508a7f46dc58c8c1d683c8ec27380e7a6fa896ada95212da08fc3036c4c002cb1a89116e668344a933fd14c786a163d5d2ec9039345d25d6583957be83869549b76b3355e787b4649b7698ce7870cd04a2315be98c3e84a12e4299c9c167022c7ee8e9bf49ecba1a490ec35c1c1e0eeba5cc2f53e38b6aa28c00501153a7c492d38808c2a999e07787b558ee387cccce009cc59b56d6c9eefefc9a0c99a86eb2ec036bf3a3e5335caa04ac55b9b4389ef620c57ce2128bec024fe8f23fdbcd751ae49d84bd7d769b1fc30927468b93ad331d29c3118546dd76f553754bc7c4669a845700038daece7fb64d4321ed4dd77a52eb14e89c05557a5b4ebd683b22a536a7010336fc19e9a6e50ba14d31222dc75c0fba29f74eadae35dd337d4f52caa75dce4405f81883b6f5c2912cd8cc4cc14123c001a8cc043a740250c78d369231ec7a3e79918453c604a10e3b5ab01232ef9446333b6a2fb08c18170d78883ec57f94c892f8d1fd56b0915d3de8df85266a0386e58cad506027c7b4c3350b0b598ef39fb1751b9f43eb30b5f218a4e4bda562d9d537b0a1d6a342e6a44a11b207f64bc63956f1d115e84b3a6ec05d9ffa92463aca8c524e50ed559f02327a1c4c6e6cb4181c2a2f4b02b342f3a5dce66c9df0e737b330f1e02fe6782187e88ab7362723519c828dab49fe864a84621f17380d84b1fa1876b04d5eae3becff186e38dfbe64cd10b02d43fd526f4ee740d9a9a2de6fe867596cdf8cda87dffb1ff63bcc82b0700073102bc6424cd4ff4b25b0730bbbacf982efc4d7ade1283b04469813dd93f8f880978c897eddff942c391e1bc4b66ce1796a507668dd00b900acb226709f0c0d40b379783f4f1ba2f7d76c1d4e2aa5d2daf986f7562d40b3fa0e37c87a0a3a35d14d84ff4e56371adde7f9c827fce74b63c8aba9b44c97631c5fe0fb4a51999c4c286f71cb57614eb3f353dfc7f4cdf82013afb20c9160fccc88e441902784969b5d243971ad012e2fd86bc2503f82beb63fab1416fab838b07e6550a90e2ee4ee55e9178cc18dfa1b8b818a4546882eb9375e12832bb179f556b28b6ca30852747be53923a5c1d0e0a9230006462d2e3cb40225773e504be673772c6606c3661b7d2e3d200ede07f75d776873a1120a114b89df7cc086895a7b69392d18098b2effa55721bcfc79a95e72dbd639f1b9f0a4dac34a1152b0c046885e7601c39a0f3e806cac7c4067ddb9bb7680acf58ea1d64a55a5b01346333999d0cc28243ee99d753b21f7da22d64e565ab6a4f454b6b95cba622831c9713b116869b9e50efca995fbe4373e85cbb95cd830868ef3efa01423982c62c0d6cb4ed0a50ceff560e613369c6b372cc4e506b314e8fca6a81c77aecbfb83c54b1202a1606116305face655d14f35d231ca016bfa2fa268f6a05def53430ad4fbfc9169d57fa5588c4931e068cdf63ddc33bfd0fba54adc80c853a5e7cdde0b1ff435c35939c2fb132090265e66138cd8639702ee285b4e9634545443607a9a84f8c15709eb967c2062b1dd01827091d12bb697db53f68a375dee36e021c99a698bc6d928a930a1418e74662c613b2829a367eb408993851f24cc393f2cc07840c9e73cd2f9ca7ded0bfac8a17bc03fc6195eb86a094c69edd41d5f0f9bd31b56d5d2e43572f3f8d2f26ad626ee9eaafaa571ded286e5c80d56581254c64a930c6cd6506fd59aa6e7878040d6471893a1b4d5c80b2a20a95af45b0f0665616296229bb2633f33c185f47176e3f86b10aedaae4b24adad936c0cc7512b90cf7e7de270edb58713b7ba93a1cf2b47d8cd1c00411bd201064558d21631f8e57ad46780ebd942a8b668fc692415f617408cb14faf49ea43f20bbb8185f0c0df8e4e457faca531d316a127bdc125e24d8c061c0f4e07ef38a4ddca42e5ed9e8b77d7545c8859a02dd8726f708183f8b11272bd79920cf646d5f4b37705b2c67467be9f46096eaea79510b34c54db1747241dffb94d984edd0b1607bc88cb4f3ad63ba90f4676c1e5383c1f4505da4b7945219e32ac1cd5ef7398c3a63c8c28e7bed523491b83a27c86245879f2c462cca3f45e82fd8345ee7770e13d3d30641c8a523d8270fdec3a03be1e962642d9394bafb8f0e930a6b7f5ed1e405699b8ad69a6221744582033aa473967e10e9fa16c78db5612f76cb966b3dbee2bde31ec1e941becb54e0bd771fc688f6e716925aa5fdb2aa5c4d5f950c2e0ab252fa9cb52528f52a000501a93aee20152c526a301585fb169cc57aac9b6ff17110420b73978a785d4bdad47b4ee0fbaabb3e3cc57ab9ef43d740eeafa693ab3266941c6bc2266e33ceb46c941e92543ad5428d9f140223658f796f9e53b5507a0983b81d1a916b1104783e5493b78c9999a4dcfdca7675f9711cab87f7f99fd7be5fc1513bead550bd4c61690b527481c650d540fe8888b245c0d35f1a55914a321f13344f4be45cfc07d106c547cec05debc344c506b8c3adb0728a3f1923be535eeac5492758bd51ea3aab0d8df79168d885748644ba3f616ef15fba79d818a45c4da4478e5a1a682cd07505e3b5c2ef2255a8fc058e1a4c0683c70ccf0b38e74e6ca88408266dd090409bad6c75212192804dc013d3dadc4ae0dae0fabb9627e65f6218f3ad09f2f436b52844aa0d63c5bf9845588e8a1b6ceb38d0dc025eca4995e90cf3c7acd801cc543f6c26ed92c8082537d72063d173f48c4fd7aab447e33a72836bfcedb8acaadab1ce9162d82e5b797fda854c90f7028c3137e6ea72815b5a73103efb913ad9b5185ebbd0174a71e87c1283f52021b9c1b443c2d0ad2d97512af2e91e9d302a246b4f1adefba69155144ae0bde1ead8826641105b74519826fe55fb2030cc04f64c336980620bf23dde2d521a8ab0e1743848f1bf53f75373c7bbd57279893754a44119055fd1278cea2fbd324ec614488419b789c931ebfacbd42c9ef910a7bfa9f53170667ae227a31316b9783c109e6d9172debdac681bb0e287185ddf85854d7679cb8022fd26efcd55dc80be8ba2f3e62668f18186a9d90324e36ad8e30bff59d2e9745ca43be7be9e24fa3896d883491f79e72e7e2e4e2d012169d21c2e7b70edd707b1144ff87e8299b232594549a340a1a5e4a2f302f738d1266473516d2ce1a128af47d6136254163c8224a0c65921684d33b6330eea4551aa8cb6d853097d98123accab534d5878970dcf7dd9bbc92461b4c4ace67f5ce435203e6b39f2dba9ff504e639d744e6c3ddb53fcefec0b28df235c2e27b37d0f66ec19edc6acc9b710293851fb4f6d1b324de851aa368c4c25720676d8cf8cba3a1fcdda9053d915758c76b0018398da4f6c9ae6d8ccb384ce51402b4ffcd168a4b2e81e2c6423dbb74221ee5f6a21e9874f3f0000268e1e28cec744b449e8bd0951349186a9a9168a462982ae681e70eaed9ff0da0a91ba37e10428440e2b6fb53ad34445f86b400b687c3e412107de6c49adfd29370714be66132c43a588748ee9e88189f4b1a366657ce74b9281533e129d432d6f8aaceabe9953cadb0f2c1808d7630dec47b4305559ed0a2f4e17c49e1906b0febec47b4dad5017503b112441e8804c6b1ea252bd2d44876ccbecdc37ac70a21fdc4d2a5baac174db70e3e1370e01ebf1a42272500cd840aaa99d3120adcd30897d76e4a77a6244e46e0b4b5d7153a0c4148716b8c71ac1b88c6da412a2331ba0ae4d660db37505fca4c8a75362e71a424c168fc18e1e58a1175b18852620661d2476d20ab5e8a935dd9b72bea4e481182ceef04f5ab274727c37841d99b8aa3d3272487540f457db07178091ad49e50b7bf8351909a83c5bc8a3abc5d941d6b8d628ed74832c21c93a65bef1cefb74a2038737bb8d03fa998208331a8cdb67b05ca225ed0e56eb6f76ec2c221d9c9d0059ff098efa801168000964aee15aac2c652fe2ae84a71a0c51b7eae1cc95779dd5c564909ca5ce99e9ee437d8732238c0dc386f5b0313bbf3ef2504f881a9c84c005fc7232be24c8f1ac6505d8d45f0d5af15628841bc385fc532ae8f900d7ae218fb1b152cdaf9d5c06191ada4b0f6ae9763cb763ae991d9dc28de27edb25f649ae9eb57150e95469e1a4fb4f52d3266a2c3aecefb5d2d6b17d483172edcd2fd5349f0b5cb038175110e85b0f4e1a0e645160f6c63381002cb75751f7290c8452a7febf264278f0b556831b78851598904a49754558a40dc36c5594e305a5f9938e6a0e63e39742b3c1b4fe30cd2102c12c55fe00424de2568b5a67ab138411c7e7e94f70bdbf09df60dacc12f7a72eba90e10eb73f8f3cd7b54438f32653186c71975fedc5c822ebbd0197dff5cc7eb2942c8abde04b570e77d72cfe1126d430732903dcfcc4bd137c05ee93b58a2730abc496c6fc9a34f509b43d69e5c1a3c18b47af168f4a129dc1f243eea9fe95739ddc5e02691eebae8147019b27b72e0c3b3469fcea1a65097af93a5220fa024474094976e52b5a374a18b2fc3b437748dd7c46c42f607c74e39ef5ffa3764aa6badc1a6da195a6239c6d5aafb0122f955708281087ec0d6ed0caf98413cabbd2b9b5b1342b3e1cb85caae60292c861af200bd7939efabb69dbf27cb44a23ca6f669820f70d1975de267f58e2b2e64ef0b17bb0b074b5c91adba8f3205650b783105d2a43c798c72160f28715f7032226efaaeab6f39a57e0837a1d7ac9df2a4059e51b8b0e8f0387aaaecf925398d006e94fb98db879cd5f4192640866c283775561375ac76b3aaa3f9e228b30b6e327393abe17d7659a3d5ab89598161127d2a43acb57319c9cc987a2bed86546d45be92d7904d10307d9f2fecf33bfb3c4f29331e49b38a959585ac98254efa4bb0841e63b079bae1d069d50f08758489e699f06016188b55ccf9ecb97f6d75198d9576c2ee81d3ef1ac3db748a6bf1afba6d10f6bd6a9a589cffbb348d4aa091369706e26011e80a8fd5d57fa38d6b8328de98b3f748a54f21a7d0d646a8179f9ff0f71f5d030246a85c6828fa7fdc04a9f51a742e33175e181712da01d2cdba35f82cf836cbcb84e1da57b6a0c2a90946c7065f0425b015ec436175e2220c273b8aa6848fe235142c43ca8df9db45659fc5ce84ffcda9ad058b9a83e778d77896a60a4d1f51ad14b9b840cb11a325e70740847f1fea6143d4f8193abbceb2e7d986900000100538759ca1e81b4a5e4f8688774eb594f28117fb11efde05a94e4371b960ee05ff5bdd55d485c38de17d566ccd7ac38a1cfa427badbb9d648fb0a29b04f1d90ac9a521dc1e1ba40f46cc436b6b66e980608ed73f43e536f5ded2637da3b0b56f00faf03c9350669cfac4e8873b9e50c2d78b7f3160f54367c4e01100a30d12beee2e98fd8a70d07e1cc20b3db2adf9766d74806f320313fb92c56a2a879b7c9d03fe3b24b6ab1b3e8e8ad5c153303afabd871aac88b7efdd48c3fb47848f98e3d176a3ab6b3cca846ea32d950cb605517982f6844958b928302470a780d98c4b1a4b5ab01adc895c844fb9ac78ae8998de1f2ab8d0b21a81e5585601ef2fee598fef5c0ca9f0d749c156ed77d858f372023db32079ab1d44d75eae1b74101a3d31c885211152664a2dd0b3a9952f1d64c9a9ffd7480d48ceec13e0fa18bee849e3b0dffe05073cfe76fcdae647ca64e2c4864d9c080ba1f86c9c7ae632fbb3f9c0de1df72c372122321dfb969bed743ff4a6809cd4b8af60d8bb48f6fafc080bb4a7e55430796ad7e1ab7a0170b9259e14ab2875a6f9de4597aa5781f0a12fcd6588485be3bc6f15ab5d228b1144f616f5a0fde66943e5cbdfb511dca3c35222f53d6ce02c3c354b5071929c174d65f03e9501c481b1e4d223fe9424b469b907a821ef6ead43c8852cea298b1baf1ca39932526d9a1cbf5706ba47d694bf6a451dbff9727f8184c38b3c2f6c50f3459e6f7c32bd829c12d370fcd1940c583b28863e718dbe737662aa67147c9073ddb3ea47442fb4f8cb3db2c486cde6a480ba798362309269b06eb5f36465692899599db8b8f928b0d5ffd650737b18c0dc6a2b4a22ff842355f047f314f224e890a67ad8d92fe6fa4cca60859fa50779f3639bd20c6522a84680de3f181671ce762505f723930fddddea9884468f0349c3ef43468746914af91511db05b2e8ea31804c3cb78c411ab23df80edac64bd6a40711e5ed9146dfd0e090c84c4d6af48629ae746eddd57f93fa2b718245992a0c441ed7828c35522ff1943f2c46c2ade0267c2c811171c13f6b5a9704b126884c10a1c4671908b55b3dd1dc8b9b16dfaa17dc286c723a5f5edd878673b3ebe9d7170513179dea4d1081869e81ee4a01a9b4bb8cb2cae6679bb6871b1e95462cbef80f35076efc3e554f8d7c60ff6c704d5ec9a44c42f2bceb95c71bf5538557722948e9b552ea000a9756c3d84bc40c32ee97de6a9c900", 0x2000, &(0x7f0000004200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x60, 0x0, 0x0, {{0x0, 0xdc5, 0x0, 0x0, 0x0, 0x0, 0x7, 0x40000}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 9.905619272s ago: executing program 4 (id=1991): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x3a, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r3, 0x112, 0x13, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000005c0)={&(0x7f0000000480)=ANY=[], 0x10c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x0, 0x100}, &(0x7f0000000240)=0x0, &(0x7f0000000380)=0x0) r7 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) syz_io_uring_submit(r5, r6, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) write$binfmt_aout(r8, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x200c9, 0x0, "0062005707f7ffffffff00"}) syz_open_pts(r8, 0x2000) ioctl$TCSETS(r8, 0x5402, &(0x7f0000000240)={0x202, 0x0, 0xf376, 0xe, 0xb, "764613e5f420bb31a74e44353513e29a308e28"}) 9.865592545s ago: executing program 5 (id=1992): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000c00)=@usbdevfs_driver={0x8, 0x28000000, &(0x7f0000000bc0)='~'}) 9.835167489s ago: executing program 0 (id=1993): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x15, 0x5, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) read(r2, &(0x7f0000000040)=""/148, 0xffffff96) syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)="d800000018008103e00312ba0d8105040a600300ff0f040b067c55a1bc000900b80006990700000015000500fef32702d3001500030001400200000901ac040098007f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b66bce0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x48002) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000500)={'sit0\x00', 0x0, 0x700, 0x8000, 0x800, 0x7, {{0x20, 0x4, 0x0, 0x3, 0x80, 0x65, 0x0, 0x8, 0x29, 0x0, @loopback, @multicast1, {[@rr={0x7, 0x7, 0x54, [@private=0xa010100]}, @timestamp={0x44, 0x24, 0x7, 0x0, 0xc, [0x3, 0x1200000, 0x9, 0x9, 0x0, 0x2, 0x5, 0xffffffff]}, @rr={0x7, 0x7, 0x7e, [@initdev={0xac, 0x1e, 0x1, 0x0}]}, @timestamp={0x44, 0x18, 0x25, 0x0, 0x9, [0x3, 0xd, 0x78, 0x16, 0x5]}, @generic={0x89, 0xe, "afe0e3f21150d7227b3defd6"}, @noop, @timestamp={0x44, 0x10, 0x1b, 0x0, 0xa, [0xef, 0xffffff3b, 0x3]}]}}}}}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=@framed={{}, [@jmp={0x5, 0x0, 0xe, 0x0, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @jmp={0x5, 0x0, 0x2}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', r3, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0xf, &(0x7f0000000080)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x39}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xba}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$IMGETDEVINFO(0xffffffffffffffff, 0x80044944, &(0x7f0000000180)={0xd02}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) 8.481332767s ago: executing program 6 (id=1994): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0xf59}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000740)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b00000007000000010001000800000001000000", @ANYRES32, @ANYRES16=r3, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r6, 0x404c534a, &(0x7f00000001c0)={0x0, 0x10001, 0x9}) close_range(r4, 0xffffffffffffffff, 0x0) 7.413924201s ago: executing program 4 (id=1995): keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000a40), 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0xfffffffd}, 0x0, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000), 0xc) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @remote}, 0xd5, 0x0}}], 0x1, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') sendmsg$NFT_MSG_GETRULE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x7, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x30000000) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) creat(&(0x7f00000002c0)='./file0\x00', 0x6) 7.235654957s ago: executing program 5 (id=1996): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000780)={0x14, r1, 0x701}, 0x14}}, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) syz_emit_ethernet(0x6e, &(0x7f00000010c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x38, 0x6, 0x0, @private0, @mcast2, {[], {{0x4e24, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0xe, 0x2, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "3013492b84f5757a1fec12bd6d555ead"}, @eol, @exp_smc={0xfe, 0x6}, @timestamp={0x8, 0xa, 0x3, 0xffffffff}]}}}}}}}}, 0x0) r3 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000003c0)=@qipcrtr={0x2a, 0x0, 0x7fff}}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000001d00)=@assoc_value={0x0, 0x100}, &(0x7f0000001d40)=0x8) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x273, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x2, 0x0, {0x9}}}]}}]}}, 0x0) syz_usb_connect$uac1(0x4, 0xa8, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x96, 0x3, 0x1, 0xe, 0x80, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7, 0x2b}, [@selector_unit={0x5, 0x24, 0x5, 0x5, 0xe9}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x201, 0x6, 0xb, 0x9, 0x6, 0x7}, @extension_unit={0xd, 0x24, 0x8, 0x5, 0x7, 0x0, "1a753d3bed58"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x4, 0x7, 0x53, '[< '}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x7, 0x1d28, 0x7, "b4d04532"}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x81, 0x3, 0x32, {0x7, 0x25, 0x1, 0x0, 0x7, 0xf}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x3, 0x0, 0x80, {0x7, 0x25, 0x1, 0x1, 0x6, 0xfffa}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0x4, 0xd, 0x3, 0x10, 0x2}, 0x76, &(0x7f0000000140)={0x5, 0xf, 0x76, 0x4, [@wireless={0xb, 0x10, 0x1, 0x4, 0x4, 0x7, 0x2, 0x7fff, 0xd}, @generic={0x4b, 0x10, 0xa, "05eceded0ecd27428851ade606af19659723b400a1bf45eec9591b11fdab5aa615858a995abcdeb9d7a20e12263ab878b0fbfa2817bd666c214a531450c0381c46b557438bc10dde"}, @ssp_cap={0x14, 0x10, 0xa, 0x8, 0x2, 0x0, 0x0, 0x6c0, [0x0, 0xff3f0f]}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x5, 0x5, 0x9}]}, 0x8, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x1409}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x41e}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x200a}}, {0x72, &(0x7f0000000280)=@string={0x72, 0x3, "58532f4745f93914de00e8494d0de325cf58526db642e051a13b480ad9ca0259881f1ff267240e250d3de6eb00924d7ce2666ffb4d179aa8258824f4587b76ccc8d19ab9e3e1e5c81f517f941adce9ffbe5727a0d3ed9ababb95af6c42d3bca038215fb3c9f48e42d65fca15772490d7"}}, {0x29, &(0x7f0000000300)=@string={0x29, 0x3, "5f725fc58ebd19d22b8adfec12467b64e057740b5bce6733e29a18d361bcbc278a8be680abd255"}}, {0xc0, &(0x7f0000000340)=@string={0xc0, 0x3, "febaf997b87803a164909707daffe1773475d9ac5c1e554f9373da85c05983d5df9bf827febee55919b8dec3b34c0f68307e6ed8aa257e716082289fb20efb147ac27abf921050b9b56dcedbc6e565b1714e043d717dab571f200d9a71a404471b5664ee8100a48888813f37529dbfd7b628ee86a342420fcf3055de4cfd245ccfc3f12287881239c0c06908f4c2f1d8115791ef9481ffd98b88b60a19c6ce2c0ea56a398f5d53604cf4e3260f14cc2034a9a837db913d5989f42bcb041d"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x2409}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x43e}}]}) 4.266862482s ago: executing program 4 (id=1997): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000004c0)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, 0xffffffffffffffff, 0x1}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r7, 0x3ba0, &(0x7f0000000400)={0x48, 0x7, r3, 0x0, 0x10000, 0x0, 0xc, 0x258bd5, 0x2e7883}) r8 = socket$kcm(0x10, 0x2, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000e00)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004070000000000000500000000000e1ff95000000000000002ba76bb33123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee04000000670d25010000020000040000009fc404000000c788b277beee11bf9b0a4def23d410f6accd3641110bec4e90a6341965dac03d04683712a0b09edc9e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e3e8eea3fd8cf49827ca311f5b87e1ca8433a8acd715f5888b2007f0000000000000000010000000000fb00010000000000414027efc84293af6a22000000005335001db43a5c000000000000000024000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000000cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617da7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891f7e5ff7fd6fce424c2200af6c3784a1975fa657de38a3a32a4fd67ce446ac5431d07db79240acaf091231b986e77d05d988d6edc71df48dca02113a38300c2bf2b5543ffc1669557b3819d8c396d2c2361629d1022f722ec23812770d72cd0010000007889b8c7044f563a1f68d4eff895fdbc463f747c08f40105869035000000000000000000000000000000000000000000000000080000003ddf4aa4b1c8baa0ae6feb6737c275dc2740f742b5425f1d581961471cdb0500000000000000d4123f955267fe4a75c114f874e086287547d4099aeec9f1538ee25a365ccf4a9b604e88e12ff25184d4e3c6f7f623559435b26b50fb7113000000f0bc440550ee91302f5a000000000000000000000000006d0000e67ccc00148ac4c43021cce9f24f4b2f9492c32e7af05c648978d9980ba49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec2c3f4523110c0acef5383b5a2720caeb68f1e9c05b05d89467ded84da093dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32881dfd15dc84e79d326337e21e041654f06bd7f000000000000000000000000000000282ffe0000000009350cfa3ab109ab4a7d95938c5334a0dd177f1a7389ee570d95e543a27546d3770740f354df6dd6b1bfe4104d2262f33f596d606ccce75a3c3d5f9ad94a7316b0c6ad14f1398a6b39b07121f636da418b34d48677cf8d2d99ee8ac50142bcdcc73dd73cc6ec46896ffb35ac82ac7a9309ea07396d2814dc630ad1a9913934849be25f7b81b59aaa9fa2e9d6ecafcfa1de81b2d3581ab1138537f98d2240b6c2bf40569da4e2bb77532ab9220347d78319617d17e14f7331486e86b2145980b95c88ae11b1c6b6ea6c2b2311d6ce6315cc451dd50ac746acd59d075b41f9a747894956b10453ccf6527d8f579256e9849bbaf6c7c84362209d3d2320101d57"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f00000002c0)=r9, 0x4) sendmsg$kcm(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5", 0xd2}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r10, &(0x7f00000000c0)={0xa, 0x5, 0x4, @mcast2}, 0x1c) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) r13 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r13, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000400)={0x4c, r11, 0xe096044a3fc9e6f1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x24a}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xfd}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6, 0xbe, "10c1"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x6, 0xbd, [0xcb]}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x44) 2.999719006s ago: executing program 4 (id=1998): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x24}, 0x0) socket$inet(0x2, 0x3, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0) write$P9_RSTATu(r1, &(0x7f0000000480)=ANY=[], 0x14e) socket$inet(0x2, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0xc, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0x83}, [@call={0x85, 0x0, 0x0, 0x29}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffff}, {0x85, 0x0, 0x0, 0xd0}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) syz_open_dev$evdev(&(0x7f0000001900), 0x0, 0xa2a00) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x92) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[{@redirect_dir_follow}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) r3 = syz_open_dev$swradio(&(0x7f00000007c0), 0x0, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r4, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000000)={0x0, 0xb, 0x2, {0xb, @pix_mp={0xfffffffc, 0x2, 0x34343452, 0x0, 0xc, [{0x4000005, 0xe3}, {0x7, 0x3}, {0x7, 0x6}, {0x9f, 0x7}, {0x3, 0xf}, {0x4, 0x200}, {0x2, 0xe}, {0x4f26, 0x2}], 0xa, 0x2, 0x3, 0x2, 0x2}}, 0x3}) 2.875826339s ago: executing program 6 (id=1999): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x24}, 0x0) socket$inet(0x2, 0x3, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0) socket$inet(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0xc, &(0x7f0000000200)=@framed={{0x18, 0x2, 0x0, 0x0, 0x83}, [@call={0x85, 0x0, 0x0, 0x29}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xffffffff}, {0x85, 0x0, 0x0, 0xd0}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.283471951s ago: executing program 1 (id=2000): socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs$pagemap(0x0, &(0x7f0000000140)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) socket$inet(0x2, 0x4000000805, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB], 0x64}}, 0x0) 2.265903303s ago: executing program 0 (id=2001): socket$inet(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) r3 = openat$dlm_plock(0xffffff9c, &(0x7f0000000100), 0x80000, 0x0) r4 = dup(r3) r5 = socket(0x1e, 0x1, 0x0) listen(r5, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x3}]}, 0x40}}, 0x0) setresuid(0xee01, 0x0, 0xffffffffffffffff) socket$inet6(0xa, 0x3, 0x2c) socket$alg(0x26, 0x5, 0x0) syz_open_dev$dri(0x0, 0x1f, 0x0) 1.130173378s ago: executing program 4 (id=2002): r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0xffffffff, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB], 0x28}, 0x0) 980.539975ms ago: executing program 6 (id=2003): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000810}, 0x20040800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$IPVS_CMD_ZERO(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x18, r1, 0xa17, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4800}, 0xc114) (fail_nth: 5) 784.542358ms ago: executing program 5 (id=2004): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1) sendmsg$NLBL_CIPSOV4_C_ADD(r1, 0x0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) (fail_nth: 9) syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 682.584448ms ago: executing program 1 (id=2005): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x3a, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r3, 0x112, 0x13, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000005c0)={&(0x7f0000000480)=ANY=[], 0x10c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x0, 0x100}, &(0x7f0000000240)=0x0, &(0x7f0000000380)=0x0) r7 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) syz_io_uring_submit(r5, r6, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) write$binfmt_aout(r8, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x200c9, 0x0, "0062005707f7ffffffff00"}) syz_open_pts(r8, 0x2000) ioctl$TCSETS(r8, 0x5402, &(0x7f0000000240)={0x202, 0x0, 0xf376, 0xe, 0xb, "764613e5f420bb31a74e44353513e29a308e28"}) 298.986828ms ago: executing program 4 (id=2006): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd8500", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r0}, 0x10) sched_getscheduler(0x0) 0s ago: executing program 6 (id=2007): keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000a40), 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x200000, 0x10100, 0xfffffffd}, 0x0, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000), 0xc) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @remote}, 0xd5, 0x0}}], 0x1, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') sendmsg$NFT_MSG_GETRULE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x7, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x30000000) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) creat(&(0x7f00000002c0)='./file0\x00', 0x6) kernel console output (not intermixed with test programs): 024 [ 671.991035][ T5871] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 672.050332][ T5871] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 672.080205][ T5871] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.147938][T10988] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 672.427112][T10988] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4) [ 672.433697][T10988] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 672.465840][T10988] vhci_hcd vhci_hcd.0: Device attached [ 672.487840][T10988] netlink: 'syz.5.1180': attribute type 2 has an invalid length. [ 672.504206][T10988] netlink: 'syz.5.1180': attribute type 2 has an invalid length. [ 672.592754][T10999] vcan0: tx drop: invalid da for name 0x0008000000000000 [ 672.720273][ T10] usb 43-1: new low-speed USB device number 2 using vhci_hcd [ 673.008407][T11005] syz.4.1183: attempt to access beyond end of device [ 673.008407][T11005] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 673.022413][T11005] syz.4.1183: attempt to access beyond end of device [ 673.022413][T11005] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 673.035911][T11005] Mount JFS Failure: -5 [ 673.040161][T11005] jfs_mount failed w/return code = -5 [ 673.575668][T10997] vhci_hcd: connection reset by peer [ 673.576551][ T43] usb 6-1: USB disconnect, device number 12 [ 673.581314][ C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 673.595508][ C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 673.620390][ T6784] vhci_hcd: stop threads [ 673.630272][ T6784] vhci_hcd: release socket [ 673.684369][ T6784] vhci_hcd: disconnect device [ 677.175160][T11032] syz.0.1188: attempt to access beyond end of device [ 677.175160][T11032] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 677.199536][T11035] sctp: [Deprecated]: syz.4.1191 (pid 11035) Use of struct sctp_assoc_value in delayed_ack socket option. [ 677.199536][T11035] Use struct sctp_sack_info instead [ 677.241385][T11032] syz.0.1188: attempt to access beyond end of device [ 677.241385][T11032] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 677.266878][T11032] Mount JFS Failure: -5 [ 677.333414][T11032] jfs_mount failed w/return code = -5 [ 677.420204][ T9] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 677.580481][ T9] usb 6-1: Using ep0 maxpacket: 16 [ 677.592307][ T9] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 677.609927][ T5870] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 677.682330][ T9] usb 6-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40 [ 677.751775][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.809470][ T9] usb 6-1: Product: syz [ 677.830483][ T5870] usb 5-1: Using ep0 maxpacket: 16 [ 677.849045][ T9] usb 6-1: Manufacturer: syz [ 677.854510][ T10] vhci_hcd: vhci_device speed not set [ 677.906926][ T9] usb 6-1: SerialNumber: syz [ 677.958995][ T5870] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 677.990007][T11047] syz.0.1194: attempt to access beyond end of device [ 677.990007][T11047] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 678.004004][T11047] syz.0.1194: attempt to access beyond end of device [ 678.004004][T11047] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 678.017411][T11047] Mount JFS Failure: -5 [ 678.021932][T11047] jfs_mount failed w/return code = -5 [ 678.308785][ T5870] usb 5-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40 [ 678.410658][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 678.433165][ T9] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input17 [ 678.547463][ T5870] usb 5-1: Product: syz [ 678.554344][ T5172] bcm5974 6-1:1.0: could not read from device [ 678.575292][ T5172] bcm5974 6-1:1.0: could not read from device [ 678.576002][ T5870] usb 5-1: Manufacturer: syz [ 678.604175][ T9] usb 6-1: USB disconnect, device number 13 [ 678.615577][ T5172] bcm5974 6-1:1.0: could not read from device [ 678.628059][ T5870] usb 5-1: SerialNumber: syz [ 678.699264][ T5870] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input18 [ 678.857951][ T5172] bcm5974 5-1:1.0: could not read from device [ 678.933124][ T5172] bcm5974 5-1:1.0: could not read from device [ 678.955687][ T5870] usb 5-1: USB disconnect, device number 16 [ 678.978103][ T5172] bcm5974 5-1:1.0: could not read from device [ 678.985084][ T5897] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 680.040179][ T5897] usb 2-1: Using ep0 maxpacket: 8 [ 680.060505][ T5897] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 680.079855][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.115998][ T5897] pvrusb2: Hardware description: Terratec Grabster AV400 [ 680.157815][ T5897] pvrusb2: ********** [ 680.180233][ T5897] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 680.217691][ T5897] pvrusb2: Important functionality might not be entirely working. [ 680.459282][ T5897] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 680.470847][ T5897] pvrusb2: ********** [ 680.501201][ T2344] pvrusb2: Invalid write control endpoint [ 681.310598][T11073] overlayfs: failed to resolve 'fowner>00000000000000000000': -2 [ 682.146901][ T5870] usb 2-1: USB disconnect, device number 19 [ 682.167582][T11077] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1195'. [ 682.555856][ T2344] pvrusb2: Invalid write control endpoint [ 682.573510][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 682.685169][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 682.923979][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 683.103359][ T2344] pvrusb2: Device being rendered inoperable [ 683.246311][ T2344] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 683.282273][ T2344] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 683.404162][ T2344] pvrusb2: Attached sub-driver cx25840 [ 683.409693][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 683.487735][T11090] syz.0.1202: attempt to access beyond end of device [ 683.487735][T11090] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 683.544272][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 683.792572][T11090] syz.0.1202: attempt to access beyond end of device [ 683.792572][T11090] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 683.937791][T11090] Mount JFS Failure: -5 [ 683.942574][T11090] jfs_mount failed w/return code = -5 [ 684.239922][T11096] vlan2: entered promiscuous mode [ 685.010682][T11108] sctp: [Deprecated]: syz.4.1208 (pid 11108) Use of struct sctp_assoc_value in delayed_ack socket option. [ 685.010682][T11108] Use struct sctp_sack_info instead [ 685.355988][T11110] syz.0.1207: attempt to access beyond end of device [ 685.355988][T11110] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 685.417223][T11110] syz.0.1207: attempt to access beyond end of device [ 685.417223][T11110] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 685.459720][ T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 685.468763][T11110] Mount JFS Failure: -5 [ 685.473437][T11110] jfs_mount failed w/return code = -5 [ 685.746981][ T5820] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 685.796817][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 685.932782][ T10] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 686.005000][ T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40 [ 686.131123][ T5820] usb 2-1: Using ep0 maxpacket: 8 [ 686.228090][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 686.230674][ T5820] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 686.248314][ T10] usb 5-1: Product: syz [ 686.270183][ T10] usb 5-1: Manufacturer: syz [ 686.277561][ T5820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.282298][ T10] usb 5-1: SerialNumber: syz [ 686.323850][ T5820] pvrusb2: Hardware description: Terratec Grabster AV400 [ 686.329166][ T10] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input19 [ 686.360585][ T5820] pvrusb2: ********** [ 686.368930][ T5820] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 686.381497][ T5820] pvrusb2: Important functionality might not be entirely working. [ 686.389841][ T5820] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 686.502931][ T5820] pvrusb2: ********** [ 686.557287][ T5172] bcm5974 5-1:1.0: could not read from device [ 686.558288][ T5897] usb 5-1: USB disconnect, device number 17 [ 686.600124][ T2344] pvrusb2: Invalid write control endpoint [ 686.606355][ T5172] bcm5974 5-1:1.0: could not read from device [ 686.635440][ T5172] bcm5974 5-1:1.0: could not read from device [ 686.662565][ T5172] bcm5974 5-1:1.0: could not read from device [ 686.800557][ T9] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 686.838304][ T2344] pvrusb2: Invalid write control endpoint [ 686.856833][ T2344] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 686.868464][ T2344] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 686.892906][ T2344] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 686.932202][ T2344] pvrusb2: Device being rendered inoperable [ 686.939414][T11112] pvrusb2: Attempted to execute control transfer when device not ok [ 686.949688][ T2344] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 686.957475][ T2344] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 686.968930][ T5870] usb 2-1: USB disconnect, device number 20 [ 686.980546][ T2344] pvrusb2: Attached sub-driver cx25840 [ 686.991826][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 687.008081][ T2344] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 687.029922][ T9] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 687.038391][ T9] usb 6-1: config 0 has no interface number 0 [ 687.046950][ T2344] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 687.065904][ T9] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 688.094321][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 688.884061][ T9] usb 6-1: Product: syz [ 688.888420][ T9] usb 6-1: Manufacturer: syz [ 688.901923][ T9] usb 6-1: SerialNumber: syz [ 688.956552][ T9] usb 6-1: config 0 descriptor?? [ 689.018039][ T9] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 689.041734][T11139] macsec1: entered promiscuous mode [ 689.151957][T11139] syz_tun: entered promiscuous mode [ 689.157565][T11139] macsec1: entered allmulticast mode [ 689.188614][T11146] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1218'. [ 689.204899][T11139] syz_tun: left promiscuous mode [ 689.242749][ T9] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 689.308510][ T9] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 689.309830][T11146] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1218'. [ 689.411307][ T5870] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 689.592563][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 689.629816][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 689.645889][ C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 689.656258][ T9] usb 6-1: USB disconnect, device number 14 [ 689.667230][ T5870] usb 2-1: New USB device found, idVendor=07c0, idProduct=1524, bcdDevice= 0.00 [ 689.681056][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 689.692633][ T5870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 689.707411][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 689.722713][ T5870] usb 2-1: config 0 descriptor?? [ 689.738003][ T9] quatech2 6-1:0.51: device disconnected [ 690.228661][T11167] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1222'. [ 691.069050][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.078333][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.253981][ T30] audit: type=1326 audit(1748490829.201:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd06938e969 code=0x7ffc0000 [ 691.377595][ T30] audit: type=1326 audit(1748490829.201:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd06938e969 code=0x7ffc0000 [ 691.467144][ T30] audit: type=1326 audit(1748490829.201:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fd06938e969 code=0x7ffc0000 [ 692.434483][ T30] audit: type=1326 audit(1748490829.201:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd06938e969 code=0x7ffc0000 [ 692.626242][ T30] audit: type=1326 audit(1748490829.201:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fd06938e969 code=0x7ffc0000 [ 692.649104][ T30] audit: type=1326 audit(1748490829.201:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd06932ab39 code=0x7ffc0000 [ 692.830148][ T30] audit: type=1326 audit(1748490829.201:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd06938e969 code=0x7ffc0000 [ 693.037463][ T30] audit: type=1326 audit(1748490829.201:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd06938e969 code=0x7ffc0000 [ 693.060557][ T30] audit: type=1326 audit(1748490829.201:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd06932ab39 code=0x7ffc0000 [ 693.086484][ T30] audit: type=1326 audit(1748490829.201:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11178 comm="syz.0.1226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd06938e969 code=0x7ffc0000 [ 693.835940][ T980] usb 2-1: USB disconnect, device number 21 [ 695.744901][T11250] FAULT_INJECTION: forcing a failure. [ 695.744901][T11250] name failslab, interval 1, probability 0, space 0, times 0 [ 695.795052][T11250] CPU: 0 UID: 0 PID: 11250 Comm: syz.5.1234 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 695.795089][T11250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 695.795103][T11250] Call Trace: [ 695.795112][T11250] [ 695.795123][T11250] dump_stack_lvl+0x189/0x250 [ 695.795167][T11250] ? __pfx____ratelimit+0x10/0x10 [ 695.795198][T11250] ? __pfx_dump_stack_lvl+0x10/0x10 [ 695.795229][T11250] ? __pfx__printk+0x10/0x10 [ 695.795266][T11250] ? __pfx___might_resched+0x10/0x10 [ 695.795294][T11250] ? fs_reclaim_acquire+0x7d/0x100 [ 695.795322][T11250] should_fail_ex+0x414/0x560 [ 695.795357][T11250] should_failslab+0xa8/0x100 [ 695.795392][T11250] __kmalloc_noprof+0xcb/0x4f0 [ 695.795421][T11250] ? tomoyo_encode+0x28b/0x550 [ 695.795459][T11250] tomoyo_encode+0x28b/0x550 [ 695.795499][T11250] tomoyo_realpath_from_path+0x58d/0x5d0 [ 695.795545][T11250] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 695.795573][T11250] tomoyo_path_number_perm+0x1e8/0x5a0 [ 695.795606][T11250] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 695.795654][T11250] ? __lock_acquire+0xab9/0xd20 [ 695.795703][T11250] ? __fget_files+0x2a/0x420 [ 695.795738][T11250] ? __fget_files+0x2a/0x420 [ 695.795769][T11250] ? __fget_files+0x3a0/0x420 [ 695.795799][T11250] ? __fget_files+0x2a/0x420 [ 695.795837][T11250] security_file_ioctl+0xcb/0x2d0 [ 695.795870][T11250] __se_sys_ioctl+0x47/0x170 [ 695.795899][T11250] do_syscall_64+0xfa/0x3b0 [ 695.795930][T11250] ? lockdep_hardirqs_on+0x9c/0x150 [ 695.795960][T11250] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.795981][T11250] ? clear_bhb_loop+0x60/0xb0 [ 695.796008][T11250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.796030][T11250] RIP: 0033:0x7f817b78e969 [ 695.796048][T11250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 695.796068][T11250] RSP: 002b:00007f817c5ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.796092][T11250] RAX: ffffffffffffffda RBX: 00007f817b9b5fa0 RCX: 00007f817b78e969 [ 695.796109][T11250] RDX: 0000000000000000 RSI: 0000000000005600 RDI: 0000000000000003 [ 695.796122][T11250] RBP: 00007f817c5ab090 R08: 0000000000000000 R09: 0000000000000000 [ 695.796142][T11250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 695.796155][T11250] R13: 0000000000000000 R14: 00007f817b9b5fa0 R15: 00007fff022f04f8 [ 695.796190][T11250] [ 695.799361][T11250] ERROR: Out of memory at tomoyo_realpath_from_path. [ 695.988825][ C0] vkms_vblank_simulate: vblank timer overrun [ 696.495313][ T5820] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 697.010432][ T5820] usb 1-1: Using ep0 maxpacket: 16 [ 697.132010][ T5820] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 697.173356][ T5820] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 697.262206][ T5820] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 697.271547][ T5820] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 697.280685][ T5820] usb 1-1: Product: syz [ 697.284917][ T5820] usb 1-1: Manufacturer: syz [ 697.303795][ T5820] usb 1-1: SerialNumber: syz [ 697.469972][ T30] kauditd_printk_skb: 199 callbacks suppressed [ 697.469992][ T30] audit: type=1326 audit(1748490835.421:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11266 comm="syz.4.1238" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff48f58e969 code=0x0 [ 698.399068][T11274] xt_CT: You must specify a L4 protocol and not use inversions on it [ 698.970571][ T5820] usb 1-1: 0:2 : does not exist [ 699.048064][ T5820] usb 1-1: USB disconnect, device number 19 [ 699.558418][T10333] udevd[10333]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 700.386100][T11297] syz.1.1244: attempt to access beyond end of device [ 700.386100][T11297] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 700.400204][T11297] syz.1.1244: attempt to access beyond end of device [ 700.400204][T11297] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 700.413853][T11297] Mount JFS Failure: -5 [ 700.418230][T11297] jfs_mount failed w/return code = -5 [ 702.015615][T11303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1246'. [ 702.025841][T11303] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1246'. [ 702.625945][T11308] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 702.910872][T11318] vlan2: entered promiscuous mode [ 706.563708][T11338] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1256'. [ 706.987287][ T5820] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 707.157742][ T5820] usb 5-1: Using ep0 maxpacket: 16 [ 707.807386][ T5820] usb 5-1: config 0 has no interfaces? [ 707.825363][T11343] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1259'. [ 707.836932][T11343] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1259'. [ 707.853316][ T5820] usb 5-1: New USB device found, idVendor=0711, idProduct=0950, bcdDevice=44.14 [ 707.895659][ T5820] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 707.909375][ T5820] usb 5-1: Product: syz [ 707.914027][ T5820] usb 5-1: Manufacturer: syz [ 707.918832][ T5820] usb 5-1: SerialNumber: syz [ 708.301111][T11361] syz.6.1261: attempt to access beyond end of device [ 708.301111][T11361] nbd6: rw=0, sector=64, nr_sectors = 8 limit=0 [ 708.315349][T11361] syz.6.1261: attempt to access beyond end of device [ 708.315349][T11361] nbd6: rw=0, sector=120, nr_sectors = 8 limit=0 [ 708.328699][T11361] Mount JFS Failure: -5 [ 708.333216][T11361] jfs_mount failed w/return code = -5 [ 708.773343][ T5820] usb 5-1: config 0 descriptor?? [ 709.380205][ T5820] usb 5-1: can't set config #0, error -71 [ 709.409909][ T5820] usb 5-1: USB disconnect, device number 18 [ 709.475751][T11370] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1263'. [ 709.520284][T11370] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1263'. [ 710.361515][T11375] vlan2: entered promiscuous mode [ 713.706892][T11399] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 718.096103][T11442] xt_l2tp: v2 sid > 0xffff: 4294901760 [ 718.156992][T11447] netlink: 128 bytes leftover after parsing attributes in process `syz.4.1281'. [ 718.198511][T11447] netlink: 'syz.4.1281': attribute type 5 has an invalid length. [ 723.160545][ T43] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 723.531785][ T43] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 723.734145][ T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 723.760233][ T43] usb 6-1: Product: syz [ 723.780790][ T43] usb 6-1: Manufacturer: syz [ 723.800409][ T43] usb 6-1: SerialNumber: syz [ 724.063164][ T43] usb 6-1: config 0 descriptor?? [ 724.106595][ T43] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 725.136893][ T43] gspca_sunplus: reg_r err -110 [ 725.150282][ T43] sunplus 6-1:0.0: probe with driver sunplus failed with error -110 [ 725.207151][ T30] audit: type=1326 audit(1748490863.161:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11472 comm="syz.5.1291" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f817b78e969 code=0x0 [ 725.958211][T11502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1298'. [ 726.215572][T11507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 726.238122][T11507] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 726.250569][T11505] fuse: Unknown parameter 'use00000000000000000000' [ 726.299911][T11505] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1299'. [ 726.440225][ T10] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 726.964884][ T5870] usb 6-1: USB disconnect, device number 15 [ 728.100756][ T10] usb 2-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 728.113710][ T10] usb 2-1: config 0 interface 0 has no altsetting 0 [ 728.127503][ T10] usb 2-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.00 [ 728.174267][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 728.312975][ T10] usb 2-1: config 0 descriptor?? [ 729.802479][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 730.161633][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 730.588775][T11525] bridge0: entered promiscuous mode [ 730.596513][ T10] usb 2-1: USB disconnect, device number 22 [ 730.607409][T11525] vlan2: entered promiscuous mode [ 730.653265][T11534] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 730.776623][T11536] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1308'. [ 730.790446][T11520] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 730.827529][T11536] netlink: 'syz.1.1308': attribute type 10 has an invalid length. [ 730.940285][ T5820] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 730.963102][T11520] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 731.006421][T11520] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 731.029594][T11520] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 731.045721][T11520] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 731.057751][T11520] usb 6-1: SerialNumber: syz [ 731.083125][ T5820] usb 5-1: device descriptor read/64, error -71 [ 731.363559][T11520] usb 6-1: 0:2 : does not exist [ 731.494263][T11543] IPv6: Can't replace route, no match found [ 731.503843][T11520] usb 6-1: USB disconnect, device number 16 [ 733.802860][ T5820] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 733.969612][ T5820] usb 5-1: device descriptor read/64, error -71 [ 733.992228][T10333] udevd[10333]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 734.170555][ T5820] usb usb5-port1: attempt power cycle [ 734.606141][T11556] random: crng reseeded on system resumption [ 734.870177][ T5820] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 735.078005][T11565] sctp: [Deprecated]: syz.1.1315 (pid 11565) Use of struct sctp_assoc_value in delayed_ack socket option. [ 735.078005][T11565] Use struct sctp_sack_info instead [ 735.140427][ T5820] usb 5-1: device not accepting address 21, error -71 [ 735.894814][T11568] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1316'. [ 735.916687][T11568] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1316'. [ 737.170279][ T5871] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 737.340236][ T5871] usb 2-1: Using ep0 maxpacket: 16 [ 737.535486][ T5871] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 738.314577][ T5871] usb 2-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40 [ 738.338318][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 738.348619][ T5871] usb 2-1: Product: syz [ 738.353218][ T5871] usb 2-1: Manufacturer: syz [ 738.357944][ T5871] usb 2-1: SerialNumber: syz [ 738.378645][ T5871] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input20 [ 738.864237][ T5172] bcm5974 2-1:1.0: could not read from device [ 738.877405][ T5172] bcm5974 2-1:1.0: could not read from device [ 738.888528][ T5871] usb 2-1: USB disconnect, device number 23 [ 739.899642][ T5172] bcm5974 2-1:1.0: could not read from device [ 741.093553][T11588] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1322'. [ 742.194860][T11602] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1326'. [ 742.335892][T11602] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1326'. [ 744.839120][T11624] KVM: debugfs: duplicate directory 11624-4 [ 744.970654][ T10] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 745.230862][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 745.246791][ T10] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.c0 [ 745.260527][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 745.284104][ T10] usb 5-1: config 0 descriptor?? [ 746.439458][T11627] random: crng reseeded on system resumption [ 746.517874][ T10] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 746.549067][ T10] usb 5-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 746.766337][ T10] usb 5-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 746.911574][T11649] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1337'. [ 746.920724][T11649] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1337'. [ 747.720213][T11641] netlink: 'syz.0.1336': attribute type 3 has an invalid length. [ 747.730347][T11641] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1336'. [ 750.007311][T11664] netlink: 'syz.1.1341': attribute type 1 has an invalid length. [ 750.030979][T11664] FAULT_INJECTION: forcing a failure. [ 750.030979][T11664] name failslab, interval 1, probability 0, space 0, times 0 [ 750.059909][T11663] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1342'. [ 750.090251][T11664] CPU: 1 UID: 0 PID: 11664 Comm: syz.1.1341 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 750.090284][T11664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 750.090298][T11664] Call Trace: [ 750.090307][T11664] [ 750.090318][T11664] dump_stack_lvl+0x189/0x250 [ 750.090356][T11664] ? __pfx____ratelimit+0x10/0x10 [ 750.090388][T11664] ? __pfx_dump_stack_lvl+0x10/0x10 [ 750.090418][T11664] ? __pfx__printk+0x10/0x10 [ 750.090468][T11664] should_fail_ex+0x414/0x560 [ 750.090502][T11664] should_failslab+0xa8/0x100 [ 750.090537][T11664] kmem_cache_alloc_noprof+0x73/0x3c0 [ 750.090567][T11664] ? skb_clone+0x212/0x3a0 [ 750.090602][T11664] skb_clone+0x212/0x3a0 [ 750.090628][T11664] __netlink_deliver_tap+0x404/0x850 [ 750.090674][T11664] ? netlink_deliver_tap+0x2e/0x1b0 [ 750.090707][T11664] netlink_deliver_tap+0x19c/0x1b0 [ 750.090739][T11664] netlink_sendskb+0x68/0x140 [ 750.090769][T11664] netlink_rcv_skb+0x2a0/0x490 [ 750.090804][T11664] ? __pfx_genl_rcv_msg+0x10/0x10 [ 750.090829][T11664] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 750.090883][T11664] ? down_read+0x1ad/0x2e0 [ 750.090907][T11664] genl_rcv+0x28/0x40 [ 750.090934][T11664] netlink_unicast+0x758/0x8d0 [ 750.090971][T11664] netlink_sendmsg+0x805/0xb30 [ 750.091013][T11664] ? __pfx_netlink_sendmsg+0x10/0x10 [ 750.091054][T11664] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 750.091073][T11664] ? __pfx_netlink_sendmsg+0x10/0x10 [ 750.091105][T11664] __sock_sendmsg+0x219/0x270 [ 750.091134][T11664] ____sys_sendmsg+0x505/0x830 [ 750.091174][T11664] ? __pfx_____sys_sendmsg+0x10/0x10 [ 750.091220][T11664] ? import_iovec+0x74/0xa0 [ 750.091247][T11664] ___sys_sendmsg+0x21f/0x2a0 [ 750.091284][T11664] ? __pfx____sys_sendmsg+0x10/0x10 [ 750.091363][T11664] ? __fget_files+0x2a/0x420 [ 750.091396][T11664] ? __fget_files+0x3a0/0x420 [ 750.091441][T11664] __x64_sys_sendmsg+0x19b/0x260 [ 750.091466][T11664] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 750.091500][T11664] ? __pfx_ksys_write+0x10/0x10 [ 750.091526][T11664] ? rcu_is_watching+0x15/0xb0 [ 750.091580][T11664] ? do_syscall_64+0xbe/0x3b0 [ 750.091617][T11664] do_syscall_64+0xfa/0x3b0 [ 750.091648][T11664] ? lockdep_hardirqs_on+0x9c/0x150 [ 750.091678][T11664] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.091700][T11664] ? clear_bhb_loop+0x60/0xb0 [ 750.091727][T11664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.091749][T11664] RIP: 0033:0x7f5d2738e969 [ 750.091771][T11664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 750.091791][T11664] RSP: 002b:00007f5d281ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 750.091815][T11664] RAX: ffffffffffffffda RBX: 00007f5d275b5fa0 RCX: 00007f5d2738e969 [ 750.091831][T11664] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 750.091846][T11664] RBP: 00007f5d281ee090 R08: 0000000000000000 R09: 0000000000000000 [ 750.091860][T11664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 750.091873][T11664] R13: 0000000000000000 R14: 00007f5d275b5fa0 R15: 00007ffecc043cc8 [ 750.091916][T11664] [ 750.406086][ C1] vkms_vblank_simulate: vblank timer overrun [ 751.030145][T11520] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 751.182292][T11520] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 751.194212][T11520] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 751.204833][T11520] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 751.214158][T11520] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 751.235169][T11672] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 751.251857][T11520] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 751.410295][ T980] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 751.451444][ T5897] usb 2-1: USB disconnect, device number 24 [ 751.580316][ T980] usb 7-1: Using ep0 maxpacket: 8 [ 751.599297][ T980] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x15, changing to 0x5 [ 751.615693][ T980] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 9372, setting to 1024 [ 751.629221][ T980] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 751.647433][ T980] usb 7-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 751.657114][ T980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 751.673450][ T980] usb 7-1: Product: syz [ 751.678228][ T980] usb 7-1: Manufacturer: syz [ 751.687530][ T980] usb 7-1: SerialNumber: syz [ 751.716521][ T980] usb 7-1: config 0 descriptor?? [ 751.737441][T11676] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 752.324618][ T980] streamzap 7-1:0.0: streamzap_probe: endpoint doesn't match input device 0205 [ 752.359678][T11676] program syz.6.1347 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 752.516148][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.967086][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.093233][ T980] usb 7-1: USB disconnect, device number 3 [ 753.270216][T11520] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 754.284025][T11520] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 754.328535][T11520] usb 6-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08 [ 754.360871][T11520] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 754.369040][T11520] usb 6-1: Product: syz [ 754.409094][T11520] usb 6-1: Manufacturer: syz [ 754.570095][T11520] usb 6-1: SerialNumber: syz [ 754.588683][T11520] usb 6-1: config 0 descriptor?? [ 755.417837][T11520] gm12u320 6-1:0.0: [drm:gm12u320_set_ecomode] *ERROR* Misc. req. error -8 [ 755.500127][T11520] gm12u320 6-1:0.0: probe with driver gm12u320 failed with error -5 [ 756.158803][T11685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 756.170954][T11520] usb-storage 6-1:0.0: USB Mass Storage device detected [ 756.391430][T11685] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 756.442774][T11520] usb-storage 6-1:0.0: device ignored [ 757.742058][T11520] usb 6-1: USB disconnect, device number 17 [ 760.880090][T11742] IPv6: Can't replace route, no match found [ 761.981755][T11761] FAULT_INJECTION: forcing a failure. [ 761.981755][T11761] name failslab, interval 1, probability 0, space 0, times 0 [ 762.025085][T11760] bridge0: entered promiscuous mode [ 762.030424][T11761] CPU: 1 UID: 0 PID: 11761 Comm: syz.6.1366 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 762.030454][T11761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 762.030468][T11761] Call Trace: [ 762.030477][T11761] [ 762.030486][T11761] dump_stack_lvl+0x189/0x250 [ 762.030519][T11761] ? __pfx____ratelimit+0x10/0x10 [ 762.030548][T11761] ? __pfx_dump_stack_lvl+0x10/0x10 [ 762.030578][T11761] ? __pfx__printk+0x10/0x10 [ 762.030629][T11761] should_fail_ex+0x414/0x560 [ 762.030662][T11761] should_failslab+0xa8/0x100 [ 762.030703][T11761] kmem_cache_alloc_noprof+0x73/0x3c0 [ 762.030733][T11761] ? skb_clone+0x212/0x3a0 [ 762.030761][T11761] skb_clone+0x212/0x3a0 [ 762.030786][T11761] __netlink_deliver_tap+0x404/0x850 [ 762.030830][T11761] ? netlink_deliver_tap+0x2e/0x1b0 [ 762.030861][T11761] netlink_deliver_tap+0x19c/0x1b0 [ 762.030893][T11761] netlink_sendskb+0x68/0x140 [ 762.030921][T11761] netlink_rcv_skb+0x2a0/0x490 [ 762.030951][T11761] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 762.030979][T11761] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 762.031025][T11761] ? safesetid_security_capable+0xa9/0x1a0 [ 762.031055][T11761] ? bpf_lsm_capable+0x9/0x20 [ 762.031082][T11761] ? security_capable+0x7e/0x2e0 [ 762.031123][T11761] nfnetlink_rcv+0x273/0x2530 [ 762.031149][T11761] ? __dev_queue_xmit+0x27e/0x3a70 [ 762.031171][T11761] ? __dev_queue_xmit+0x27e/0x3a70 [ 762.031192][T11761] ? __dev_queue_xmit+0x27e/0x3a70 [ 762.031216][T11761] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 762.031251][T11761] ? __dev_queue_xmit+0x27e/0x3a70 [ 762.031274][T11761] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.031300][T11761] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 762.031330][T11761] ? __pfx___dev_queue_xmit+0x10/0x10 [ 762.031369][T11761] ? ref_tracker_free+0x63a/0x7d0 [ 762.031397][T11761] ? __copy_skb_header+0xa7/0x550 [ 762.031421][T11761] ? __pfx_ref_tracker_free+0x10/0x10 [ 762.031452][T11761] ? __skb_clone+0x63/0x7a0 [ 762.031479][T11761] ? __skb_clone+0x483/0x7a0 [ 762.031508][T11761] ? skb_clone+0x246/0x3a0 [ 762.031533][T11761] ? __netlink_deliver_tap+0x807/0x850 [ 762.031563][T11761] ? netlink_deliver_tap+0x2e/0x1b0 [ 762.031601][T11761] ? netlink_deliver_tap+0x2e/0x1b0 [ 762.031630][T11761] ? netlink_deliver_tap+0x2e/0x1b0 [ 762.031667][T11761] netlink_unicast+0x758/0x8d0 [ 762.031713][T11761] netlink_sendmsg+0x805/0xb30 [ 762.031755][T11761] ? __pfx_netlink_sendmsg+0x10/0x10 [ 762.031796][T11761] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 762.031816][T11761] ? __pfx_netlink_sendmsg+0x10/0x10 [ 762.031848][T11761] __sock_sendmsg+0x219/0x270 [ 762.031878][T11761] ____sys_sendmsg+0x505/0x830 [ 762.031920][T11761] ? __pfx_____sys_sendmsg+0x10/0x10 [ 762.031965][T11761] ? import_iovec+0x74/0xa0 [ 762.031992][T11761] ___sys_sendmsg+0x21f/0x2a0 [ 762.032030][T11761] ? __pfx____sys_sendmsg+0x10/0x10 [ 762.032106][T11761] ? __fget_files+0x2a/0x420 [ 762.032137][T11761] ? __fget_files+0x3a0/0x420 [ 762.032183][T11761] __x64_sys_sendmsg+0x19b/0x260 [ 762.032207][T11761] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 762.032239][T11761] ? __pfx_ksys_write+0x10/0x10 [ 762.032265][T11761] ? rcu_is_watching+0x15/0xb0 [ 762.032300][T11761] ? do_syscall_64+0xbe/0x3b0 [ 762.032337][T11761] do_syscall_64+0xfa/0x3b0 [ 762.032367][T11761] ? lockdep_hardirqs_on+0x9c/0x150 [ 762.032397][T11761] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.032418][T11761] ? clear_bhb_loop+0x60/0xb0 [ 762.032446][T11761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.032467][T11761] RIP: 0033:0x7fc79d38e969 [ 762.032488][T11761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 762.032508][T11761] RSP: 002b:00007fc79b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 762.032531][T11761] RAX: ffffffffffffffda RBX: 00007fc79d5b5fa0 RCX: 00007fc79d38e969 [ 762.032548][T11761] RDX: 0000000000000080 RSI: 0000200000000040 RDI: 0000000000000003 [ 762.032562][T11761] RBP: 00007fc79b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 762.032575][T11761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 762.032588][T11761] R13: 0000000000000000 R14: 00007fc79d5b5fa0 R15: 00007ffd4b58ac98 [ 762.032623][T11761] [ 762.034456][T11760] vlan2: entered promiscuous mode [ 764.941301][T11773] random: crng reseeded on system resumption [ 765.049378][T11770] IPv6: Can't replace route, no match found [ 768.359367][T11798] sctp: [Deprecated]: syz.1.1377 (pid 11798) Use of struct sctp_assoc_value in delayed_ack socket option. [ 768.359367][T11798] Use struct sctp_sack_info instead [ 768.820273][ T5870] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 769.232163][ T5870] usb 2-1: Using ep0 maxpacket: 16 [ 769.790975][ T5870] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 769.879516][ T5870] usb 2-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40 [ 770.070148][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.078226][ T5870] usb 2-1: Product: syz [ 770.083052][ T5870] usb 2-1: Manufacturer: syz [ 770.087714][ T5870] usb 2-1: SerialNumber: syz [ 770.144211][ T5870] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input21 [ 772.810211][ T5172] bcm5974 2-1:1.0: could not read from device [ 772.828727][T11819] random: crng reseeded on system resumption [ 773.782068][ T5172] bcm5974 2-1:1.0: could not read from device [ 773.793703][ T5870] usb 2-1: USB disconnect, device number 25 [ 776.535836][T11872] netlink: 'syz.1.1392': attribute type 12 has an invalid length. [ 778.122673][T11885] IPv6: Can't replace route, no match found [ 780.341608][T11901] random: crng reseeded on system resumption [ 781.518381][T11914] FAULT_INJECTION: forcing a failure. [ 781.518381][T11914] name failslab, interval 1, probability 0, space 0, times 0 [ 781.547032][T11914] CPU: 0 UID: 0 PID: 11914 Comm: syz.4.1404 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 781.547066][T11914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 781.547080][T11914] Call Trace: [ 781.547089][T11914] [ 781.547099][T11914] dump_stack_lvl+0x189/0x250 [ 781.547136][T11914] ? __pfx____ratelimit+0x10/0x10 [ 781.547167][T11914] ? __pfx_dump_stack_lvl+0x10/0x10 [ 781.547199][T11914] ? __pfx__printk+0x10/0x10 [ 781.547241][T11914] ? __pfx___might_resched+0x10/0x10 [ 781.547270][T11914] ? fs_reclaim_acquire+0x7d/0x100 [ 781.547299][T11914] should_fail_ex+0x414/0x560 [ 781.547334][T11914] should_failslab+0xa8/0x100 [ 781.547370][T11914] __kmalloc_noprof+0xcb/0x4f0 [ 781.547400][T11914] ? xprt_alloc+0x31/0x7a0 [ 781.547435][T11914] xprt_alloc+0x31/0x7a0 [ 781.547464][T11914] ? do_raw_spin_lock+0x121/0x290 [ 781.547504][T11914] xs_setup_xprt+0x9e/0x3b0 [ 781.547543][T11914] xs_setup_local+0x4f/0x5e0 [ 781.547579][T11914] xprt_create_transport+0x163/0x600 [ 781.547624][T11914] rpc_create+0x4be/0x870 [ 781.547654][T11914] ? __pfx_rpc_create+0x10/0x10 [ 781.547745][T11914] rpcb_create_af_local+0x196/0x370 [ 781.547776][T11914] ? __pfx_rpcb_create_af_local+0x10/0x10 [ 781.547802][T11914] ? __lock_acquire+0xab9/0xd20 [ 781.547854][T11914] ? do_raw_spin_unlock+0x122/0x240 [ 781.547895][T11914] rpcb_create_local+0x251/0x610 [ 781.547927][T11914] ? __pfx_rpcb_create_local+0x10/0x10 [ 781.547961][T11914] ? __percpu_counter_init_many+0x364/0x380 [ 781.547998][T11914] ? __svc_create+0x888/0x980 [ 781.548042][T11914] svc_bind+0x1b4/0x230 [ 781.548078][T11914] nfsd_create_serv+0x541/0x840 [ 781.548115][T11914] ? __pfx_nfsd_create_serv+0x10/0x10 [ 781.548137][T11914] ? nfsd_nl_listener_set_doit+0x12a/0x1650 [ 781.548179][T11914] ? ____sys_sendmsg+0x505/0x830 [ 781.548212][T11914] ? __x64_sys_sendmsg+0x19b/0x260 [ 781.548246][T11914] nfsd_nl_listener_set_doit+0x132/0x1650 [ 781.548278][T11914] ? __pfx___nla_validate_parse+0x10/0x10 [ 781.548337][T11914] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 781.548375][T11914] ? __nla_parse+0x40/0x60 [ 781.548412][T11914] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 781.548448][T11914] genl_family_rcv_msg_doit+0x215/0x300 [ 781.548481][T11914] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 781.548521][T11914] ? bpf_lsm_capable+0x9/0x20 [ 781.548547][T11914] ? security_capable+0x7e/0x2e0 [ 781.548589][T11914] genl_rcv_msg+0x60e/0x790 [ 781.548628][T11914] ? __pfx_genl_rcv_msg+0x10/0x10 [ 781.548650][T11914] ? __pfx_nfsd_nl_listener_set_doit+0x10/0x10 [ 781.548696][T11914] netlink_rcv_skb+0x21c/0x490 [ 781.548729][T11914] ? __pfx_genl_rcv_msg+0x10/0x10 [ 781.548753][T11914] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 781.548813][T11914] ? down_read+0x1ad/0x2e0 [ 781.548838][T11914] genl_rcv+0x28/0x40 [ 781.548858][T11914] netlink_unicast+0x758/0x8d0 [ 781.548899][T11914] netlink_sendmsg+0x805/0xb30 [ 781.548942][T11914] ? __pfx_netlink_sendmsg+0x10/0x10 [ 781.548984][T11914] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 781.549004][T11914] ? __pfx_netlink_sendmsg+0x10/0x10 [ 781.549037][T11914] __sock_sendmsg+0x219/0x270 [ 781.549068][T11914] ____sys_sendmsg+0x505/0x830 [ 781.549110][T11914] ? __pfx_____sys_sendmsg+0x10/0x10 [ 781.549157][T11914] ? import_iovec+0x74/0xa0 [ 781.549185][T11914] ___sys_sendmsg+0x21f/0x2a0 [ 781.549223][T11914] ? __pfx____sys_sendmsg+0x10/0x10 [ 781.549304][T11914] ? __fget_files+0x2a/0x420 [ 781.549337][T11914] ? __fget_files+0x3a0/0x420 [ 781.549382][T11914] __x64_sys_sendmsg+0x19b/0x260 [ 781.549408][T11914] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 781.549442][T11914] ? __pfx_ksys_write+0x10/0x10 [ 781.549468][T11914] ? rcu_is_watching+0x15/0xb0 [ 781.549503][T11914] ? do_syscall_64+0xbe/0x3b0 [ 781.549541][T11914] do_syscall_64+0xfa/0x3b0 [ 781.549572][T11914] ? lockdep_hardirqs_on+0x9c/0x150 [ 781.549602][T11914] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 781.549631][T11914] ? clear_bhb_loop+0x60/0xb0 [ 781.549659][T11914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 781.549681][T11914] RIP: 0033:0x7ff48f58e969 [ 781.549701][T11914] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 781.549721][T11914] RSP: 002b:00007ff490489038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 781.549744][T11914] RAX: ffffffffffffffda RBX: 00007ff48f7b5fa0 RCX: 00007ff48f58e969 [ 781.549761][T11914] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006 [ 781.549775][T11914] RBP: 00007ff490489090 R08: 0000000000000000 R09: 0000000000000000 [ 781.549788][T11914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 781.549801][T11914] R13: 0000000000000000 R14: 00007ff48f7b5fa0 R15: 00007ffce078e768 [ 781.549838][T11914] [ 782.198672][T11919] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1403'. [ 783.018058][T11926] IPv6: Can't replace route, no match found [ 787.473624][T11961] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1415'. [ 788.097740][T11960] sctp: [Deprecated]: syz.5.1414 (pid 11960) Use of struct sctp_assoc_value in delayed_ack socket option. [ 788.097740][T11960] Use struct sctp_sack_info instead [ 788.156483][T11963] syz.1.1413: attempt to access beyond end of device [ 788.156483][T11963] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 788.171783][T11963] syz.1.1413: attempt to access beyond end of device [ 788.171783][T11963] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 788.185742][T11963] Mount JFS Failure: -5 [ 788.189978][T11963] jfs_mount failed w/return code = -5 [ 788.696653][T11968] IPv6: Can't replace route, no match found [ 789.070127][ T5870] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 790.383976][T11975] FAULT_INJECTION: forcing a failure. [ 790.383976][T11975] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 790.428262][T11975] CPU: 1 UID: 0 PID: 11975 Comm: syz.1.1418 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 790.428299][T11975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 790.428316][T11975] Call Trace: [ 790.428327][T11975] [ 790.428338][T11975] dump_stack_lvl+0x189/0x250 [ 790.428379][T11975] ? __pfx____ratelimit+0x10/0x10 [ 790.428414][T11975] ? __pfx_dump_stack_lvl+0x10/0x10 [ 790.428450][T11975] ? __pfx__printk+0x10/0x10 [ 790.428506][T11975] should_fail_ex+0x414/0x560 [ 790.428544][T11975] _copy_to_user+0x31/0xb0 [ 790.428573][T11975] bpf_test_finish+0x56f/0x700 [ 790.428619][T11975] ? __pfx_bpf_test_finish+0x10/0x10 [ 790.428659][T11975] ? slab_build_skb+0x273/0x3e0 [ 790.428700][T11975] bpf_prog_test_run_skb+0xed5/0x1560 [ 790.428755][T11975] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 790.428789][T11975] bpf_prog_test_run+0x2c7/0x340 [ 790.428824][T11975] __sys_bpf+0x4a4/0x860 [ 790.428852][T11975] ? __pfx___sys_bpf+0x10/0x10 [ 790.428895][T11975] ? ksys_write+0x22a/0x250 [ 790.428931][T11975] ? __pfx_ksys_write+0x10/0x10 [ 790.428981][T11975] ? rcu_is_watching+0x15/0xb0 [ 790.429023][T11975] __x64_sys_bpf+0x7c/0x90 [ 790.429062][T11975] do_syscall_64+0xfa/0x3b0 [ 790.429099][T11975] ? lockdep_hardirqs_on+0x9c/0x150 [ 790.429133][T11975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.429158][T11975] ? clear_bhb_loop+0x60/0xb0 [ 790.429189][T11975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.429213][T11975] RIP: 0033:0x7f5d2738e969 [ 790.429236][T11975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 790.429256][T11975] RSP: 002b:00007f5d281ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 790.429286][T11975] RAX: ffffffffffffffda RBX: 00007f5d275b5fa0 RCX: 00007f5d2738e969 [ 790.429305][T11975] RDX: 0000000000000050 RSI: 0000200000000140 RDI: 000000000000000a [ 790.429321][T11975] RBP: 00007f5d281ee090 R08: 0000000000000000 R09: 0000000000000000 [ 790.429337][T11975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 790.429352][T11975] R13: 0000000000000000 R14: 00007f5d275b5fa0 R15: 00007ffecc043cc8 [ 790.429390][T11975] [ 791.464139][T11977] random: crng reseeded on system resumption [ 792.123407][T11988] IPv6: Can't replace route, no match found [ 793.305292][T11998] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1425'. [ 793.316497][T11998] vcan0: entered promiscuous mode [ 793.321844][T11998] vcan0: entered allmulticast mode [ 794.200921][T12003] vlan2: entered promiscuous mode [ 794.426513][T12010] sctp: [Deprecated]: syz.5.1429 (pid 12010) Use of struct sctp_assoc_value in delayed_ack socket option. [ 794.426513][T12010] Use struct sctp_sack_info instead [ 794.827198][ T977] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 795.222418][ T977] usb 6-1: Using ep0 maxpacket: 16 [ 795.395123][ T977] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 795.418563][ T977] usb 6-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40 [ 795.446808][ T5137] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 795.451137][T12018] netlink: 'syz.6.1432': attribute type 2 has an invalid length. [ 795.456964][ T5137] CPU: 1 UID: 0 PID: 5137 Comm: kworker/u9:1 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 795.456997][ T5137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 795.457015][ T5137] Workqueue: hci3 hci_rx_work [ 795.457041][ T5137] Call Trace: [ 795.457050][ T5137] [ 795.457062][ T5137] dump_stack_lvl+0x189/0x250 [ 795.457104][ T5137] ? __pfx_dump_stack_lvl+0x10/0x10 [ 795.457138][ T5137] ? __pfx__printk+0x10/0x10 [ 795.457177][ T5137] ? kernfs_path_from_node+0x2b/0x260 [ 795.457202][ T5137] ? kernfs_path_from_node+0x2b/0x260 [ 795.457223][ T5137] ? kernfs_path_from_node+0x2b/0x260 [ 795.457247][ T5137] ? kernfs_path_from_node+0x216/0x260 [ 795.457274][ T5137] sysfs_create_dir_ns+0x259/0x280 [ 795.457316][ T5137] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 795.457356][ T5137] ? do_raw_spin_unlock+0x122/0x240 [ 795.457400][ T5137] kobject_add_internal+0x59f/0xb40 [ 795.457434][ T5137] kobject_add+0x155/0x220 [ 795.457478][ T5137] ? __pfx_kobject_add+0x10/0x10 [ 795.457525][ T5137] ? _raw_spin_unlock+0x28/0x50 [ 795.457561][ T5137] ? get_device_parent+0x366/0x3a0 [ 795.457596][ T5137] device_add+0x408/0xb50 [ 795.457629][ T5137] hci_conn_add_sysfs+0xd5/0x1e0 [ 795.457669][ T5137] le_conn_complete_evt+0xc3a/0x1220 [ 795.457714][ T5137] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 795.457745][ T5137] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 795.457779][ T5137] ? __asan_memcpy+0x40/0x70 [ 795.457809][ T5137] ? __pfx___mutex_lock+0x10/0x10 [ 795.457845][ T5137] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 795.457879][ T5137] ? skb_pull_data+0xfb/0x200 [ 795.457913][ T5137] hci_le_conn_complete_evt+0x187/0x450 [ 795.457951][ T5137] hci_event_packet+0x7a2/0x1270 [ 795.457995][ T5137] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 795.458023][ T5137] ? __pfx_hci_event_packet+0x10/0x10 [ 795.458064][ T5137] ? kcov_remote_start+0x4d3/0x7f0 [ 795.458087][ T5137] ? local_clock_noinstr+0xe0/0xe0 [ 795.458123][ T5137] ? hci_send_to_monitor+0xd7/0x4f0 [ 795.458156][ T5137] hci_rx_work+0x46a/0xe80 [ 795.458190][ T5137] ? process_scheduled_works+0x9ef/0x17b0 [ 795.458245][ T5137] process_scheduled_works+0xade/0x17b0 [ 795.458316][ T5137] ? __pfx_process_scheduled_works+0x10/0x10 [ 795.458370][ T5137] worker_thread+0x8a0/0xda0 [ 795.458406][ T5137] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 795.458449][ T5137] ? __kthread_parkme+0x7b/0x200 [ 795.458501][ T5137] kthread+0x711/0x8a0 [ 795.458528][ T5137] ? __pfx_worker_thread+0x10/0x10 [ 795.458560][ T5137] ? __pfx_kthread+0x10/0x10 [ 795.458584][ T5137] ? _raw_spin_unlock_irq+0x23/0x50 [ 795.458614][ T5137] ? lockdep_hardirqs_on+0x9c/0x150 [ 795.458645][ T5137] ? __pfx_kthread+0x10/0x10 [ 795.458668][ T5137] ret_from_fork+0x3fc/0x770 [ 795.458702][ T5137] ? __pfx_ret_from_fork+0x10/0x10 [ 795.458739][ T5137] ? __switch_to_asm+0x39/0x70 [ 795.458759][ T5137] ? __switch_to_asm+0x33/0x70 [ 795.458778][ T5137] ? __pfx_kthread+0x10/0x10 [ 795.458801][ T5137] ret_from_fork_asm+0x1a/0x30 [ 795.458843][ T5137] [ 795.458880][ T5137] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 795.541654][T12018] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1432'. [ 795.546524][ T5137] Bluetooth: hci3: failed to register connection device [ 795.812860][ T977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.824431][ T977] usb 6-1: Product: syz [ 795.829524][ T977] usb 6-1: Manufacturer: syz [ 795.836481][ T977] usb 6-1: SerialNumber: syz [ 795.856064][ T977] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input22 [ 796.190167][ T5172] bcm5974 6-1:1.0: could not read from device [ 796.200198][ T5871] usb 6-1: USB disconnect, device number 19 [ 796.703189][T12041] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1439'. [ 799.024537][T12052] random: crng reseeded on system resumption [ 799.065302][T12058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1443'. [ 799.462469][T12059] netlink: 'syz.6.1442': attribute type 6 has an invalid length. [ 800.842773][T12072] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1446'. [ 801.962898][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 802.605972][T12078] syz.5.1448: attempt to access beyond end of device [ 802.605972][T12078] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0 [ 802.635934][T12078] syz.5.1448: attempt to access beyond end of device [ 802.635934][T12078] nbd5: rw=0, sector=120, nr_sectors = 8 limit=0 [ 802.650393][T12078] Mount JFS Failure: -5 [ 802.658657][T12078] jfs_mount failed w/return code = -5 [ 802.730257][ T977] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 802.789683][T12088] sctp: [Deprecated]: syz.4.1451 (pid 12088) Use of struct sctp_assoc_value in delayed_ack socket option. [ 802.789683][T12088] Use struct sctp_sack_info instead [ 802.892505][ T977] usb 7-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.7f [ 802.915344][ T977] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.024453][ T977] usb 7-1: config 0 descriptor?? [ 804.079633][T12098] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1454'. [ 804.360140][ T9] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 804.841453][ T977] usb 7-1: string descriptor 0 read error: -71 [ 804.929251][ T977] ldusb 7-1:0.0: Interrupt in endpoint not found [ 805.127455][ T977] usb 7-1: USB disconnect, device number 4 [ 805.514354][T12109] relay: one or more items not logged [item size (56) > sub-buffer size (9)] [ 805.526571][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 805.545563][ T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 805.558328][ T9] usb 1-1: config 0 has no interface number 0 [ 805.565835][ T9] usb 1-1: config 0 interface 1 has no altsetting 0 [ 805.576775][ T9] usb 1-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.1d [ 805.586663][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 805.595943][ T9] usb 1-1: Product: syz [ 805.600225][ T9] usb 1-1: Manufacturer: syz [ 805.604864][ T9] usb 1-1: SerialNumber: syz [ 805.612825][ T9] usb 1-1: config 0 descriptor?? [ 805.825662][ T9] i2c-cp2615 1-1:0.1: probe with driver i2c-cp2615 failed with error -71 [ 805.863976][ T9] usb 1-1: USB disconnect, device number 20 [ 809.003519][ T10] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 809.053788][ T10] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 809.103211][T12136] ALSA: mixer_oss: invalid OSS volume '' [ 809.109103][T12134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1467'. [ 809.142236][ T10] usb 5-1: USB disconnect, device number 23 [ 809.305997][T12137] 8021q: adding VLAN 0 to HW filter on device bond1 [ 810.123852][T12138] 8021q: adding VLAN 0 to HW filter on device bond2 [ 810.230290][T12142] veth0_to_bridge: entered promiscuous mode [ 810.238590][T12157] sctp: [Deprecated]: syz.1.1472 (pid 12157) Use of struct sctp_assoc_value in delayed_ack socket option. [ 810.238590][T12157] Use struct sctp_sack_info instead [ 810.257704][T12142] veth0_to_bridge: left promiscuous mode [ 810.613890][ T5871] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 810.660987][T12163] vlan2: entered promiscuous mode [ 810.780168][ T5871] usb 2-1: Using ep0 maxpacket: 16 [ 810.787357][ T5871] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 810.828775][ T5871] usb 2-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40 [ 810.846752][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 810.892018][ T5871] usb 2-1: Product: syz [ 810.896364][ T5871] usb 2-1: Manufacturer: syz [ 810.930117][ T5871] usb 2-1: SerialNumber: syz [ 811.608163][ T5871] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input23 [ 811.912551][ T5172] bcm5974 2-1:1.0: could not read from device [ 812.038034][ T5871] usb 2-1: USB disconnect, device number 26 [ 812.829660][T12176] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1479'. [ 812.914926][T12176] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1479'. [ 813.292744][T12186] syz.0.1476: attempt to access beyond end of device [ 813.292744][T12186] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 813.471275][T12186] syz.0.1476: attempt to access beyond end of device [ 813.471275][T12186] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 813.520359][T12186] Mount JFS Failure: -5 [ 813.780561][T12186] jfs_mount failed w/return code = -5 [ 813.970590][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.977019][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.359126][T12196] random: crng reseeded on system resumption [ 814.551986][T12203] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1486'. [ 815.121860][ T5871] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 815.364178][ T5871] usb 5-1: Using ep0 maxpacket: 8 [ 815.459873][ T5871] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 815.811113][ T5871] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 815.913010][ T5871] usb 5-1: config 0 has no interface number 0 [ 815.964048][ T5871] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 815.970260][T12228] sctp: [Deprecated]: syz.1.1492 (pid 12228) Use of struct sctp_assoc_value in delayed_ack socket option. [ 815.970260][T12228] Use struct sctp_sack_info instead [ 816.005287][T12227] vlan2: entered promiscuous mode [ 816.005971][ T5871] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 816.064161][ T5871] usb 5-1: config 0 interface 52 has no altsetting 0 [ 816.073976][ T5871] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 816.084368][ T5871] usb 5-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 816.113540][ T5871] usb 5-1: Manufacturer: syz [ 816.129078][ T5871] usb 5-1: config 0 descriptor?? [ 816.162916][ T10] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 816.338153][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 816.366382][ T10] usb 6-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=88.ea [ 816.389390][ T5871] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.52/input/input24 [ 816.409937][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 816.434350][ T977] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 816.467229][ T10] usb 6-1: Product: syz [ 816.499572][ T10] usb 6-1: Manufacturer: syz [ 816.511126][ T5871] usb 5-1: USB disconnect, device number 24 [ 816.511199][ C0] synaptics_usb 5-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 816.599175][ T10] usb 6-1: SerialNumber: syz [ 816.978792][ T10] usb 6-1: config 0 descriptor?? [ 817.287507][ T977] usb 2-1: Using ep0 maxpacket: 16 [ 817.321795][ T10] ati_remote 6-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints [ 818.099277][ T977] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 818.263687][ T977] usb 2-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40 [ 818.285520][ T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 818.294999][ T977] usb 2-1: Product: syz [ 818.299222][ T977] usb 2-1: Manufacturer: syz [ 818.330246][ T977] usb 2-1: SerialNumber: syz [ 818.426374][ T977] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input25 [ 818.468351][ T5897] usb 6-1: USB disconnect, device number 20 [ 818.594366][ T5898] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 818.673041][ T5172] bcm5974 2-1:1.0: could not read from device [ 818.689472][ T977] usb 2-1: USB disconnect, device number 27 [ 818.689663][T12257] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 818.702062][T12257] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 818.817863][T12257] vhci_hcd vhci_hcd.0: Device attached [ 818.898641][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 819.070426][ T5897] usb 33-1: new high-speed USB device number 3 using vhci_hcd [ 819.179126][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 819.300790][T12258] vhci_hcd: connection closed [ 819.327303][ T1148] vhci_hcd: stop threads [ 819.339878][ T1148] vhci_hcd: release socket [ 819.345999][ T1148] vhci_hcd: disconnect device [ 819.413018][ T5897] usb 33-1: enqueue for inactive port 0 [ 819.424609][ T5898] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 819.447842][ T5898] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 819.457775][ T5898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 819.469978][ T5898] usb 7-1: config 0 descriptor?? [ 819.510165][ T5897] vhci_hcd: vhci_device speed not set [ 819.762671][T12265] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 819.922613][T12267] netlink: 176 bytes leftover after parsing attributes in process `syz.4.1502'. [ 820.224059][ T5898] plantronics 0003:047F:FFFF.0004: unknown global tag 0xd [ 820.412415][ T5898] plantronics 0003:047F:FFFF.0004: item 0 4 1 13 parsing failed [ 820.433720][ T5898] plantronics 0003:047F:FFFF.0004: parse failed [ 820.446347][ T5898] plantronics 0003:047F:FFFF.0004: probe with driver plantronics failed with error -22 [ 820.535777][T12273] xt_SECMARK: invalid mode: 2 [ 821.805550][T12282] IPv6: Can't replace route, no match found [ 822.972559][ T5898] usb 7-1: USB disconnect, device number 5 [ 823.387348][T12291] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1506'. [ 824.114815][ T5898] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 825.455170][ T5898] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84 [ 826.265206][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 826.278261][ T5898] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 826.289850][ T5898] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 826.438659][ T5898] usb 7-1: config 0 descriptor?? [ 826.875338][ T5898] usb 7-1: can't set config #0, error -71 [ 826.970557][ T5898] usb 7-1: USB disconnect, device number 6 [ 828.180158][ T5897] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 828.773380][ T9] usb 5-1: new full-speed USB device number 25 using dummy_hcd [ 828.775175][ T5897] usb 7-1: config index 0 descriptor too short (expected 19492, got 36) [ 828.792785][ T5897] usb 7-1: config 143 has too many interfaces: 231, using maximum allowed: 32 [ 828.802430][ T5897] usb 7-1: config 143 has an invalid descriptor of length 0, skipping remainder of the config [ 828.813426][ T5897] usb 7-1: config 143 has 0 interfaces, different from the descriptor's value: 231 [ 828.840285][ T5897] usb 7-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 828.885732][ T5897] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 828.942069][ T9] usb 5-1: device descriptor read/64, error -71 [ 829.070115][T12327] FAULT_INJECTION: forcing a failure. [ 829.070115][T12327] name failslab, interval 1, probability 0, space 0, times 0 [ 829.083523][T12327] CPU: 0 UID: 0 PID: 12327 Comm: syz.1.1519 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 829.083553][T12327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 829.083566][T12327] Call Trace: [ 829.083574][T12327] [ 829.083584][T12327] dump_stack_lvl+0x189/0x250 [ 829.083620][T12327] ? lockdep_hardirqs_on+0x9c/0x150 [ 829.083653][T12327] ? __pfx_dump_stack_lvl+0x10/0x10 [ 829.083690][T12327] ? dump_stack+0x9/0x20 [ 829.083724][T12327] should_fail_ex+0x414/0x560 [ 829.083757][T12327] should_failslab+0xa8/0x100 [ 829.083790][T12327] __kmalloc_noprof+0xcb/0x4f0 [ 829.083820][T12327] ? tomoyo_encode+0x28b/0x550 [ 829.083859][T12327] tomoyo_encode+0x28b/0x550 [ 829.083896][T12327] tomoyo_realpath_from_path+0x58d/0x5d0 [ 829.083932][T12327] ? tomoyo_domain+0xda/0x130 [ 829.083957][T12327] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 829.083984][T12327] tomoyo_path_number_perm+0x1e8/0x5a0 [ 829.084014][T12327] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 829.084050][T12327] ? rcu_is_watching+0x15/0xb0 [ 829.084084][T12327] ? __lock_acquire+0xab9/0xd20 [ 829.084131][T12327] ? __fget_files+0x2a/0x420 [ 829.084167][T12327] ? __fget_files+0x2a/0x420 [ 829.084198][T12327] ? __fget_files+0x3a0/0x420 [ 829.084228][T12327] ? __fget_files+0x2a/0x420 [ 829.084265][T12327] security_file_ioctl+0xcb/0x2d0 [ 829.084297][T12327] __se_sys_ioctl+0x47/0x170 [ 829.084332][T12327] do_syscall_64+0xfa/0x3b0 [ 829.084364][T12327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 829.084384][T12327] ? asm_sysvec_call_function_single+0x1a/0x20 [ 829.084405][T12327] ? clear_bhb_loop+0x60/0xb0 [ 829.084432][T12327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 829.084453][T12327] RIP: 0033:0x7f5d2738e969 [ 829.084473][T12327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 829.084492][T12327] RSP: 002b:00007f5d281cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 829.084516][T12327] RAX: ffffffffffffffda RBX: 00007f5d275b6080 RCX: 00007f5d2738e969 [ 829.084534][T12327] RDX: 0000200000000000 RSI: 00000000000089f1 RDI: 000000000000000c [ 829.084548][T12327] RBP: 00007f5d281cd090 R08: 0000000000000000 R09: 0000000000000000 [ 829.084563][T12327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 829.084576][T12327] R13: 0000000000000000 R14: 00007f5d275b6080 R15: 00007ffecc043cc8 [ 829.084609][T12327] [ 829.085592][T12327] ERROR: Out of memory at tomoyo_realpath_from_path. [ 829.810104][ T9] usb 5-1: new full-speed USB device number 26 using dummy_hcd [ 829.987139][ T5897] usb 7-1: string descriptor 0 read error: -71 [ 830.015884][ T5897] usb 7-1: USB disconnect, device number 7 [ 830.037356][ T9] usb 5-1: device descriptor read/64, error -71 [ 830.204630][ T9] usb usb5-port1: attempt power cycle [ 830.946216][ T30] audit: type=1326 audit(1748490968.901:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12336 comm="syz.1.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2738e969 code=0x7ffc0000 [ 831.655015][ T9] usb 5-1: new full-speed USB device number 27 using dummy_hcd [ 831.668446][ T30] audit: type=1326 audit(1748490968.901:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12336 comm="syz.1.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2738e969 code=0x7ffc0000 [ 831.763978][ T30] audit: type=1326 audit(1748490968.901:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12336 comm="syz.1.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f5d2738e969 code=0x7ffc0000 [ 831.796201][T12341] vlan2: entered promiscuous mode [ 831.854159][ T9] usb 5-1: device descriptor read/8, error -71 [ 831.900144][ T30] audit: type=1326 audit(1748490968.901:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12336 comm="syz.1.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2738e969 code=0x7ffc0000 [ 831.958208][ T30] audit: type=1326 audit(1748490968.901:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12336 comm="syz.1.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2738e969 code=0x7ffc0000 [ 832.241277][T12354] xt_limit: Overflow, try lower: 2147483649/32768 [ 832.336679][T12356] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1526'. [ 832.785306][ T30] audit: type=1326 audit(1748490969.621:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12336 comm="syz.1.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f5d2738e969 code=0x7ffc0000 [ 832.808204][ T30] audit: type=1326 audit(1748490969.621:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12336 comm="syz.1.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2738e969 code=0x7ffc0000 [ 833.304168][ T30] audit: type=1326 audit(1748490969.621:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12336 comm="syz.1.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2738e969 code=0x7ffc0000 [ 834.040238][ T5898] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 834.314908][T12360] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 834.336857][T12372] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 834.350256][T12372] batman_adv: batadv0: Adding interface: ip6gretap1 [ 834.356907][T12372] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 834.382791][T12372] batman_adv: batadv0: Interface activated: ip6gretap1 [ 834.447787][T12360] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 834.488669][T12360] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 834.490545][ T5898] usb 1-1: Using ep0 maxpacket: 32 [ 834.582416][ T5898] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 834.603576][ T5898] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 834.622617][ T5898] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 834.643894][ T5898] usb 1-1: config 1 has no interface number 0 [ 834.660588][ T5898] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 834.694241][ T5898] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 834.738524][ T5898] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 834.758492][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 834.792031][ T5898] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 835.036042][ T5898] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 835.804843][T12396] syz.5.1532: attempt to access beyond end of device [ 835.804843][T12396] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0 [ 835.819006][T12396] syz.5.1532: attempt to access beyond end of device [ 835.819006][T12396] nbd5: rw=0, sector=120, nr_sectors = 8 limit=0 [ 835.859141][T12396] Mount JFS Failure: -5 [ 836.120493][ T5897] snd_usb_pod 1-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 836.131639][T12396] jfs_mount failed w/return code = -5 [ 837.632017][T12412] IPv6: Can't replace route, no match found [ 839.673769][ T24] usb 1-1: USB disconnect, device number 21 [ 839.681870][ T24] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 840.586872][T12427] IPv6: Can't replace route, no match found [ 844.070693][ T24] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 845.208473][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 845.236152][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 845.299802][ T24] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 845.414064][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 845.484532][T12455] FAULT_INJECTION: forcing a failure. [ 845.484532][T12455] name failslab, interval 1, probability 0, space 0, times 0 [ 845.501844][ T24] usb 1-1: config 0 descriptor?? [ 845.520793][ T24] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 845.543075][T12455] CPU: 1 UID: 0 PID: 12455 Comm: syz.6.1547 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 845.543109][T12455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 845.543124][T12455] Call Trace: [ 845.543133][T12455] [ 845.543145][T12455] dump_stack_lvl+0x189/0x250 [ 845.543181][T12455] ? __pfx____ratelimit+0x10/0x10 [ 845.543214][T12455] ? __pfx_dump_stack_lvl+0x10/0x10 [ 845.543246][T12455] ? __pfx__printk+0x10/0x10 [ 845.543288][T12455] ? __pfx___might_resched+0x10/0x10 [ 845.543323][T12455] should_fail_ex+0x414/0x560 [ 845.543359][T12455] should_failslab+0xa8/0x100 [ 845.543394][T12455] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 845.543427][T12455] ? __alloc_skb+0x112/0x2d0 [ 845.543466][T12455] __alloc_skb+0x112/0x2d0 [ 845.543503][T12455] netlink_dump+0x245/0xe70 [ 845.543547][T12455] ? __pfx_netlink_dump+0x10/0x10 [ 845.543596][T12455] ? __asan_memset+0x22/0x50 [ 845.543622][T12455] ? genl_start+0x499/0x6c0 [ 845.543664][T12455] __netlink_dump_start+0x5cb/0x7e0 [ 845.543704][T12455] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 845.543733][T12455] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 845.543755][T12455] ? genl_get_cmd+0x67f/0x910 [ 845.543780][T12455] ? __pfx___mutex_lock+0x10/0x10 [ 845.543814][T12455] ? __pfx_genl_start+0x10/0x10 [ 845.543833][T12455] ? __pfx_genl_dumpit+0x10/0x10 [ 845.543853][T12455] ? __pfx_genl_done+0x10/0x10 [ 845.543893][T12455] genl_rcv_msg+0x5da/0x790 [ 845.543924][T12455] ? __pfx_genl_rcv_msg+0x10/0x10 [ 845.543946][T12455] ? __pfx_smcd_nl_get_device+0x10/0x10 [ 845.543973][T12455] ? ref_tracker_free+0x63a/0x7d0 [ 845.544002][T12455] ? __copy_skb_header+0xa7/0x550 [ 845.544035][T12455] netlink_rcv_skb+0x21c/0x490 [ 845.544066][T12455] ? __pfx_genl_rcv_msg+0x10/0x10 [ 845.544090][T12455] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 845.544149][T12455] ? down_read+0x1ad/0x2e0 [ 845.544173][T12455] genl_rcv+0x28/0x40 [ 845.544193][T12455] netlink_unicast+0x758/0x8d0 [ 845.544234][T12455] netlink_sendmsg+0x805/0xb30 [ 845.544277][T12455] ? __pfx_netlink_sendmsg+0x10/0x10 [ 845.544317][T12455] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 845.544338][T12455] ? __pfx_netlink_sendmsg+0x10/0x10 [ 845.544371][T12455] __sock_sendmsg+0x219/0x270 [ 845.544402][T12455] ____sys_sendmsg+0x505/0x830 [ 845.544444][T12455] ? __pfx_____sys_sendmsg+0x10/0x10 [ 845.544491][T12455] ? import_iovec+0x74/0xa0 [ 845.544519][T12455] ___sys_sendmsg+0x21f/0x2a0 [ 845.544557][T12455] ? __pfx____sys_sendmsg+0x10/0x10 [ 845.544636][T12455] ? __fget_files+0x2a/0x420 [ 845.544676][T12455] ? __fget_files+0x3a0/0x420 [ 845.544721][T12455] __x64_sys_sendmsg+0x19b/0x260 [ 845.544746][T12455] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 845.544780][T12455] ? __pfx_ksys_write+0x10/0x10 [ 845.544806][T12455] ? rcu_is_watching+0x15/0xb0 [ 845.544842][T12455] ? do_syscall_64+0xbe/0x3b0 [ 845.544879][T12455] do_syscall_64+0xfa/0x3b0 [ 845.544911][T12455] ? lockdep_hardirqs_on+0x9c/0x150 [ 845.544941][T12455] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.544964][T12455] ? clear_bhb_loop+0x60/0xb0 [ 845.544992][T12455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.545014][T12455] RIP: 0033:0x7fc79d38e969 [ 845.545034][T12455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 845.545054][T12455] RSP: 002b:00007fc79b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 845.545078][T12455] RAX: ffffffffffffffda RBX: 00007fc79d5b5fa0 RCX: 00007fc79d38e969 [ 845.545094][T12455] RDX: 0000000000040800 RSI: 00002000000003c0 RDI: 0000000000000003 [ 845.545109][T12455] RBP: 00007fc79b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 845.545123][T12455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 845.545137][T12455] R13: 0000000000000000 R14: 00007fc79d5b5fa0 R15: 00007ffd4b58ac98 [ 845.545173][T12455] [ 846.446942][T12466] 9pnet_fd: Insufficient options for proto=fd [ 846.573077][T12471] overlayfs: failed to resolve './file3': -2 [ 848.690336][T12476] netlink: 'syz.6.1554': attribute type 10 has an invalid length. [ 849.001756][T12485] x_tables: ip_tables: TCPMSS target: only valid for protocol 6 [ 849.122683][ T5898] usb 1-1: USB disconnect, device number 22 [ 850.672348][T12476] team0: Cannot enslave team device to itself [ 850.854453][T12487] vlan2: entered promiscuous mode [ 851.160655][T12499] IPv6: Can't replace route, no match found [ 852.832349][T12509] veth0_to_bridge: entered promiscuous mode [ 852.867963][T12506] veth0_to_bridge: left promiscuous mode [ 852.976620][T12512] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1564'. [ 853.036157][T12511] veth0_to_bridge: entered promiscuous mode [ 853.180525][T12510] veth0_to_bridge: left promiscuous mode [ 853.275163][T12514] netlink: 'syz.1.1565': attribute type 12 has an invalid length. [ 853.514911][T12517] overlayfs: bad index found (index=index/00fb210001c57b3835f0cc4a06ae449c1826cd997591bcc33f1207000000000000, ftype=2000, origin ftype=8000). [ 860.145141][T12556] IPv6: Can't replace route, no match found [ 863.439119][T12594] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1588'. [ 865.151349][T12605] FAULT_INJECTION: forcing a failure. [ 865.151349][T12605] name failslab, interval 1, probability 0, space 0, times 0 [ 865.215354][T12605] CPU: 0 UID: 0 PID: 12605 Comm: syz.6.1590 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 865.215388][T12605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 865.215402][T12605] Call Trace: [ 865.215411][T12605] [ 865.215421][T12605] dump_stack_lvl+0x189/0x250 [ 865.215458][T12605] ? __pfx____ratelimit+0x10/0x10 [ 865.215491][T12605] ? __pfx_dump_stack_lvl+0x10/0x10 [ 865.215522][T12605] ? __pfx__printk+0x10/0x10 [ 865.215565][T12605] ? __pfx___might_resched+0x10/0x10 [ 865.215600][T12605] should_fail_ex+0x414/0x560 [ 865.215636][T12605] should_failslab+0xa8/0x100 [ 865.215672][T12605] __kmalloc_cache_noprof+0x70/0x3d0 [ 865.215705][T12605] ? igmpv3_add_delrec+0xbd/0x560 [ 865.215752][T12605] igmpv3_add_delrec+0xbd/0x560 [ 865.215791][T12605] __igmp_group_dropped+0x6e5/0x8f0 [ 865.215828][T12605] ? __pfx___igmp_group_dropped+0x10/0x10 [ 865.215873][T12605] __ip_mc_dec_group+0x3e5/0x690 [ 865.215907][T12605] ip_mc_drop_socket+0x1d3/0x270 [ 865.215945][T12605] inet_release+0x98/0x210 [ 865.215971][T12605] sock_close+0xc0/0x240 [ 865.215998][T12605] ? __pfx_sock_close+0x10/0x10 [ 865.216024][T12605] __fput+0x44c/0xa70 [ 865.216060][T12605] fput_close_sync+0x119/0x200 [ 865.216089][T12605] ? __pfx_fput_close_sync+0x10/0x10 [ 865.216131][T12605] __x64_sys_close+0x7f/0x110 [ 865.216158][T12605] do_syscall_64+0xfa/0x3b0 [ 865.216190][T12605] ? lockdep_hardirqs_on+0x9c/0x150 [ 865.216221][T12605] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 865.216244][T12605] ? clear_bhb_loop+0x60/0xb0 [ 865.216271][T12605] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 865.216293][T12605] RIP: 0033:0x7fc79d38e969 [ 865.216313][T12605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 865.216332][T12605] RSP: 002b:00007fc79b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 865.216355][T12605] RAX: ffffffffffffffda RBX: 00007fc79d5b5fa0 RCX: 00007fc79d38e969 [ 865.216372][T12605] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 865.216385][T12605] RBP: 00007fc79b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 865.216399][T12605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 865.216413][T12605] R13: 0000000000000000 R14: 00007fc79d5b5fa0 R15: 00007ffd4b58ac98 [ 865.216449][T12605] [ 866.292725][T12612] kvm: apic: phys broadcast and lowest prio [ 866.685588][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1593'. [ 866.713910][T12614] Can't find a SQUASHFS superblock on nullb0 [ 866.908793][T12620] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1594'. [ 866.989870][T12622] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1595'. [ 869.734690][T12642] fuse: Unknown parameter 'bd' [ 870.578061][T12650] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1601'. [ 870.688856][T12650] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1601'. [ 870.872239][T12651] IPv6: Can't replace route, no match found [ 871.991947][ T10] usb 7-1: new low-speed USB device number 8 using dummy_hcd [ 872.833408][ T10] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 872.847551][ T10] usb 7-1: config 179 has no interface number 0 [ 872.871481][ T10] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 873.245930][ T10] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 873.321123][T12681] FAULT_INJECTION: forcing a failure. [ 873.321123][T12681] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 873.334474][T12681] CPU: 1 UID: 0 PID: 12681 Comm: syz.5.1607 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 873.334505][T12681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 873.334520][T12681] Call Trace: [ 873.334529][T12681] [ 873.334538][T12681] dump_stack_lvl+0x189/0x250 [ 873.334574][T12681] ? __pfx____ratelimit+0x10/0x10 [ 873.334606][T12681] ? __pfx_dump_stack_lvl+0x10/0x10 [ 873.334638][T12681] ? __pfx__printk+0x10/0x10 [ 873.334673][T12681] ? __might_fault+0xb0/0x130 [ 873.334719][T12681] should_fail_ex+0x414/0x560 [ 873.334754][T12681] _copy_from_user+0x2d/0xb0 [ 873.334776][T12681] ? semctl_main+0xee/0x15f0 [ 873.334807][T12681] semctl_main+0x6f5/0x15f0 [ 873.334838][T12681] ? semctl_main+0xee/0x15f0 [ 873.334877][T12681] ? __pfx_semctl_main+0x10/0x10 [ 873.334975][T12681] ? __se_sys_semctl+0x291/0x3a0 [ 873.335011][T12681] __se_sys_semctl+0x31c/0x3a0 [ 873.335051][T12681] ? __pfx___se_sys_semctl+0x10/0x10 [ 873.335092][T12681] ? __pfx_ksys_write+0x10/0x10 [ 873.335128][T12681] ? do_syscall_64+0xbe/0x3b0 [ 873.335164][T12681] do_syscall_64+0xfa/0x3b0 [ 873.335197][T12681] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.335219][T12681] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 873.335241][T12681] ? clear_bhb_loop+0x60/0xb0 [ 873.335268][T12681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.335289][T12681] RIP: 0033:0x7f817b78e969 [ 873.335310][T12681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 873.335330][T12681] RSP: 002b:00007f817c569038 EFLAGS: 00000246 ORIG_RAX: 0000000000000042 [ 873.335353][T12681] RAX: ffffffffffffffda RBX: 00007f817b9b6160 RCX: 00007f817b78e969 [ 873.335370][T12681] RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000000 [ 873.335384][T12681] RBP: 00007f817c569090 R08: 0000000000000000 R09: 0000000000000000 [ 873.335399][T12681] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 873.335412][T12681] R13: 0000000000000000 R14: 00007f817b9b6160 R15: 00007fff022f04f8 [ 873.335446][T12681] [ 873.773606][ T10] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 873.861474][ T10] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 873.896445][ T10] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 873.920559][ T10] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 873.935098][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 875.004287][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.007984][ T10] xpad 7-1:179.65: probe with driver xpad failed with error -5 [ 875.033576][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.142605][ T10] usb 7-1: USB disconnect, device number 8 [ 876.571074][ T9] usb 5-1: new full-speed USB device number 29 using dummy_hcd [ 877.137334][T12707] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1614'. [ 877.148260][T12707] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1614'. [ 877.473400][T12710] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1613'. [ 877.794467][T12715] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1617'. [ 877.938548][T12716] kvm: emulating exchange as write [ 878.246045][T12728] random: crng reseeded on system resumption [ 878.351558][T12736] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1618'. [ 879.638152][T12747] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1623'. [ 879.740465][T12749] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1625'. [ 879.740502][T12749] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1625'. [ 883.194179][T12768] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1629'. [ 883.204034][T12768] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1629'. [ 883.920062][T12772] @ÿ: renamed from veth0_to_batadv (while UP) [ 884.662788][T12795] netlink: 'syz.6.1635': attribute type 3 has an invalid length. [ 884.671190][T12795] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1635'. [ 886.717187][T12822] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1643'. [ 886.727103][T12822] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1643'. [ 888.949692][ T24] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 889.222382][ T24] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 889.372381][ T24] usb 5-1: config 2 has 0 interfaces, different from the descriptor's value: 1 [ 889.432092][ T24] usb 5-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 889.499946][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 889.519695][ T24] usb 5-1: Product: syz [ 889.535265][ T24] usb 5-1: Manufacturer: syz [ 889.583062][ T24] usb 5-1: SerialNumber: syz [ 893.028810][T12874] IPv6: Can't replace route, no match found [ 895.008637][ T9] usb 5-1: USB disconnect, device number 30 [ 895.478399][T12892] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1659'. [ 895.488502][T12892] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1659'. [ 896.051854][T12898] netlink: 'syz.5.1661': attribute type 29 has an invalid length. [ 896.174128][T12901] vlan2: entered promiscuous mode [ 896.288892][T12908] kAFS: unable to lookup cell '.,' [ 900.513728][T12952] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1675'. [ 900.523699][T12952] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1675'. [ 901.969584][ T5820] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 902.121468][ T5820] usb 2-1: Using ep0 maxpacket: 16 [ 902.160400][ T5820] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 902.211872][ T5820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 902.256030][ T5820] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 902.275412][ T5820] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 902.298010][ T5820] usb 2-1: Product: syz [ 902.330791][ T5820] usb 2-1: Manufacturer: syz [ 902.359384][ T5820] usb 2-1: SerialNumber: syz [ 902.390272][ T5820] usb 2-1: config 0 descriptor?? [ 902.420121][ T5820] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 902.475611][ T5820] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 902.486772][ T24] usb 6-1: new low-speed USB device number 21 using dummy_hcd [ 902.677402][ T24] usb 6-1: config index 0 descriptor too short (expected 6427, got 27) [ 902.702368][ T24] usb 6-1: config 0 has an invalid interface number: 21 but max is 0 [ 902.710666][ T24] usb 6-1: config 0 has no interface number 0 [ 902.759351][ T24] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 902.802176][ T24] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid maxpacket 4096, setting to 8 [ 902.835930][ T24] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 902.845048][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 902.886732][ T24] usb 6-1: config 0 descriptor?? [ 903.056137][T12959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 903.078977][T12959] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 903.083834][ T5820] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 903.398956][T12968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 903.667938][T12968] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 903.699530][ T5820] em28xx 2-1:0.0: Config register raw data: 0x01 [ 904.044198][ T24] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.21/input/input27 [ 905.636954][T13003] syz.6.1684: attempt to access beyond end of device [ 905.636954][T13003] nbd6: rw=0, sector=64, nr_sectors = 8 limit=0 [ 905.830113][T13003] syz.6.1684: attempt to access beyond end of device [ 905.830113][T13003] nbd6: rw=0, sector=120, nr_sectors = 8 limit=0 [ 906.331207][T13003] Mount JFS Failure: -5 [ 906.335603][T13003] jfs_mount failed w/return code = -5 [ 906.577719][ C1] keyspan_remote 6-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19 [ 906.587692][ T24] usb 6-1: USB disconnect, device number 21 [ 907.057282][ T5898] usb 2-1: USB disconnect, device number 28 [ 907.082499][ T5898] em28xx 2-1:0.0: Disconnecting em28xx [ 907.141845][ T5898] em28xx 2-1:0.0: Freeing device [ 907.232686][T13018] FAULT_INJECTION: forcing a failure. [ 907.232686][T13018] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 907.290816][T13018] CPU: 1 UID: 0 PID: 13018 Comm: syz.1.1690 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 907.290849][T13018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 907.290864][T13018] Call Trace: [ 907.290872][T13018] [ 907.290883][T13018] dump_stack_lvl+0x189/0x250 [ 907.290918][T13018] ? __pfx____ratelimit+0x10/0x10 [ 907.290951][T13018] ? __pfx_dump_stack_lvl+0x10/0x10 [ 907.290982][T13018] ? __pfx__printk+0x10/0x10 [ 907.291019][T13018] ? fs_reclaim_acquire+0x7d/0x100 [ 907.291053][T13018] should_fail_ex+0x414/0x560 [ 907.291088][T13018] prepare_alloc_pages+0x213/0x610 [ 907.291121][T13018] __alloc_frozen_pages_noprof+0x123/0x370 [ 907.291151][T13018] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 907.291185][T13018] ? policy_nodemask+0x27c/0x720 [ 907.291224][T13018] alloc_pages_mpol+0x232/0x4a0 [ 907.291264][T13018] alloc_pages_noprof+0xa9/0x190 [ 907.291299][T13018] get_zeroed_page_noprof+0x1a/0x90 [ 907.291323][T13018] simple_transaction_get+0x4d/0x150 [ 907.291359][T13018] smk_write_access2+0x39/0x180 [ 907.291399][T13018] ? __pfx_smk_write_access2+0x10/0x10 [ 907.291431][T13018] vfs_write+0x27b/0xa90 [ 907.291470][T13018] ? __pfx_vfs_write+0x10/0x10 [ 907.291501][T13018] ? __fget_files+0x2a/0x420 [ 907.291540][T13018] ? __fget_files+0x3a0/0x420 [ 907.291570][T13018] ? __fget_files+0x2a/0x420 [ 907.291614][T13018] ksys_write+0x145/0x250 [ 907.291646][T13018] ? __pfx_ksys_write+0x10/0x10 [ 907.291671][T13018] ? rcu_is_watching+0x15/0xb0 [ 907.291706][T13018] ? do_syscall_64+0xbe/0x3b0 [ 907.291744][T13018] do_syscall_64+0xfa/0x3b0 [ 907.291775][T13018] ? lockdep_hardirqs_on+0x9c/0x150 [ 907.291805][T13018] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.291827][T13018] ? clear_bhb_loop+0x60/0xb0 [ 907.291854][T13018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 907.291875][T13018] RIP: 0033:0x7f5d2738e969 [ 907.291895][T13018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 907.291914][T13018] RSP: 002b:00007f5d281ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 907.291937][T13018] RAX: ffffffffffffffda RBX: 00007f5d275b5fa0 RCX: 00007f5d2738e969 [ 907.291954][T13018] RDX: 0000000000000009 RSI: 0000200000000780 RDI: 0000000000000003 [ 907.291968][T13018] RBP: 00007f5d281ee090 R08: 0000000000000000 R09: 0000000000000000 [ 907.291982][T13018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 907.291996][T13018] R13: 0000000000000000 R14: 00007f5d275b5fa0 R15: 00007ffecc043cc8 [ 907.292032][T13018] [ 909.142975][T13041] syz.0.1698: attempt to access beyond end of device [ 909.142975][T13041] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 909.156499][T13041] FAT-fs (loop1): unable to read boot sector [ 911.424193][T13066] sctp: [Deprecated]: syz.6.1702 (pid 13066) Use of struct sctp_assoc_value in delayed_ack socket option. [ 911.424193][T13066] Use struct sctp_sack_info instead [ 911.912404][ T5898] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 912.112620][ T5898] usb 7-1: Using ep0 maxpacket: 16 [ 912.138546][ T5898] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 912.167763][ T5898] usb 7-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40 [ 912.183383][ T5898] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 912.197457][ T5898] usb 7-1: Product: syz [ 912.207200][ T5898] usb 7-1: Manufacturer: syz [ 912.435672][ T5898] usb 7-1: SerialNumber: syz [ 912.477054][ T5898] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/input/input28 [ 913.076024][ T5172] bcm5974 7-1:1.0: could not read from device [ 913.130718][ T5898] usb 7-1: USB disconnect, device number 9 [ 913.138965][ T5172] bcm5974 7-1:1.0: could not read from device [ 917.746435][T13130] pimreg: entered allmulticast mode [ 917.753727][T13142] syz.5.1718: attempt to access beyond end of device [ 917.753727][T13142] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0 [ 917.801308][T13142] syz.5.1718: attempt to access beyond end of device [ 917.801308][T13142] nbd5: rw=0, sector=120, nr_sectors = 8 limit=0 [ 917.826644][T13142] Mount JFS Failure: -5 [ 917.835781][T13142] jfs_mount failed w/return code = -5 [ 918.116421][T13149] tipc: Invalid UDP bearer configuration [ 918.116485][T13149] tipc: Enabling of bearer rejected, failed to enable media [ 921.441009][T13155] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 921.639865][T13180] IPv6: Can't replace route, no match found [ 929.217991][ T30] audit: type=1800 audit(1748495094.542:489): pid=13228 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1740" name="file1" dev="overlay" ino=1977 res=0 errno=0 [ 929.300754][T13222] trusted_key: syz.5.1738 sent an empty control message without MSG_MORE. [ 932.207334][ T5897] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 932.587148][ T5897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 932.866769][ T5897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 933.296130][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 933.302861][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.628712][ T5897] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 933.628777][ T5897] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 933.628806][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 933.658751][ T5897] usb 5-1: config 0 descriptor?? [ 933.789557][ T5897] usb 5-1: can't set config #0, error -71 [ 933.798593][ T5897] usb 5-1: USB disconnect, device number 31 [ 934.033480][T13272] tty tty21: ldisc open failed (-12), clearing slot 20 [ 937.780994][T13318] IPv6: Can't replace route, no match found [ 940.644452][T13331] capability: warning: `syz.0.1768' uses deprecated v2 capabilities in a way that may be insecure [ 945.705860][ T5897] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 945.872979][ T5897] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 946.217316][ T5897] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 946.316250][ T5897] usb 5-1: config 220 has no interface number 2 [ 946.342774][ T5897] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 946.558598][ T5897] usb 5-1: config 220 interface 0 has no altsetting 0 [ 946.742419][ T5897] usb 5-1: config 220 interface 76 has no altsetting 0 [ 946.855340][ T5897] usb 5-1: config 220 interface 1 has no altsetting 0 [ 946.911790][ T5897] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 946.934915][ T5897] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 947.140450][ T5897] usb 5-1: Product: syz [ 947.169004][ T5897] usb 5-1: Manufacturer: syz [ 947.364976][ T5897] usb 5-1: SerialNumber: syz [ 947.735471][ T5897] usb 5-1: selecting invalid altsetting 0 [ 947.768769][ T5897] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 947.784922][ T5897] usb 5-1: No valid video chain found. [ 947.822095][ T5897] usb 5-1: selecting invalid altsetting 0 [ 947.841784][ T5897] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 947.878838][ T5897] usb 5-1: USB disconnect, device number 32 [ 949.449057][ T5898] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 949.543545][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 949.734721][ T5898] usb 2-1: device descriptor read/64, error -32 [ 950.111565][ T5898] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 950.336902][ T5898] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 950.685823][T13446] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1800'. [ 951.064250][ T5898] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65327, setting to 1024 [ 951.225172][ T5898] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 951.367186][ T24] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 951.377292][ T5898] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 951.391970][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 951.404585][T13422] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 951.443255][ T5898] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 951.477846][ T9] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 951.538095][ T24] usb 1-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.7f [ 951.547264][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 951.771306][ T24] usb 1-1: config 0 descriptor?? [ 951.790690][ T5898] usb 2-1: USB disconnect, device number 30 [ 951.814810][ T9] usb 5-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 951.845085][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 951.865001][ T9] usb 5-1: Product: syz [ 951.870496][ T9] usb 5-1: Manufacturer: syz [ 951.876446][ T9] usb 5-1: SerialNumber: syz [ 951.959684][ T9] usb 5-1: config 0 descriptor?? [ 952.267041][ T9] usb 5-1: ignoring: probably an ADSL modem [ 952.475722][T13464] netlink: 'syz.4.1802': attribute type 7 has an invalid length. [ 952.484323][T13464] netlink: 'syz.4.1802': attribute type 8 has an invalid length. [ 952.498422][T13464] Device name cannot be null; rc = [-22] [ 952.552789][T13467] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1805'. [ 952.568347][T13467] FAULT_INJECTION: forcing a failure. [ 952.568347][T13467] name failslab, interval 1, probability 0, space 0, times 0 [ 952.598912][T13467] CPU: 1 UID: 0 PID: 13467 Comm: syz.5.1805 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 952.598944][T13467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 952.598959][T13467] Call Trace: [ 952.598967][T13467] [ 952.598978][T13467] dump_stack_lvl+0x189/0x250 [ 952.599016][T13467] ? __pfx____ratelimit+0x10/0x10 [ 952.599048][T13467] ? __pfx_dump_stack_lvl+0x10/0x10 [ 952.599087][T13467] ? __pfx__printk+0x10/0x10 [ 952.599138][T13467] should_fail_ex+0x414/0x560 [ 952.599173][T13467] should_failslab+0xa8/0x100 [ 952.599208][T13467] kmem_cache_alloc_noprof+0x73/0x3c0 [ 952.599238][T13467] ? skb_clone+0x212/0x3a0 [ 952.599266][T13467] skb_clone+0x212/0x3a0 [ 952.599293][T13467] __netlink_deliver_tap+0x404/0x850 [ 952.599339][T13467] ? netlink_deliver_tap+0x2e/0x1b0 [ 952.599371][T13467] netlink_deliver_tap+0x19c/0x1b0 [ 952.599402][T13467] netlink_sendskb+0x68/0x140 [ 952.599432][T13467] netlink_rcv_skb+0x2a0/0x490 [ 952.599464][T13467] ? __pfx_genl_rcv_msg+0x10/0x10 [ 952.599489][T13467] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 952.599546][T13467] ? down_read+0x1ad/0x2e0 [ 952.599569][T13467] genl_rcv+0x28/0x40 [ 952.599589][T13467] netlink_unicast+0x758/0x8d0 [ 952.599630][T13467] netlink_sendmsg+0x805/0xb30 [ 952.599672][T13467] ? __pfx_netlink_sendmsg+0x10/0x10 [ 952.599712][T13467] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 952.599733][T13467] ? __pfx_netlink_sendmsg+0x10/0x10 [ 952.599764][T13467] __sock_sendmsg+0x219/0x270 [ 952.599795][T13467] ____sys_sendmsg+0x505/0x830 [ 952.599836][T13467] ? __pfx_____sys_sendmsg+0x10/0x10 [ 952.599882][T13467] ? import_iovec+0x74/0xa0 [ 952.599909][T13467] ___sys_sendmsg+0x21f/0x2a0 [ 952.599946][T13467] ? __pfx____sys_sendmsg+0x10/0x10 [ 952.600024][T13467] ? __fget_files+0x2a/0x420 [ 952.600063][T13467] ? __fget_files+0x3a0/0x420 [ 952.600108][T13467] __x64_sys_sendmsg+0x19b/0x260 [ 952.600132][T13467] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 952.600165][T13467] ? __pfx_ksys_write+0x10/0x10 [ 952.600200][T13467] ? do_syscall_64+0xbe/0x3b0 [ 952.600237][T13467] do_syscall_64+0xfa/0x3b0 [ 952.600270][T13467] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.600291][T13467] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 952.600311][T13467] ? clear_bhb_loop+0x60/0xb0 [ 952.600336][T13467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.600356][T13467] RIP: 0033:0x7f817b78e969 [ 952.600376][T13467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 952.600396][T13467] RSP: 002b:00007f817c5ab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 952.600419][T13467] RAX: ffffffffffffffda RBX: 00007f817b9b5fa0 RCX: 00007f817b78e969 [ 952.600436][T13467] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 952.600450][T13467] RBP: 00007f817c5ab090 R08: 0000000000000000 R09: 0000000000000000 [ 952.600464][T13467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 952.600477][T13467] R13: 0000000000000000 R14: 00007f817b9b5fa0 R15: 00007fff022f04f8 [ 952.600512][T13467] [ 952.937961][ T9] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 953.133670][ T24] usb 1-1: string descriptor 0 read error: -71 [ 953.140098][ T24] ldusb 1-1:0.0: Interrupt in endpoint not found [ 953.149483][ T24] usb 1-1: USB disconnect, device number 23 [ 953.345778][T13464] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1802'. [ 953.429732][ T5898] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 954.444287][ T5898] usb 7-1: device descriptor read/64, error -71 [ 954.463920][ T5871] usb 5-1: USB disconnect, device number 33 [ 955.490328][T13489] random: crng reseeded on system resumption [ 955.662885][T13496] netlink: 'syz.0.1814': attribute type 6 has an invalid length. [ 955.802925][ T5898] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 956.078052][T13501] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1813'. [ 956.373319][ T5898] usb 7-1: device descriptor read/64, error -71 [ 956.540101][ T5898] usb usb7-port1: attempt power cycle [ 958.011708][ T5898] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 958.182463][ T5898] usb 5-1: device descriptor read/64, error -71 [ 958.683652][ T9] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 959.436296][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 959.840001][ T5898] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 960.141475][ T9] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 960.167575][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 960.210387][ T9] usb 6-1: Product: syz [ 960.230546][ T9] usb 6-1: Manufacturer: syz [ 960.235426][ T9] usb 6-1: SerialNumber: syz [ 960.263062][ T9] usb 6-1: config 0 descriptor?? [ 961.221028][ T9] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 961.335644][ T5898] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 961.500842][ T5898] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 961.757420][ T5898] usb 5-1: config 0 has no interfaces? [ 961.776008][ T5898] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 961.785000][ T9] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 961.878333][T13547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1827'. [ 962.086816][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 962.392739][ T9] usb 6-1: USB disconnect, device number 22 [ 962.565234][ T5898] usb 5-1: config 0 descriptor?? [ 962.626601][T13550] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1829'. [ 965.865779][ T9] usb 5-1: USB disconnect, device number 36 [ 969.417797][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 970.615951][T13613] sp0: Synchronizing with TNC [ 970.777722][T13623] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 970.911953][T13612] [U] è` [ 971.404820][T13626] netlink: 'syz.1.1847': attribute type 16 has an invalid length. [ 971.413221][T13626] netlink: 'syz.1.1847': attribute type 3 has an invalid length. [ 971.420986][T13626] netlink: 64066 bytes leftover after parsing attributes in process `syz.1.1847'. [ 971.471762][T13626] input: syz1 as /devices/virtual/input/input29 [ 977.273455][T13656] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1855'. [ 978.384266][T13696] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1865'. [ 980.732704][T13718] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1873'. [ 980.797519][T13718] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1873'. [ 981.705768][T13726] syz.5.1872: attempt to access beyond end of device [ 981.705768][T13726] nbd5: rw=0, sector=64, nr_sectors = 8 limit=0 [ 982.622815][ T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 982.635056][T13726] syz.5.1872: attempt to access beyond end of device [ 982.635056][T13726] nbd5: rw=0, sector=120, nr_sectors = 8 limit=0 [ 982.868667][T13726] Mount JFS Failure: -5 [ 982.913934][T13726] jfs_mount failed w/return code = -5 [ 982.936866][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 982.957744][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 982.984852][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 982.996667][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 983.006434][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 983.027474][ T9] usb 1-1: config 0 descriptor?? [ 983.411112][T13731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 983.423636][T13731] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 983.454322][T13743] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1879'. [ 983.509410][T13744] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1878'. [ 983.519559][T13731] batadv_slave_1: entered promiscuous mode [ 984.332415][T13754] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1881'. [ 985.225828][T13731] batadv_slave_1: left promiscuous mode [ 985.479038][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 985.604534][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 985.909028][ T9] usb 1-1: USB disconnect, device number 24 [ 986.093088][T13765] fuse: Unknown parameter 'user_id00000000000000000000' [ 986.738935][ T977] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 986.994276][ T977] usb 1-1: Using ep0 maxpacket: 32 [ 987.062873][ T977] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 987.126168][ T977] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16 [ 987.833472][ T977] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 987.874261][ T977] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 26 [ 987.927312][ T977] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 987.957136][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 987.976468][ T977] usb 1-1: SerialNumber: syz [ 987.985767][T13767] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 988.002649][T13767] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 988.099420][T13781] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1891'. [ 988.804288][ T10] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 989.317419][ T10] usb 7-1: config 0 has an invalid interface number: 177 but max is 0 [ 989.326145][ T10] usb 7-1: config 0 has no interface number 0 [ 989.452841][ T10] usb 7-1: New USB device found, idVendor=09fb, idProduct=ebbe, bcdDevice=39.5d [ 989.480667][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 989.483613][ T977] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 989.488976][ T10] usb 7-1: Product: syz [ 989.996306][ T977] usb 1-1: USB disconnect, device number 25 [ 990.010443][ T10] usb 7-1: Manufacturer: syz [ 990.019516][ T10] usb 7-1: SerialNumber: syz [ 990.053949][ T10] usb 7-1: config 0 descriptor?? [ 990.874557][T13800] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 991.063213][T13800] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 991.282306][T13803] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 991.477290][ T10] usb 7-1: USB disconnect, device number 13 [ 991.819720][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 991.827174][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 992.003007][T13816] fuse: Unknown parameter 'user_id00000000000000000000' [ 993.984781][T13830] random: crng reseeded on system resumption [ 994.407696][T13840] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1905'. [ 995.365563][T13830] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1904'. [ 995.562459][T13863] fuse: Bad value for 'fd' [ 1002.170506][T13918] fuse: Bad value for 'fd' [ 1004.174706][T13934] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1932'. [ 1010.933506][T13975] syz.4.1938: attempt to access beyond end of device [ 1010.933506][T13975] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1010.947293][T13975] syz.4.1938: attempt to access beyond end of device [ 1010.947293][T13975] nbd4: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1010.961071][T13975] Mount JFS Failure: -5 [ 1010.965405][T13975] jfs_mount failed w/return code = -5 [ 1012.977757][ T5137] Bluetooth: hci3: unexpected event for opcode 0x0c13 [ 1015.749782][T14003] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1949'. [ 1015.801645][T14003] vlan2: entered promiscuous mode [ 1025.907443][T14090] syz.0.1965: attempt to access beyond end of device [ 1025.907443][T14090] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0 [ 1026.062170][T14090] syz.0.1965: attempt to access beyond end of device [ 1026.062170][T14090] nbd0: rw=0, sector=120, nr_sectors = 8 limit=0 [ 1026.102785][T14090] Mount JFS Failure: -5 [ 1026.112661][T14090] jfs_mount failed w/return code = -5 [ 1026.161554][T14091] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1967'. [ 1026.196341][T14091] vlan2: entered promiscuous mode [ 1030.456768][T14125] IPv6: Can't replace route, no match found [ 1030.545378][ T30] audit: type=1326 audit(1748495200.930:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14124 comm="syz.5.1975" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f817b78e969 code=0x0 [ 1033.770905][T14144] sctp: [Deprecated]: syz.1.1978 (pid 14144) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1033.770905][T14144] Use struct sctp_sack_info instead [ 1035.083688][ T5871] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1035.713864][ T5871] usb 2-1: Using ep0 maxpacket: 16 [ 1036.603698][ T5871] usb 2-1: device descriptor read/all, error -71 [ 1036.679739][T14165] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1984'. [ 1036.948205][T14165] vlan2: entered promiscuous mode [ 1038.441310][T14183] fuse: Bad value for 'fd' [ 1044.056416][T14214] sctp: [Deprecated]: syz.5.1996 (pid 14214) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1044.056416][T14214] Use struct sctp_sack_info instead [ 1045.018022][ T5898] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 1045.094598][T14216] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1045.101902][T14216] IPv6: NLM_F_CREATE should be set when creating new route [ 1045.109330][T14216] IPv6: NLM_F_CREATE should be set when creating new route [ 1045.116650][T14216] IPv6: NLM_F_CREATE should be set when creating new route [ 1045.237314][ T5898] usb 6-1: Using ep0 maxpacket: 16 [ 1045.265885][ T5898] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1045.300042][ T5898] usb 6-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.40 [ 1045.352187][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1045.360288][ T5898] usb 6-1: Product: syz [ 1045.396247][ T5898] usb 6-1: Manufacturer: syz [ 1045.559385][T14220] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1045.944902][ T5898] usb 6-1: SerialNumber: syz [ 1046.036363][T14224] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2000'. [ 1046.070973][ T5898] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input30 [ 1046.074178][T14224] vlan2: entered promiscuous mode [ 1046.491515][ T5172] bcm5974 6-1:1.0: could not read from device [ 1046.838054][ T5172] bcm5974 6-1:1.0: could not read from device [ 1046.848565][ T5898] usb 6-1: USB disconnect, device number 23 [ 1047.517453][T14237] FAULT_INJECTION: forcing a failure. [ 1047.517453][T14237] name failslab, interval 1, probability 0, space 0, times 0 [ 1047.561497][T14237] CPU: 1 UID: 0 PID: 14237 Comm: syz.6.2003 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 1047.561529][T14237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1047.561544][T14237] Call Trace: [ 1047.561552][T14237] [ 1047.561562][T14237] dump_stack_lvl+0x189/0x250 [ 1047.561597][T14237] ? __pfx____ratelimit+0x10/0x10 [ 1047.561627][T14237] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1047.561656][T14237] ? __pfx__printk+0x10/0x10 [ 1047.561697][T14237] ? ref_tracker_alloc+0x318/0x460 [ 1047.561731][T14237] should_fail_ex+0x414/0x560 [ 1047.561765][T14237] should_failslab+0xa8/0x100 [ 1047.561800][T14237] kmem_cache_alloc_noprof+0x73/0x3c0 [ 1047.561830][T14237] ? skb_clone+0x212/0x3a0 [ 1047.561857][T14237] skb_clone+0x212/0x3a0 [ 1047.561892][T14237] __netlink_deliver_tap+0x404/0x850 [ 1047.561933][T14237] ? netlink_deliver_tap+0x2e/0x1b0 [ 1047.561963][T14237] netlink_deliver_tap+0x19c/0x1b0 [ 1047.561993][T14237] netlink_unicast+0x72f/0x8d0 [ 1047.562037][T14237] netlink_sendmsg+0x805/0xb30 [ 1047.562076][T14237] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1047.562114][T14237] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1047.562134][T14237] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1047.562164][T14237] __sock_sendmsg+0x219/0x270 [ 1047.562194][T14237] ____sys_sendmsg+0x505/0x830 [ 1047.562235][T14237] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1047.562280][T14237] ? import_iovec+0x74/0xa0 [ 1047.562306][T14237] ___sys_sendmsg+0x21f/0x2a0 [ 1047.562343][T14237] ? __pfx____sys_sendmsg+0x10/0x10 [ 1047.562417][T14237] ? __fget_files+0x2a/0x420 [ 1047.562450][T14237] ? __fget_files+0x3a0/0x420 [ 1047.562495][T14237] __x64_sys_sendmsg+0x19b/0x260 [ 1047.562519][T14237] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1047.562550][T14237] ? __pfx_ksys_write+0x10/0x10 [ 1047.562575][T14237] ? rcu_is_watching+0x15/0xb0 [ 1047.562609][T14237] ? do_syscall_64+0xbe/0x3b0 [ 1047.562646][T14237] do_syscall_64+0xfa/0x3b0 [ 1047.562675][T14237] ? lockdep_hardirqs_on+0x9c/0x150 [ 1047.562704][T14237] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1047.562725][T14237] ? clear_bhb_loop+0x60/0xb0 [ 1047.562751][T14237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1047.562771][T14237] RIP: 0033:0x7fc79d38e969 [ 1047.562791][T14237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1047.562810][T14237] RSP: 002b:00007fc79b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1047.562833][T14237] RAX: ffffffffffffffda RBX: 00007fc79d5b5fa0 RCX: 00007fc79d38e969 [ 1047.562850][T14237] RDX: 000000000000c114 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1047.562864][T14237] RBP: 00007fc79b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1047.562889][T14237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1047.562902][T14237] R13: 0000000000000000 R14: 00007fc79d5b5fa0 R15: 00007ffd4b58ac98 [ 1047.562936][T14237] [ 1047.852246][ C1] vkms_vblank_simulate: vblank timer overrun [ 1047.907346][T14239] FAULT_INJECTION: forcing a failure. [ 1047.907346][T14239] name failslab, interval 1, probability 0, space 0, times 0 [ 1047.990046][T14239] CPU: 1 UID: 0 PID: 14239 Comm: syz.5.2004 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 1047.990077][T14239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1047.990091][T14239] Call Trace: [ 1047.990100][T14239] [ 1047.990108][T14239] dump_stack_lvl+0x189/0x250 [ 1047.990151][T14239] ? __pfx____ratelimit+0x10/0x10 [ 1047.990182][T14239] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1047.990213][T14239] ? __pfx__printk+0x10/0x10 [ 1047.990255][T14239] ? __lock_acquire+0xab9/0xd20 [ 1047.990284][T14239] should_fail_ex+0x414/0x560 [ 1047.990319][T14239] should_failslab+0xa8/0x100 [ 1047.990354][T14239] __kmalloc_cache_noprof+0x70/0x3d0 [ 1047.990386][T14239] ? async_schedule_node_domain+0x5b/0x120 [ 1047.990412][T14239] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 1047.990438][T14239] async_schedule_node_domain+0x5b/0x120 [ 1047.990468][T14239] dev_cache_fw_image+0x364/0x3e0 [ 1047.990510][T14239] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 1047.990551][T14239] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 1047.990588][T14239] dpm_for_each_dev+0x53/0xb0 [ 1047.990614][T14239] fw_pm_notify+0x200/0x2a0 [ 1047.990647][T14239] ? __pfx_fw_pm_notify+0x10/0x10 [ 1047.990681][T14239] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1047.990716][T14239] ? blocking_notifier_call_chain_robust+0x65/0x100 [ 1047.990761][T14239] notifier_call_chain+0x1b6/0x3e0 [ 1047.990801][T14239] blocking_notifier_call_chain_robust+0x85/0x100 [ 1047.990840][T14239] pm_notifier_call_chain_robust+0x2c/0x60 [ 1047.990868][T14239] snapshot_open+0x19c/0x280 [ 1047.990894][T14239] ? __pfx_snapshot_open+0x10/0x10 [ 1047.990918][T14239] misc_open+0x2bc/0x330 [ 1047.990953][T14239] chrdev_open+0x4c9/0x5e0 [ 1047.990990][T14239] ? __pfx_chrdev_open+0x10/0x10 [ 1047.991032][T14239] ? __pfx_chrdev_open+0x10/0x10 [ 1047.991063][T14239] do_dentry_open+0xdf3/0x1970 [ 1047.991102][T14239] vfs_open+0x3b/0x340 [ 1047.991131][T14239] ? path_openat+0x2ecd/0x3830 [ 1047.991159][T14239] path_openat+0x2ee5/0x3830 [ 1047.991182][T14239] ? arch_stack_walk+0xfc/0x150 [ 1047.991256][T14239] ? __pfx_path_openat+0x10/0x10 [ 1047.991277][T14239] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1047.991323][T14239] do_filp_open+0x1fa/0x410 [ 1047.991346][T14239] ? __lock_acquire+0xab9/0xd20 [ 1047.991372][T14239] ? __pfx_do_filp_open+0x10/0x10 [ 1047.991426][T14239] ? _raw_spin_unlock+0x28/0x50 [ 1047.991450][T14239] ? alloc_fd+0x64c/0x6c0 [ 1047.991494][T14239] do_sys_openat2+0x121/0x1c0 [ 1047.991520][T14239] ? __pfx_do_sys_openat2+0x10/0x10 [ 1047.991544][T14239] ? ksys_write+0x22a/0x250 [ 1047.991573][T14239] ? __pfx_ksys_write+0x10/0x10 [ 1047.991599][T14239] ? rcu_is_watching+0x15/0xb0 [ 1047.991631][T14239] __x64_sys_openat+0x138/0x170 [ 1047.991661][T14239] do_syscall_64+0xfa/0x3b0 [ 1047.991693][T14239] ? lockdep_hardirqs_on+0x9c/0x150 [ 1047.991722][T14239] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1047.991745][T14239] ? clear_bhb_loop+0x60/0xb0 [ 1047.991772][T14239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1047.991793][T14239] RIP: 0033:0x7f817b78e969 [ 1047.991813][T14239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1047.991832][T14239] RSP: 002b:00007f817c5ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1047.991856][T14239] RAX: ffffffffffffffda RBX: 00007f817b9b5fa0 RCX: 00007f817b78e969 [ 1047.991872][T14239] RDX: 0000000000040000 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 1047.991888][T14239] RBP: 00007f817c5ab090 R08: 0000000000000000 R09: 0000000000000000 [ 1047.991902][T14239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1047.991915][T14239] R13: 0000000000000000 R14: 00007f817b9b5fa0 R15: 00007fff022f04f8 [ 1047.991952][T14239] [ 1047.997534][T14239] [ 1048.363212][T14239] ============================================ [ 1048.369383][T14239] WARNING: possible recursive locking detected [ 1048.375550][T14239] 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 Not tainted [ 1048.382315][T14239] -------------------------------------------- [ 1048.388477][T14239] syz.5.2004/14239 is trying to acquire lock: [ 1048.394542][T14239] ffffffff8e8fbfa8 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x52/0x890 [ 1048.402591][T14239] [ 1048.402591][T14239] but task is already holding lock: [ 1048.410003][T14239] ffffffff8e8fbfa8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0 [ 1048.418336][T14239] [ 1048.418336][T14239] other info that might help us debug this: [ 1048.426486][T14239] Possible unsafe locking scenario: [ 1048.426486][T14239] [ 1048.433969][T14239] CPU0 [ 1048.437255][T14239] ---- [ 1048.440536][T14239] lock(fw_lock); [ 1048.444298][T14239] lock(fw_lock); [ 1048.448031][T14239] [ 1048.448031][T14239] *** DEADLOCK *** [ 1048.448031][T14239] [ 1048.456185][T14239] May be due to missing lock nesting notation [ 1048.456185][T14239] [ 1048.464509][T14239] 5 locks held by syz.5.2004/14239: [ 1048.469736][T14239] #0: ffffffff8e7a9e08 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1048.478213][T14239] #1: ffffffff8ddec508 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x4a/0x70 [ 1048.488675][T14239] #2: ffffffff8de10490 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0x65/0x100 [ 1048.500621][T14239] #3: ffffffff8e8fbfa8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x1e8/0x2a0 [ 1048.509364][T14239] #4: ffffffff8e8f7028 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x29/0xb0 [ 1048.518810][T14239] [ 1048.518810][T14239] stack backtrace: [ 1048.524731][T14239] CPU: 1 UID: 0 PID: 14239 Comm: syz.5.2004 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) [ 1048.524752][T14239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1048.524764][T14239] Call Trace: [ 1048.524773][T14239] [ 1048.524781][T14239] dump_stack_lvl+0x189/0x250 [ 1048.524811][T14239] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1048.524834][T14239] ? __pfx__printk+0x10/0x10 [ 1048.524862][T14239] ? print_lock_name+0xde/0x100 [ 1048.524889][T14239] print_deadlock_bug+0x28b/0x2a0 [ 1048.524914][T14239] validate_chain+0x1a3f/0x2140 [ 1048.524939][T14239] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1048.524962][T14239] ? lockdep_hardirqs_on+0x9c/0x150 [ 1048.524989][T14239] __lock_acquire+0xab9/0xd20 [ 1048.525011][T14239] ? assign_fw+0x52/0x890 [ 1048.525039][T14239] lock_acquire+0x120/0x360 [ 1048.525058][T14239] ? assign_fw+0x52/0x890 [ 1048.525082][T14239] ? kasan_save_free_info+0x46/0x50 [ 1048.525099][T14239] ? kmem_cache_free+0x18f/0x400 [ 1048.525123][T14239] ? __async_dev_cache_fw_image+0x7f/0x280 [ 1048.525140][T14239] __mutex_lock+0x182/0xe80 [ 1048.525165][T14239] ? assign_fw+0x52/0x890 [ 1048.525187][T14239] ? path_openat+0x2ee5/0x3830 [ 1048.525205][T14239] ? do_filp_open+0x1fa/0x410 [ 1048.525224][T14239] ? __x64_sys_openat+0x138/0x170 [ 1048.525240][T14239] ? do_syscall_64+0xfa/0x3b0 [ 1048.525264][T14239] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1048.525284][T14239] ? assign_fw+0x52/0x890 [ 1048.525308][T14239] ? __pfx___mutex_lock+0x10/0x10 [ 1048.525337][T14239] ? kasan_quarantine_put+0xdd/0x220 [ 1048.525358][T14239] ? lockdep_hardirqs_on+0x9c/0x150 [ 1048.525382][T14239] assign_fw+0x52/0x890 [ 1048.525406][T14239] ? _request_firmware+0xe57/0x15b0 [ 1048.525430][T14239] ? kmem_cache_free+0x18f/0x400 [ 1048.525455][T14239] _request_firmware+0xeea/0x15b0 [ 1048.525480][T14239] ? __lock_acquire+0xab9/0xd20 [ 1048.525506][T14239] ? __pfx__request_firmware+0x10/0x10 [ 1048.525529][T14239] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1048.525551][T14239] ? lockdep_hardirqs_on+0x9c/0x150 [ 1048.525573][T14239] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1048.525595][T14239] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1048.525616][T14239] ? async_schedule_node_domain+0xa5/0x120 [ 1048.525637][T14239] __async_dev_cache_fw_image+0x7f/0x280 [ 1048.525654][T14239] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 1048.525671][T14239] async_schedule_node_domain+0xe1/0x120 [ 1048.525693][T14239] dev_cache_fw_image+0x364/0x3e0 [ 1048.525721][T14239] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 1048.525750][T14239] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 1048.525777][T14239] dpm_for_each_dev+0x53/0xb0 [ 1048.525795][T14239] fw_pm_notify+0x200/0x2a0 [ 1048.525820][T14239] ? __pfx_fw_pm_notify+0x10/0x10 [ 1048.525846][T14239] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1048.525877][T14239] ? blocking_notifier_call_chain_robust+0x65/0x100 [ 1048.525906][T14239] notifier_call_chain+0x1b6/0x3e0 [ 1048.525931][T14239] blocking_notifier_call_chain_robust+0x85/0x100 [ 1048.525958][T14239] pm_notifier_call_chain_robust+0x2c/0x60 [ 1048.525978][T14239] snapshot_open+0x19c/0x280 [ 1048.525997][T14239] ? __pfx_snapshot_open+0x10/0x10 [ 1048.526015][T14239] misc_open+0x2bc/0x330 [ 1048.526044][T14239] chrdev_open+0x4c9/0x5e0 [ 1048.526070][T14239] ? __pfx_chrdev_open+0x10/0x10 [ 1048.526098][T14239] ? __pfx_chrdev_open+0x10/0x10 [ 1048.526126][T14239] do_dentry_open+0xdf3/0x1970 [ 1048.526149][T14239] vfs_open+0x3b/0x340 [ 1048.526163][T14239] ? path_openat+0x2ecd/0x3830 [ 1048.526184][T14239] path_openat+0x2ee5/0x3830 [ 1048.526202][T14239] ? arch_stack_walk+0xfc/0x150 [ 1048.526238][T14239] ? __pfx_path_openat+0x10/0x10 [ 1048.526261][T14239] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1048.526286][T14239] do_filp_open+0x1fa/0x410 [ 1048.526308][T14239] ? __lock_acquire+0xab9/0xd20 [ 1048.526327][T14239] ? __pfx_do_filp_open+0x10/0x10 [ 1048.526355][T14239] ? _raw_spin_unlock+0x28/0x50 [ 1048.526374][T14239] ? alloc_fd+0x64c/0x6c0 [ 1048.526402][T14239] do_sys_openat2+0x121/0x1c0 [ 1048.526419][T14239] ? __pfx_do_sys_openat2+0x10/0x10 [ 1048.526436][T14239] ? ksys_write+0x22a/0x250 [ 1048.526459][T14239] ? __pfx_ksys_write+0x10/0x10 [ 1048.526478][T14239] ? rcu_is_watching+0x15/0xb0 [ 1048.526501][T14239] __x64_sys_openat+0x138/0x170 [ 1048.526520][T14239] do_syscall_64+0xfa/0x3b0 [ 1048.526544][T14239] ? lockdep_hardirqs_on+0x9c/0x150 [ 1048.526571][T14239] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1048.526588][T14239] ? clear_bhb_loop+0x60/0xb0 [ 1048.526606][T14239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1048.526623][T14239] RIP: 0033:0x7f817b78e969 [ 1048.526638][T14239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1048.526657][T14239] RSP: 002b:00007f817c5ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1048.526675][T14239] RAX: ffffffffffffffda RBX: 00007f817b9b5fa0 RCX: 00007f817b78e969 [ 1048.526688][T14239] RDX: 0000000000040000 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 1048.526700][T14239] RBP: 00007f817c5ab090 R08: 0000000000000000 R09: 0000000000000000 [ 1048.526710][T14239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1048.526720][T14239] R13: 0000000000000000 R14: 00007f817b9b5fa0 R15: 00007fff022f04f8 [ 1048.526738][T14239] [ 1049.036710][ C1] vkms_vblank_simulate: vblank timer overrun [ 1050.289037][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1050.362000][ T1303] ieee802154 phy1 wpan1: encryption failed: -22