last executing test programs: 9.013140681s ago: executing program 1 (id=2221): chdir(&(0x7f0000000000)='./cgroup\x00') mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000e40)=ANY=[@ANYRES32=r5, @ANYRES64=r4, @ANYRES64=r0, @ANYRESHEX=r0, @ANYRES32, @ANYRES32=r3], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x6, &(0x7f0000000140)=0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r8, {0xee00, 0xee00}}, './cgroup\x00'}) r11 = syz_open_dev$hiddev(&(0x7f0000000540), 0x228, 0x121081) r12 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000900)={0x0, r6}, 0x8) io_submit(r9, 0x8, &(0x7f0000000d00)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x3, 0xb7, r4, &(0x7f0000000340)="016ebe8e592c653409af908151f96703f11432733d243df3d9b2ce828f53e403f46f7049aba22d13150ae9255ef2913418caebfb56087dc035a53506ad72befc0a094d0bbb48d6886b8786fae1bcdb98f87b400f4e06f7e5c7c8f0cf55ee174e700bea8a3cea1c3aef741efbb6bcaefb01efea4d10be8296360e8e57ad453be147a6b204beb7ef74fbd4fda901a69d3fc7855ced6d4d84faeb5386d9f15e6a1bda2ff6993ff45c918fc2b44a6bdd49abc129b748f43ccde407fd2565cca6c3a02173093a75832fd46b535dd54a10527f28883c95c3adeee590590643318d76804d6c87208afcf24dd85815307178fc70ce1433e1f801258809328d4d66", 0xfd, 0xd2, 0x0, 0x3}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x7, 0xf801, r10, &(0x7f0000000240)="fc60254d607ba43ff1f0d03897517f352b69f1ba6ad1a8e36a61f0cf6e215ca43531b75f1176a74f3e418c71bad49a8550be55950dee3caeba091e1c6d0bca14d16861d63dd91f117dbb", 0x4a, 0x5}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x8, r11, &(0x7f0000000580)="23752e35bd0d769681291afc26bc717ea89b40919dfaafe5080fa3630d2c68137fc654cc5dd589898b17a8c9d7a933474b85624d5cde96d73df80917a7700e8b18827db63f3583b4c39db7703eee93e9843418177056d5f6df5d2bcda44d04822f0f0357a8e8184eb9b1e5ee244b5d399701f69ce9fae10011e0b7e555fad66d35c6d79d4c62ed89af316ad5dee2cd9da6f4e2e46b0b8ea4721f43a489ed61fbc76e56603fb7ccfed14947c24937d59ae0735a575cb62ba20310f3fbca139baf6db614286978c7", 0xc7, 0x3, 0x0, 0x3}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x8, 0x5, 0xffffffffffffffff, &(0x7f00000006c0)="701fb41d80829fd02434d5f3216fad5be771fcce67a9ed64bc69230aa2c8c9136dfd42696404cfae14e87a434b7006055c6cccf14824fc6c34f3cfe0b37e5d0fff8e878cd27ec7e48dd0d5cf9814f149026ecfe7d14dc027dd82fbcde4d628d5fcdec7711977708b9c0098f4d61b11ab9885ddddf581db4f78a5fd6334f3a80c7425bc1bfa46bbd76d2c57d8aaa0b1030654ec9f903d8ea710e37405eccdf64ddbe5f4b4346db543bf545e866630d4d42ddaaf8607d4b33c9ec23bc227e528da1011c07629c43f7658dee153cf80", 0xce, 0xa, 0x0, 0x0, r10}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x5, 0xfff9, r4, &(0x7f0000000800)="dd4b0050fb386d12f5b7cb87ea097b08294c27f08145f54b8845b93a6d3ed834de127184ad2a8ec9c8f23c119fd00bc4a2968834885d16b4c60ebf43660fb6374c50d0e03761fb8b5ed45a745f70855d11c1398abf80ff92770c4f86956ca2d4abf19a9637b81a1c9e1ed1ba1d45962e75eb7bc3f15a045e9209555ef343916db15971169d725ca3489334c2e505253f5ca50e10e2fb48756a49ae46a7", 0x9d, 0x4, 0x0, 0x1, r0}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x6, 0xe, r12, &(0x7f0000000940)="7f83f8290f2fdba92d9ba33b1aebd0768ed75f2e266f46be064bfad5de28295b3a9149a95172f5dde58516329f1ea2aea1b956a94e6a39768e26caadfb18698ecd51ac83ca5834513d526022c1d1f49f4da73e705c3e7d32d3fef1ae20f2643eb63341b94efcf9a3f422da5264219e11e0df88fd883c4982308fb9e2a75d7ae892fa4189323808885bdcb2033df3994f70b22c29d009353cc60881e5bb06e513028e9aed39630baa529798f61d8bba6d715bd473ba62c3f1a6552c9dbd87a478b81015847de7e1715a322c86c28e3f0b4703f1d680c46ef67c5584e7f8b41679056c2eccbc119db024", 0xe9, 0x7, 0x0, 0x0, r0}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x3, 0xb0, r2, &(0x7f0000000a80)="1f76372085fedebe28389c3ae39c99d0f276dc7c69dcb0231e761450618dd5e140449edf1222ad8e97aaaa1c33b3f141c3e2049acd9cd6635f7332d36fe511a58fa92572fa047dc20da0d7592451ff30deec5cfb8a8018bb26e65f7c9009dedfcb8cdd4ac6c9743cb311b2a804a38483e9e4d7b56c67960ee16a1bd97a0692e594afdcf5caac8c096fd04ce920cc7f7ba26f34801b18dac919fa3df7260cd41e832fd68c6b89e4ee6d3f83", 0xab, 0x7, 0x0, 0x0, r10}, 0x0]) mkdirat(r0, &(0x7f0000000100)='./control\x00', 0x0) unlinkat(r0, &(0x7f0000000140)='./control\x00', 0x200) rmdir(&(0x7f0000000040)='./control\x00') 7.921484234s ago: executing program 1 (id=2225): r0 = socket(0x2b, 0x80801, 0x1) syz_emit_ethernet(0xad, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x77, 0x0, 0x0, @private2, @local, {[], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b"}}}}}, 0x0) syz_usb_connect(0x5, 0x59, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ec13b2106c04e814280b0102030109024700010000000009046900000e010000182402010202"], 0x0) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c) setsockopt$inet_udp_int(r0, 0x11, 0x65, &(0x7f00000000c0)=0x2adc, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e1e, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x11}, 0x1c) 7.917134557s ago: executing program 0 (id=2226): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe0000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x42, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.840975059s ago: executing program 2 (id=2227): bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000140)=@x86={0x9, 0x0, 0x5, 0x0, 0x9, 0x2, 0x9, 0x8, 0x7f, 0x5, 0x17, 0x80, 0x0, 0x10000002, 0x401, 0x1, 0x7f, 0x0, 0x8, '\x00', 0xd, 0xfffffffffffffff7}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fsopen(&(0x7f0000000240)='btrfs\x00', 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x240400c6) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r2) sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x2c, r3, 0x1, 0x0, 0x0, {0x3}, [@GTPA_LINK={0x8}, @GTPA_VERSION={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @remote}]}, 0x2c}}, 0x0) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) fchmodat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x8) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) fallocate(r5, 0x10, 0x8001, 0x5) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0d000000010000000a0000005f31ccadf7c9e8d4be00d14352"]) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x64, r4, 0x1, 0xffffffff, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x10000000}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @empty}}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}, 0x1, 0x620b}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000004000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x18) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000380)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r8, 0x101, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) socket$inet6_sctp(0xa, 0x1, 0x84) 7.114330879s ago: executing program 3 (id=2228): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, &(0x7f0000000040)='\x00\x00', 0x2, 0xfffffffffffffffd) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) statx(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xf0cb2f4a0c2cfc5d, 0x0) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000001200)={0x50, 0x0, r1, {0x7, 0x2b, 0x3, 0x200c0400, 0x0, 0x0, 0x0, 0xe382, 0x0, 0x0, 0x8}}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000640)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000002c62ab3591f624e741feea612bbf85317206fe405cff26b343043513b3d6c5d664580726ab8695578259ca50214535af7bf24ee9d6cb40cc76174f6b4dbf5589f77a04612d0309d3029fd8db941f264a12f5723cc29839c8", @ANYRES16=r6, @ANYBLOB="0100000000000000000002000000"], 0x14}}, 0xc800) sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000700)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000006c0)={&(0x7f0000000900)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="020027bd7000fbdbdf25010000001400020070696d367065670000000000000001000900030073797a300000010005000400010000000900010073797a31000000000900010073797a320000000005000400010000000900030073797a310000000030d83f0dead598c14e1ca5000001278521bb4ae0"], 0x68}, 0x1, 0x0, 0x0, 0x4000880}, 0x200080c4) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r10 = socket(0x10, 0x803, 0x0) sendto(r10, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x4000, 0x0, 0x0) recvmmsg(r10, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) read$FUSE(r0, &(0x7f0000004340)={0x2020, 0x0, 0x0}, 0x2020) fsetxattr$security_capability(r10, &(0x7f0000000040), &(0x7f0000000340)=@v3={0x3000000, [{0x4, 0x1}, {0xffff, 0x386}], r2}, 0x18, 0x2) write$FUSE_INTERRUPT(r0, &(0x7f0000000480)={0x10, 0xffffffffffffffda, r11}, 0x10) 5.937970571s ago: executing program 0 (id=2230): socket$l2tp6(0xa, 0x2, 0x73) r0 = socket$kcm(0x2, 0x3, 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x141800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f0000000000)={0x2, 0x40000083, 0x0, 0x0, 0x1}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mq_open(0x0, 0x42, 0x0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r3, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffffffffffe, 0x6, 0x2, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000240)="5b8d7acda0b2", 0x0, 0x1, 0x1, 0x0, 0x0}) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r6 = openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r9}) ppoll(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="b8000000190001000000000000000000e0000002000000000000000000000000fc00000000000000000000000000000000000003000000400200000073ce193de24a1a08df3b3b9a961b00000048bd7b8180cf899714a8d9b720e1cf5e0f5b04f2d97bd54902fb465090a216baa6f5152a53cff3080000007d72277321e12d708daeae754994e2ba478eff29367c57c019b0e50a935a8f62176dd5a9a9e68c894a78c0064c80a885ff140a8d3a53a964ed1c398c35c587e49bdf723fc577061adc2e946e8929e228c0d5df99354fd63bf7451f1bf7f944e9d37833c490499c3cbde8a91ae3573a49079a4fe9", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000007000000000000000000000000000000000000000000000000000000000000000200"/84], 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x4e24, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x11}, @multicast1}}}], 0x20}, 0x20002880) socket(0x1e, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a44, 0x1700) syz_open_dev$sg(0x0, 0x6, 0x22400) 5.73868683s ago: executing program 3 (id=2232): r0 = socket$kcm(0xa, 0x2, 0x73) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000010000100feffffff0001000000000000000000000000ffffe0000002fc0100000000000000000000000000010001071c4e23000200000000ff000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d66c0000000a01010100000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c250000000000000300000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000fefffffffffffffffafffffffcffffff000000008000000002350000020001002000000000000000480003006465666c61746500000000000000000000000000000000000000000000000000960f000000000000000000000000000000000c00"/240], 0x138}, 0x1, 0x0, 0x0, 0x800}, 0x0) r5 = accept$netrom(0xffffffffffffffff, &(0x7f0000000e40)={{0x3, @default}, [@bcast, @default, @remote, @default, @null, @null, @default, @rose]}, &(0x7f0000000ec0)=0x48) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000f00)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f0000000fc0), 0x9, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000) socket(0x848000000015, 0x805, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r7, 0xffffffffffffffff, 0x0) sendmsg$inet(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412", 0xe00}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000011c0)=ANY=[@ANYBLOB="1400000000000000010000004100000002010000000000004800000000000000080000000700000010000034366567f2219787566400007300000000000000000000000008000000ef3820f3439cb150a3651e799e1459c9c9a7521737a8879e3ef4dca1e3c32158996e4b2abde5342e22f2ba8b679121ac0b0ad62ade31fb2c47f0bbf781eb8bd1e3064141e90e9eac25b189c0da98b676571bbeefba392c3e15a10e03dee4ae1dfe99793e51ec0c6bb5fa6d7b357d249502f5919ef251e5d0e5bed378265b8bd55fde4689cb509b14fa754813a27e72d175e8d677420e10d651833e6e2ab8168b1d633b1bb9a7d4d59ebdc7083d93d35cd469de", @ANYRES32=0x0, @ANYBLOB="e1212f0409000000e70bcf35ac837225dd355ad309a5ec6096633ba38e1ef5baf006020e5f45c993cb5680017c6720bea9b7c451516a8cff7f00000000000019f20b784b2336d43c8a0f7347801a596dfb0b078a967980ccec1d115c7a0000000000000000000000fed6260fdf140498f1274bc569d0d87656d0d18d903580f0ec0915e89bd286b2c25165043f6a001d53f84eaabf01cc310ff28c7c76867ce1a2c9c91b"], 0x6b}, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000f40)=0x8, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) 5.703685155s ago: executing program 2 (id=2233): bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000140)=@x86={0x9, 0x0, 0x5, 0x0, 0x9, 0x2, 0x9, 0x8, 0x7f, 0x5, 0x17, 0x80, 0x0, 0x10000002, 0x401, 0x1, 0x7f, 0x0, 0x8, '\x00', 0xd, 0xfffffffffffffff7}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fsopen(&(0x7f0000000240)='btrfs\x00', 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x240400c6) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) fchmodat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x8) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) fallocate(r5, 0x10, 0x8001, 0x5) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f00000003c0)=ANY=[@ANYBLOB="0d000000010000000a0000005f31ccadf7c9e8d4be00d14352"]) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x64, r4, 0x1, 0xffffffff, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x10000000}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @empty}}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}]}, 0x64}, 0x1, 0x620b}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000004000000000000000000850000006d00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='tlb_flush\x00', r7}, 0x18) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r1, &(0x7f0000000380)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r8, 0x101, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) socket$inet6_sctp(0xa, 0x1, 0x84) 4.900609891s ago: executing program 2 (id=2234): r0 = syz_open_dev$sg(0x0, 0x0, 0x8002) fcntl$dupfd(r0, 0x0, r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket(0x10, 0x803, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) r3 = fsopen(&(0x7f0000000180)='gfs2meta\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f0000000040), 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) sendto$inet6(r2, &(0x7f0000000240), 0x0, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) 4.856009148s ago: executing program 4 (id=2235): chdir(&(0x7f0000000000)='./cgroup\x00') mkdir(&(0x7f0000000000)='./control\x00', 0x0) r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000e40)=ANY=[@ANYRES32=r5, @ANYRES64=r4, @ANYRES64=r0, @ANYRESHEX=r0, @ANYRES32, @ANYRES32=r3], 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x6, &(0x7f0000000140)=0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r5, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r8, {0xee00, 0xee00}}, './cgroup\x00'}) r11 = syz_open_dev$hiddev(&(0x7f0000000540), 0x228, 0x121081) r12 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000900)={0x0, r6}, 0x8) io_submit(r9, 0x8, &(0x7f0000000d00)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x3, 0xb7, r4, &(0x7f0000000340)="016ebe8e592c653409af908151f96703f11432733d243df3d9b2ce828f53e403f46f7049aba22d13150ae9255ef2913418caebfb56087dc035a53506ad72befc0a094d0bbb48d6886b8786fae1bcdb98f87b400f4e06f7e5c7c8f0cf55ee174e700bea8a3cea1c3aef741efbb6bcaefb01efea4d10be8296360e8e57ad453be147a6b204beb7ef74fbd4fda901a69d3fc7855ced6d4d84faeb5386d9f15e6a1bda2ff6993ff45c918fc2b44a6bdd49abc129b748f43ccde407fd2565cca6c3a02173093a75832fd46b535dd54a10527f28883c95c3adeee590590643318d76804d6c87208afcf24dd85815307178fc70ce1433e1f801258809328d4d66", 0xfd, 0xd2, 0x0, 0x3}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x7, 0xf801, r10, &(0x7f0000000240)="fc60254d607ba43ff1f0d03897517f352b69f1ba6ad1a8e36a61f0cf6e215ca43531b75f1176a74f3e418c71bad49a8550be55950dee3caeba091e1c6d0bca14d16861d63dd91f117dbb", 0x4a, 0x5}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x8, r11, &(0x7f0000000580)="23752e35bd0d769681291afc26bc717ea89b40919dfaafe5080fa3630d2c68137fc654cc5dd589898b17a8c9d7a933474b85624d5cde96d73df80917a7700e8b18827db63f3583b4c39db7703eee93e9843418177056d5f6df5d2bcda44d04822f0f0357a8e8184eb9b1e5ee244b5d399701f69ce9fae10011e0b7e555fad66d35c6d79d4c62ed89af316ad5dee2cd9da6f4e2e46b0b8ea4721f43a489ed61fbc76e56603fb7ccfed14947c24937d59ae0735a575cb62ba20310f3fbca139baf6db614286978c7", 0xc7, 0x3, 0x0, 0x3}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x8, 0x5, 0xffffffffffffffff, &(0x7f00000006c0)="701fb41d80829fd02434d5f3216fad5be771fcce67a9ed64bc69230aa2c8c9136dfd42696404cfae14e87a434b7006055c6cccf14824fc6c34f3cfe0b37e5d0fff8e878cd27ec7e48dd0d5cf9814f149026ecfe7d14dc027dd82fbcde4d628d5fcdec7711977708b9c0098f4d61b11ab9885ddddf581db4f78a5fd6334f3a80c7425bc1bfa46bbd76d2c57d8aaa0b1030654ec9f903d8ea710e37405eccdf64ddbe5f4b4346db543bf545e866630d4d42ddaaf8607d4b33c9ec23bc227e528da1011c07629c43f7658dee153cf80", 0xce, 0xa, 0x0, 0x0, r10}, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x5, 0xfff9, r4, &(0x7f0000000800)="dd4b0050fb386d12f5b7cb87ea097b08294c27f08145f54b8845b93a6d3ed834de127184ad2a8ec9c8f23c119fd00bc4a2968834885d16b4c60ebf43660fb6374c50d0e03761fb8b5ed45a745f70855d11c1398abf80ff92770c4f86956ca2d4abf19a9637b81a1c9e1ed1ba1d45962e75eb7bc3f15a045e9209555ef343916db15971169d725ca3489334c2e505253f5ca50e10e2fb48756a49ae46a7", 0x9d, 0x4, 0x0, 0x1, r0}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x6, 0xe, r12, &(0x7f0000000940)="7f83f8290f2fdba92d9ba33b1aebd0768ed75f2e266f46be064bfad5de28295b3a9149a95172f5dde58516329f1ea2aea1b956a94e6a39768e26caadfb18698ecd51ac83ca5834513d526022c1d1f49f4da73e705c3e7d32d3fef1ae20f2643eb63341b94efcf9a3f422da5264219e11e0df88fd883c4982308fb9e2a75d7ae892fa4189323808885bdcb2033df3994f70b22c29d009353cc60881e5bb06e513028e9aed39630baa529798f61d8bba6d715bd473ba62c3f1a6552c9dbd87a478b81015847de7e1715a322c86c28e3f0b4703f1d680c46ef67c5584e7f8b41679056c2eccbc119db024", 0xe9, 0x7, 0x0, 0x0, r0}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x3, 0xb0, r2, &(0x7f0000000a80)="1f76372085fedebe28389c3ae39c99d0f276dc7c69dcb0231e761450618dd5e140449edf1222ad8e97aaaa1c33b3f141c3e2049acd9cd6635f7332d36fe511a58fa92572fa047dc20da0d7592451ff30deec5cfb8a8018bb26e65f7c9009dedfcb8cdd4ac6c9743cb311b2a804a38483e9e4d7b56c67960ee16a1bd97a0692e594afdcf5caac8c096fd04ce920cc7f7ba26f34801b18dac919fa3df7260cd41e832fd68c6b89e4ee6d3f83", 0xab, 0x7, 0x0, 0x0, r10}, 0x0]) mkdirat(r0, &(0x7f0000000100)='./control\x00', 0x0) unlinkat(r0, &(0x7f0000000140)='./control\x00', 0x200) rmdir(&(0x7f0000000040)='./control\x00') 4.401521459s ago: executing program 3 (id=2236): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) fcntl$dupfd(r0, 0x0, r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYRES32=0x0], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040040) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f3"], 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000004000000080000000c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) fsopen(&(0x7f0000000180)='gfs2meta\x00', 0x0) 4.31399881s ago: executing program 2 (id=2237): syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2) syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30b529, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x2, 0xfffffffffffffffd, 0xa, 0x8}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r7 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) syz_emit_ethernet(0x3a, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa320016c5dd06fbb3b9e4a51ca5dbdd4bfa8ccfc7b183ad3fd4b28b3fb5140630db1c5896ef3375dedc3eba2281ae1b"], &(0x7f00000002c0)={0x0, 0x1, [0x853, 0xadf, 0x7a6, 0xc22]}) r8 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000200)={0x1000000d}) 4.303868063s ago: executing program 0 (id=2238): openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x40880, 0x2) pwrite64(r0, 0x0, 0x0, 0x7) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000180)={0x9, 0x0, 0xffffffff, 0x1000, 0x1, 0x6}) fremovexattr(r0, &(0x7f00000000c0)=@known='user.incfs.size\x00') ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f0000000380)={0x3, r0}) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280), 0x10000, 0x0) openat$cgroup_ro(r1, &(0x7f00000003c0)='freezer.parent_freezing\x00', 0x0, 0x0) r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7278, 0x0, 0x2, 0x156}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_uring_enter(r2, 0x26c8, 0x0, 0x1, 0x0, 0x10) 3.444051504s ago: executing program 3 (id=2239): lsetxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x10, 0x7, 0x8, 0xfffeffff, {{0x14, 0x4, 0x1, 0x6, 0x50, 0x68, 0x0, 0x7, 0x2b, 0x0, @broadcast, @empty, {[@timestamp_prespec={0x44, 0x3c, 0xdd, 0x3, 0x8, [{@remote, 0x7}, {@private=0xa010102}, {@multicast2, 0x9}, {@multicast1, 0x5}, {@remote, 0x2}, {@multicast1, 0x6}, {@multicast2, 0x5}]}]}}}}}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x10000000}, 0x50) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000050000000000000080000000850000007500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000018000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 3.388198652s ago: executing program 1 (id=2240): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r3, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000004c0)=""/168, 0xa8}, {&(0x7f0000000900)=""/106, 0x6a}, {&(0x7f00000000c0)=""/26, 0x1a}], 0x3}, 0x2000000}], 0x2, 0x0, 0x0) 3.294531407s ago: executing program 4 (id=2241): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x400000}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) r4 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r4, 0x0, 0x0, 0x1000f4) r5 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r6) fsetxattr$system_posix_acl(r4, &(0x7f00000007c0)='system.posix_acl_access\x00', 0x0, 0x0, 0x1) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.5009465s ago: executing program 1 (id=2242): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[@ANYRES32], 0x50) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10) sendfile(r1, r0, 0x0, 0x20000023893) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56741, 0x1, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0xffff, 0xffff}, {0x3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0xfffffeee, 0x2, {0x21}}]}}]}, 0x48}}, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.494095408s ago: executing program 0 (id=2243): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x8f, 0x0) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x880}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x3d8) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) r5 = syz_clone3(&(0x7f0000001880)={0x120000000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) tgkill(r5, r5, 0x21) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18670000fcffffff00000000000000009500000000000000"], &(0x7f0000000300)='syzkaller\x00'}, 0x90) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000002540)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbff, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wg0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0) r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) r8 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0) preadv(r8, &(0x7f0000000040)=[{&(0x7f00000013c0)=""/4096, 0x5}], 0x1, 0x0, 0x0) lseek(r7, 0x851, 0x0) syz_usb_disconnect(r1) 2.390509463s ago: executing program 2 (id=2244): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_clone(0x25000000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x20000000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setreuid(0xee01, 0xee01) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000004c0)={0x9a0a, 0xfffffff9, {}, {0xffffffffffffffff}, 0x5}) read$FUSE(0xffffffffffffffff, &(0x7f0000002800)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000380), 0x111}}, 0x20) r9 = fcntl$getown(r1, 0x9) r10 = getegid() r11 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000004840), 0x180, 0x0) sendmmsg$unix(r0, &(0x7f0000004940)=[{{&(0x7f0000000080)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000100)=[{&(0x7f0000000340)="469b7b70f783328631ce460e67af8f670689c79cf4c5cf888a32fa2008af8665ffd6eecb238cf085460de72c7e9efdeb5dac5f31400c3ca637631ae953fabe56a333e065ed57f8328273c3f7653bc98a79bbb0fbafcc91d6d97b59befae00889bca54dac26a53cb64554a178d4ef3124388f16f9f68bbb0c2d8f9168786d0ae7eb2e1f1379d263a646125ee7b3b7fc5fee84763a860a1bbfdb8d652f57e17905aaa2a6b036883137874dbc41cd3211f06c40ccbab82c6356e4d1a649687b3c5286", 0xc1}, {&(0x7f0000000580)="ec31daf362b386611ebd441a3d478c3cd5bcfa6ff89e4cd88edce10d9d7908d1780a7b28ee11babf9bfeb7d04d264765c09d74ea43d4007dac172fe964558494eb9cbd0a230a332751e119ba98f0a30159f8ae7aa8a1acccf088b815cf3d8fe7c856d095afc50fbf99acd427dccff70c700763cddafd6c6340352116e05264c26faa30fb14aacd28cda7f75241297349f61a98b5bc0c2eea03d07864092a1dff03bf9f35be79f9205bfee5ed7a762355e4ade06f1cb4d459a4fca10119fd35a1eab4d047bbf86ebf2b1a32e9c148589b728bf3ad2f70cc89f7c482dc5df3b3b06739f3447d285959df7cda2888bea59ad590f1a68aa227", 0xf7}, {&(0x7f0000000440)="e1b476220feb1b9f7e9dc0ae07a47b16cbd69a72feb92b991353c129e94dcad9bc97a9377caeee1b3a5dfd865b4b50871643d18fe16b82c49a2dd3c758cd68817c6759bcbb4014d35f5c69b1ab10e4f05368e8abbb9ff3291fdbc6293896cf2de5c0fb4c6b832f9291e225bc9f5acc7f24644924ee16f24d847612523c", 0x7d}, {&(0x7f0000000680)="1dbd2a5e080e3a9d3d9e1d46b22a69982cbc6619b6e2c34f7ba9cbfb8f49fbcd683dedbd996acc28a0c983031b959a92387eedd0c612c4d3482a67b99902cfe263e5c4694246e1d432267d03e052f7a2e8ffae782e75ad275b08aad5e2c1b9ea70d61ca2ae46f36abd7521f26731c4c14efc980eef627df90fcdc0d7e65339e70697cdd56bcc3f114736fa2c1bfce1e2a219448c1c0676d6acab2d51167f1186feb605b985778b8e3f5a6620109c05c638ab1c207203b809db16ea62b5b32dca8dc1e6783f17f4b4fb227a900925007971e9a72677746d7829432e0ffb138b2042daa27ca2a8d0ce1c818e4c8b5754144723088789403f2902898071942d36ae8dc1de52f567206e757288cd12d75a6c076be371c4c9acaf8780721ec45e4299829111eaaea27f80599eb4fe22e12b1488012e91bef3637ba3496b2fcf0b1e52a807bc7db88f699568f7ef777832aea30a3fb5bb75b24e45a20d24ea67218718b8c851123b9e1fde226fb277fdaf69b03cb2ff90eba4608b1f7a824fdd6a023d255827b60df2221d2ece47b9f742511fd5800df02b4f791f8064eacf85c0f883e4bb17792d07bb471e67a49b104299446fc0fe5e54f8027e3c6fca32a9076187a2959ecfd1d93cac4e593f43bb952f07f216808c1214a7e55a86c5a282baa3e12ee80cb7119213eb16e9f135b4762a56f7dc4da035cd41e421deaa779a553011acf15b8535775c7a87ff10dcbde5b44df25e50bfbe782cba9b493ae09b7a58d7d461279fb2d99c0b0bf1321d2ea84e96016a3dcd89a1cb9f5c1fc8ed95f10e11d5834e9a15ee85f45dc8050a8a9b8b42b7f22caa93abdced0b7b4a2cd32d69cc60349ebdc9af508ce3bf54d615d1bab4d51ee208f5ffed9b87ee6a42c1f97dd2ee2a6f99fbb8cd0155a37d9de577fd3abc1229eec8d2c56a479687e0bcc625b50499e950370d24ab46fe68cb217d62e082923445efdb2e164fc83c865dca2c0a1b8c62aca44862c0f45d6131646ec9b0843ba48d324ed24c7a0e302697f57d359ec0eceb585225ef1c55b2e19e649c45fb737528be8869bf97433b08b4c6fd290cfc96d218c15c813e87ffbb149f1c69bcc812cd88ee8137917261c68feab0420ed8d790d6b32c27dd15d943069bf4cac07c879f131f51c64e39012d31bac99070a3e7df755a70e820eb6b5344e9055634de0ad7da5518877edd3a9a37c14a180495442112b319526093485c032d9a713744a66286765ed80d55de1835576a3c46e70990aa7580463a3cec8c23ec0e05d31dbc2e8c5e33704ac0d34ca904caa542788fe17d31672e62370dff136b6a2ff5b9545f038653c6b96be8cfeca9961ba9d4a56fe30fba518502403a36c67b69bc1b1c4d5105d3823a76ad3e9c66abee08abf1b180546c011ac1c82868e91452b6acb1173bd172a653062438a197e8810012eca32f79d088273bdf4b4b4e0b6ce90b5aeaca1a4099f008b9a9c27627bfff5a97e3a7c59bcf91d0b61d5bbef2a3588e64eaa47e9887aea2b85cfea97d23b3cd339932270b67af406fb5a45c11c06dbd431dadb73f91c7cb6305a975fab1489064404f37d0a0868ebaf780ec0e3c775554029a3e6eb49b9a74e4d75b046ed35fe4593c23816ac93f730dc184ed6ba783b493327614dd650229827e32fde38821b7d11d1153903950ca5de8354781976e23238c5a1f73a9ac63e12d7c37cb6393771e0f531236860e42fda0a75e6b3a8bdc9b6fd0ab423ff0440233b39869942bb417051e072826b71493b69aa168013199ba8346bfb497a2a284ef8d9e19eba0fce925607db9a4bbd145b504786b143458dc7f5e901f5063c23c15775826f84cb8ff322ddb34f6523a1e178c26abfaa3e8c9327a1116dec2f64d12d9f49163447abc3cca6db5dc618357c19bee789628f5f2229be6a3abeb49247ca1851ebd03905bde0a397d19c78678a4c5dfb67a5a5dec2fd16f6112e85549e2302e1d144fe62ab6c7664bca75de7a80cc25c5eb5afef7798ee9d0a4ca6ca4c88b145e0f8e6229eea25f35c9d0566e6b838832c293f992273698d16e73eb021e324e4c16dc9035d6a5ac7f07f209660ec8ee6f1009f6fd956e2b1f8c652777550be3a453431c8711f016e57e2c7c68ef41b86b87505a4075398e52e8f904be97803fe4e0911217eceb7421eba5a2b5ef59bc93d340ffff6f782636248d8bbeef4c1f223fb9a43bec39af1622919ef80291e11541149a090506b015aaa391d784c37a2e56eb54681e9e7b2cd8a6ea5f36272baa3d145cb68dae70c1bc009925eea91cef8b82cc256cf2230ddf8a369472870d6f2917ee5b761fa32986d37049eecc84de11113d05b1cba00031c806b108d4d486ab79398aa94f4e14ee82d1dd23fdefd8921ff4301f84f5991014801100d94c821c52ac10e12d3427012cd6ffe36635d0c226d448c9f7d61f60286a6cee2d6ec6a16bdf2a73455a481a7bd6e1c21337c1cef463322116d8f45f0073e9fb42778b2707d74efd25cd7be7a8aefa9aed25418d3e227751c8c9c7a2b356edf3df02d75203b49f710b5e1dce4f86cf32262520274a5f0e5382afad44678a2c654db859ae1b55140b977cef066694d2ab9bfb7541f62ca0270c2fd6cdbe374771262b7c60f0a6d8afdd5213ce7b2ad9edd540174a3afe81160b67157d8e464f2967143024e35f4b84fc127471a1c74c0ccbad06bbe217218852539a7cc1f188d515777e81f9db707fc3e27fc22816198afc6537cb2635765417042a7572d9927812768501881116cc0628a1845a38fcb286f80986acae8b1b1aab4eee88a57bc5c31caf2b201303193858e808b5714d9d1d4a8315879695f1d99124bef9f556ade8d9221ccdecdcc00ae77dbecba43b7410a1861a8a31c5f05c5b964c3d16197e221fe8d486d149adea9a383b8eb5751f422b19b4e3398b451e8b6510d8b695982196352a1d48f47c7ea13b126bdedf3849f10b9dcaa26704227cfb1b83ce8314630682c69b36a1d9b65e17cfd27ccfc8b10b0c0e730892c323ff3eb870301a33a96913584a3a6df93d418ca2094c359b498953eac81f4b85341334061099caddede0ef1b55eb1c283968fd3e0d98764c5044ce6ad662f90ffbefba25ad874d41b5a7a34c27dcc324c5d9c02a0e98c83c94020108cdae7d08f013072cbbeeab83c0f52121740725aabe4432215fd2934749a12ec16925c4cfba398ab10f667a2171a3f6fd4f123fe43fee7fa68fd619539cc16b4110fd0b61b6a3f7913fdda515c093bdd9c69a12f225835cc3233dfa7fb4f3e20fa8cf9a40830afa60a5faa4a38e09cc84930dadd09f67a6e1e6b978a8cfe264298d50690b5573003b8554da22afd419127418a08cd19e64a3ca7d68703aa493c1e813886aa37e01cb26bf70aecb885d10c2127a9e2141ce8e3e40634159ca905eb7588defa8ea86f32c35b28253a2376f3fdd2ae30223199a9ae24565d86222e547f51329570f36bc75550a9d78cda4be10af11d7620ebe355087742281ccf2dd4aa9f3ce8cda564e715ec13050c426e56719327a1a6485a8f307fa7630c6b00338969077fd58c0f313e7a7a8bec823289cd9a588b13afbb2c728f07787a86f1d33c56757e86a63f280224e2cca21c2f45327c91189582852ca3b8f2c0dca19698751b62c9e7372e4689e02bd9c641f0322ace9d2996c12b0d2f397c1ed121f541a29ff8661c3259fd73d666182f1ff3115691174f2d232cce0c1c9ebc435eea3443909fde768eaa2b9e4fc8b9022791a9232c07304dbb990809bdfb3d9e43d40494e5798298751a644d3d885d78ef4ada7acd50c91e4fdf2d20c6dfb745f3f0112a6e14d5ffd3f9c691df6a96c5b29bd1be9ceca876ede0839441ebba884db18c7a37235d6a0c62f666bbb1e8b95253c18b7a23110197c5f9ba6f90ab9a4aeef04b39f668e4e6b9542bee5e75720e205ef54bec9dffb96cd8c8934f8ec8d33fa8b95e8a0776c5fa93a1469a61e2af596faf6ea2c30a995728a495ee22ecc2a90a2d02fba259084e34075be4f212feb8e71adfb7571d094d1b6fbe64c5fcb258828e77ca40c231d22164c140965e40f6e675a0d3f75e16ab576f0910222ed33102f21cac717ea6471a986d68a7e810eb53e572c2e81442b0ee0b464b07f723122e92d72447dff3c5f8b243e6ebca568d04ef61ef700cf68385fbd7ca7673cb882fe10b72a7f91208247ac2f1ccf8d72b41ab333b3ebc4a0091ad28e304e001c11d0a4547148893904c8aaf2e94406959e2a41419477a52f056fcaac14e91bf4dc94a6a74b1b970ca9954d284dadf014eecc2f96a189a8e905788723be4a790529fb027d15d915b80c239627acc6914b44a99d6d4bae36a2b030af36eb7310083f3fedc5770687f706d14c79afa754b191aad44b4a1eab3877eb3becef16d23323250224f9ce31c4a8b85ea4a51583f3c261ce6f2ede07d6e44a07c39cb1d4014234ceb1f6a9d9d4ebd7c41c5b24e4e18637f93254203f3c2eac39b2e45498eb9606f483caa1f32893ade27100149e7553ced2ff0cb190af0e5223e52c81dcfa83f94e7d80ba266f3f75c61efe99676dcdeb0f84a9fdb15e00441098f352be30b6ed23b01b1bd6665aed165e1e53c71aaf449117594d021abaa0a85ecbce8147dfec82da6b1bc84b73d9484f84a2ddc99b8969b23830198adeb503489cacedf22795ad7df69ec94553236e308f1a74372113c9cd0584b71ef2504152cf31a1a913e71cd244eb7565091bebcec281984c21f7e21ed69082e692acca5733545643b6454a3ad99989407b36d023440ff8d82278e3cc04f464fe5132ed579132497d7e584a6ee79a3eb110f8b4aee2c7a66bfb391ffae19f3f4c5f3436a74b274e75845767b357e4a4227da46a89d41440275d430269f49b36c4df8f932fd1cb3a269e3b4a770b2fceb2c65b672c4a11904b61dd078df36224dbe53006c941eccc779defb6d79c94612208871b9b177560736e0d1a51315f47e4460e51c6dd9084e904dcb7d694588962a5dfdf161a71365195d60b79da3b8401ab3155f0b7c05a5fc7ac409431ca509bd18be52018291ea10cdac96068ba3fd25f25b19f7e90378608c6683b168fbebce69c432b96d5c740d45429b04ae91a7ad5d3c800b7dd7575e1c79e2e3a6e9d2b7ce0d518052468440fe6dcebc481828fb902598f6ebd1522d325f6f9a61aac7122e859991d227e8d271bc5951d1d3deee2bf2fa021f2d0e6aae9ff96006897451dabaee64f9fd9e02058a3b1d2021d1c0db89059a0a647634c6067fb37265fde7d3e34394554bffc886caa79551305b3fdcd1f04dd1f12d37f308efe37cc360fb3aa4d62ed25ce53af96210af7dcd090cf423afff0b060f67a6391e5f22488db91298052db7c06d8b8d7dcc387250897b5c8c50b97f66cba4be3548c3400aac476714f548a1e2e284bd730ea91e32951e0e224d872d75ad58f308be47c3f2199c07683d0f245aae6ca99ddc18918a9795d8efa0ef9171ca62c572e94cc13358e531e234ca295a710fe4b79d75f53f87ce17f2871c4f21690dabd63d28a8dc7d5b32833e9a9e2f536369df3fb7d5e399ec1633a29cbbfcc917543ee09819283460ace8ef121b93ff1dd8d08d527824f2af2e703e13aa5e390256a927c4a5c439852dedbd469997e6adc302d6cf09c25b0106a95c56c8ed23e54d2db921493c516acb17c01cb848a0e0d9f2a709e76189644ea52988a3c9b52aa164a79ef9bff4d3439cb0e1330d7be3a7dcc868028e9686b2559511e15a2a5", 0x1000}], 0x4}}, {{&(0x7f0000001680)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f0000001700)="dc90f47d3b90415696cb1702aecd7ef30631d9fb7e3b4dd34ac8e2a981bc44c32368a7123d6161772fafc28170721a127b4f583ca515803069b27c38d109cf5014e1bfa90eda0cfdf56ebc3edfaba2afefca08c69f419be3", 0x58}, {&(0x7f0000001780)="a31ecc8dc95f26fb65c7b179e068fdfc9ed9098b3c1a1f3b048ed0fe92ffa0e59ef338f39c0d581ad3ce45cf962f20b97cbc4244c4aecb0ac7000805a3e9f377025556fecdebfc9bab6e4a927ebc5290d229d3879d0d47986a04b3e8eb1bf95a1a68f8af5182a7d6dc529df49c6a35f70c352ad835bb3641f2d0a138631cbbaa4dc81c7c0cb80d06c4936cb55b94241ea17804ace00666a69f5f9ea5dd122b11be7ca3fcf809d49c1321d32f30fcc1fd2551a81325688f3a42df28b60fa94562390da5a94f84d57413fa6eebaecac52c748f74e1cd9fb592276418dd6750e7869f45f79722aa30181d483d0ceceab596d0c405097a158a530ffe98f93a264045ed29718fcb01cfad2c9f1218f6b82253f6889a0baf62209d7e35baf724c73297da5f622234b578ae361387e81b382cf71433bf4c282b61763e1f71da76a72d6c33541b963c418f4b3339c4fa1c33c3b0dad5e0e4c5a39f25ce95172c87b5f2ef83cea731c03ccfaad393cf72b47c913c4923e98b33988d7564cd7357338d48c200e25dad2860ad1e44d40a461bf442263dca1378c0a50aebe299fd0534c570544b0e69a0d19117d13c65cb2c771c66feed509037c10fb6861814ed57b93e09602895ef1e2cbbad798cda69655262545cacb2fc41a99db90f3f220e9ec36c0442f8fa109cca350adbeb78832e7f0d64ead487384e6ff09d4e0d2d65664eba81080718b35ee60a0a088ea03fef90063d43f4bba86596fddaca2b68ede663bf9bccd5b2cc5e2e170932dadf963127d389b4084c7a749d840db4544b93b852ceb564c81d02106009ea0b85182c6ecfe5646c4bdef6cb86064956eb75d4a88e409f67cfa662a943ec9f04ec800ef89485b291c88d59e44ce077d439a491617255622f30821786998bb36043a99d0a865447c57e4226225cf46b751e4ddaae300f6b447c94c9e064bd41b65a2c2b7bc18656427e1e9506ae182a81d5ef4eb64871768166e600e2ba68e592d8b50989c2ee361696536e25da62fd9f4a2e13cd820e0ca224c82e09f9b6a47ea3abd76932e78ba6bbfca7f0a331dcaa3a8a1e6140ab1f236778833057448db06fe05c956210b8a75aaf2cd9c776454ce8b7574f99d56977509a65f7ea6c71eec599539cb029eb0f5b49949afde4aa3097f2bcfe810e5a29f900e49c1ece9c2bfd91577fa207648628cd277c25eb5cfa091e126794102b5295bd6ec1cc55b375f5fe8ecb61b09495ef6ab1120c64891d39a67733bfc71d8cf12aaf8e99c48faee8c18cad9a9e4c7762efce3fb1fa02f180b48414b2b3c07a1999d96363eb3f9faee347f7e2f4c046195c788f8403e20f4b7159b330b475d911264f55437dc3fd14a4620333d9adbfa55072347a48dd49604c0d3d170bb136f8f30097868881427454742ec2c5344a6c3741eeaf04a28617a0b10b2ea33cd6b4249d7881bb02180f06b7967da7a90c74f8b045400ecba5c55d3816d46c70e03d49ce589474f0d227521ca9b1ee3115294ddb0e95a37cb110d4371608b56be30a6be65ecf08c095a91a203c0be6f92fb0314e538dbc1da95862f7a63a24106b9edb2c0d8730f3ea9a480da26dd253200d3e2304bfa720dfdde3e4f28afc7d6948bcc8e02a159663fdd0d89f07497b25d96b9e4d12a778e3f97b79df7b4f02159465002e499c05880aac2353fa16200c580f645f6aac422b14838bd637815b8fed7c06bc7c2307ce905a6aee39e3453e666a0a9b36ba52fca1a606d4589609dd41bcd70bbf2da921f3fe5793915ed030791e165c8bf1fd9f8f4e03a53d2e09b0de3618a5abf0bafcb3431c729285e5baf54a2b4c91ab3cd7075ebcff07f32810f374da6bad25a0a35bcfe6fb050a820733ac6fa9bb92143a003a1f9eb7be9056de5857d5c439211f5de73d6afe935b27e0b15c8a8facb2fa20c77b61e82a0961a83462a5981a6c8c8ab5f85ab6f2cb6a1bcab4f384cc7cdba1f198a778d749a4ba72350d703095e678317f951b750cd8b2dc56c6c5d4462d56bacf5aad61727525be07bd1cafd3757451fb1be6dfd52ae3bbe12619a5960ea61c13b8642569b5c9c7d131b51d223829a34eec87cb174bf99f8f122005414175078e29b55770366816f9a45fc5683abd2e54a073a50d6ccd0ffb8806c21f29d57712094752d8e9c952827948cb91ab82d746e599fd74230c57c59da88d00066e0cf64d27075ef6e144a06ec954a9517c6a61f0d9b4b3cd6065a955b38b6f01f0690cfd06b6417afb3443f5313dd5888f7568e263ec08fc8d204707d966c038c00ef36c0d3a6a104b7e29de4591c4c201d75df80891377d59587aa2b463c032eac3ccccc626d309b4ea234967749ea32dbe9b4995aaed73f29580cbb0ece2a5bab048884a87591644993b26cf856af04877f7da40a79023a77312947939582bd86cf73640f74b74060fc969560c903057b4bf818ab84676f3edcb91d9d6fc001b0e95d8e904345f08c280b928b7693e114da79572317d49a207630b4cd8a862b6360dcff075bba1d1cd3d44240b4a29d6f9cb0c20675e31f92eb2ec268bf6a62e0dae7d67f58d61a0131441c0b05c9061d8fa30306c46c561ece0d6291c514af7833eba86e292f48a377068835dad62ff47fc9e5cd7e6bb991191cfe72fdc65d7921aa6106d9ce733a6c5f3f89463737bdd8185f1f3f55f5b76cabb8a8169cc20bdd765ec31a12af233c428c854071c01d0bed1d7482e06b62493dfdc7bae9edd4d5d53072500cbcc4a6b4504d10c3f8df71a461ca6ae3ac7a023cad381808ab8c3d8df05490938580919aaafe6c6e3e1d0c6ad280b62673ebb034d35d2e83222f05b3859d45d00e929fa3cc26ebc75319ba3b04df5dde73c5e89458d6fe5c0f9e0a854f6e5a6a308a9c57fba1f4e1db3b252f4afc6a09e5db3f457eabb1af146eab13032891d28f8ca60670a48c320497dfa35497e4086002f25344702f1d298f001b087a0a3aedb5a90409b92570e784b24b15f934e5f0485c0762ba28683da115044f034c0b00e1b8ada9a78da5e3d1d78b4a48591a93ff8436e81f89bd180722aa88d50ead6a4fbe5940f33d3e63682aeb0199ffe028f9b8878b33755f7850ecec58818c3293bf919c41cb1043d144630c03f10228eec135145acc40acd4e8164278186b7f9b8f17f685c9743816116bce1703dc66291d2acce0d6f18b0a6ae9d8dd4fb15175162046bc1d37616f0bd39f0e2464850966af4aa29a41477257a23ee37a60c2180778558caf85f2d37f0bbe8fc87094e171a3e3eb9134b2789abe892ebfb3aa6ae261c4a647aec72a5056c3ce878001115c45b393d0749df2ede55e4397ddd484880e94decb04003203f8574e204ea45b63f66dc1944f40d45851b14271a35202d42cae58276cb5c7ca51e71ab4f66b9dfc007b065911e096ceb9bdfa931e632bc533a031fdd89fda97ba35b15d3154bc384d20eb1617eca6a753c3493ac94883a00030bd56199553f82ad2b9c6fd45d3accc801f4f916dcd02eed402edcf75534b20649da0f3886aacf06551a76e5127083ac09eac663643f397ba9121267b89655fa7422148c1a80648074d60202cb3be441e0e6707254634e114116e311149a01aff97c36e3a26f3fc13f94e6e0d3c2a34258d94b8218f110cfc13205bf615730c4ed247ff72cf85058109e4e627861b174511d4cad0e62003ec5104578ea3a0f011da8fa7c7b7ad28fa2da166519a7d1c677bdd1703ae3c8947c5a89a7f2ef7bbf21fc6761a8c09779cbdac7b992d32299b5a09d6711472dd650fac9775e843f2812f929b267866720e45deab8e761e187810510af22edaa2b2afcb982f1a653c46ea0086ff6168e279cc7e20b980efa772fad5be474668fc79e5f5c20e279c4a76379ce5753fa48e291c5c085364d7820884276e0b8f8d57894a5044d8a0e5617bc3dbdad9ae6edea95481115f7531ecdaeab780c11294f2a098d9a2b3dc555a95e92ebae869a940e50513872fe28ec465bbe86033123d36742c64ce099c5420c9ff01dcce42eaef240fef868503304ffd25d3d2f9ddb95de2c0cb365b4db661c362594639ecc9cf1210b59950e542fba2ac2bc72a1f59ec0c749e638e6902d2a916f1dffa82a9fb1910363d7be0d2eba7834478feb53a82a65c6146e67b9ef6cfd308c0f0c17b369bec9fbda8d23e07966194308e146db4c59623a3301684b2f74314613cf61731f0d2fe7ff39310c30deb29516b57c32a24eb7fd0239dad9dff9a579b8601a840072edc616ffa381750df597d8c43f95278cc3acf24189877c4066cc7389349c308d67bb50100ee164c91dbb88171022217e41dd9a4ff7572aa20f45cd4b94d67ac67861f7660a8e569d57a8c87eb588d43d2c498ea7b02f36216af70cad012a2982b9ac5e501d714bf66654820b1daa57045366b1fea62e7921e7e958b0025b09b42f0f7fa0991c4703a698e8c6ecdddd08041d6d301003293660a65fe1e1b6de55ad2abafa8ad38604dcf235f1b9fa61e396c2c42fefd21bdff82c74873bacb9c8b3298dd0192d418a4add9b720d56787a0442e5159d24fe216195be83b3d57e2670c854dad22ec2ed46a281f798f6ef7996d7daeeb5f02d2c45133dd64df5fd7d16708fd65b738e80970c8bff8df0d5fb3c65259b3fcb936f36a7ff5f2c5f7a84767b9454231109825016ee61345fc62d47eaadf664d34f05d18db19ea537bee9604d75a94a6f87d8fef4b934db5b74da229943702bb2f1d06caffcc2c6981a9afdb280dc1fd0b779974baf058379becf8706366da7352e89b313ee68f8083fa016685d051c73dd249af4fb82002c64964f5b4d44f6437bd9ef541e835bfb2e2e41771b961c575fe7bc64d782b548f8a4a18dc4803c96727621a8d664a0ab3b60dcfe13f833eea4791d28c94f1c19d9c67c18dd68363663661fad7b670eff7783d39a513a44574fc0ded337b421749dc80da8aee508fdbf310a454bab974987f2dd6e96e71c6f696274d5fe917e775bc39285d848c5c871be0ca719a3b2f7ae9ff716f2487bb931acb23f88453b78b9dcbfa97dfc9f53853bc964e54fd4546df6144623de0395b1019be7422ed0488675e6638650822a692c52b654d3b9dcce62a03998e7f2a0bfe66745743b57ed24dd47f0f40a649b111d450bd4e4a1b307268ad717454e0bfe4b443c2afe8b1a86807db0b8555d4716ec6a683f90597af2ddf846c157d24de1d282b7d2d40b2f385b78cf1ecbc55378cadec912d9addecbb15100dee1f1888cd8caa4b4f40ef7b08fc68dfcb927ac108c6375d9ccab26ce08d5fcb977857e390afe08746845ec077ba141ca613e6e8db0663db4186affca4af2c7a338b88e019b24403705a6f82c1eb5a29d86b9384e618ee85c3a3d38400eec2055f1760753bb9ba71926f92b72b2e1dc2b906d7ada934170c23c1bb99e29a41384502a6240ccde4a5c7e46c3cd04cdee35d8ce31c2f715d9be8f23cdc69de6763ae1c410aa0039ddb6e2c38fd80ac7c5d4d8b28510f58e67a4a09bd1729b59db44181b6d1d6133336c094468e14e1038ce7b189d11cfd8f6dad0364a03e7cdf25902c5e41f14e0249c1aebcd5515763cb7ec09c41d4d817f79996c26ca360ef8ac3d9c7ccc10158ece95526bad52b8876e85161f1140ecb90cacfc4e97c7f72493192d04d1ab805ff8d9f910bc1d632240b0ba0158295e1d8bcf63741a49f2bcd7e7b99d554a143ec0696163a46bd8b648e0ce2b042244faa4d7b0e158081dc99bd0745eb26b895838795416febd27ca898c", 0x1000}, {&(0x7f0000002780)="7268170f282570af454c331770e7bc3bb9667824e4b0b881acd252f88d4dea934b1129f5f4c7cdb6ab7264d55247389336cc136a3d077f915822bebe00aa35ceb7a7528169da722ecf21ba0e5091e431c23516addf1854ae3145d6d7e46ba1a8e6c61982415db15ef5943316d2", 0x6d}], 0x3, &(0x7f0000004880)=[@rights={{0x34, 0x1, 0x1, [r0, r5, r0, r0, r1, r1, r0, r0, r1]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r6, r7}}}, @rights={{0x28, 0x1, 0x1, [r0, r0, r1, r1, r8, r0]}}, @cred={{0x1c, 0x1, 0x2, {r9, 0xee01, r10}}}, @rights={{0x20, 0x1, 0x1, [r11, r1, r1, r0]}}], 0xc0, 0x40000}}], 0x2, 0x20) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r12 = syz_io_uring_setup(0x235, &(0x7f0000000500)={0x0, 0x4733, 0x10100, 0x0, 0x24d}, &(0x7f00000001c0)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r13, r14, &(0x7f0000000040)=@IORING_OP_RECVMSG={0xa, 0x28, 0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x1, {0x1}}) io_uring_enter(r12, 0x234f, 0xb1e6, 0x1, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r15 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r15, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0) 2.148028058s ago: executing program 4 (id=2245): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="300000002e00030500"/20, @ANYRES32, @ANYBLOB="37a1339bc6a7a40dd295e343836af3655425aeb4aa20b0c19dc70c7170114063c70eeb795b0499d956dee7258f6849e7d254298e63295f89726fd577d192499d28d4f1c80e21a5ed2b3de5486d4ee8ec524fe9c37a8f554c288cda0372beeefd635e9b050aab03af96b80bbf2ef96a6bded2b3ae6a034bc65095724c396e5b132b88a54a132a87ba43a4f771a18e641bbd1506465137745cc6d0da9c6372d05b492e4682"], 0x30}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[], 0x0}, 0x94) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe53, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd4, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6}) write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.513296026s ago: executing program 3 (id=2246): r0 = socket$kcm(0xa, 0x2, 0x73) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000010000100feffffff0001000000000000000000000000ffffe0000002fc0100000000000000000000000000010001071c4e23000200000000ff000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d66c0000000a01010100000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c250000000000000300000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000fefffffffffffffffafffffffcffffff000000008000000002350000020001002000000000000000480003006465666c61746500000000000000000000000000000000000000000000000000960f000000000000000000000000000000000c00"/240], 0x138}, 0x1, 0x0, 0x0, 0x800}, 0x0) r5 = accept$netrom(0xffffffffffffffff, &(0x7f0000000e40)={{0x3, @default}, [@bcast, @default, @remote, @default, @null, @null, @default, @rose]}, &(0x7f0000000ec0)=0x48) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000f00)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f0000000fc0), 0x9, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000) socket(0x848000000015, 0x805, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r7, 0xffffffffffffffff, 0x0) sendmsg$inet(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412", 0xe00}, {&(0x7f0000001040)="9d7fcf3efc63f4a6a555ba8b4726d7ccaf8a207100e69cfac4377876021d7131b838059f96bd206d4776368ed2a92432e5af71", 0x33}], 0x2, &(0x7f00000011c0)=ANY=[@ANYBLOB="1400000000000000010000004100000002010000000000004800000000000000080000000700000010000034366567f2219787566400007300000000000000000000000008000000ef3820f3439cb150a3651e799e1459c9c9a7521737a8879e3ef4dca1e3c32158996e4b2abde5342e22f2ba8b679121ac0b0ad62ade31fb2c47f0bbf781eb8bd1e3064141e90e9eac25b189c0da98b676571bbeefba392c3e15a10e03dee4ae1dfe99793e51ec0c6bb5fa6d7b357d249502f5919ef251e5d0e5bed378265b8bd55fde4689cb509b14fa754813a27e72d175e8d677420e10d651833e6e2ab8168b1d633b1bb9a7d4d59ebdc7083d93d35cd469de", @ANYRES32=0x0, @ANYBLOB="e1212f0409000000e70bcf35ac837225dd355ad309a5ec6096633ba38e1ef5baf006020e5f45c993cb5680017c6720bea9b7c451516a8cff7f00000000000019f20b784b2336d43c8a0f7347801a596dfb0b078a967980ccec1d115c7a0000000000000000000000fed6260fdf140498f1274bc569d0d87656d0d18d903580f0ec0915e89bd286b2c25165043f6a001d53f84eaabf01cc310ff28c7c76867ce1a2c9c91b"], 0x6b}, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000f40)=0x8, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) 1.334824619s ago: executing program 1 (id=2247): r0 = syz_open_dev$sg(0x0, 0x0, 0x8002) fcntl$dupfd(r0, 0x0, r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket(0x10, 0x803, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) r3 = fsopen(&(0x7f0000000180)='gfs2meta\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f0000000040), 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) sendto$inet6(r2, &(0x7f0000000240), 0x0, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) 788.815236ms ago: executing program 3 (id=2248): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) socket$kcm(0x21, 0x2, 0x2) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80082, 0x0) connect$inet6(r3, 0x0, 0x0) execve(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000500)={[&(0x7f0000000540)=' T\xfc\x81\x8e\x9f5\x0e \x043[B\xad\x13\x9f\xae\x8f\xbb\x9a\x0f\x9f\x13\xa5\xfc9\xbb\xa4.\xf4\xeb\x03\xf1\xb6\x8c\xc4E\x93\n&k\xec\xc8\\h\xd6\x1e\xcb\fA\\da/O\xdcn7\x1b@\xbf\xfb\x17J\xaaD\xe4\x01\xbc\xdc\n\x88\xfc\xcci\xc1\xe8\xf8\x1e6&\bE\x8f\x9b\xc6\x8d0\xa7 -\xecC8O*7\xfa&\xf9\aC\xab\x03g\x06\xda\x8c)\xae\xe3\x16\x9dz\x87\xd6OZX\xa4\xee\xa7\xebe\x14Qp\x96\x00\xd0VK\xe2$i\xd4\xcb-\xd4\x82w\x13\x98\xfcW\x9d\xff\xed\xd4\x14;]\xf8\xccS\xddl\x96v\x97\x988\xa7sQ\x1aN\xbdU.\x89\\\xfa\xc2\xcd\xde', &(0x7f0000000300)='urity.\x15\x00\x00_\x1b\xcf\xff\xf9G\x84\x87D\x91\xff\xe0\xf3b\xe2\x8di\xc8qk\x80F\x86F\x9a\xc7\xe9\xec?\b\xe5\x93\x0e!P$D?(C\xc4\x87_\x9d\xe2S1\x0fV\xab*\xe9\xdfu\x8e\x1d\xe3\x82R\x82\x0f\xd6\xadb\xd7\xad\n\t\xb2\x06\xa5UK\xaa\xdc<\xc8\xfa\x17t\x15 Ui\xd9\xfd\xd0\xe9\xe8\xcc7\x10Bf\xc2\x8f\x85\x04\x0f\xf9\xac\x0e\xce\x93mJU\x03\xef[d\xdf\xbd)\xc6T\xc1y\x03\xd8(H\xa2~aP\x98\x01\vpi\x03\xac\xdcj5a\xc9\ru\x19La\xe8Y\xc3\x85\x01\xc1G*8\x04\xc9\x11\xab\xbd\v\x9d\xbfy\xfd\xc55\t\x11', 0x0]}) openat$fuse(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) pipe(&(0x7f00000000c0)) pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r4, 0x5761, &(0x7f0000000f40)={0x1, 0x0, [{0x8000, 0x7, 0xfffff714, [0x9, 0x9, 0x1af, 0xb9a2, 0x1, 0x10, 0x8, 0x2]}]}) mount$fuseblk(&(0x7f0000000600), 0x0, 0x0, 0x1000810, &(0x7f0000000ac0)=ANY=[]) 710.197987ms ago: executing program 4 (id=2249): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) fcntl$dupfd(r0, 0x0, r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYRES32=0x0], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040040) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f3"], 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0100000004000000080000000c00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) fsopen(&(0x7f0000000180)='gfs2meta\x00', 0x0) 607.133447ms ago: executing program 1 (id=2250): syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f60c01a83d88008135048567c566a31077d12879017186ecd8521f2b5fb"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) 576.745785ms ago: executing program 2 (id=2251): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) syz_emit_vhci(&(0x7f0000000340)=@HCI_EVENT_PKT={0x4, @hci_ev_logical_link_complete={{}, {0x3, 0xc8, 0xc9, 0x9}}}, 0x64) r0 = getpid() syz_emit_ethernet(0x4e, &(0x7f0000000800)={@link_local, @random="6481bf928700", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "ecff80", 0x18, 0x11, 0x0, @private0={0xfc, 0x0, '\x00', 0x2}, @mcast2, {[], {0x0, 0x4e22, 0x18, 0x0, @wg=@data={0x3, 0xffff0000}}}}}}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa2bb1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x5, 0x0) setrlimit(0x9, &(0x7f0000000040)={0x4}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r4, 0x90004) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) accept4(r4, 0x0, 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x0) sendfile(r5, r5, &(0x7f0000000000)=0x5, 0x9) copy_file_range(r5, 0x0, r5, &(0x7f00000004c0)=0xdc, 0xfffffffffffffff8, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001e00190f00003fffffffda060200000000e80001dd0008040d000900ea11c21d0005000000", 0x29}], 0x1) 239.663168ms ago: executing program 0 (id=2252): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000540)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r1, @ANYBLOB="080026006c09000008009f00f8"], 0x34}}, 0x40) (async) r3 = memfd_create(&(0x7f0000000580)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2=\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec=\x9e\xc3\xfd\x85d\x0fl5\xf3\xbe\" 6\r<\xea\x8dz\xcf6\x99\x91\xear8p\xaaR\xd5\xa6\xab#N>\x9a\xdf\xea\x009\xfbB\xc1\xd0_\xc0\'Z\xeb\xd8\xaf\xf0\'J\xe2\xff\xe5x*;(p\xf7p\xce\xbb\xa7\xfe\x04\xd0t\x81\x1a\x1b?m\x11\x8b\x8d\a\xa6\"\xd9\x13\xeb\xe2\rh\x8dsx\xaa!\xd5Q\xf8\xce*\x95\x0es\xfaZ\x94t\x19\xdc\xdc\xcf\x0f\x9a\xa2O>\xb9\xfc\x01\fW\xee\xffh\xbd\xb2\xb4z\xeb\x84\x13\x13u\x8f\x00\x00', 0x3) (async) sendmsg$ETHTOOL_MSG_EEE_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, 0x0, 0x1, 0x0, 0x0, 0x8090}, 0x4) (async) syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) (async) r4 = creat(0x0, 0x0) r5 = dup2(r4, r4) write$cgroup_subtree(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="2b726c696d69740995fae556c692e936dabd0c1d6176202d6e8374ce0ce4b098b74103797a7b55a443463d870ebf8020bdebf8c60f9739d2edb4db9b716dbc7695fdbf126a7cccba093b38fd8292e64b5d87f4a03489f6896b8cd898af776af3d67d3328f8aaa74fa3ff0f0000dc5e74637797f8dbc49d5d09008b", @ANYRES16=r3, @ANYRES32=r5], 0x1b) (async) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6, 0x0, 0x3}, 0x18) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async) getpid() (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) (async) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r9}, 0x10) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async) getpid() mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) (async) getpid() 217.547893ms ago: executing program 4 (id=2253): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r3, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{0x0}, {&(0x7f00000004c0)=""/168, 0xa8}, {&(0x7f0000000900)=""/106, 0x6a}, {&(0x7f00000000c0)=""/26, 0x1a}], 0x4}, 0x2000000}], 0x2, 0x0, 0x0) 171.4871ms ago: executing program 4 (id=2254): r0 = socket$isdn(0x22, 0x2, 0x26) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0) mkdir(0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x800, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB, @ANYRESHEX=r2, @ANYBLOB=',dfltgid=', @ANYRESHEX=0x0, @ANYBLOB="2c6163636573733d616e792c616669643d3078303030303030303030303030303030302c646566636f6e746578743d73746166665f752c7063723d30303030303030303030303030303030303031302c7375626a5f747970653d002c6673757569643d30616162313139302d383800362d393865342d313803302d31616439356138642c66736d616769633d3078303030303030303030303030303030302c657569643c", @ANYRESDEC=0x0, @ANYBLOB=',appraise_type=imasig,subj_role=)/],appraise_type=imasig,\x00']) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b36, &(0x7f0000000000)={'wlan0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x80044943, &(0x7f00000002c0)={'wlan0\x00'}) 0s ago: executing program 0 (id=2255): syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2) syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30b529, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0x4}, {}, {0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x2, 0x2, 0xfffffffffffffffd, 0xa, 0x8}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r7 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) syz_emit_ethernet(0x3a, &(0x7f00000001c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa320016c5dd06fbb3b9e4a51ca5dbdd4bfa8ccfc7b183ad3fd4b28b3fb5140630db1c5896ef3375dedc3eba2281ae1b"], &(0x7f00000002c0)={0x0, 0x1, [0x853, 0xadf, 0x7a6, 0xc22]}) r8 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000200)={0x1000000d}) kernel console output (not intermixed with test programs): ing attributes in process `syz.3.1616'. [ 587.664921][T12247] overlayfs: conflicting lowerdir path [ 587.822044][T12263] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1617'. [ 588.038815][T12266] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1618'. [ 589.344265][T12272] syzkaller1: entered promiscuous mode [ 589.350608][T12272] syzkaller1: entered allmulticast mode [ 589.490265][ T30] audit: type=1400 audit(1751679818.437:672): avc: denied { ioctl } for pid=12271 comm="syz.0.1620" path="socket:[34564]" dev="sockfs" ino=34564 ioctlcmd=0x8b2c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 589.529488][T12279] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1623'. [ 589.854083][ T30] audit: type=1326 audit(1751679818.607:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12283 comm="syz.2.1624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c1bb8e929 code=0x7ffc0000 [ 589.877465][ C0] vkms_vblank_simulate: vblank timer overrun [ 589.913371][ T30] audit: type=1326 audit(1751679818.607:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12283 comm="syz.2.1624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c1bb8e929 code=0x7ffc0000 [ 589.937643][ T30] audit: type=1326 audit(1751679818.607:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12283 comm="syz.2.1624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f1c1bb8e929 code=0x7ffc0000 [ 589.961046][ C0] vkms_vblank_simulate: vblank timer overrun [ 589.970629][ T30] audit: type=1326 audit(1751679818.607:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12283 comm="syz.2.1624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c1bb8e929 code=0x7ffc0000 [ 589.994658][ C0] vkms_vblank_simulate: vblank timer overrun [ 590.001509][ T30] audit: type=1326 audit(1751679818.607:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12283 comm="syz.2.1624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c1bb8e929 code=0x7ffc0000 [ 590.024932][ C0] vkms_vblank_simulate: vblank timer overrun [ 590.035992][ T30] audit: type=1326 audit(1751679818.607:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12283 comm="syz.2.1624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f1c1bb8e929 code=0x7ffc0000 [ 590.061616][ C0] vkms_vblank_simulate: vblank timer overrun [ 590.073450][ T30] audit: type=1326 audit(1751679818.607:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12283 comm="syz.2.1624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c1bb8e929 code=0x7ffc0000 [ 590.103444][ T30] audit: type=1326 audit(1751679818.607:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12283 comm="syz.2.1624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c1bb8e929 code=0x7ffc0000 [ 590.126888][ C0] vkms_vblank_simulate: vblank timer overrun [ 590.140325][ T30] audit: type=1326 audit(1751679818.607:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12283 comm="syz.2.1624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f1c1bb8e929 code=0x7ffc0000 [ 590.642536][ T5913] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 590.732626][T11931] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 590.847705][T12300] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1630'. [ 590.860999][ T9] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 590.872802][ T5913] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 590.882070][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.890567][ T5913] usb 5-1: Product: syz [ 590.895182][ T5913] usb 5-1: Manufacturer: syz [ 590.899865][ T5913] usb 5-1: SerialNumber: syz [ 590.922666][ T24] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 590.932758][T11931] usb 2-1: Using ep0 maxpacket: 8 [ 591.143551][T11931] usb 2-1: unable to get BOS descriptor or descriptor too short [ 591.165560][ T5913] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 591.166474][T11931] usb 2-1: config 4 interface 0 has no altsetting 0 [ 591.191810][ T5841] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 591.203412][T11931] usb 2-1: string descriptor 0 read error: -22 [ 591.209789][T11931] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 591.219985][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 591.226829][T11931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 591.239247][ T9] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 591.249969][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.265242][T11931] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 591.278814][ T9] usb 3-1: config 0 descriptor?? [ 591.285898][T11931] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 591.298879][ T9] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 591.305291][T11931] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 591.318656][T11931] usb 2-1: media controller created [ 591.341149][T11931] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 591.352682][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 591.363201][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 591.385065][ T24] usb 4-1: config 7 has an invalid interface number: 67 but max is 0 [ 591.402076][ T24] usb 4-1: config 7 has no interface number 0 [ 591.423779][ T24] usb 4-1: language id specifier not provided by device, defaulting to English [ 591.463972][ T24] usb 4-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16 [ 591.473443][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 591.481557][ T24] usb 4-1: Product: syz [ 591.485959][ T24] usb 4-1: Manufacturer: syz [ 591.490601][ T24] usb 4-1: SerialNumber: syz [ 591.506218][T12295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 591.522826][T12295] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 591.529898][T11931] zl10353_read_register: readreg error (reg=127, ret==0) [ 591.597822][T11931] usb 2-1: USB disconnect, device number 45 [ 591.734704][ T24] usbhid 4-1:7.67: couldn't find an input interrupt endpoint [ 591.754945][ T24] usb 4-1: USB disconnect, device number 41 [ 592.012570][ T5836] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 592.349090][T12295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 592.375836][T12295] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 592.522842][ T5841] usb 5-1: Service connection timeout for: 256 [ 592.550464][ T9] gspca_nw80x: reg_w err -71 [ 592.607825][ T5841] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 592.767211][ T5841] ath9k_htc: Failed to initialize the device [ 592.995102][ T5841] usb 5-1: ath9k_htc: USB layer deinitialized [ 593.188256][ T9] nw80x 3-1:0.0: probe with driver nw80x failed with error -71 [ 593.198121][ T9] usb 3-1: USB disconnect, device number 27 [ 593.212331][T12318] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1634'. [ 594.417982][T12327] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 594.770465][T12321] delete_channel: no stack [ 594.877314][ T24] usb 5-1: USB disconnect, device number 33 [ 595.538444][ T30] kauditd_printk_skb: 142 callbacks suppressed [ 595.549327][ T30] audit: type=1400 audit(1751679824.107:824): avc: denied { connect } for pid=12332 comm="syz.2.1638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 595.693196][ T30] audit: type=1400 audit(1751679824.587:825): avc: denied { connect } for pid=12336 comm="syz.1.1640" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 596.177709][T12347] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1641'. [ 596.231949][T12350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1643'. [ 596.244836][T12350] FAULT_INJECTION: forcing a failure. [ 596.244836][T12350] name failslab, interval 1, probability 0, space 0, times 0 [ 596.355978][T12350] CPU: 1 UID: 0 PID: 12350 Comm: syz.2.1643 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 596.356007][T12350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 596.356016][T12350] Call Trace: [ 596.356021][T12350] [ 596.356028][T12350] dump_stack_lvl+0x16c/0x1f0 [ 596.356054][T12350] should_fail_ex+0x512/0x640 [ 596.356071][T12350] should_failslab+0xc2/0x120 [ 596.356088][T12350] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 596.356103][T12350] ? skb_clone+0x190/0x3f0 [ 596.356121][T12350] skb_clone+0x190/0x3f0 [ 596.356137][T12350] netlink_deliver_tap+0xabd/0xd30 [ 596.356156][T12350] netlink_unicast+0x6b2/0x7f0 [ 596.356168][T12350] ? __pfx_netlink_unicast+0x10/0x10 [ 596.356178][T12350] ? genl_rcv_msg+0x4bb/0x800 [ 596.356193][T12350] netlink_ack+0x696/0xb80 [ 596.356208][T12350] netlink_rcv_skb+0x332/0x420 [ 596.356218][T12350] ? __pfx_genl_rcv_msg+0x10/0x10 [ 596.356231][T12350] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 596.356247][T12350] ? netlink_deliver_tap+0x1ae/0xd30 [ 596.356265][T12350] genl_rcv+0x28/0x40 [ 596.356275][T12350] netlink_unicast+0x53a/0x7f0 [ 596.356289][T12350] ? __pfx_netlink_unicast+0x10/0x10 [ 596.356304][T12350] netlink_sendmsg+0x8d1/0xdd0 [ 596.356316][T12350] ? __pfx_netlink_sendmsg+0x10/0x10 [ 596.356332][T12350] ____sys_sendmsg+0xa95/0xc70 [ 596.356343][T12350] ? copy_msghdr_from_user+0x10a/0x160 [ 596.356357][T12350] ? __pfx_____sys_sendmsg+0x10/0x10 [ 596.356374][T12350] ___sys_sendmsg+0x134/0x1d0 [ 596.356389][T12350] ? __pfx____sys_sendmsg+0x10/0x10 [ 596.356402][T12350] ? __lock_acquire+0x622/0x1c90 [ 596.356430][T12350] __sys_sendmsg+0x16d/0x220 [ 596.356445][T12350] ? __pfx___sys_sendmsg+0x10/0x10 [ 596.356468][T12350] do_syscall_64+0xcd/0x4c0 [ 596.356484][T12350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.356495][T12350] RIP: 0033:0x7f1c1bb8e929 [ 596.356504][T12350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 596.356514][T12350] RSP: 002b:00007f1c1c964038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 596.356523][T12350] RAX: ffffffffffffffda RBX: 00007f1c1bdb5fa0 RCX: 00007f1c1bb8e929 [ 596.356534][T12350] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003 [ 596.356540][T12350] RBP: 00007f1c1c964090 R08: 0000000000000000 R09: 0000000000000000 [ 596.356546][T12350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 596.356552][T12350] R13: 0000000000000000 R14: 00007f1c1bdb5fa0 R15: 00007fff6147dc78 [ 596.356571][T12350] [ 597.428671][T12367] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1647'. [ 597.836418][ T5841] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 598.105637][ T9] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 598.126268][ T5841] usb 3-1: Using ep0 maxpacket: 8 [ 598.213706][ T5841] usb 3-1: unable to get BOS descriptor or descriptor too short [ 598.221289][T12373] xt_TPROXY: Can be used only with -p tcp or -p udp [ 598.227849][ T5841] usb 3-1: config 4 interface 0 has no altsetting 0 [ 598.391213][ T5841] usb 3-1: string descriptor 0 read error: -22 [ 598.413893][ T9] usb 2-1: config 0 interface 0 has no altsetting 0 [ 598.421129][ T5841] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 598.424511][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00 [ 598.440973][T12376] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1652'. [ 598.461691][ T5841] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.476450][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.484346][ T5841] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 598.496286][ T9] usb 2-1: config 0 descriptor?? [ 598.505335][ T5841] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 598.525523][ T5841] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 598.544515][ T5841] usb 3-1: media controller created [ 599.242682][ T5837] Bluetooth: hci4: command 0x0406 tx timeout [ 599.449593][ T5841] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 599.471584][ T9] logitech 0003:046D:C626.0007: hidraw0: USB HID v0.02 Device [HID 046d:c626] on usb-dummy_hcd.1-1/input0 [ 599.520009][ T5841] zl10353_read_register: readreg error (reg=127, ret==0) [ 599.634835][T12391] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1657'. [ 599.676213][ T5841] usb 3-1: USB disconnect, device number 28 [ 599.681543][ T30] audit: type=1400 audit(1751679828.627:826): avc: denied { shutdown } for pid=12357 comm="syz.1.1644" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 601.547595][T11931] usb 2-1: USB disconnect, device number 46 [ 601.614572][T12406] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1661'. [ 602.162653][ T5841] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 602.442774][ T5841] usb 4-1: device descriptor read/64, error -71 [ 602.643373][ T30] audit: type=1400 audit(1751679831.587:827): avc: denied { create } for pid=12393 comm="syz.0.1658" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1 [ 603.289580][ T5841] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 603.484073][ T5841] usb 4-1: device descriptor read/64, error -71 [ 603.682019][ T5841] usb usb4-port1: attempt power cycle [ 603.899733][T12438] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1670'. [ 604.082691][ T5841] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 604.143181][ T5841] usb 4-1: device descriptor read/8, error -71 [ 604.587216][ T5841] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 604.613052][ T5841] usb 4-1: device descriptor read/8, error -71 [ 604.703776][T12453] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1674'. [ 605.118311][ T5841] usb usb4-port1: unable to enumerate USB device [ 605.178379][ T5913] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 605.269008][T12456] fuse: Bad value for 'user_id' [ 605.273980][T12456] fuse: Bad value for 'user_id' [ 606.228645][T12459] vxcan1: entered allmulticast mode [ 606.249143][T12461] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1678'. [ 606.262543][T12459] vxcan1: left allmulticast mode [ 606.832555][ T5913] usb 1-1: Using ep0 maxpacket: 32 [ 606.866824][ T5913] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 2046, setting to 1024 [ 606.928067][ T5913] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 606.943435][ T5913] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 606.954777][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.962915][ T5913] usb 1-1: Product: syz [ 606.970308][ T5913] usb 1-1: Manufacturer: syz [ 606.978556][ T5913] usb 1-1: SerialNumber: syz [ 607.747186][T12442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 607.755787][T12442] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 607.983536][ T5913] cdc_ncm 1-1:1.0: bind() failure [ 608.005567][ T5913] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 608.354567][ T5913] cdc_ncm 1-1:1.1: bind() failure [ 608.475517][ T5913] usb 1-1: USB disconnect, device number 27 [ 610.215652][T12500] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1687'. [ 610.912734][ T5913] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 611.109594][T12510] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1691'. [ 611.399096][ T5913] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 611.431772][T12515] vxcan1: entered allmulticast mode [ 611.437391][T12515] vxcan1: left allmulticast mode [ 611.445233][ T5913] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 611.456958][ T5913] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 611.472058][ T5913] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 611.630803][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.847529][T12503] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 611.884080][ T5913] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 614.049161][ T5841] usb 4-1: USB disconnect, device number 46 [ 614.792660][ T5841] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 614.953484][T12545] vxcan1: entered allmulticast mode [ 614.961744][T12545] vxcan1: left allmulticast mode [ 615.014176][ T5841] usb 5-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config [ 615.168861][ T5841] usb 5-1: New USB device found, idVendor=1784, idProduct=0006, bcdDevice=bb.2f [ 615.196122][ T5841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.343612][ T5841] usb 5-1: Product: syz [ 615.382592][ T5841] usb 5-1: Manufacturer: syz [ 615.398432][ T5841] usb 5-1: SerialNumber: syz [ 615.420707][ T30] audit: type=1400 audit(1751679844.367:828): avc: denied { getopt } for pid=12551 comm="syz.0.1699" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 615.421033][T12552] netlink: 'syz.0.1699': attribute type 1 has an invalid length. [ 615.657406][T12541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 615.663776][T12552] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 615.666180][T12541] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 617.362739][ T5841] usb 5-1: USB disconnect, device number 34 [ 618.329231][T12578] x_tables: duplicate underflow at hook 2 [ 618.882097][T12586] vxcan1: entered allmulticast mode [ 618.903637][T12586] vxcan1: left allmulticast mode [ 618.962622][ T5893] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 619.202612][ T5841] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 619.447767][ T5893] usb 1-1: device descriptor read/64, error -71 [ 619.454552][ T30] audit: type=1400 audit(1751679848.397:829): avc: denied { bind } for pid=12592 comm="syz.4.1711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 619.476309][ T30] audit: type=1400 audit(1751679848.397:830): avc: denied { listen } for pid=12592 comm="syz.4.1711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 619.492529][ T5841] usb 3-1: device descriptor read/64, error -71 [ 619.498958][ T30] audit: type=1400 audit(1751679848.407:831): avc: denied { accept } for pid=12592 comm="syz.4.1711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 619.523931][ T30] audit: type=1400 audit(1751679848.427:832): avc: denied { read } for pid=12592 comm="syz.4.1711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 619.562544][ T5885] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 619.724189][ T5885] usb 4-1: Using ep0 maxpacket: 16 [ 619.730898][ T5885] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 619.742543][ T5893] usb 1-1: new full-speed USB device number 29 using dummy_hcd [ 619.743562][ T5841] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 619.758920][ T5885] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 619.772939][ T5885] usb 4-1: config 0 interface 0 has no altsetting 0 [ 619.788368][ T5885] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 619.802377][ T5885] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 619.989518][ T5841] usb 3-1: device descriptor read/64, error -71 [ 619.996488][ T5893] usb 1-1: device descriptor read/64, error -71 [ 620.122600][ T5893] usb usb1-port1: attempt power cycle [ 620.123629][ T5885] usb 4-1: config 0 descriptor?? [ 620.253449][ T5841] usb usb3-port1: attempt power cycle [ 620.698296][T12591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 620.710007][T12591] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 620.713537][T12608] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1716'. [ 620.728712][T12608] FAULT_INJECTION: forcing a failure. [ 620.728712][T12608] name failslab, interval 1, probability 0, space 0, times 0 [ 620.743928][T12608] CPU: 0 UID: 0 PID: 12608 Comm: syz.4.1716 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 620.743954][T12608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 620.743966][T12608] Call Trace: [ 620.743972][T12608] [ 620.743979][T12608] dump_stack_lvl+0x16c/0x1f0 [ 620.744010][T12608] should_fail_ex+0x512/0x640 [ 620.744037][T12608] should_failslab+0xc2/0x120 [ 620.744062][T12608] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 620.744087][T12608] ? __alloc_skb+0x2b2/0x380 [ 620.744120][T12608] __alloc_skb+0x2b2/0x380 [ 620.744142][T12608] ? __pfx___alloc_skb+0x10/0x10 [ 620.744169][T12608] ? if_nlmsg_size+0x475/0xaf0 [ 620.744196][T12608] rtmsg_ifinfo_build_skb+0x81/0x280 [ 620.744217][T12608] rtmsg_ifinfo+0x9f/0x1a0 [ 620.744238][T12608] __dev_notify_flags+0x24c/0x2e0 [ 620.744263][T12608] ? __pfx___dev_notify_flags+0x10/0x10 [ 620.744284][T12608] ? __dev_change_flags+0x3d5/0x720 [ 620.744310][T12608] ? __pfx___dev_change_flags+0x10/0x10 [ 620.744333][T12608] ? __pfx___schedule+0x10/0x10 [ 620.744354][T12608] ? __pfx_validate_linkmsg+0x10/0x10 [ 620.744380][T12608] netif_change_flags+0x108/0x160 [ 620.744407][T12608] do_setlink.constprop.0+0xb53/0x4380 [ 620.744441][T12608] ? __pfx_do_setlink.constprop.0+0x10/0x10 [ 620.744468][T12608] ? __wake_up_klogd.part.0+0x99/0xf0 [ 620.744492][T12608] ? __lock_acquire+0xb8a/0x1c90 [ 620.744510][T12608] ? find_held_lock+0x2b/0x80 [ 620.744537][T12608] ? __mutex_trylock_common+0xe9/0x250 [ 620.744556][T12608] ? __pfx___mutex_trylock_common+0x10/0x10 [ 620.744575][T12608] ? __pfx___might_resched+0x10/0x10 [ 620.744600][T12608] ? rcu_is_watching+0x12/0xc0 [ 620.744621][T12608] ? trace_contention_end+0xdd/0x130 [ 620.744638][T12608] ? __mutex_lock+0x1ca/0xb90 [ 620.744666][T12608] ? rtnl_newlink+0x600/0x2000 [ 620.744692][T12608] ? __pfx___mutex_lock+0x10/0x10 [ 620.744716][T12608] ? cap_capable+0xb3/0x250 [ 620.744742][T12608] ? full_name_hash+0xbc/0x110 [ 620.744760][T12608] ? netdev_name_node_lookup+0x127/0x180 [ 620.744786][T12608] rtnl_newlink+0x1446/0x2000 [ 620.744819][T12608] ? __pfx_rtnl_newlink+0x10/0x10 [ 620.744843][T12608] ? find_held_lock+0x2b/0x80 [ 620.744865][T12608] ? avc_has_perm_noaudit+0x117/0x3b0 [ 620.744886][T12608] ? avc_has_perm_noaudit+0x149/0x3b0 [ 620.744907][T12608] ? cred_has_capability.isra.0+0x193/0x2f0 [ 620.744935][T12608] ? __lock_acquire+0x622/0x1c90 [ 620.744965][T12608] ? __pfx_rtnl_newlink+0x10/0x10 [ 620.744990][T12608] ? __pfx_rtnl_newlink+0x10/0x10 [ 620.745012][T12608] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 620.745037][T12608] ? __pfx_rtnl_newlink+0x10/0x10 [ 620.745061][T12608] rtnetlink_rcv_msg+0x95b/0xe90 [ 620.745088][T12608] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 620.745126][T12608] ? ref_tracker_free+0x37c/0x830 [ 620.745153][T12608] netlink_rcv_skb+0x158/0x420 [ 620.745170][T12608] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 620.745197][T12608] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 620.745225][T12608] ? netlink_deliver_tap+0x1ae/0xd30 [ 620.745257][T12608] netlink_unicast+0x53a/0x7f0 [ 620.745277][T12608] ? __pfx_netlink_unicast+0x10/0x10 [ 620.745300][T12608] netlink_sendmsg+0x8d1/0xdd0 [ 620.745322][T12608] ? __pfx_netlink_sendmsg+0x10/0x10 [ 620.745349][T12608] ____sys_sendmsg+0xa95/0xc70 [ 620.745368][T12608] ? copy_msghdr_from_user+0x10a/0x160 [ 620.745392][T12608] ? __pfx_____sys_sendmsg+0x10/0x10 [ 620.745423][T12608] ___sys_sendmsg+0x134/0x1d0 [ 620.745447][T12608] ? __pfx____sys_sendmsg+0x10/0x10 [ 620.745468][T12608] ? __lock_acquire+0x622/0x1c90 [ 620.745516][T12608] __sys_sendmsg+0x16d/0x220 [ 620.745540][T12608] ? __pfx___sys_sendmsg+0x10/0x10 [ 620.745581][T12608] do_syscall_64+0xcd/0x4c0 [ 620.745607][T12608] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.745625][T12608] RIP: 0033:0x7f5340b8e929 [ 620.745640][T12608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.745657][T12608] RSP: 002b:00007f5341ad0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 620.745674][T12608] RAX: ffffffffffffffda RBX: 00007f5340db5fa0 RCX: 00007f5340b8e929 [ 620.745685][T12608] RDX: 0000000060000090 RSI: 0000200000000100 RDI: 0000000000000003 [ 620.745695][T12608] RBP: 00007f5341ad0090 R08: 0000000000000000 R09: 0000000000000000 [ 620.745704][T12608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 620.745714][T12608] R13: 0000000000000000 R14: 00007f5340db5fa0 R15: 00007ffdba8fdfb8 [ 620.745736][T12608] [ 621.053894][T12610] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1710'. [ 621.222543][ T5893] usb 1-1: new full-speed USB device number 30 using dummy_hcd [ 621.304906][ T5893] usb 1-1: device descriptor read/8, error -71 [ 621.393142][T12610] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1710'. [ 621.644410][ T30] audit: type=1400 audit(1751679850.597:833): avc: denied { ioctl } for pid=12620 comm="syz.2.1721" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 621.993344][ T10] usb 2-1: new full-speed USB device number 47 using dummy_hcd [ 622.117095][T12628] vxcan1: entered allmulticast mode [ 622.122960][ T5893] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 622.126007][T12628] vxcan1: left allmulticast mode [ 622.142553][ T10] usb 2-1: device descriptor read/64, error -71 [ 622.151912][ T5893] usb 1-1: Using ep0 maxpacket: 8 [ 622.172722][ T5893] usb 1-1: unable to get BOS descriptor or descriptor too short [ 622.184494][ T5893] usb 1-1: config 4 interface 0 has no altsetting 0 [ 622.195711][ T5893] usb 1-1: string descriptor 0 read error: -22 [ 622.205461][ T5893] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 622.229011][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.352532][ T5893] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 622.387917][ T5893] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 622.398509][ T10] usb 2-1: new full-speed USB device number 48 using dummy_hcd [ 622.407338][ T5893] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 622.417901][ T5893] usb 1-1: media controller created [ 622.603906][T12617] usb 1-1: dvb_usb_au6610: wlen=0, aborting [ 622.666033][ T5893] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 622.714995][ T5893] zl10353_read_register: readreg error (reg=127, ret==0) [ 622.738239][ T5885] usbhid 4-1:0.0: can't add hid device: -71 [ 622.746529][ T5885] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 622.762832][ T10] usb 2-1: device descriptor read/64, error -71 [ 622.764860][ T5885] usb 4-1: USB disconnect, device number 47 [ 622.813877][ T5893] usb 1-1: USB disconnect, device number 31 [ 622.875872][ T10] usb usb2-port1: attempt power cycle [ 623.272634][ T10] usb 2-1: new full-speed USB device number 49 using dummy_hcd [ 623.346207][ T10] usb 2-1: device descriptor read/8, error -71 [ 623.368063][T12631] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 623.500920][T12648] gfs2: gfs2 mount does not exist [ 623.660716][ T5837] block nbd0: Receive control failed (result -32) [ 623.692736][T12634] nbd0: detected capacity change from 0 to 63 [ 623.716954][T12650] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1727'. [ 623.786057][ T10] usb 2-1: new full-speed USB device number 50 using dummy_hcd [ 624.097712][ T10] usb 2-1: device descriptor read/8, error -71 [ 624.212924][ T10] usb usb2-port1: unable to enumerate USB device [ 624.269160][ T6739] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 624.325223][T12662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 624.335221][ T6739] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.367206][T12665] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 625.027202][T12679] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1733'. [ 625.032468][ T30] audit: type=1400 audit(1751679853.977:834): avc: denied { setopt } for pid=12677 comm="syz.4.1736" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 625.152587][ T9] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 625.233308][ T10] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 625.302828][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 625.312250][ T9] usb 4-1: config 0 has an invalid interface number: 219 but max is 0 [ 625.321740][ T9] usb 4-1: config 0 has no interface number 0 [ 625.331419][ T9] usb 4-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 625.345249][ T9] usb 4-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 625.357371][ T9] usb 4-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 625.368029][ T9] usb 4-1: config 0 interface 219 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 625.378104][ T9] usb 4-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 625.388302][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 625.396736][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 625.407715][ T9] usb 4-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 625.417319][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.425629][ T10] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 625.436175][ T9] usb 4-1: Product: syz [ 625.441786][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 625.448668][ T9] usb 4-1: Manufacturer: syz [ 625.453423][ T9] usb 4-1: SerialNumber: syz [ 625.458170][ T10] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 625.468977][ T9] usb 4-1: config 0 descriptor?? [ 625.474035][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.483557][T12662] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 625.496105][ T10] usb 1-1: config 0 descriptor?? [ 625.698410][ T9] etas_es58x 4-1:0.219: Starting syz syz (Serial Number syz) [ 625.717654][T12675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 625.728164][T12675] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 626.503910][ T9] etas_es58x 4-1:0.219: could not parse product info: 'У' [ 626.626466][ T30] audit: type=1400 audit(1751679855.577:835): avc: denied { bind } for pid=12692 comm="syz.1.1740" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 626.648073][ T30] audit: type=1400 audit(1751679855.577:836): avc: denied { listen } for pid=12692 comm="syz.1.1740" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 626.779425][ T5885] usb 4-1: USB disconnect, device number 48 [ 626.850658][ T30] audit: type=1400 audit(1751679855.737:837): avc: denied { write } for pid=12692 comm="syz.1.1740" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netrom_socket permissive=1 [ 626.899609][ T5885] etas_es58x 4-1:0.219: Disconnecting syz syz [ 626.957558][T12703] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1741'. [ 627.662620][T12700] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1735'. [ 627.835173][T12700] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1735'. [ 630.004463][ T30] audit: type=1400 audit(1751679858.957:838): avc: denied { append } for pid=12728 comm="syz.4.1751" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 630.184546][T12729] loop6: detected capacity change from 0 to 63 [ 630.191072][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 630.207748][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 630.232012][ T30] audit: type=1400 audit(1751679859.177:839): avc: denied { map } for pid=12728 comm="syz.4.1751" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 630.258777][T12729] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.288718][ T10] usb 1-1: USB disconnect, device number 32 [ 630.314797][T12729] Buffer I/O error on dev loop6, logical block 1, async page read [ 630.317964][ T30] audit: type=1400 audit(1751679859.177:840): avc: denied { execute } for pid=12728 comm="syz.4.1751" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 630.362824][T12729] Buffer I/O error on dev loop6, logical block 2, async page read [ 630.633142][ T5841] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 630.713956][T12729] Buffer I/O error on dev loop6, logical block 3, async page read [ 630.722673][T12729] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.730892][T12729] Buffer I/O error on dev loop6, logical block 1, async page read [ 630.747512][T12729] Buffer I/O error on dev loop6, logical block 2, async page read [ 630.758222][T12729] Buffer I/O error on dev loop6, logical block 3, async page read [ 630.769744][T12729] Buffer I/O error on dev loop6, logical block 0, async page read [ 630.788910][T12729] Buffer I/O error on dev loop6, logical block 1, async page read [ 630.872703][ T5841] usb 3-1: Using ep0 maxpacket: 16 [ 630.879753][ T5841] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 630.894190][ T5841] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 630.931340][ T5841] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 630.944523][ T5841] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 630.953751][ T5841] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.965598][T12744] xt_TPROXY: Can be used only with -p tcp or -p udp [ 630.965924][ T5841] usb 3-1: config 0 descriptor?? [ 631.155752][ T10] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 631.399446][ T10] usb 1-1: config 17 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 631.449417][ T10] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 631.461041][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.507806][ T10] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 631.537243][ T5841] HID 045e:07da: Invalid code 65791 type 1 [ 631.659629][ T5841] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0008/input/input12 [ 632.412629][ T916] usb 1-1: USB disconnect, device number 33 [ 632.516728][ T5841] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 632.618946][T12761] vxcan1: entered allmulticast mode [ 632.625373][T12761] vxcan1: left allmulticast mode [ 632.772709][ T5885] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 633.013389][ T5885] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 633.031538][ T5885] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 633.054696][ T5885] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 633.065114][ T5885] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 633.074814][ T5885] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.085918][ T10] usb 3-1: USB disconnect, device number 33 [ 633.086311][T12757] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 633.102133][ T5885] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 633.412702][T11931] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 633.572151][ T5885] usb 5-1: USB disconnect, device number 35 [ 633.586930][T11931] usb 2-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 1023 [ 633.597391][T11931] usb 2-1: config 1 interface 0 has no altsetting 0 [ 633.613375][T11931] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 633.624029][T11931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 633.632110][T11931] usb 2-1: Product: syz [ 633.638510][T11931] usb 2-1: Manufacturer: Ћ [ 633.643167][T11931] usb 2-1: SerialNumber: syz [ 633.651044][T12768] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 633.782105][ T10] libceph: connect (1)[c::]:6789 error -101 [ 633.788498][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 633.848143][T12775] ceph: No mds server is up or the cluster is laggy [ 633.963226][ T30] audit: type=1400 audit(1751679862.917:841): avc: denied { ioctl } for pid=12766 comm="syz.1.1764" path="socket:[36358]" dev="sockfs" ino=36358 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 634.084472][T11931] usb 2-1: USB disconnect, device number 51 [ 634.090438][T12783] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1766'. [ 634.448054][T12787] netlink: 'syz.3.1767': attribute type 4 has an invalid length. [ 636.123155][T12806] bond0: Error: Cannot enslave bond to itself. [ 637.700058][T12830] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1780'. [ 639.064965][T12839] FAULT_INJECTION: forcing a failure. [ 639.064965][T12839] name failslab, interval 1, probability 0, space 0, times 0 [ 639.081413][T12839] CPU: 0 UID: 0 PID: 12839 Comm: syz.3.1783 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 639.081431][T12839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 639.081437][T12839] Call Trace: [ 639.081441][T12839] [ 639.081445][T12839] dump_stack_lvl+0x16c/0x1f0 [ 639.081464][T12839] should_fail_ex+0x512/0x640 [ 639.081479][T12839] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 639.081496][T12839] should_failslab+0xc2/0x120 [ 639.081512][T12839] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 639.081526][T12839] ? __d_alloc+0x31/0xaa0 [ 639.081538][T12839] __d_alloc+0x31/0xaa0 [ 639.081549][T12839] d_alloc+0x4a/0x1e0 [ 639.081559][T12839] d_alloc_parallel+0xe3/0x12e0 [ 639.081575][T12839] ? find_held_lock+0x2b/0x80 [ 639.081589][T12839] ? __pfx_d_alloc_parallel+0x10/0x10 [ 639.081603][T12839] ? __d_lookup+0x266/0x4a0 [ 639.081619][T12839] lookup_open.isra.0+0x665/0x1580 [ 639.081635][T12839] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 639.081656][T12839] ? lookup_fast+0x156/0x610 [ 639.081671][T12839] path_openat+0x893/0x2cb0 [ 639.081693][T12839] ? __pfx_path_openat+0x10/0x10 [ 639.081709][T12839] ? __lock_acquire+0xb8a/0x1c90 [ 639.081720][T12839] do_filp_open+0x20b/0x470 [ 639.081735][T12839] ? __pfx_do_filp_open+0x10/0x10 [ 639.081754][T12839] ? __pfx_kfree_link+0x10/0x10 [ 639.081770][T12839] ? alloc_fd+0x471/0x7d0 [ 639.081788][T12839] do_sys_openat2+0x11b/0x1d0 [ 639.081799][T12839] ? __pfx_do_sys_openat2+0x10/0x10 [ 639.081810][T12839] ? __fget_files+0x20e/0x3c0 [ 639.081827][T12839] __x64_sys_openat+0x174/0x210 [ 639.081838][T12839] ? __pfx___x64_sys_openat+0x10/0x10 [ 639.081848][T12839] ? ksys_write+0x1ac/0x250 [ 639.081866][T12839] do_syscall_64+0xcd/0x4c0 [ 639.081882][T12839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 639.081892][T12839] RIP: 0033:0x7fcc5898d290 [ 639.081904][T12839] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 639.081913][T12839] RSP: 002b:00007fcc59806f60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 639.081924][T12839] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcc5898d290 [ 639.081930][T12839] RDX: 0000000000000000 RSI: 00007fcc58a10c51 RDI: 00000000ffffff9c [ 639.081936][T12839] RBP: 00007fcc58a10c51 R08: 0000000000000000 R09: 0000000000000000 [ 639.081942][T12839] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 639.081947][T12839] R13: 0000000000000000 R14: 00007fcc58bb5fa0 R15: 00007fff01e5b2f8 [ 639.081960][T12839] [ 639.393648][T12842] fuse: Bad value for 'group_id' [ 639.398677][T12842] fuse: Bad value for 'group_id' [ 639.667499][T12848] dlm: no local IP address has been set [ 639.673248][T12848] dlm: cannot start dlm midcomms -107 [ 639.871094][T12848] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 639.952686][ T5885] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 640.142551][ T5885] usb 3-1: Using ep0 maxpacket: 32 [ 640.663178][ T5885] usb 3-1: unable to get BOS descriptor or descriptor too short [ 640.695466][ T5885] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 640.715645][ T5885] usb 3-1: can't read configurations, error -71 [ 640.882650][T11931] usb 5-1: new full-speed USB device number 36 using dummy_hcd [ 641.072834][T11931] usb 5-1: device descriptor read/64, error -71 [ 641.422550][T11931] usb 5-1: new full-speed USB device number 37 using dummy_hcd [ 641.445877][T12876] vxcan1: entered allmulticast mode [ 641.477661][T12876] vxcan1: left allmulticast mode [ 641.772571][ T5885] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 641.832685][T11931] usb 5-1: device descriptor read/64, error -71 [ 641.916273][T12887] xt_hashlimit: size too large, truncated to 1048576 [ 641.958828][T11931] usb usb5-port1: attempt power cycle [ 641.971225][T12890] : renamed from bridge_slave_0 (while UP) [ 641.980600][ T30] audit: type=1400 audit(1751679870.917:842): avc: denied { ioctl } for pid=12886 comm="syz.0.1793" path="socket:[36499]" dev="sockfs" ino=36499 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 642.017295][ T5885] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 642.031475][ T5885] usb 3-1: config 0 has no interface number 0 [ 642.051980][ T5885] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 642.071567][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.091165][ T5885] usb 3-1: Product: syz [ 642.101222][ T5885] usb 3-1: Manufacturer: syz [ 642.110189][ T5885] usb 3-1: SerialNumber: syz [ 642.124871][ T5885] usb 3-1: config 0 descriptor?? [ 642.314247][T11931] usb 5-1: new full-speed USB device number 38 using dummy_hcd [ 642.346374][ T5885] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 642.369534][T11931] usb 5-1: device descriptor read/8, error -71 [ 642.370004][ T5885] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 642.410832][ T5885] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 642.439847][ T5885] usb 3-1: media controller created [ 642.652548][T11931] usb 5-1: new full-speed USB device number 39 using dummy_hcd [ 643.016353][ T5885] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 643.263182][T11931] usb 5-1: device descriptor read/8, error -71 [ 643.285134][T12905] FAULT_INJECTION: forcing a failure. [ 643.285134][T12905] name failslab, interval 1, probability 0, space 0, times 0 [ 643.307189][ T5885] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 643.379976][T12905] CPU: 0 UID: 0 PID: 12905 Comm: syz.0.1796 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 643.380004][T12905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 643.380014][T12905] Call Trace: [ 643.380020][T12905] [ 643.380027][T12905] dump_stack_lvl+0x16c/0x1f0 [ 643.380055][T12905] should_fail_ex+0x512/0x640 [ 643.380082][T12905] should_failslab+0xc2/0x120 [ 643.380109][T12905] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 643.380134][T12905] ? __alloc_skb+0x2b2/0x380 [ 643.380167][T12905] __alloc_skb+0x2b2/0x380 [ 643.380190][T12905] ? __pfx___alloc_skb+0x10/0x10 [ 643.380214][T12905] ? nla_put+0x101/0x140 [ 643.380239][T12905] xfrm_alloc_compat+0xb9c/0x1290 [ 643.380271][T12905] dump_one_state+0x2f3/0x470 [ 643.380294][T12905] xfrm_state_netlink+0xd5/0x150 [ 643.380315][T12905] ? __pfx_xfrm_state_netlink+0x10/0x10 [ 643.380347][T12905] xfrm_alloc_userspi+0x6f2/0xbb0 [ 643.380374][T12905] ? __pfx_xfrm_alloc_userspi+0x10/0x10 [ 643.380398][T12905] ? __nla_parse+0x40/0x60 [ 643.380414][T12905] ? __pfx_xfrm_alloc_userspi+0x10/0x10 [ 643.380438][T12905] xfrm_user_rcv_msg+0x58e/0xc00 [ 643.380464][T12905] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 643.380481][T12905] ? kfree_skbmem+0x1a4/0x1f0 [ 643.380500][T12905] ? consume_skb+0xcc/0x100 [ 643.380526][T12905] ? find_held_lock+0x2b/0x80 [ 643.380547][T12905] ? __dev_queue_xmit+0x896/0x43e0 [ 643.380595][T12905] ? __pfx___might_resched+0x10/0x10 [ 643.380620][T12905] ? rcu_is_watching+0x12/0xc0 [ 643.380645][T12905] netlink_rcv_skb+0x158/0x420 [ 643.380663][T12905] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 643.380683][T12905] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 643.380711][T12905] ? netlink_deliver_tap+0x1ae/0xd30 [ 643.380742][T12905] xfrm_netlink_rcv+0x71/0x90 [ 643.380761][T12905] netlink_unicast+0x53a/0x7f0 [ 643.380781][T12905] ? __pfx_netlink_unicast+0x10/0x10 [ 643.380806][T12905] netlink_sendmsg+0x8d1/0xdd0 [ 643.380829][T12905] ? __pfx_netlink_sendmsg+0x10/0x10 [ 643.380856][T12905] ____sys_sendmsg+0xa95/0xc70 [ 643.380876][T12905] ? copy_msghdr_from_user+0x10a/0x160 [ 643.380898][T12905] ? __pfx_____sys_sendmsg+0x10/0x10 [ 643.380929][T12905] ___sys_sendmsg+0x134/0x1d0 [ 643.380953][T12905] ? __pfx____sys_sendmsg+0x10/0x10 [ 643.380974][T12905] ? __lock_acquire+0x622/0x1c90 [ 643.381022][T12905] __sys_sendmsg+0x16d/0x220 [ 643.381047][T12905] ? __pfx___sys_sendmsg+0x10/0x10 [ 643.381088][T12905] do_syscall_64+0xcd/0x4c0 [ 643.381115][T12905] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.381132][T12905] RIP: 0033:0x7f95d7b8e929 [ 643.381152][T12905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.381169][T12905] RSP: 002b:00007f95d8a08038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 643.381186][T12905] RAX: ffffffffffffffda RBX: 00007f95d7db5fa0 RCX: 00007f95d7b8e929 [ 643.381196][T12905] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000003 [ 643.381206][T12905] RBP: 00007f95d8a08090 R08: 0000000000000000 R09: 0000000000000000 [ 643.381216][T12905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 643.381226][T12905] R13: 0000000000000000 R14: 00007f95d7db5fa0 R15: 00007fffc24aef58 [ 643.381250][T12905] [ 643.715313][ T5885] usb 3-1: USB disconnect, device number 35 [ 643.859006][T11931] usb usb5-port1: unable to enumerate USB device [ 645.112708][ T5841] usb 3-1: new full-speed USB device number 36 using dummy_hcd [ 645.439954][T12939] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1803'. [ 645.563238][ T5841] usb 3-1: not running at top speed; connect to a high speed hub [ 645.838022][ T5841] usb 3-1: config 1 interface 0 altsetting 154 endpoint 0x81 has invalid wMaxPacketSize 0 [ 645.871422][ T5841] usb 3-1: config 1 interface 0 altsetting 154 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 645.903001][ T30] audit: type=1400 audit(1751679874.857:843): avc: denied { bind } for pid=12944 comm="syz.0.1805" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 645.930047][ T5841] usb 3-1: config 1 interface 0 has no altsetting 0 [ 645.939859][T12945] netdevsim netdevsim0 : renamed from netdevsim0 (while UP) [ 645.964319][ T5841] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.40 [ 645.974003][ T5841] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 645.982046][ T5841] usb 3-1: Product: syz [ 646.010583][ T5841] usb 3-1: Manufacturer: 㦖冓瘚降믱擺냐쟺黔⃡ꐒ쥍壮뺑澈ꬻ㗮@ᇵ茺쨘赣梓bꑈ뼤❕框궆豜駇熱㋛탓⃾窀ꞀԆ㠍칼鵯輂鬸믱褯Ն鯻ῗ팭戽相罏ે巀璕폔ᱟ貌ऍ琵潜ꩯ䛣⎯ꄋः붉婂牢༛వᲮ鶐ᯰ艞鿙❨뢺嬲숄诣瑱㴋皽 [ 646.113503][ T5841] usb 3-1: SerialNumber: syz [ 647.457361][T12932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 647.477533][ T30] audit: type=1400 audit(1751679876.387:844): avc: denied { ioctl } for pid=12931 comm="syz.2.1802" path="socket:[37660]" dev="sockfs" ino=37660 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 647.505265][T12932] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 647.666472][ T5841] usbhid 3-1:1.0: can't add hid device: -71 [ 647.678377][ T5841] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 647.709168][ T5841] usb 3-1: USB disconnect, device number 36 [ 647.769414][T12964] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1809'. [ 649.053254][ T30] audit: type=1400 audit(1751679878.007:845): avc: denied { write } for pid=12976 comm="syz.0.1815" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 649.178149][T12982] netlink: 'syz.1.1817': attribute type 10 has an invalid length. [ 649.192658][T11931] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 649.207234][T12982] batman_adv: batadv0: Adding interface: team0 [ 649.263072][T12982] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 649.288894][T12982] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 649.343749][T11931] usb 3-1: too many configurations: 24, using maximum allowed: 8 [ 649.370205][T11931] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 649.412367][T11931] usb 3-1: can't read configurations, error -61 [ 649.463747][ T30] audit: type=1400 audit(1751679878.307:846): avc: denied { bind } for pid=12990 comm="syz.3.1819" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 649.622523][T11931] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 650.535561][T13001] vxcan1: entered allmulticast mode [ 650.552027][T13001] vxcan1: left allmulticast mode [ 650.940570][T11931] usb 3-1: too many configurations: 24, using maximum allowed: 8 [ 650.973327][T11931] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 650.985778][T11931] usb 3-1: can't read configurations, error -61 [ 651.023103][T12977] 9pnet_fd: Insufficient options for proto=fd [ 651.030499][T11931] usb usb3-port1: attempt power cycle [ 651.199825][T13011] vxcan1: entered allmulticast mode [ 651.297949][T13015] bridge1: entered promiscuous mode [ 651.670747][T13011] vxcan1: left allmulticast mode [ 652.846067][ T9] usb 4-1: new full-speed USB device number 49 using dummy_hcd [ 653.343258][T13035] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 653.350557][T13035] IPv6: NLM_F_CREATE should be set when creating new route [ 653.442571][ T9] usb 4-1: device descriptor read/64, error -71 [ 653.850975][T13049] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 654.391896][T13044] delete_channel: no stack [ 654.473336][T13055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 654.481970][T13055] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 654.523772][ T9] usb 4-1: new full-speed USB device number 50 using dummy_hcd [ 654.541534][T13057] FAULT_INJECTION: forcing a failure. [ 654.541534][T13057] name failslab, interval 1, probability 0, space 0, times 0 [ 654.747312][T13057] CPU: 1 UID: 0 PID: 13057 Comm: syz.1.1834 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 654.747340][T13057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 654.747351][T13057] Call Trace: [ 654.747356][T13057] [ 654.747363][T13057] dump_stack_lvl+0x16c/0x1f0 [ 654.747394][T13057] should_fail_ex+0x512/0x640 [ 654.747418][T13057] ? __kmalloc_noprof+0xbf/0x510 [ 654.747444][T13057] ? ethnl_default_notify+0x1a7/0x940 [ 654.747471][T13057] should_failslab+0xc2/0x120 [ 654.747497][T13057] __kmalloc_noprof+0xd2/0x510 [ 654.747518][T13057] ? __asan_memcpy+0x3c/0x60 [ 654.747542][T13057] ? __pfx_ethnl_default_notify+0x10/0x10 [ 654.747569][T13057] ethnl_default_notify+0x1a7/0x940 [ 654.747598][T13057] ? __pfx_ethnl_default_notify+0x10/0x10 [ 654.747624][T13057] ? __pfx_ethnl_set_linkmodes+0x10/0x10 [ 654.747657][T13057] ? __pfx_ethnl_default_notify+0x10/0x10 [ 654.747683][T13057] ethtool_notify+0xc2/0x200 [ 654.747707][T13057] ethnl_default_set_doit+0x4e5/0xb10 [ 654.747734][T13057] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 654.747764][T13057] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 654.747785][T13057] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 654.747822][T13057] genl_family_rcv_msg_doit+0x209/0x2f0 [ 654.747845][T13057] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 654.747875][T13057] ? bpf_lsm_capable+0x9/0x10 [ 654.747894][T13057] ? security_capable+0x7e/0x260 [ 654.747916][T13057] ? ns_capable+0xd7/0x110 [ 654.747938][T13057] genl_rcv_msg+0x55c/0x800 [ 654.747962][T13057] ? __pfx_genl_rcv_msg+0x10/0x10 [ 654.747983][T13057] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 654.748019][T13057] netlink_rcv_skb+0x158/0x420 [ 654.748036][T13057] ? __pfx_genl_rcv_msg+0x10/0x10 [ 654.748056][T13057] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 654.748085][T13057] ? netlink_deliver_tap+0x1ae/0xd30 [ 654.748117][T13057] genl_rcv+0x28/0x40 [ 654.748134][T13057] netlink_unicast+0x53a/0x7f0 [ 654.748155][T13057] ? __pfx_netlink_unicast+0x10/0x10 [ 654.748180][T13057] netlink_sendmsg+0x8d1/0xdd0 [ 654.748203][T13057] ? __pfx_netlink_sendmsg+0x10/0x10 [ 654.748232][T13057] ____sys_sendmsg+0xa95/0xc70 [ 654.748251][T13057] ? copy_msghdr_from_user+0x10a/0x160 [ 654.748274][T13057] ? __pfx_____sys_sendmsg+0x10/0x10 [ 654.748306][T13057] ___sys_sendmsg+0x134/0x1d0 [ 654.748331][T13057] ? __pfx____sys_sendmsg+0x10/0x10 [ 654.748353][T13057] ? __lock_acquire+0x622/0x1c90 [ 654.748404][T13057] __sys_sendmsg+0x16d/0x220 [ 654.748429][T13057] ? __pfx___sys_sendmsg+0x10/0x10 [ 654.748472][T13057] do_syscall_64+0xcd/0x4c0 [ 654.748499][T13057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.748516][T13057] RIP: 0033:0x7f1e9338e929 [ 654.748531][T13057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.748548][T13057] RSP: 002b:00007f1e9413b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 654.748565][T13057] RAX: ffffffffffffffda RBX: 00007f1e935b5fa0 RCX: 00007f1e9338e929 [ 654.748576][T13057] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 654.748586][T13057] RBP: 00007f1e9413b090 R08: 0000000000000000 R09: 0000000000000000 [ 654.748596][T13057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 654.748606][T13057] R13: 0000000000000000 R14: 00007f1e935b5fa0 R15: 00007fff0471df98 [ 654.748630][T13057] [ 655.322551][ T9] usb 4-1: device descriptor read/64, error -71 [ 655.465550][ T30] audit: type=1400 audit(1751679884.417:847): avc: denied { getopt } for pid=13074 comm="syz.0.1837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 655.512501][ T9] usb usb4-port1: attempt power cycle [ 655.516269][T13079] CUSE: info not properly terminated [ 655.559789][T13082] vxcan1: entered allmulticast mode [ 655.595222][T13082] vxcan1: left allmulticast mode [ 655.749927][ T10] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 655.947976][T13079] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1839'. [ 656.246727][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 656.298366][ T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 656.312080][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 656.428764][T13099] FAULT_INJECTION: forcing a failure. [ 656.428764][T13099] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 656.442970][T13099] CPU: 0 UID: 0 PID: 13099 Comm: syz.2.1843 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 656.442995][T13099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 656.443005][T13099] Call Trace: [ 656.443010][T13099] [ 656.443016][T13099] dump_stack_lvl+0x16c/0x1f0 [ 656.443044][T13099] should_fail_ex+0x512/0x640 [ 656.443070][T13099] _copy_from_user+0x2e/0xd0 [ 656.443095][T13099] memdup_user+0x6b/0xe0 [ 656.443118][T13099] strndup_user+0x78/0xe0 [ 656.443140][T13099] __x64_sys_fsopen+0x9c/0x240 [ 656.443160][T13099] do_syscall_64+0xcd/0x4c0 [ 656.443185][T13099] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.443203][T13099] RIP: 0033:0x7f1c1bb8e929 [ 656.443216][T13099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 656.443233][T13099] RSP: 002b:00007f1c1c943038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae [ 656.443250][T13099] RAX: ffffffffffffffda RBX: 00007f1c1bdb6080 RCX: 00007f1c1bb8e929 [ 656.443260][T13099] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 656.443270][T13099] RBP: 00007f1c1c943090 R08: 0000000000000000 R09: 0000000000000000 [ 656.443278][T13099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 656.443283][T13099] R13: 0000000000000001 R14: 00007f1c1bdb6080 R15: 00007fff6147dc78 [ 656.443297][T13099] [ 656.623055][ T10] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 656.632106][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 656.640091][ T10] usb 1-1: Product: syz [ 656.644243][ T10] usb 1-1: Manufacturer: syz [ 656.648810][ T10] usb 1-1: SerialNumber: syz [ 656.740546][ T10] usb 1-1: config 0 descriptor?? [ 656.748172][ T10] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 656.761404][ T10] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 657.487739][T13075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 657.513611][T13075] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 657.559555][T13117] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 658.059272][T13106] delete_channel: no stack [ 658.524294][ T10] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 658.536485][ T10] em28xx 1-1:0.0: Config register raw data: 0x41 [ 658.902765][ T10] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 659.522688][ T9] usb 1-1: USB disconnect, device number 34 [ 659.530467][ T9] em28xx 1-1:0.0: Disconnecting em28xx [ 659.551293][ T9] em28xx 1-1:0.0: Freeing device [ 659.844572][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 659.864806][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 659.880358][ T10] usb 4-1: config 4 interface 0 has no altsetting 0 [ 659.897779][ T10] usb 4-1: string descriptor 0 read error: -22 [ 659.911793][ T10] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 659.939786][T13148] afs: Unknown parameter '00000000000000000003' [ 659.941236][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.969863][ T10] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 659.991867][ T10] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 660.009420][ T10] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 660.016726][ T10] usb 4-1: media controller created [ 660.056143][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 660.216501][T13154] netlink: 'syz.1.1853': attribute type 10 has an invalid length. [ 660.228178][T13154] bridge0: port 2(bridge_slave_1) entered disabled state [ 660.236977][T13154] bridge0: port 1(bridge_slave_0) entered disabled state [ 660.280116][T13154] bridge0: port 2(bridge_slave_1) entered blocking state [ 660.287326][T13154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 660.294679][T13154] bridge0: port 1(bridge_slave_0) entered blocking state [ 660.301732][T13154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 660.349945][T13154] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 660.532655][T13159] vxcan1: entered allmulticast mode [ 660.590869][T13163] vxcan1: left allmulticast mode [ 661.154519][ T10] zl10353_read_register: readreg error (reg=127, ret==0) [ 661.186728][T13116] usb 4-1: dvb_usb_au6610: wlen=0, aborting [ 661.215983][ T5885] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 661.267489][T13173] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1857'. [ 661.308354][ T10] usb 4-1: USB disconnect, device number 52 [ 661.340339][T13173] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(12) [ 661.346968][T13173] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 661.392936][T13173] vhci_hcd vhci_hcd.0: Device attached [ 661.402928][ T5885] usb 5-1: Using ep0 maxpacket: 8 [ 661.415161][ T5885] usb 5-1: unable to get BOS descriptor or descriptor too short [ 661.436651][ T5885] usb 5-1: config 4 interface 0 has no altsetting 0 [ 661.449986][ T5885] usb 5-1: string descriptor 0 read error: -22 [ 661.457334][ T5885] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 661.473086][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.727404][ T5841] usb 33-1: new high-speed USB device number 2 using vhci_hcd [ 661.820468][ T5885] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 662.327305][ T5885] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 662.427928][ T5885] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 662.438034][T13181] vxcan1: entered allmulticast mode [ 662.486582][T13181] vxcan1: left allmulticast mode [ 662.492864][T13166] usb 5-1: dvb_usb_au6610: wlen=0, aborting [ 662.499159][ T5885] usb 5-1: media controller created [ 662.507825][T13174] vhci_hcd: connection reset by peer [ 663.069788][ T5885] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 663.535509][ T7422] vhci_hcd: stop threads [ 663.860138][ T7422] vhci_hcd: release socket [ 663.866056][ T7422] vhci_hcd: disconnect device [ 664.174869][ T5885] zl10353_read_register: readreg error (reg=127, ret==0) [ 664.344803][ T5885] usb 5-1: USB disconnect, device number 40 [ 664.368996][T13197] vxcan1: entered allmulticast mode [ 664.383281][T13197] vxcan1: left allmulticast mode [ 666.903285][ T5841] vhci_hcd: vhci_device speed not set [ 667.094197][T13231] vxcan1: entered allmulticast mode [ 667.099858][T13231] vxcan1: left allmulticast mode [ 667.659842][T13235] netlink: 'syz.2.1876': attribute type 4 has an invalid length. [ 667.692076][T13235] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1876'. [ 667.722232][T13239] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 667.729467][T13239] IPv6: NLM_F_CREATE should be set when creating new route [ 667.809084][T13245] vxcan1: entered allmulticast mode [ 667.830161][T13245] vxcan1: left allmulticast mode [ 669.124326][T13261] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 669.712232][T13251] delete_channel: no stack [ 669.929025][T13267] vxcan1: entered allmulticast mode [ 669.936331][T13267] vxcan1: left allmulticast mode [ 669.942911][ T9] usb 5-1: new full-speed USB device number 41 using dummy_hcd [ 670.329520][ T30] audit: type=1326 audit(1751679899.277:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13272 comm="syz.3.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 670.442603][ T9] usb 5-1: device descriptor read/64, error -71 [ 670.736927][ T30] audit: type=1326 audit(1751679899.307:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13272 comm="syz.3.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 670.773199][ T30] audit: type=1326 audit(1751679899.307:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13272 comm="syz.3.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 670.842484][ T30] audit: type=1326 audit(1751679899.317:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13272 comm="syz.3.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 670.853477][T13277] FAULT_INJECTION: forcing a failure. [ 670.853477][T13277] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 670.882779][ T9] usb 5-1: new full-speed USB device number 42 using dummy_hcd [ 670.890924][ T30] audit: type=1326 audit(1751679899.317:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13272 comm="syz.3.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 670.924943][ T30] audit: type=1326 audit(1751679899.317:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13272 comm="syz.3.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcc5898d290 code=0x7ffc0000 [ 670.938591][T13277] CPU: 1 UID: 0 PID: 13277 Comm: syz.3.1891 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 670.938617][T13277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 670.938626][T13277] Call Trace: [ 670.938632][T13277] [ 670.938638][T13277] dump_stack_lvl+0x16c/0x1f0 [ 670.938664][T13277] should_fail_ex+0x512/0x640 [ 670.938688][T13277] _copy_to_user+0x32/0xd0 [ 670.938712][T13277] simple_read_from_buffer+0xcb/0x170 [ 670.938734][T13277] proc_fail_nth_read+0x197/0x270 [ 670.938755][T13277] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 670.938776][T13277] ? rw_verify_area+0xcf/0x680 [ 670.938793][T13277] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 670.938812][T13277] vfs_read+0x1e4/0xc60 [ 670.938835][T13277] ? __pfx___mutex_lock+0x10/0x10 [ 670.938856][T13277] ? __pfx_vfs_read+0x10/0x10 [ 670.938881][T13277] ? __fget_files+0x20e/0x3c0 [ 670.938912][T13277] ksys_read+0x12a/0x250 [ 670.938930][T13277] ? __pfx_ksys_read+0x10/0x10 [ 670.938955][T13277] do_syscall_64+0xcd/0x4c0 [ 670.938978][T13277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.938993][T13277] RIP: 0033:0x7fcc5898d33c [ 670.939006][T13277] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 670.939020][T13277] RSP: 002b:00007fcc59807030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 670.939035][T13277] RAX: ffffffffffffffda RBX: 00007fcc58bb5fa0 RCX: 00007fcc5898d33c [ 670.939045][T13277] RDX: 000000000000000f RSI: 00007fcc598070a0 RDI: 0000000000000004 [ 670.939054][T13277] RBP: 00007fcc59807090 R08: 0000000000000000 R09: 0000000000000000 [ 670.939063][T13277] R10: 0000000020000015 R11: 0000000000000246 R12: 0000000000000001 [ 670.939071][T13277] R13: 0000000000000000 R14: 00007fcc58bb5fa0 R15: 00007fff01e5b2f8 [ 670.939092][T13277] [ 671.150521][ T30] audit: type=1326 audit(1751679899.317:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13272 comm="syz.3.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 671.317255][ T30] audit: type=1326 audit(1751679899.317:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13272 comm="syz.3.1888" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 671.856240][ T5841] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 671.857454][ T9] usb 5-1: device descriptor read/64, error -71 [ 672.377909][ T9] usb usb5-port1: attempt power cycle [ 672.394476][ T5841] usb 2-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config [ 672.412715][ T5841] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 672.422138][ T5841] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 673.791588][T13307] veth0_to_team: entered promiscuous mode [ 673.797628][T13307] veth0_to_team: entered allmulticast mode [ 673.807426][ T5841] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 673.817488][ T5841] usb 2-1: config 0 descriptor?? [ 673.862284][T13311] vxcan1: entered allmulticast mode [ 673.867834][ T24] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 673.880363][T13311] vxcan1: left allmulticast mode [ 674.040245][ T24] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 674.121356][ T24] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 674.258011][T13313] vxcan1: entered allmulticast mode [ 674.262519][ T24] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 674.332072][ T10] usb 2-1: USB disconnect, device number 52 [ 674.340589][ T24] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 674.340663][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.346692][T13299] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 674.527643][T13313] vxcan1: left allmulticast mode [ 674.637393][T13317] ip6erspan0: entered promiscuous mode [ 674.995926][ T24] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 675.086415][ T24] usb 3-1: USB disconnect, device number 41 [ 675.331186][T13329] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 675.920706][T13322] delete_channel: no stack [ 677.112843][ T30] audit: type=1400 audit(1751679906.037:856): avc: denied { lock } for pid=13359 comm="syz.0.1912" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 678.422864][T13374] vxcan1: entered allmulticast mode [ 678.440556][T13374] vxcan1: left allmulticast mode [ 679.164852][T13382] vxcan1: entered allmulticast mode [ 679.332600][T13384] vxcan1: left allmulticast mode [ 679.758498][ T30] audit: type=1400 audit(1751679908.517:857): avc: denied { map } for pid=13387 comm="syz.2.1919" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 680.084196][ T30] audit: type=1400 audit(1751679908.527:858): avc: denied { execute } for pid=13387 comm="syz.2.1919" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 680.505155][T13393] xt_CT: You must specify a L4 protocol and not use inversions on it [ 680.735673][T13401] gfs2: gfs2 mount does not exist [ 681.085235][T13414] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 682.892692][T11931] usb 5-1: new full-speed USB device number 44 using dummy_hcd [ 683.464713][T11931] usb 5-1: device descriptor read/64, error -71 [ 683.669495][T13436] use of bytesused == 0 is deprecated and will be removed in the future, [ 683.678425][T13436] use the actual size instead. [ 683.793442][T11931] usb 5-1: new full-speed USB device number 45 using dummy_hcd [ 684.126050][T11931] usb 5-1: device descriptor read/64, error -71 [ 684.252934][T11931] usb usb5-port1: attempt power cycle [ 684.357234][T13449] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1938'. [ 684.618990][T11931] usb 5-1: new full-speed USB device number 46 using dummy_hcd [ 684.686131][T11931] usb 5-1: device descriptor read/8, error -71 [ 685.794854][T11931] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 685.838801][T11931] usb 5-1: Using ep0 maxpacket: 8 [ 685.847689][T11931] usb 5-1: unable to get BOS descriptor or descriptor too short [ 685.857054][T11931] usb 5-1: config 4 interface 0 has no altsetting 0 [ 685.869901][T11931] usb 5-1: string descriptor 0 read error: -22 [ 685.884533][T11931] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 685.895797][T11931] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 685.911244][T11931] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 685.921900][T11931] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 685.934474][T11931] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 685.941772][T11931] usb 5-1: media controller created [ 686.056469][T11931] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 686.309051][T13481] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 686.848829][T13491] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1948'. [ 686.871649][T13491] bridge_slave_1: left allmulticast mode [ 686.882295][T13491] bridge_slave_1: left promiscuous mode [ 686.894354][T13476] delete_channel: no stack [ 686.895871][T13491] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.914753][T13491] bridge_slave_0: left allmulticast mode [ 686.920491][T13491] bridge_slave_0: left promiscuous mode [ 686.927194][T13491] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.960066][T13491] bond0: (slave bridge0): Releasing backup interface [ 687.174587][T13458] usb 5-1: dvb_usb_au6610: wlen=0, aborting [ 687.180552][T11931] zl10353_read_register: readreg error (reg=127, ret==0) [ 687.208798][T13499] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 687.259752][T11931] usb 5-1: USB disconnect, device number 47 [ 687.902018][T13511] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1956'. [ 690.653574][T13544] FAULT_INJECTION: forcing a failure. [ 690.653574][T13544] name failslab, interval 1, probability 0, space 0, times 0 [ 690.666995][ T30] audit: type=1400 audit(1751679919.607:859): avc: denied { map } for pid=13543 comm="syz.1.1966" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 690.704413][T13544] CPU: 1 UID: 0 PID: 13544 Comm: syz.1.1966 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 690.704440][T13544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 690.704450][T13544] Call Trace: [ 690.704456][T13544] [ 690.704463][T13544] dump_stack_lvl+0x16c/0x1f0 [ 690.704491][T13544] should_fail_ex+0x512/0x640 [ 690.704514][T13544] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 690.704540][T13544] should_failslab+0xc2/0x120 [ 690.704565][T13544] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 690.704583][T13544] ? bpf_ksym_find+0x127/0x1c0 [ 690.704604][T13544] ? vm_area_dup+0x27/0x8d0 [ 690.704623][T13544] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 690.704648][T13544] vm_area_dup+0x27/0x8d0 [ 690.704670][T13544] __split_vma+0x18e/0x1070 [ 690.704695][T13544] ? __pfx___split_vma+0x10/0x10 [ 690.704713][T13544] ? mas_next_slot+0x12d3/0x21b0 [ 690.704752][T13544] vms_gather_munmap_vmas+0x392/0x1310 [ 690.704778][T13544] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 690.704802][T13544] ? mas_walk+0x6a6/0x910 [ 690.704839][T13544] __mmap_region+0x3c7/0x25e0 [ 690.704864][T13544] ? __pfx___mmap_region+0x10/0x10 [ 690.704893][T13544] ? __lock_acquire+0x622/0x1c90 [ 690.704909][T13544] ? kmem_cache_free+0x2d1/0x4d0 [ 690.704926][T13544] ? lockdep_hardirqs_on+0x7c/0x110 [ 690.704945][T13544] ? audit_log_end+0x14a/0x2b0 [ 690.704967][T13544] ? find_held_lock+0x2b/0x80 [ 690.704986][T13544] ? avc_has_perm_noaudit+0x117/0x3b0 [ 690.705030][T13544] ? shmem_get_unmapped_area+0x170/0xa00 [ 690.705053][T13544] mmap_region+0x32b/0x3f0 [ 690.705077][T13544] do_mmap+0xa3e/0x1210 [ 690.705096][T13544] ? __pfx_do_mmap+0x10/0x10 [ 690.705113][T13544] ? __pfx_down_write_killable+0x10/0x10 [ 690.705132][T13544] vm_mmap_pgoff+0x281/0x450 [ 690.705159][T13544] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 690.705186][T13544] ? __fget_files+0x20e/0x3c0 [ 690.705212][T13544] ksys_mmap_pgoff+0x32c/0x5c0 [ 690.705227][T13544] ? __pfx_ksys_write+0x10/0x10 [ 690.705251][T13544] __x64_sys_mmap+0x125/0x190 [ 690.705278][T13544] do_syscall_64+0xcd/0x4c0 [ 690.705305][T13544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 690.705321][T13544] RIP: 0033:0x7f1e9338e929 [ 690.705334][T13544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 690.705348][T13544] RSP: 002b:00007f1e9413b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 690.705364][T13544] RAX: ffffffffffffffda RBX: 00007f1e935b5fa0 RCX: 00007f1e9338e929 [ 690.705375][T13544] RDX: 0000000000000001 RSI: 0000000000004000 RDI: 0000200000000000 [ 690.705384][T13544] RBP: 00007f1e9413b090 R08: 0000000000000003 R09: 8000000000000000 [ 690.705393][T13544] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 690.705401][T13544] R13: 0000000000000000 R14: 00007f1e935b5fa0 R15: 00007fff0471df98 [ 690.705425][T13544] [ 691.394530][T13549] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1969'. [ 692.177939][T13561] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1970'. [ 692.187065][T13561] tc_dump_action: action bad kind [ 692.493287][T13559] xt_CT: No such helper "pptp" [ 692.694918][ T30] audit: type=1400 audit(2000000000.430:860): avc: denied { write } for pid=13570 comm="syz.3.1972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 692.756384][T13573] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1972'. [ 693.242562][ T5841] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 693.475672][ T5841] usb 1-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=b9.bf [ 693.476605][T13588] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1979'. [ 693.486156][ T5841] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.542790][ T5841] usb 1-1: Product: syz [ 693.568630][ T5841] usb 1-1: Manufacturer: syz [ 693.591307][ T5841] usb 1-1: SerialNumber: syz [ 693.666231][ T5841] usb 1-1: config 0 descriptor?? [ 693.670647][ T10] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 693.701631][ T5841] usb 1-1: Waiting for MOTU Microbook II to boot up... [ 693.719552][ T5841] usb 1-1: failed setting the sample rate for Motu MicroBook II: -22 [ 693.872501][ T5841] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 694.044290][ T10] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 694.057725][ T10] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 694.071644][ T10] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 694.492030][ T10] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 694.517646][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 694.529104][T13582] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 694.543725][ T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 694.543865][ T5841] usb 1-1: USB disconnect, device number 35 [ 694.887375][ T30] audit: type=1400 audit(2000000002.620:861): avc: denied { connect } for pid=13602 comm="syz.1.1982" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 695.056444][ T10] usb 4-1: USB disconnect, device number 53 [ 696.833271][T13635] syz.0.1992: attempt to access beyond end of device [ 696.833271][T13635] loop0: rw=0, sector=16, nr_sectors = 2 limit=0 [ 697.053725][T13639] binder: BINDER_SET_CONTEXT_MGR already set [ 697.059771][T13639] binder: 13631:13639 ioctl 4018620d 200000000040 returned -16 [ 697.070574][T13639] binder: 13631:13639 ioctl c018620c 200000000100 returned -1 [ 697.481305][ T5841] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 697.951083][T13647] vxcan1: entered allmulticast mode [ 698.474397][ T5841] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 698.492140][ T5841] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 698.507975][ T5841] usb 3-1: Product: syz [ 698.522371][ T5841] usb 3-1: Manufacturer: syz [ 698.527001][ T5841] usb 3-1: SerialNumber: syz [ 698.553442][ T5841] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 698.578232][ T916] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 698.717000][ T30] audit: type=1400 audit(2000000006.450:862): avc: denied { nlmsg_read } for pid=13656 comm="syz.0.1996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 698.717079][T13657] netlink: 276 bytes leftover after parsing attributes in process `syz.0.1996'. [ 698.830600][T13657] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 112 [ 699.130396][ T30] audit: type=1400 audit(2000000006.860:863): avc: denied { map } for pid=13662 comm="syz.0.1999" path="/dev/video4" dev="devtmpfs" ino=936 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 699.130847][T13666] No memory to map [ 699.823478][T13672] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2002'. [ 699.872089][ T916] usb 3-1: Service connection timeout for: 256 [ 699.878578][ T916] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 700.011587][ T916] ath9k_htc: Failed to initialize the device [ 700.079933][ T30] audit: type=1400 audit(2000000007.700:864): avc: denied { getopt } for pid=13671 comm="syz.4.2002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 700.210476][ T916] usb 3-1: ath9k_htc: USB layer deinitialized [ 700.268671][ T54] usb 3-1: USB disconnect, device number 42 [ 701.489845][T13687] vxcan1: entered allmulticast mode [ 702.643194][T13695] FAULT_INJECTION: forcing a failure. [ 702.643194][T13695] name failslab, interval 1, probability 0, space 0, times 0 [ 702.688054][T13695] CPU: 0 UID: 0 PID: 13695 Comm: syz.1.2009 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 702.688082][T13695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 702.688093][T13695] Call Trace: [ 702.688099][T13695] [ 702.688107][T13695] dump_stack_lvl+0x16c/0x1f0 [ 702.688138][T13695] should_fail_ex+0x512/0x640 [ 702.688161][T13695] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 702.688186][T13695] should_failslab+0xc2/0x120 [ 702.688213][T13695] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 702.688235][T13695] ? alloc_empty_file+0x55/0x1e0 [ 702.688256][T13695] alloc_empty_file+0x55/0x1e0 [ 702.688274][T13695] path_openat+0xda/0x2cb0 [ 702.688297][T13695] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.688324][T13695] ? __pfx_path_openat+0x10/0x10 [ 702.688355][T13695] do_filp_open+0x20b/0x470 [ 702.688379][T13695] ? __pfx_do_filp_open+0x10/0x10 [ 702.688421][T13695] ? _raw_spin_unlock+0x28/0x50 [ 702.688441][T13695] ? alloc_fd+0x471/0x7d0 [ 702.688472][T13695] do_sys_openat2+0x11b/0x1d0 [ 702.688489][T13695] ? __pfx_do_sys_openat2+0x10/0x10 [ 702.688516][T13695] __x64_sys_creat+0xcc/0x120 [ 702.688534][T13695] ? __pfx___x64_sys_creat+0x10/0x10 [ 702.688551][T13695] ? __pfx_ksys_write+0x10/0x10 [ 702.688576][T13695] ? rcu_is_watching+0x12/0xc0 [ 702.688598][T13695] ? do_syscall_64+0x91/0x4c0 [ 702.688624][T13695] do_syscall_64+0xcd/0x4c0 [ 702.688651][T13695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 702.688668][T13695] RIP: 0033:0x7f1e9338e929 [ 702.688689][T13695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 702.688705][T13695] RSP: 002b:00007f1e9411a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 702.688723][T13695] RAX: ffffffffffffffda RBX: 00007f1e935b6080 RCX: 00007f1e9338e929 [ 702.688734][T13695] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 702.688744][T13695] RBP: 00007f1e9411a090 R08: 0000000000000000 R09: 0000000000000000 [ 702.688754][T13695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 702.688763][T13695] R13: 0000000000000001 R14: 00007f1e935b6080 R15: 00007fff0471df98 [ 702.688787][T13695] [ 703.067903][T13700] vxcan1: left allmulticast mode [ 704.112730][T13712] netlink: 'syz.3.2015': attribute type 1 has an invalid length. [ 704.149531][ T30] audit: type=1400 audit(2000000011.880:865): avc: denied { setopt } for pid=13717 comm="syz.1.2016" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 704.150793][T13712] bond1: entered promiscuous mode [ 704.175311][T13712] bond1: entered allmulticast mode [ 704.197874][T13712] bond1: (slave erspan1): making interface the new active one [ 704.205462][T13712] erspan1: entered promiscuous mode [ 704.210729][T13712] erspan1: entered allmulticast mode [ 704.224885][T13712] bond1: (slave erspan1): Enslaving as an active interface with an up link [ 706.462727][T13746] FAULT_INJECTION: forcing a failure. [ 706.462727][T13746] name failslab, interval 1, probability 0, space 0, times 0 [ 706.477813][T13746] CPU: 1 UID: 0 PID: 13746 Comm: syz.2.2024 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 706.477841][T13746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 706.477852][T13746] Call Trace: [ 706.477858][T13746] [ 706.477865][T13746] dump_stack_lvl+0x16c/0x1f0 [ 706.477894][T13746] should_fail_ex+0x512/0x640 [ 706.477918][T13746] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 706.477946][T13746] should_failslab+0xc2/0x120 [ 706.477973][T13746] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 706.477997][T13746] ? __alloc_skb+0x2b2/0x380 [ 706.478024][T13746] __alloc_skb+0x2b2/0x380 [ 706.478046][T13746] ? __pfx___alloc_skb+0x10/0x10 [ 706.478068][T13746] ? kasan_quarantine_put+0x10a/0x240 [ 706.478090][T13746] ? lockdep_hardirqs_on+0x10/0x110 [ 706.478122][T13746] inet_netconf_notify_devconf+0x8b/0x1f0 [ 706.478147][T13746] inetdev_event+0xed5/0x18a0 [ 706.478168][T13746] ? ib_netdevice_event+0xfc/0x330 [ 706.478187][T13746] ? __pfx_inetdev_event+0x10/0x10 [ 706.478207][T13746] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 706.478233][T13746] notifier_call_chain+0xb9/0x410 [ 706.478257][T13746] ? __pfx_inetdev_event+0x10/0x10 [ 706.478282][T13746] call_netdevice_notifiers_info+0xbe/0x140 [ 706.478304][T13746] unregister_netdevice_many_notify+0xf9d/0x2700 [ 706.478341][T13746] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 706.478371][T13746] ? __pfx___mutex_lock+0x10/0x10 [ 706.478401][T13746] ? unregister_netdevice_queue+0x22e/0x3f0 [ 706.478428][T13746] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 706.478456][T13746] ? __nla_parse+0x40/0x60 [ 706.478477][T13746] rtnl_dellink+0x3cb/0xa80 [ 706.478500][T13746] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 706.478526][T13746] ? dev_hard_start_xmit+0x94/0x740 [ 706.478545][T13746] ? __dev_queue_xmit+0x7eb/0x43e0 [ 706.478563][T13746] ? netlink_deliver_tap+0xa87/0xd30 [ 706.478589][T13746] ? netlink_unicast+0x5df/0x7f0 [ 706.478605][T13746] ? __pfx_rtnl_dellink+0x10/0x10 [ 706.478627][T13746] ? __sys_sendmsg+0x16d/0x220 [ 706.478704][T13746] ? __lock_acquire+0x622/0x1c90 [ 706.478734][T13746] ? find_held_lock+0x2b/0x80 [ 706.478755][T13746] ? __pfx_rtnl_dellink+0x10/0x10 [ 706.478778][T13746] ? __pfx_rtnl_dellink+0x10/0x10 [ 706.478800][T13746] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 706.478826][T13746] ? __pfx_rtnl_dellink+0x10/0x10 [ 706.478851][T13746] rtnetlink_rcv_msg+0x95b/0xe90 [ 706.478878][T13746] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 706.478911][T13746] ? ref_tracker_free+0x37c/0x830 [ 706.478938][T13746] netlink_rcv_skb+0x158/0x420 [ 706.478955][T13746] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 706.478982][T13746] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 706.479009][T13746] ? netlink_deliver_tap+0x1ae/0xd30 [ 706.479042][T13746] netlink_unicast+0x53a/0x7f0 [ 706.479063][T13746] ? __pfx_netlink_unicast+0x10/0x10 [ 706.479088][T13746] netlink_sendmsg+0x8d1/0xdd0 [ 706.479109][T13746] ? __pfx_netlink_sendmsg+0x10/0x10 [ 706.479137][T13746] ____sys_sendmsg+0xa95/0xc70 [ 706.479155][T13746] ? copy_msghdr_from_user+0x10a/0x160 [ 706.479179][T13746] ? __pfx_____sys_sendmsg+0x10/0x10 [ 706.479208][T13746] ___sys_sendmsg+0x134/0x1d0 [ 706.479234][T13746] ? __pfx____sys_sendmsg+0x10/0x10 [ 706.479256][T13746] ? __lock_acquire+0x622/0x1c90 [ 706.479304][T13746] __sys_sendmsg+0x16d/0x220 [ 706.479328][T13746] ? __pfx___sys_sendmsg+0x10/0x10 [ 706.479369][T13746] do_syscall_64+0xcd/0x4c0 [ 706.479397][T13746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 706.479413][T13746] RIP: 0033:0x7f1c1bb8e929 [ 706.479428][T13746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 706.479444][T13746] RSP: 002b:00007f1c1c964038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 706.479461][T13746] RAX: ffffffffffffffda RBX: 00007f1c1bdb5fa0 RCX: 00007f1c1bb8e929 [ 706.479472][T13746] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000006 [ 706.479482][T13746] RBP: 00007f1c1c964090 R08: 0000000000000000 R09: 0000000000000000 [ 706.479492][T13746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 706.479501][T13746] R13: 0000000000000000 R14: 00007f1c1bdb5fa0 R15: 00007fff6147dc78 [ 706.479525][T13746] [ 708.332100][ T30] audit: type=1400 audit(2000000016.070:866): avc: denied { create } for pid=13759 comm="syz.2.2027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1 [ 708.543134][ T30] audit: type=1400 audit(2000000016.280:867): avc: denied { create } for pid=13771 comm="syz.0.2032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 708.616199][T13774] vxcan1: entered allmulticast mode [ 708.651840][T13774] vxcan1: left allmulticast mode [ 708.760327][ T30] audit: type=1400 audit(2000000016.300:868): avc: denied { execmem } for pid=13771 comm="syz.0.2032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 709.522473][ T30] audit: type=1400 audit(2000000016.760:869): avc: denied { write } for pid=13771 comm="syz.0.2032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 709.595028][T13782] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2034'. [ 709.643810][ T30] audit: type=1400 audit(2000000016.770:870): avc: denied { nlmsg_write } for pid=13771 comm="syz.0.2032" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 710.081862][ T916] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 710.295047][ T916] usb 1-1: config 0 has an invalid descriptor of length 34, skipping remainder of the config [ 710.309958][ T916] usb 1-1: config 0 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 710.326365][ T916] usb 1-1: config 0 interface 0 has no altsetting 0 [ 710.333762][ T916] usb 1-1: New USB device found, idVendor=046d, idProduct=c227, bcdDevice= 0.00 [ 710.333786][T11931] usb 4-1: new full-speed USB device number 54 using dummy_hcd [ 710.344787][ T916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 710.374405][ T916] usb 1-1: config 0 descriptor?? [ 710.383315][ T916] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 710.645966][T13809] FAULT_INJECTION: forcing a failure. [ 710.645966][T13809] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 710.659296][T13809] CPU: 1 UID: 0 PID: 13809 Comm: syz.4.2040 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 710.659321][T13809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 710.659332][T13809] Call Trace: [ 710.659338][T13809] [ 710.659344][T13809] dump_stack_lvl+0x16c/0x1f0 [ 710.659374][T13809] should_fail_ex+0x512/0x640 [ 710.659402][T13809] _copy_to_user+0x32/0xd0 [ 710.659430][T13809] simple_read_from_buffer+0xcb/0x170 [ 710.659456][T13809] proc_fail_nth_read+0x197/0x270 [ 710.659480][T13809] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 710.659505][T13809] ? rw_verify_area+0xcf/0x680 [ 710.659526][T13809] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 710.659548][T13809] vfs_read+0x1e4/0xc60 [ 710.659573][T13809] ? __pfx___mutex_lock+0x10/0x10 [ 710.659605][T13809] ? __pfx_vfs_read+0x10/0x10 [ 710.659634][T13809] ? __fget_files+0x20e/0x3c0 [ 710.659666][T13809] ksys_read+0x12a/0x250 [ 710.659687][T13809] ? __pfx_ksys_read+0x10/0x10 [ 710.659717][T13809] do_syscall_64+0xcd/0x4c0 [ 710.659745][T13809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 710.659762][T13809] RIP: 0033:0x7f5340b8d33c [ 710.659776][T13809] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 710.659792][T13809] RSP: 002b:00007f5341a8e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 710.659809][T13809] RAX: ffffffffffffffda RBX: 00007f5340db6160 RCX: 00007f5340b8d33c [ 710.659820][T13809] RDX: 000000000000000f RSI: 00007f5341a8e0a0 RDI: 0000000000000007 [ 710.659831][T13809] RBP: 00007f5341a8e090 R08: 0000000000000000 R09: 0000000000000000 [ 710.659840][T13809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 710.659851][T13809] R13: 0000000000000000 R14: 00007f5340db6160 R15: 00007ffdba8fdfb8 [ 710.659875][T13809] [ 710.842574][ C1] vkms_vblank_simulate: vblank timer overrun [ 710.873091][T13791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 710.889152][T13791] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 710.894958][T11931] usb 4-1: device descriptor read/64, error -71 [ 710.981610][ T916] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 711.324666][ T10] usb 1-1: USB disconnect, device number 36 [ 711.341553][T11931] usb 4-1: new full-speed USB device number 55 using dummy_hcd [ 711.397141][ T916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 711.419473][ T916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 711.495049][T13818] can0: slcan on ptm0. [ 711.679438][ T916] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 711.697773][ T916] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 711.731529][T11931] usb 4-1: device descriptor read/64, error -71 [ 711.796862][ T916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 711.807377][ T916] usb 2-1: config 0 descriptor?? [ 712.427873][T11931] usb usb4-port1: attempt power cycle [ 712.472770][T13813] can0 (unregistered): slcan off ptm0. [ 712.648330][ T916] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 712.888105][T11931] usb 4-1: new full-speed USB device number 56 using dummy_hcd [ 712.997671][T11931] usb 4-1: device descriptor read/8, error -71 [ 713.008620][T13833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 713.028918][T13833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 713.039943][T13835] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 713.072441][ T916] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 713.107483][ T10] usb 2-1: USB disconnect, device number 53 [ 713.351407][ T916] usb 3-1: Using ep0 maxpacket: 8 [ 713.614552][T13845] Cannot find del_set index 1 as target [ 713.618219][ T916] usb 3-1: unable to get BOS descriptor or descriptor too short [ 714.019310][ T916] usb 3-1: config 4 interface 0 has no altsetting 0 [ 714.030348][ T916] usb 3-1: string descriptor 0 read error: -22 [ 714.041309][ T916] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 714.091402][ T916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.161482][ T916] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 714.187832][ T916] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 714.202044][ T916] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 714.210215][ T916] usb 3-1: media controller created [ 714.384302][T13829] usb 3-1: dvb_usb_au6610: wlen=0, aborting [ 714.426860][ T916] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 715.473044][ T916] zl10353_read_register: readreg error (reg=127, ret==0) [ 715.701255][ T5841] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 716.073152][ T916] usb 3-1: USB disconnect, device number 43 [ 716.151282][ T5841] usb 1-1: Using ep0 maxpacket: 32 [ 716.160747][ T5841] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 716.174464][ T5841] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 716.183718][ T5841] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 716.193069][ T5841] usb 1-1: Product: syz [ 716.197510][ T5841] usb 1-1: Manufacturer: syz [ 716.202367][ T5841] usb 1-1: SerialNumber: syz [ 716.212215][ T5841] usb 1-1: config 0 descriptor?? [ 716.221125][T13863] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 716.228972][ T5841] hub 1-1:0.0: bad descriptor, ignoring hub [ 716.236386][ T5841] hub 1-1:0.0: probe with driver hub failed with error -5 [ 716.361856][ T54] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 716.461723][T13863] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2059'. [ 716.539551][ T54] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 716.542657][ T30] audit: type=1400 audit(2000000024.231:871): avc: denied { mounton } for pid=13878 comm="syz.3.2065" path="/398/file0" dev="tmpfs" ino=2161 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 716.550352][T13880] vxcan0: tx drop: invalid da for name 0x0000000000000003 [ 716.583926][ T54] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 716.800294][T13863] netlink: 'syz.0.2059': attribute type 3 has an invalid length. [ 716.808366][T13863] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.2059'. [ 716.821682][ T54] usb 5-1: Product: syz [ 716.822903][ T30] audit: type=1400 audit(2000000024.551:872): avc: denied { setattr } for pid=13878 comm="syz.3.2065" name="file0" dev="tmpfs" ino=2161 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 716.825873][ T54] usb 5-1: Manufacturer: syz [ 716.903048][ T54] usb 5-1: SerialNumber: syz [ 716.912441][ T54] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 716.921340][ T9] usb 1-1: USB disconnect, device number 37 [ 716.933011][ T916] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 717.120723][ T10] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 717.725449][ T30] audit: type=1400 audit(2000000025.241:873): avc: denied { write } for pid=13886 comm="syz.1.2068" path="socket:[41522]" dev="sockfs" ino=41522 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 718.012587][ T916] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 718.130759][ T916] ath9k_htc: Failed to initialize the device [ 718.141220][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 718.158164][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 718.166412][ T30] audit: type=1400 audit(2000000025.901:874): avc: denied { create } for pid=13893 comm="syz.0.2069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 718.168272][ T10] usb 4-1: config 9 has an invalid interface number: 3 but max is 2 [ 718.221011][ T10] usb 4-1: config 9 contains an unexpected descriptor of type 0x2, skipping [ 718.229742][ T10] usb 4-1: config 9 has an invalid interface number: 150 but max is 2 [ 718.346259][ T916] usb 5-1: ath9k_htc: USB layer deinitialized [ 718.388738][ T10] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 718.730847][T13875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 718.812986][T13875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 718.910602][T13901] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 718.993672][T13875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 719.106210][ T10] usb 4-1: config 9 has no interface number 1 [ 719.112421][ T10] usb 4-1: config 9 has no interface number 2 [ 719.118616][ T10] usb 4-1: config 9 interface 150 altsetting 253 has a duplicate endpoint with address 0xD, skipping [ 719.130431][ T10] usb 4-1: config 9 interface 150 altsetting 253 has 2 endpoint descriptors, different from the interface descriptor's value: 7 [ 719.140576][T13875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 719.144722][ T10] usb 4-1: config 9 interface 150 has no altsetting 0 [ 719.163425][ T10] usb 4-1: New USB device found, idVendor=05c6, idProduct=9002, bcdDevice=b2.3d [ 719.177933][ T30] audit: type=1400 audit(2000000026.871:875): avc: denied { ioctl } for pid=13893 comm="syz.0.2069" path="socket:[40826]" dev="sockfs" ino=40826 ioctlcmd=0x8b36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 719.180932][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 719.210659][ T10] usb 4-1: Product: syz [ 719.216515][ T10] usb 4-1: Manufacturer: syz [ 719.221160][ T10] usb 4-1: SerialNumber: syz [ 719.253575][T13875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 719.298179][T13893] delete_channel: no stack [ 719.336633][T13875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 719.470566][T13875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 719.504754][T13875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 719.860157][ T10] usb 4-1: USB disconnect, device number 58 [ 720.291780][ T10] usb 5-1: USB disconnect, device number 48 [ 722.273773][T13944] vxcan1: entered allmulticast mode [ 724.201540][T13958] mac80211_hwsim hwsim3 syzkaller0: left allmulticast mode [ 724.233801][ T30] audit: type=1326 audit(2000000031.931:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13957 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 724.285350][ T30] audit: type=1326 audit(2000000031.931:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13957 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 724.343484][ T30] audit: type=1326 audit(2000000031.931:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13957 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 724.500193][ T30] audit: type=1326 audit(2000000031.931:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13957 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 724.533711][ T30] audit: type=1326 audit(2000000031.931:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13957 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 724.698395][ T30] audit: type=1326 audit(2000000031.931:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13957 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 724.730280][ T30] audit: type=1326 audit(2000000031.931:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13957 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 725.113555][ T30] audit: type=1326 audit(2000000031.931:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13957 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 725.159135][ T30] audit: type=1326 audit(2000000031.931:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13957 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 725.189794][ T30] audit: type=1326 audit(2000000031.931:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13957 comm="syz.3.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc5898e929 code=0x7ffc0000 [ 725.317940][T13976] vxcan1: entered allmulticast mode [ 725.325156][T13976] vxcan1: left allmulticast mode [ 727.984810][T14001] vxcan1: entered allmulticast mode [ 727.990436][T14001] vxcan1: left allmulticast mode [ 728.236275][T14008] netlink: 240 bytes leftover after parsing attributes in process `syz.3.2101'. [ 728.542894][ T10] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 728.749592][ T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 729.137594][ T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 729.316842][ T10] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 729.344501][ T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 729.602368][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.767035][T14009] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 729.783228][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 729.840602][ T916] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 730.176521][ T5841] usb 5-1: USB disconnect, device number 49 [ 730.403602][ T10] usb 2-1: new full-speed USB device number 54 using dummy_hcd [ 730.570550][ T10] usb 2-1: device descriptor read/64, error -71 [ 730.830776][ T10] usb 2-1: new full-speed USB device number 55 using dummy_hcd [ 731.000519][ T10] usb 2-1: device descriptor read/64, error -71 [ 731.021837][ T916] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 731.121256][ T10] usb usb2-port1: attempt power cycle [ 731.491253][ T10] usb 2-1: new full-speed USB device number 56 using dummy_hcd [ 731.541317][ T10] usb 2-1: device descriptor read/8, error -71 [ 731.547195][ T916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 731.557536][ T916] usb 3-1: Product: syz [ 731.561758][ T916] usb 3-1: Manufacturer: syz [ 731.566359][ T916] usb 3-1: SerialNumber: syz [ 731.578021][ T916] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 731.595648][ T24] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 732.120524][ T10] usb 2-1: new full-speed USB device number 57 using dummy_hcd [ 732.175644][ T10] usb 2-1: device descriptor read/8, error -71 [ 732.528460][ T10] usb usb2-port1: unable to enumerate USB device [ 733.150259][ T24] usb 3-1: Service connection timeout for: 256 [ 733.158677][ T24] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 733.207052][ T24] ath9k_htc: Failed to initialize the device [ 733.220236][T14059] vxcan1: left allmulticast mode [ 733.604314][ T24] usb 3-1: ath9k_htc: USB layer deinitialized [ 733.710238][ T5841] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 734.490181][ T5841] usb 4-1: Using ep0 maxpacket: 32 [ 734.501705][ T5841] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 734.509277][ T5841] usb 4-1: can't read configurations, error -61 [ 735.862183][ T916] usb 3-1: USB disconnect, device number 44 [ 735.920091][ T5841] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 736.710054][ T5841] usb 4-1: Using ep0 maxpacket: 32 [ 737.510190][T14090] overlayfs: missing 'lowerdir' [ 737.510440][T14089] overlayfs: overlapping lowerdir path [ 737.572215][ T5841] usb 4-1: device descriptor read/all, error -71 [ 737.613426][ T5841] usb usb4-port1: attempt power cycle [ 739.246113][T14114] vxcan1: entered allmulticast mode [ 739.272055][T14114] vxcan1: left allmulticast mode [ 739.277380][T14112] netlink: 352 bytes leftover after parsing attributes in process `syz.1.2123'. [ 740.696254][T14124] gfs2: gfs2 mount does not exist [ 740.953691][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 740.953707][ T30] audit: type=1400 audit(2000000048.692:909): avc: denied { write } for pid=14116 comm="syz.4.2129" path="socket:[42260]" dev="sockfs" ino=42260 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 740.984031][ C1] vkms_vblank_simulate: vblank timer overrun [ 741.214895][ C0] Unknown status report in ack skb [ 741.349755][ T10] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 742.275388][T14149] dlm: no local IP address has been set [ 742.284432][T14149] dlm: cannot start dlm midcomms -107 [ 742.560740][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 742.590994][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 742.601237][ T10] usb 4-1: config 4 interface 0 has no altsetting 0 [ 742.741800][ T10] usb 4-1: string descriptor 0 read error: -22 [ 742.748033][ T10] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 742.819702][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 742.857713][ T10] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 742.907532][ T10] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 742.927650][ T10] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 742.956592][T14159] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 742.963859][T14159] IPv6: NLM_F_CREATE should be set when creating new route [ 743.088794][T14130] usb 4-1: dvb_usb_au6610: wlen=0, aborting [ 743.268618][ T10] usb 4-1: media controller created [ 743.437621][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 743.540335][T14165] FAULT_INJECTION: forcing a failure. [ 743.540335][T14165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 743.567663][T14165] CPU: 1 UID: 0 PID: 14165 Comm: syz.4.2144 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 743.567691][T14165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 743.567702][T14165] Call Trace: [ 743.567708][T14165] [ 743.567715][T14165] dump_stack_lvl+0x16c/0x1f0 [ 743.567746][T14165] should_fail_ex+0x512/0x640 [ 743.567775][T14165] _copy_to_user+0x32/0xd0 [ 743.567802][T14165] simple_read_from_buffer+0xcb/0x170 [ 743.567828][T14165] proc_fail_nth_read+0x197/0x270 [ 743.567852][T14165] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 743.567876][T14165] ? rw_verify_area+0xcf/0x680 [ 743.567896][T14165] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 743.567918][T14165] vfs_read+0x1e4/0xc60 [ 743.567943][T14165] ? __pfx___mutex_lock+0x10/0x10 [ 743.567969][T14165] ? __pfx_vfs_read+0x10/0x10 [ 743.567998][T14165] ? __fget_files+0x20e/0x3c0 [ 743.568041][T14165] ksys_read+0x12a/0x250 [ 743.568063][T14165] ? __pfx_ksys_read+0x10/0x10 [ 743.568092][T14165] do_syscall_64+0xcd/0x4c0 [ 743.568119][T14165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.568136][T14165] RIP: 0033:0x7f5340b8d33c [ 743.568151][T14165] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 743.568168][T14165] RSP: 002b:00007f5341ad0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 743.568184][T14165] RAX: ffffffffffffffda RBX: 00007f5340db5fa0 RCX: 00007f5340b8d33c [ 743.568195][T14165] RDX: 000000000000000f RSI: 00007f5341ad00a0 RDI: 0000000000000003 [ 743.568205][T14165] RBP: 00007f5341ad0090 R08: 0000000000000000 R09: 0000000000000000 [ 743.568214][T14165] R10: 0000200000000500 R11: 0000000000000246 R12: 0000000000000001 [ 743.568224][T14165] R13: 0000000000000000 R14: 00007f5340db5fa0 R15: 00007ffdba8fdfb8 [ 743.568247][T14165] [ 743.569962][ T10] zl10353_read_register: readreg error (reg=127, ret==0) [ 744.339743][ T10] usb 4-1: USB disconnect, device number 62 [ 745.006625][T14176] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2149'. [ 745.077419][T14176] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2149'. [ 745.274118][T14184] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2147'. [ 745.709500][ T5841] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 746.596198][ T30] audit: type=1400 audit(2000000054.323:910): avc: denied { call } for pid=14197 comm="syz.0.2153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 746.615894][T14199] binder: 14197:14199 ioctl c018620c 200000000100 returned -22 [ 746.689419][ T5841] usb 2-1: Using ep0 maxpacket: 8 [ 746.708347][ T5841] usb 2-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 746.717651][ T5841] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 746.737888][ T5841] usb 2-1: Product: syz [ 746.745070][ T30] audit: type=1400 audit(2000000054.323:911): avc: denied { transfer } for pid=14197 comm="syz.0.2153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 746.747986][ T5841] usb 2-1: Manufacturer: syz [ 746.834038][ T5841] usb 2-1: SerialNumber: syz [ 746.860755][ T5841] usb 2-1: config 0 descriptor?? [ 747.832891][T14209] random: crng reseeded on system resumption [ 747.843726][ T30] audit: type=1400 audit(2000000055.563:912): avc: denied { write } for pid=14202 comm="syz.0.2154" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 747.866790][ C1] vkms_vblank_simulate: vblank timer overrun [ 748.721645][ T30] audit: type=1400 audit(2000000055.563:913): avc: denied { open } for pid=14202 comm="syz.0.2154" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 749.085214][ T30] audit: type=1400 audit(2000000056.803:914): avc: denied { connect } for pid=14219 comm="syz.0.2159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 750.096900][ T30] audit: type=1400 audit(2000000056.873:915): avc: denied { execute } for pid=14219 comm="syz.0.2159" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=42380 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 750.550574][ T30] audit: type=1400 audit(2000000058.273:916): avc: denied { create } for pid=14217 comm="syz.2.2160" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 750.619583][ T54] usb 2-1: USB disconnect, device number 58 [ 750.639951][T14229] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2160'. [ 750.703651][T14229] openvswitch: netlink: Flow key attr not present in new flow. [ 752.449004][T14255] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2167'. [ 753.239881][T14264] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2170'. [ 753.881389][ T9] usb 4-1: new full-speed USB device number 63 using dummy_hcd [ 754.759199][ T9] usb 4-1: device descriptor read/64, error -71 [ 755.209918][ T9] usb 4-1: new full-speed USB device number 64 using dummy_hcd [ 755.371033][ T9] usb 4-1: device descriptor read/64, error -71 [ 756.061714][ T9] usb usb4-port1: attempt power cycle [ 756.801297][ C0] wlan0: beacon TX faster than countdown (channel/color switch) completion [ 757.378729][T14305] dlm: no local IP address has been set [ 757.384458][T14305] dlm: cannot start dlm midcomms -107 [ 757.689395][T14309] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 760.018129][T14340] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2192'. [ 762.708815][T14365] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2196'. [ 762.735010][T14364] vxcan1: entered allmulticast mode [ 762.747520][T14365] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2196'. [ 762.759608][T14364] vxcan1: left allmulticast mode [ 764.088469][ T5900] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 764.238436][ T5900] usb 4-1: Using ep0 maxpacket: 8 [ 764.245424][ T5900] usb 4-1: unable to get BOS descriptor or descriptor too short [ 764.254489][ T5900] usb 4-1: config 4 interface 0 has no altsetting 0 [ 764.263951][ T5900] usb 4-1: string descriptor 0 read error: -22 [ 764.270945][ T5900] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 764.297588][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 764.327417][ T5900] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 764.343765][ T5900] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 764.388196][ T5900] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 764.439671][ T5900] usb 4-1: media controller created [ 764.504043][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 765.242532][ C0] vcan0: j1939_tp_rxtimer: 0xffff888034454c00: rx timeout, send abort [ 765.548907][ T5900] zl10353_read_register: readreg error (reg=127, ret==0) [ 765.558081][T14373] usb 4-1: dvb_usb_au6610: wlen=0, aborting [ 765.634136][ T5900] usb 4-1: USB disconnect, device number 66 [ 765.752304][ C0] vcan0: j1939_tp_rxtimer: 0xffff888034454c00: abort rx timeout. Force session deactivation [ 765.822366][T14388] dlm: no local IP address has been set [ 765.828059][T14388] dlm: cannot start dlm midcomms -107 [ 766.041511][T14399] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 768.120568][T14413] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 768.438181][ T30] audit: type=1400 audit(2000000076.154:917): avc: denied { mount } for pid=14411 comm="syz.0.2211" name="/" dev="hugetlbfs" ino=43595 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1 [ 769.608779][ T30] audit: type=1400 audit(2000000077.344:918): avc: denied { mounton } for pid=14431 comm="syz.3.2217" path="/425/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1 [ 771.245956][T14453] binder: 14440:14453 ioctl c0306201 200000000540 returned -14 [ 771.262134][ T30] audit: type=1400 audit(2000000078.974:919): avc: denied { map } for pid=14440 comm="syz.2.2219" path="socket:[42747]" dev="sockfs" ino=42747 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 771.708224][ T5893] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 772.548026][ T5893] usb 2-1: Using ep0 maxpacket: 16 [ 773.152880][ T5893] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 773.258375][ T5893] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 773.405295][ T5893] usb 2-1: config 0 has no interface number 0 [ 773.438756][ T5893] usb 2-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 773.462787][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 773.485681][ T5893] usb 2-1: Product: syz [ 773.504274][ T5893] usb 2-1: Manufacturer: syz [ 773.520373][ T5893] usb 2-1: SerialNumber: syz [ 773.556912][ T5893] usb 2-1: config 0 descriptor?? [ 773.848581][T14482] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2231'. [ 774.017396][ T5893] usb 2-1: USB disconnect, device number 59 [ 777.279007][T14526] rdma_rxe: rxe_newlink: failed to add wg0 [ 777.857978][T14529] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2245'. [ 779.161688][T14551] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2252'. [ 779.291666][ T9] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 780.293443][ T5837] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 780.306019][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: kworker/u9:3 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 780.306049][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 780.306062][ T5837] Workqueue: hci4 hci_rx_work [ 780.306097][ T5837] Call Trace: [ 780.306104][ T5837] [ 780.306112][ T5837] dump_stack_lvl+0x16c/0x1f0 [ 780.306141][ T5837] sysfs_warn_dup+0x7f/0xa0 [ 780.306170][ T5837] sysfs_create_dir_ns+0x24b/0x2b0 [ 780.306196][ T5837] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 780.306221][ T5837] ? find_held_lock+0x2b/0x80 [ 780.306251][ T5837] ? do_raw_spin_unlock+0x172/0x230 [ 780.306273][ T5837] kobject_add_internal+0x2c4/0x9b0 [ 780.306308][ T5837] kobject_add+0x16e/0x240 [ 780.306324][ T5837] ? __pfx_kobject_add+0x10/0x10 [ 780.306343][ T5837] ? get_device_parent+0x411/0x4e0 [ 780.306367][ T5837] ? __pfx___sanitizer_cov_trace_pc+0x10/0x10 [ 780.306394][ T5837] device_add+0x288/0x1a70 [ 780.306410][ T5837] ? __pfx_dev_set_name+0x10/0x10 [ 780.306428][ T5837] ? __pfx_device_add+0x10/0x10 [ 780.306443][ T5837] ? mgmt_send_event_skb+0x2fb/0x460 [ 780.306472][ T5837] hci_conn_add_sysfs+0x17e/0x230 [ 780.306502][ T5837] le_conn_complete_evt+0x1075/0x1d70 [ 780.306532][ T5837] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 780.306554][ T5837] ? hci_event_packet+0x459/0x11c0 [ 780.306584][ T5837] hci_le_conn_complete_evt+0x23c/0x370 [ 780.306615][ T5837] hci_le_meta_evt+0x357/0x5e0 [ 780.306640][ T5837] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 780.306669][ T5837] hci_event_packet+0x682/0x11c0 [ 780.306693][ T5837] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 780.306718][ T5837] ? __pfx_hci_event_packet+0x10/0x10 [ 780.306744][ T5837] ? kcov_remote_start+0x3c9/0x6d0 [ 780.306764][ T5837] ? lockdep_hardirqs_on+0x7c/0x110 [ 780.306793][ T5837] hci_rx_work+0x2c5/0x16b0 [ 780.306816][ T5837] ? rcu_is_watching+0x12/0xc0 [ 780.306839][ T5837] process_one_work+0x9cf/0x1b70 [ 780.306866][ T5837] ? __pfx_process_one_work+0x10/0x10 [ 780.306891][ T5837] ? assign_work+0x1a0/0x250 [ 780.306909][ T5837] worker_thread+0x6c8/0xf10 [ 780.306937][ T5837] ? __pfx_worker_thread+0x10/0x10 [ 780.306963][ T5837] kthread+0x3c2/0x780 [ 780.306980][ T5837] ? __pfx_kthread+0x10/0x10 [ 780.306996][ T5837] ? rcu_is_watching+0x12/0xc0 [ 780.307015][ T5837] ? __pfx_kthread+0x10/0x10 [ 780.307031][ T5837] ret_from_fork+0x5d4/0x6f0 [ 780.307053][ T5837] ? __pfx_kthread+0x10/0x10 [ 780.307068][ T5837] ret_from_fork_asm+0x1a/0x30 [ 780.307098][ T5837] [ 780.307117][ T5837] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 780.338474][ T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 780.339615][ T5837] Bluetooth: hci4: failed to register connection device [ 780.740481][T14565] netlink: 'syz.2.2251': attribute type 9 has an invalid length. [ 781.011512][ T5837] ================================================================== [ 781.019605][ T5837] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x22a/0x240 [ 781.028450][ T5837] Read of size 8 at addr ffff888064a7a588 by task kworker/u9:3/5837 [ 781.036401][ T5837] [ 781.038716][ T5837] CPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:3 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 781.038732][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 781.038741][ T5837] Workqueue: hci4 hci_rx_work [ 781.038762][ T5837] Call Trace: [ 781.038769][ T5837] [ 781.038774][ T5837] dump_stack_lvl+0x116/0x1f0 [ 781.038792][ T5837] print_report+0xcd/0x680 [ 781.038808][ T5837] ? __virt_addr_valid+0x81/0x610 [ 781.038821][ T5837] ? __phys_addr+0xe8/0x180 [ 781.038833][ T5837] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 781.038850][ T5837] kasan_report+0xe0/0x110 [ 781.038865][ T5837] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 781.038884][ T5837] l2cap_sock_new_connection_cb+0x22a/0x240 [ 781.038902][ T5837] l2cap_connect_cfm+0x4c4/0xf80 [ 781.038918][ T5837] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 781.038933][ T5837] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 781.038947][ T5837] le_conn_complete_evt+0x1662/0x1d70 [ 781.038964][ T5837] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 781.038978][ T5837] ? hci_event_packet+0x459/0x11c0 [ 781.038994][ T5837] hci_le_conn_complete_evt+0x23c/0x370 [ 781.039010][ T5837] hci_le_meta_evt+0x357/0x5e0 [ 781.039025][ T5837] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 781.039040][ T5837] hci_event_packet+0x682/0x11c0 [ 781.039054][ T5837] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 781.039070][ T5837] ? __pfx_hci_event_packet+0x10/0x10 [ 781.039084][ T5837] ? kcov_remote_start+0x3c9/0x6d0 [ 781.039097][ T5837] ? lockdep_hardirqs_on+0x7c/0x110 [ 781.039113][ T5837] hci_rx_work+0x2c5/0x16b0 [ 781.039128][ T5837] ? rcu_is_watching+0x12/0xc0 [ 781.039142][ T5837] process_one_work+0x9cf/0x1b70 [ 781.039157][ T5837] ? __pfx_process_one_work+0x10/0x10 [ 781.039169][ T5837] ? assign_work+0x1a0/0x250 [ 781.039180][ T5837] worker_thread+0x6c8/0xf10 [ 781.039194][ T5837] ? __pfx_worker_thread+0x10/0x10 [ 781.039205][ T5837] kthread+0x3c2/0x780 [ 781.039215][ T5837] ? __pfx_kthread+0x10/0x10 [ 781.039225][ T5837] ? rcu_is_watching+0x12/0xc0 [ 781.039238][ T5837] ? __pfx_kthread+0x10/0x10 [ 781.039249][ T5837] ret_from_fork+0x5d4/0x6f0 [ 781.039264][ T5837] ? __pfx_kthread+0x10/0x10 [ 781.039273][ T5837] ret_from_fork_asm+0x1a/0x30 [ 781.039288][ T5837] [ 781.039292][ T5837] [ 781.257795][ T5837] Allocated by task 5837: [ 781.262110][ T5837] kasan_save_stack+0x33/0x60 [ 781.266785][ T5837] kasan_save_track+0x14/0x30 [ 781.271452][ T5837] __kasan_kmalloc+0xaa/0xb0 [ 781.276036][ T5837] __kmalloc_noprof+0x223/0x510 [ 781.280872][ T5837] sk_prot_alloc+0x1a8/0x2a0 [ 781.285475][ T5837] sk_alloc+0x36/0xc20 [ 781.289525][ T5837] bt_sock_alloc+0x3b/0x3a0 [ 781.294009][ T5837] l2cap_sock_alloc.constprop.0+0x33/0x1d0 [ 781.299796][ T5837] l2cap_sock_new_connection_cb+0x101/0x240 [ 781.305667][ T5837] l2cap_connect_cfm+0x4c4/0xf80 [ 781.310587][ T5837] le_conn_complete_evt+0x1662/0x1d70 [ 781.315932][ T5837] hci_le_conn_complete_evt+0x23c/0x370 [ 781.321452][ T5837] hci_le_meta_evt+0x357/0x5e0 [ 781.326202][ T5837] hci_event_packet+0x682/0x11c0 [ 781.331125][ T5837] hci_rx_work+0x2c5/0x16b0 [ 781.335606][ T5837] process_one_work+0x9cf/0x1b70 [ 781.340518][ T5837] worker_thread+0x6c8/0xf10 [ 781.345077][ T5837] kthread+0x3c2/0x780 [ 781.349120][ T5837] ret_from_fork+0x5d4/0x6f0 [ 781.353687][ T5837] ret_from_fork_asm+0x1a/0x30 [ 781.358432][ T5837] [ 781.360729][ T5837] Freed by task 14563: [ 781.364768][ T5837] kasan_save_stack+0x33/0x60 [ 781.369419][ T5837] kasan_save_track+0x14/0x30 [ 781.374068][ T5837] kasan_save_free_info+0x3b/0x60 [ 781.379065][ T5837] __kasan_slab_free+0x51/0x70 [ 781.383802][ T5837] kfree+0x2b4/0x4d0 [ 781.387672][ T5837] __sk_destruct+0x740/0x980 [ 781.392234][ T5837] sk_destruct+0xc2/0xf0 [ 781.396448][ T5837] __sk_free+0xf4/0x3e0 [ 781.400578][ T5837] sk_free+0x6a/0x90 [ 781.404444][ T5837] l2cap_sock_kill+0x171/0x2d0 [ 781.409178][ T5837] l2cap_sock_cleanup_listen+0x3d/0x2a0 [ 781.414697][ T5837] l2cap_sock_release+0x5c/0x210 [ 781.419608][ T5837] __sock_release+0xb0/0x270 [ 781.424190][ T5837] sock_close+0x1c/0x30 [ 781.428321][ T5837] __fput+0x402/0xb70 [ 781.432277][ T5837] task_work_run+0x150/0x240 [ 781.436860][ T5837] get_signal+0x1d1/0x26d0 [ 781.441258][ T5837] arch_do_signal_or_restart+0x8f/0x7d0 [ 781.446872][ T5837] exit_to_user_mode_loop+0x84/0x110 [ 781.452132][ T5837] do_syscall_64+0x3f6/0x4c0 [ 781.456697][ T5837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 781.462571][ T5837] [ 781.464872][ T5837] The buggy address belongs to the object at ffff888064a7a000 [ 781.464872][ T5837] which belongs to the cache kmalloc-2k of size 2048 [ 781.478898][ T5837] The buggy address is located 1416 bytes inside of [ 781.478898][ T5837] freed 2048-byte region [ffff888064a7a000, ffff888064a7a800) [ 781.492838][ T5837] [ 781.495149][ T5837] The buggy address belongs to the physical page: [ 781.501529][ T5837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64a78 [ 781.510272][ T5837] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 781.518744][ T5837] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 781.526270][ T5837] page_type: f5(slab) [ 781.530228][ T5837] raw: 00fff00000000040 ffff88801b842000 ffffea000086be00 dead000000000002 [ 781.538871][ T5837] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 781.547433][ T5837] head: 00fff00000000040 ffff88801b842000 ffffea000086be00 dead000000000002 [ 781.556081][ T5837] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 781.564720][ T5837] head: 00fff00000000003 ffffea0001929e01 00000000ffffffff 00000000ffffffff [ 781.573449][ T5837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 781.582086][ T5837] page dumped because: kasan: bad access detected [ 781.588484][ T5837] page_owner tracks the page as allocated [ 781.594168][ T5837] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12, tgid 12 (kworker/u8:0), ts 69439944343, free_ts 69273544295 [ 781.615145][ T5837] post_alloc_hook+0x1c0/0x230 [ 781.619885][ T5837] get_page_from_freelist+0x1321/0x3890 [ 781.625403][ T5837] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 781.631270][ T5837] alloc_pages_mpol+0x1fb/0x550 [ 781.636096][ T5837] new_slab+0x23b/0x330 [ 781.640224][ T5837] ___slab_alloc+0xd9c/0x1940 [ 781.645150][ T5837] __slab_alloc.constprop.0+0x56/0xb0 [ 781.650494][ T5837] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 781.656896][ T5837] kmalloc_reserve+0xef/0x2c0 [ 781.661561][ T5837] __alloc_skb+0x166/0x380 [ 781.665958][ T5837] mld_newpack.isra.0+0x18e/0xa20 [ 781.670960][ T5837] add_grhead+0x299/0x340 [ 781.675263][ T5837] add_grec+0x112a/0x1680 [ 781.679567][ T5837] mld_send_initial_cr.part.0+0xe2/0x260 [ 781.685176][ T5837] ipv6_mc_dad_complete+0x22c/0x2b0 [ 781.690349][ T5837] addrconf_dad_completed+0xd8a/0x10d0 [ 781.695782][ T5837] page last free pid 5892 tgid 5892 stack trace: [ 781.702079][ T5837] __free_frozen_pages+0x7fe/0x1180 [ 781.707337][ T5837] __put_partials+0x16d/0x1c0 [ 781.712004][ T5837] qlist_free_all+0x4d/0x120 [ 781.716570][ T5837] kasan_quarantine_reduce+0x195/0x1e0 [ 781.722003][ T5837] __kasan_slab_alloc+0x69/0x90 [ 781.726830][ T5837] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 781.732177][ T5837] nsim_fib_event_work+0x17f5/0x2e80 [ 781.737439][ T5837] process_one_work+0x9cf/0x1b70 [ 781.742349][ T5837] worker_thread+0x6c8/0xf10 [ 781.746915][ T5837] kthread+0x3c2/0x780 [ 781.750969][ T5837] ret_from_fork+0x5d4/0x6f0 [ 781.755547][ T5837] ret_from_fork_asm+0x1a/0x30 [ 781.760286][ T5837] [ 781.762582][ T5837] Memory state around the buggy address: [ 781.768184][ T5837] ffff888064a7a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 781.776224][ T5837] ffff888064a7a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 781.784256][ T5837] >ffff888064a7a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 781.792287][ T5837] ^ [ 781.796586][ T5837] ffff888064a7a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 781.804620][ T5837] ffff888064a7a680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 781.812650][ T5837] ================================================================== [ 781.821468][ T9] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24623, setting to 1024 [ 781.845723][ T5837] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 781.852927][ T5837] CPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:3 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) [ 781.865062][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 781.875095][ T5837] Workqueue: hci4 hci_rx_work [ 781.879757][ T5837] Call Trace: [ 781.883008][ T5837] [ 781.885913][ T5837] dump_stack_lvl+0x3d/0x1f0 [ 781.890486][ T5837] panic+0x71c/0x800 [ 781.894360][ T5837] ? __pfx_panic+0x10/0x10 [ 781.898757][ T5837] ? mark_held_locks+0x49/0x80 [ 781.903491][ T5837] ? preempt_schedule_thunk+0x16/0x30 [ 781.908837][ T5837] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 781.914881][ T5837] ? preempt_schedule_common+0x44/0xc0 [ 781.920319][ T5837] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 781.926367][ T5837] check_panic_on_warn+0xab/0xb0 [ 781.931276][ T5837] end_report+0x107/0x170 [ 781.935581][ T5837] kasan_report+0xee/0x110 [ 781.939973][ T5837] ? l2cap_sock_new_connection_cb+0x22a/0x240 [ 781.946018][ T5837] l2cap_sock_new_connection_cb+0x22a/0x240 [ 781.951890][ T5837] l2cap_connect_cfm+0x4c4/0xf80 [ 781.956802][ T5837] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 781.962256][ T5837] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 781.967736][ T5837] le_conn_complete_evt+0x1662/0x1d70 [ 781.973125][ T5837] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 781.978856][ T5837] ? hci_event_packet+0x459/0x11c0 [ 781.983947][ T5837] hci_le_conn_complete_evt+0x23c/0x370 [ 781.989471][ T5837] hci_le_meta_evt+0x357/0x5e0 [ 781.994226][ T5837] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 782.000273][ T5837] hci_event_packet+0x682/0x11c0 [ 782.005201][ T5837] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 782.010465][ T5837] ? __pfx_hci_event_packet+0x10/0x10 [ 782.015822][ T5837] ? kcov_remote_start+0x3c9/0x6d0 [ 782.020919][ T5837] ? lockdep_hardirqs_on+0x7c/0x110 [ 782.026095][ T5837] hci_rx_work+0x2c5/0x16b0 [ 782.030586][ T5837] ? rcu_is_watching+0x12/0xc0 [ 782.035327][ T5837] process_one_work+0x9cf/0x1b70 [ 782.040242][ T5837] ? __pfx_process_one_work+0x10/0x10 [ 782.045600][ T5837] ? assign_work+0x1a0/0x250 [ 782.050162][ T5837] worker_thread+0x6c8/0xf10 [ 782.054730][ T5837] ? __pfx_worker_thread+0x10/0x10 [ 782.059816][ T5837] kthread+0x3c2/0x780 [ 782.063871][ T5837] ? __pfx_kthread+0x10/0x10 [ 782.068441][ T5837] ? rcu_is_watching+0x12/0xc0 [ 782.073190][ T5837] ? __pfx_kthread+0x10/0x10 [ 782.077765][ T5837] ret_from_fork+0x5d4/0x6f0 [ 782.082347][ T5837] ? __pfx_kthread+0x10/0x10 [ 782.086910][ T5837] ret_from_fork_asm+0x1a/0x30 [ 782.091651][ T5837] [ 782.094847][ T5837] Kernel Offset: disabled [ 782.099158][ T5837] Rebooting in 86400 seconds..