last executing test programs: 10.657899233s ago: executing program 1 (id=932): mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x900, 0xda) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x82a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r4 = socket$unix(0x1, 0x2, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28) futex(0x0, 0x7, 0x1, 0x0, 0x0, 0x1) 9.363516968s ago: executing program 1 (id=936): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x64, 0x30, 0x80d, 0x0, 0x300, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_ZONE={0x6, 0x4, 0x800}, @TCA_CT_PARMS={0x18, 0x1, {0x2, 0x8, 0xffffffffffffffff, 0x4, 0x8}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x48080) 9.160729497s ago: executing program 1 (id=940): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000340)="18000000010003", 0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100) socket(0x840000000002, 0x3, 0xff) io_uring_setup(0x0, 0x0) r1 = io_uring_setup(0x2c49, &(0x7f0000002240)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x18, &(0x7f0000000000), 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) syz_usb_connect(0x4, 0x63, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0xa1, 0xba, 0x14, 0x10, 0xb3c, 0xc002, 0xa39b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x51, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x90, 0x0, 0x6, 0xee, 0x23, 0x3e, 0x0, [], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x68, 0x80}}, {{0x9, 0x5, 0x2, 0x10, 0x40, 0x2, 0x2, 0x63}}, {{0x9, 0x5, 0x9, 0x10, 0x10, 0x0, 0x6, 0x1}}, {{0x9, 0x5, 0xf5ee16fb96974caa, 0x11, 0x400, 0x40, 0x0, 0xb3}}, {{0x9, 0x5, 0xf, 0x0, 0x40, 0x8, 0x5, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x2, 0x45d5}]}}, {{0x9, 0x5, 0xb, 0x8, 0x8, 0x82, 0x6, 0x3, [@generic={0x2, 0xc}]}}]}}]}}]}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0xa, 0x84}}}, 0xb8}}, 0x20050800) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) bind$rose(r4, &(0x7f0000000040)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, 0x2, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x40) fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r4, 0x26, 0x0) fcntl$lock(r4, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9}) syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0xe1, 0xf7, 0x8, 0x20, 0x3275, 0x85, 0xf769, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x1, 0x40, 0x2, [{{0x9, 0x4, 0xbe, 0xc, 0x0, 0x7c, 0x56, 0x76, 0x80}}]}}]}}, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, 0x0}, {0x30, &(0x7f0000000c40)=ANY=[@ANYBLOB="30039dd9d7dfe8"]}]}) fcntl$lock(r4, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x90}) 7.582948269s ago: executing program 2 (id=944): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000002c0)=@ethtool_cmd={0x4f, 0x6, 0x8, 0x4fec, 0x4, 0x8, 0x1, 0x4, 0x2, 0x3, 0x95, 0x400, 0xfff7, 0x8, 0x6, 0xc3, [0x1, 0x9]}}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x40400, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x9, 0x0, 0x1, 0x0, {0xa, 0x1, 0x0, @rand_addr=' \x01\x00', 0xfffffffe}}}, 0x32) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000300)={0x70001, 0x0, [0x40000000000, 0x64f, 0x6, 0x6, 0xfffffffffffffffc, 0x4ffff, 0x29]}) bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e21, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8}, 0x1c) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e00f20c06635000000400f22c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x5b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 6.901985621s ago: executing program 3 (id=945): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000700000095000000000000006100000600000000bf91000000000000b7020000000000008500000000000000b700000000000000950000000000000060196912bf8bed129121bb22faf6c7f85805ed09fdb7048b325afa3086e6fea310568bd551217363fc977f29f449cf87d8ac8cdfcaf0c0e615e4c2706210cca97abea2d25edf6d0bf96ffe90149cd0f2a881b918efe1c88f1ed97cd9005d9f12b4449ad0"], &(0x7f0000000100)='GPL\x00', 0x4, 0x103, &(0x7f0000000140)=""/259}, 0x23) r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendto$inet(r0, &(0x7f0000000000)="620e820c9a512d88e10251b215cdf0d3dcee5d2980dacd77e7defa7b0a54a055393ccc8508", 0x25, 0x0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) 6.847407292s ago: executing program 3 (id=946): mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x900, 0xda) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x82a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r4 = socket$unix(0x1, 0x2, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28) futex(0x0, 0x7, 0x1, 0x0, 0x0, 0x1) 6.790779363s ago: executing program 0 (id=947): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x7, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0xfd, 0x100, @val=0x80}}}}}}}, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000001300), 0x20002, 0x0) connect$inet6(r5, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b85000000ae000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r6}, 0x90) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2) r7 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x1e, r7, r7, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001340)={0x12bc, 0x3c, 0x107, 0xfffffffc, 0x25dfdbff, {0x2, 0x7c}, [@nested={0x12a6, 0x48, 0x0, 0x1, [@typed={0x8, 0x92, 0x0, 0x0, @fd=r5}, @nested={0x17c, 0x1a, 0x0, 0x1, [@typed={0xc, 0x124, 0x0, 0x0, @str='keyring\x00'}, @typed={0x8, 0xce, 0x0, 0x0, @pid}, @nested={0x14e, 0x7f, 0x0, 0x1, [@typed={0x14, 0x113, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @nested={0x4, 0xae}, @generic="8f5fe9db90ab165a251e3a6b5f8d74b93eb7e1cfb553c7d8f8928c6eb8720b3e57d3c4cbd2a7c60fdcf33e25d564a74b3b529f27c4bf4f4f5484826fc3979c", @generic="d3a85a60ef6df3cab8300e91c72c095fe423ae688779a78116b35c2bfb8fb98fad22219d2786377a5e9e1c2228068dd69bf7d530223c7cd7c59519cd460450313595fe362c533b8f31188374db4e0c1354deae2128488ef55c49aaf2df77606592a27295e019c9490d47ddb14dc641f5865c5d0c4e288c254f587500833dafeb49942604b1d6f32cba954cc11135eb6c657c598c5aa63a3914f1600f5798d5abb4642afdd49e50f9cb4164d77185c8acbd91a888cf52f750bc0074a13bef8f915951d6313ad7bd02482e27510f9819983a4bb766d26397c78f439089c5c2ce", @typed={0x14, 0x63, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}]}, @nested={0x8, 0x36, 0x0, 0x1, [@nested={0x4, 0xdf}]}, @nested={0x4, 0x13}, @typed={0x8, 0x8b, 0x0, 0x0, @ipv4=@loopback}]}, @generic="74a041e2b69f776987b3420ec356e343ae1575e8b202476b36b70f9aa301fb72dd496c77fe3f3b4b05baadf7fe4ed93c3a17a5b502c83f0224214f9ed61bb559922932c1cf00acef7e9846be219cc2d0b352ba1ac55ddd12101638258d7c2b14425d587929272c7cd493d35a59962d9792ed928c5325e7c5fe0b9d710c20f92df8ca8990570652a309f14ed5386692c104b32eafa259adda550803876db93520d7fbab49a5d4ab04f8370b32e50e7888ac1fb573a4f2eacea7a9e6c694ba8356ef16263524ea69fe188bd6f37f7ee9bd21c2a4108da6beb868ecef60e8d95eadf1f84fa386dd7406c2072baa3311625dddebdf270df0800893c1f6ea9f6d74a62750f2c81cd66d16aa6d7bef5c3b57138b464708f19392b68f5d18ea59ffa9836a72d5c5380687cadaf94fabe720e1cf1b38aa5be5f10af47b134c752407adbd60e9802d2eaa4956b6804c4b2d90ab627bb3c65a47077b0a8d9aba6ec4ae725dc88883dd564235a2a729e47f29dead60a9409385cc65b65d945807afa866aa8176400fbbd5e11a430fa8fd7de96d858bd06b5f6aaa215060eae6a39b9c7a5c181d61bf7dd72f7efc32cb0887c41ca57fb5feff5c1f9901669945f91c68d17bdd0405ab0f19df2cffbf07b83e5e6a6638bb1a14fbd475e4353f7d634878472ba74eca4a746284f77bb8dd8e2b4f786bb7ffc82a897b43dfbd34e9583a434da99da89451b18aa4b7104b244abbac6d118e3bd7f819db3391954d0da0a0e1c5131f75a30313daa8f2be8eb5a9c33fa2013638bfd00f44e799bf8d2eeed1ad5a223d022cea74beb31a6c5cf1f97b32e85f475c612d5d08b8e6fe5f9a9d30cf7d511f02bc957df9bf7103bed0a97ec5a8f121733e7135e09ead6b59b6c4878124518baa16b892c408b0bc18425005fd81a2e5991cf6118315e43e655e47d4999ec618b5032c2f6b5610cef830a5c5385e4b0f6ad87c85dab4418e126bf09603f031e7dc0d7729844c15d6f96d9f53b396680dcb9792fe3500a52a0a5d79c45e58985f0345ab6b022618ed278d529baf0a092f5a7d79edcd0f5f4d84bb64fce5859942b2aa11d05e2647d8f5401c3e48bbd556bc5d07f6a375725eb931eadf7630c401a5620d1d044531aa2123001f1ecb8335e11ab391ba98615bab7d16929c9d50f22f876356edb9ee5cc6b8d821e210b8ff29e153f7643ebbae2d52db99e8a78e87974f29493476ce906bdb8af96c2790dd664ac587118c750060d6ba027e6e2b5c934803aa3b67688765a861aba762f46cc354729e83cffc2cd064b7750daa3f02cf194925bbcd6b9bbeb1aa7465440141cb7c5e7437e6619e68b39f6a73abbc1398edb5d2c70f56e8b8f6eb1974b050db287093448e3ba9aa2f001d47b95e18de4eda5367e04f44b4d208da6232e4e468cb62af558c528603d4ca28ef160b2327901afb501c4c0c91188d4328198a054e41b10731695f8ce11dee5d850fc398da5c686d21d6d0743265716f4949dc68801cb95de192e87a7027846c79674972d1ff2c8e1515b214193839a9650b07554fbb5910de9acc7723461ff31b6f8cad60947b92de9c1c4e06d2780d8807fa35ca5f9069057dc50c1c9e0c7b6cbf80470680695e9f2f034a03b6099afaa57fa5641b64584892d526f6b653790f06c9a0f699adc830529e3b591dcadfe95d6cf29c64fc7752dea2cbca365ce27af2b66403fe61f95733a8e91f6f1131641365cc2f510a239571747bb09e7c7e6c3ec53bfaf1e102574d3ff7c1ec7f061ac95c44b1fa44ebd77cc58ea91319dc7300f8fc996cf7921aac9d207f33798f614d611b8dff0d9fd5045eda1ffd082346184a72e25cb9db8b7d7f36854fbd42101b77d06372ee67a2217cfa7e90de36cea1e13c6bc5c7256008aad6a1fd7a201b847179cc4f781a5c2574ff98d59c368eeba44a07facc2a6f04e1a56c63635d3cd745e369be9c7136530f7b0838bd5783b8cbfcda2c6cae6d4bae6f2d409f2c9a3742b6292033fb1938915ff581cc9c3698f572d4eb7fba45028031edaf8e755c1fbec9c9d8eca52d6f0d4c68abf963c890ecf489eb8e46acc9ad3237a5c0554fa18293ca4ec3e80ae4a8a949f62a14afd23ec2607855b45efdd9fce058002826cf3232fe4f637f86274a6bc726a3f513c5085f13cb4469a7a4e7614d5abd8e41b8023ac815ca6cca000d3c8932d3e4030c0974b37bb5df66e55b469316e82297f769259b52effd69c6272965866c05fb6f33561f3dc55648f26530cd876a4168b3864a07ce741db2b28fadaa6c26693626a7980ae64ac837a83206172519c54f18f0f28bb901fe93cf91c3c35bc0e96cff6f1f40d22bbd4806c741e179a807a060214c18948a4d4056c51e97b2ac1893e4aa13b556af4910cb4cab972f2a32a73eed452d2efc5d551279a3780ca2aae4e9cc1f5d446aca414abe141ee0b9816ac3c6b7531a5594c371d5c9d143202d15d0e9891334ac62180e2eac5f539024b92f77a3dec4d09d473323cfb233d2102fef6f28cbac1794d12462a38891058c5280b7a4c30f4397484970b298a93d3781f81c0638290f219f73ea2dab9b6337f769d839c6be9e4b50db600be50f9455605d3264177c55474ba8bee815e58c87cf58b3e55163299dd30e800e44e763de4261b01fb6ff618ec94fd30ee124fb87b79842359817861fcd9582510420495fde9a8bd34e44948d7b13051613809dd104e4d0d3922f39cddec40146d1bfb077a9829c8c11e0b9eb56eb2c661b12d2c79d055d76632d700b6e85cbe5813465b81e4b89f53ffa586b6237b7e507dc6ade8229cc36ddf9b6a11d50c5c64ddc383d3936bfa1e4bfc8c3df71e10309706fbb65578612aa462fc59aa96e242d2cefc7bdaea14c8e5d7f159fc765107e41a82f2feeb93801b7524503df70cb4f81f5ce1d3f7440905156ef60f57ca85759ff8dd9038ce754fc121a06481c3324d5af1309362b38b11b73fd482ad74064e638ba24938f31b37bfbdb6e9513850eb8daa04cd7b7c6b196cdd041bb6fcd690176a597449b7835806b2b8fd78c5c40b408ff94c10cf6b04df6ec0528dc1568ed42e05647bf26253e42fe54a23c6b9d7f869940383bf011578582c044f5cecd3c01182a2fcca45b86fd6b9ee599d7d3427b09ee459d675dadf6a7b3a18ce30a9afab5d10e3e14ae41f8ec3bf3fa7a40c8c5d7def1490c0809b7fea8e592a640f6e3d99d5a83d7356f0d0919a48f79b5b588039f0f6b3b6859904091e7540654575e9705aaf4cf7b8bbbd427196bde1d21ec8d18fc0d167c6b81938fc2f48fac08036091e3f7c75be6e61a6136be4deb7886145dc28d9f1b015e2a2934f57c87b4fa684281d909fd81b9ba316cfa8a7336f667aa93bc5bdecb0fcd00d0389c1714452d20037c7bd6f52d151ab26d0776a739f79eb44ad3a245a20b9e790537f8a4eb00686dfad3b44f9847c86533c225fc42a33e89acd6a27b858da6128b5251290755f1f31e8d543af45890405339b5311b4379db4e82a3bc15c7bb71f47bfccec933a2307a367ee3cdc43d36f3900353f9d84f5ce18c5942ce74ff400a0dfbde99cabcafc5db3b42d795c3a92b6366f06d8c5b3ae794b8ef5a64f4460bab8b887d2608fc86ce69d965ffc55cccd63aba107ce28e9f33cad4f71d0bdefe72ba88006eb6e533eb10320d9fe35489426be4453d965084db8723a9c58b4339c7be5b33eb6be4d437e64bc7f9d4975922a9777cb717e4ce67677c975982967c78cc1c66265563cbbd12301013ad709c871e0ce2626d95440dcd2ce58e0b975ac560753412fb2a9b9ed0b45fa854bbad290da7b8f53694a6acee284ce171a0a597a95db76636cebb5f519e56f322ba989a0a2bca532da9b9d023210b3613000ebc3b2cd7b287155484020fe8a49e47ce352f05ce5ef4ae262b8375d0d2ec194c5b7d463450200f8207cb9c4123163caca78d8277da03f79fd633c1c497dab878f9a0670998bb28de421bb55bf9498d1edeed07926b6ba664e37c608118a0523fd770346fe18b20a34e75c2c0321106593f3b805fde6000f23cf4c731b68476fac9384fbde3981928ba4b952cc26a1bbcef7c465fd3fbd6203d91768b58e1299dad7a080e82610bb44af32250be72ed759a9ab9a97f23637a482994c39fd5a2004890226d7446645c9ff3b34647c4c9e5463ee78a92d588cab7a02edf89dd493834de0710fa770f9da32da8e27d4d6b2b19ce9fc562f9f329992a616c57c45b57afae4f59ea56aa2590c6513726e98108846474237567d2e9f7c9a51a861da47fc7da1b0537cbef82db7a1cbc983820dc7258bfea73dacce525825029e735a28efdd194d769ce2185f311281a55d72df12d2bbbaa82740aaa81fe307d166a3e091aadb73a349ce5dde2c74924be4f93e2432b6a0dbe3d6dadfd914437c0731b13551dd54a1b8e25dc2d7ecc5df45fb0d961baa6dc191d7faee0a9a5f9210975c74878f96d68d081a58916f67551b5adffd8688a84f110013f7e1eea3f5c9d716030229a276064564e8b7b3634a7f45ee46c2cd55f04c4cb40e4c39c79d28afd90a3a272d3f577aac0b0026728b420366ce1ac5abf28df4677041fc5016414cae4f73635c61ac6c5b03cca3b7419c860e276bc91b2c67f9bb7f2bcabdf43bd434669fa99871ea00271b9ac294d6f42cacd8d6e92113bcb719b7003c7fe2e38ddb885d010262141952c37c4d9444ca2cd3c99299be8051387f2a8151d5f2d55e5ea2c59036e3298c88ead90e6d41c5e3973391f7b162fe3c3116157971c11d89cef608a60bb2dcec0757899d2674dfc1fc2a1d795af4d132efc0fef436338acd7aa7ac8c33e9741fcc2c996049e43af2754b54f0b65d80e346421ea970f16a3f5846f0dd76c1012b44fb441de1c5062f7b19bb08279886157924353acedb91def281cbbeab9f71eed858b79f05fe3ee47ed0dea0145cecc97e751278ec009ddbee4e7e9badc213393906a27708474518a657fb0dfb4e97d410dd9d18edb4abbc8a972982a05f82bdc3aaba603f2a30ca28a8450842b5da76aba11e88bb22ab97bffab947f8c894a6914c919e6454b9a64f78725957220146a2f5799303008a7fa7deae982853faf3817b8fa4d4348af5d6a4ea17d79d50481bf5852ab6df2c0de004d5424b3e11f669e8c7d14305432b40e472074d395f9b4e6f8c9c3b99cef8a1d9436afff7d6f98220d3809983b659e05d5367346b3a2ec7ec1fa141b0981b841026d8a4001beec162b6b0e565fa98538b0da1a96a97ebfb2e0f9789e906b764cce70fb9d07ae3d85110fb0a04c69f750e2c39703d677ccce2f3173116859b68f66075769154f7121fe489ddf75b7dd964c726eaced227312ae5566cd21e5b2ba8719d8401940cccc88100535cfa9a035d548f72ecac36cc1fe481fd67ca19d452cf6237aa207671bbc781040d261255cac0653a76bcfc26e348e1a4a59157f5b2dbcecaf38e5c4a7f9920e4af96989703a7c9b4905da672bd463d990018cf5c665e7299b19d8753a6b819f1bb0bd8e6b6fdf665f7e52bad7a2537c436932ea3ade574695142b25ebaad20d105c6a2c24462f1eb412056141372b9737ee2150cb5fd9a5a5de7b31990fa8ce307943f4f1617e83ba24c4cf4d6ec387202efb99e6c2109547646af3384cb260c69bb02e1824642048b036ab4d745473e84d24147218a5012f44d239966533d0b6c090ad6bdf716c307849b3920b9657b3826a3c4da324de7fbea27228538c72b73019964d6b0a9361a170d30f1f35", @typed={0xc, 0x3, 0x0, 0x0, @u64=0x4}, @nested={0x3f, 0x12c, 0x0, 0x1, [@typed={0x8, 0x85, 0x0, 0x0, @fd=r3}, @generic="1fc968e24a13f26c8775a3198a90e4", @nested={0x8, 0x94, 0x0, 0x1, [@nested={0x4, 0x9f}]}, @nested={0x1c, 0x6e, 0x0, 0x1, [@typed={0x4b, 0x1c, 0x0, 0x0, @pid=r0}, @nested={0x4, 0x93}, @nested={0x4, 0x4c}, @nested={0x4, 0x150}, @nested={0x4, 0x6a}]}]}, @generic="3150fa91794fda3779d2afd86ab26eee6460dffe1aecb65d08a2ec27bdbb87fd7e545321cc2b0223a66565be66a79a0fdff5e41fd0d64a284b0eb48088c3d76619867829aeff105b7b54f5b287975240b75bee01e02aaed1fa27937fb513d0974f110d82fb7234744e9e0218e54e8b16f9467bae7ebd3c02a6f6e844ff924c57e1a3135bf0afd31e3ae943713a64b68eaa9f4fff3237062bfa88683f5497d8be6d559b130ad2f2dd5c28572e4b23024c6e26530f9325fc7f41c62293a811ba37ca75f27d15166f6bdc12f18696786b531f99"]}]}, 0x12bc}, 0x1, 0x0, 0x0, 0x88c4}, 0x0) r9 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r9, 0xc0285700, &(0x7f0000000140)={0xffffffff, "030000000000000023000000debd12ffff00000000000000000020000400"}) openat$fb0(0xffffffffffffff9c, 0x0, 0x800, 0x0) syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x0, 0x40000335}, &(0x7f0000000500), &(0x7f0000000300)) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') 6.097120421s ago: executing program 2 (id=948): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x17, 0x5, &(0x7f0000001980)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e78}, [@map_idx_val={0x18, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000000140)='GPL\x00', 0xd, 0xfe7, &(0x7f0000001e00)=""/4071, 0x40f00, 0xd, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x102}, 0x94) 5.970714019s ago: executing program 1 (id=949): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0xfc}, 0x1, 0x0, 0x0, 0x60004800}, 0x40000) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = syz_open_dev$vcsu(&(0x7f00000001c0), 0x8000, 0x400e00) ioctl$NBD_PRINT_DEBUG(r3, 0xab06) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) listen(0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0xfffffffffffffc45) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480) ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x81, @value=0x327}) openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x6040, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETGAMMA(r5, 0xc02064a5, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}) 5.854088636s ago: executing program 2 (id=950): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000)={0x79, 0x0, 0x56d}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000004, 0x13, r3, 0x100000000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x200, 0x0, 'queue1\x00'}) poll(&(0x7f0000000080)=[{r2, 0x81}], 0x1, 0x2000009d) write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f000000, {}, {}, @raw32={[0x2600]}}], 0xffc8) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) 5.711242559s ago: executing program 3 (id=951): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x8000, @empty, 0x3}, 0x1c) listen(r1, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xb00}}}}}}}, 0x0) 5.692863977s ago: executing program 0 (id=952): unshare(0x60480) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x84) syz_open_procfs(0x0, &(0x7f0000000000)='net/xfrm_stat\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000003c0)='rcu_utilization\x00', r0}, 0x18) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x14}}, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x4}, 0x94) r5 = syz_open_dev$vim2m(&(0x7f0000000240), 0x6, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000100)=0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000001c0)=ANY=[@ANYRES32=r4, @ANYRESHEX=r6, @ANYRES16, @ANYRESDEC=0x0, @ANYRES16, @ANYRES64=r3, @ANYBLOB=',\x00']) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) dup(r7) read$FUSE(r6, &(0x7f0000009800)={0x2020}, 0x2047) 5.274159858s ago: executing program 3 (id=953): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001500)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="490900000000000000001500000004002b8008000300", @ANYRES32=r2, @ANYBLOB="08002a0000000000050029000100000020002b8004000380080001"], 0x58}, 0x1, 0x0, 0x0, 0x20004005}, 0x0) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0) sendmsg$NL802154_CMD_DEL_SEC_KEY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000091}, 0x200408c4) 4.952163731s ago: executing program 3 (id=955): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0xf00, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) 4.77280276s ago: executing program 4 (id=956): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x140d, 0x2, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x20040804}, 0x20000000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, 0x1, 0x9, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x8}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x6}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}]}, 0x40}, 0x1, 0x0, 0x0, 0x24004004}, 0x4800) madvise(&(0x7f0000bff000/0x400000)=nil, 0x400000, 0xd) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r2, 0x8982, &(0x7f0000000200)) r3 = memfd_secret(0x80000) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0) ioctl$SYNC_IOC_MERGE(r3, 0xc0303e03, &(0x7f0000000280)={"7a15835a85f3795ac6f3b03a9c27d63a619f6f744b7b8a37f9168a45f9c54621", r4}) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000002c0)={0x9, 0x0, [{0xb7f}, {0x0, 0x0, 0x7}, {0x332, 0x0, 0x5}, {0x302, 0x0, 0x7}, {0x92b, 0x0, 0x1}, {0x222, 0x0, 0x6a}, {0x560, 0x0, 0x5}, {0x8f4, 0x0, 0x3}, {0x381, 0x0, 0x4}]}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000380), 0x111, 0x5}}, 0x20) r5 = syz_open_dev$loop(&(0x7f0000000400), 0x6d, 0x40400) ioctl$LOOP_CHANGE_FD(r5, 0x4c06, r1) write$binfmt_format(r3, &(0x7f0000000440)='1\x00', 0x2) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f0000000480)=0x0) bind$nfc_llcp(r4, &(0x7f00000004c0)={0x27, r6, 0xffffffffffffffff, 0x7, 0x8, 0x2, "06ec6b87c5ec83c9bffc3eee1cdae476ccd7aa35949bcc265515356e369cf8523ebd3e27f0be88fa49598e252b57ae34d27d73364390bf0bb634d03d86bea3", 0xb}, 0x60) getsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000540)={@multicast1, @local, 0x0}, &(0x7f0000000580)=0xc) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x8916, &(0x7f00000005c0)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x33, r7}) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000640), r3) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x14, r8, 0x1, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0xc084) setsockopt$SO_J1939_SEND_PRIO(r3, 0x6b, 0x3, &(0x7f0000000740)=0x2, 0x4) ftruncate(r1, 0xfffffffffffffffa) fsetxattr$security_ima(r4, &(0x7f0000000780), &(0x7f00000007c0)=@md5={0x1, "245f472af9923fd723fbe033c3ea57d4"}, 0x11, 0x0) ioctl$LOOP_SET_STATUS(r3, 0x4c02, &(0x7f0000000800)={0x0, {}, 0x0, {}, 0x8001, 0x2, 0x1b, 0x1, "c46a39bd27725fa99336f3e100d42690bd374668cc50ae23af4075fa7db0fc8014de25829980a3a3dfd86a08101d611d3564ddeadeff523c0c6ac35d13c804ae", "0ed34508a0c2210e61ec88eee2858d09230049f2e6c692f825a30bad06364934", [0xe8e4, 0x430]}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa07, &(0x7f00000008c0)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000900), 0x2, 0x0) mbind(&(0x7f0000cd2000/0x1000)=nil, 0x1000, 0x2, &(0x7f0000000940)=0x400, 0x7, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000980)) 4.641847144s ago: executing program 0 (id=957): r0 = socket(0x2, 0x3, 0x5) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=ANY=[], 0x0}, 0x94) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='inet_sk_error_report\x00', r2}, 0x10) r3 = socket$kcm(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e00000004000000040000000800000020", @ANYRES32, @ANYBLOB="040000000000000000002731a379a911b885713b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0500000002000000000000000a00"/24, @ANYRES32, @ANYBLOB], 0x50) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000080)={0x0, @rand_addr, @remote}, &(0x7f0000000280)=0xc) r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000840)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000000000000000003000000000200000004000000faffffff00005f5f0055b0e4b1766e2b74bf50bd2289b7aea25d727da2b6c8407f218fe58606db73987ede14112efa90d1d649adabeb251e2b47a065bcc60f965f2253d850ab060f6f516335eae3344145fbc4ea50fcfd810b6a03306b40a286acf51433e3c7fe"], &(0x7f0000000440)=""/221, 0x35, 0xdd, 0x1, 0x1, 0x10000}, 0x28) syz_io_uring_complete(0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1400fdffffff02000000000e830000000000000000", @ANYRES32=r6, @ANYBLOB="1100"/20, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="01000000040000000100"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) close_range(r1, r5, 0x2) sendmsg$inet(r4, 0x0, 0x10) sendmsg$kcm(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/27], 0x50) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r10, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010028bd7000f7dbdf2501000000100007800c00018008000100", @ANYRES32=r9, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) sendmsg$kcm(r3, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xd}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) r12 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000) syz_open_procfs(0x0, 0x0) 4.620708015s ago: executing program 4 (id=958): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00') sendmmsg$inet(r3, 0x0, 0x0, 0xc0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) open(0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) sendto$inet(r3, 0x0, 0x0, 0x11, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000001540)=@raw={'raw\x00', 0x3c1, 0x3, 0x14d8, 0x1290, 0x5802, 0x294, 0x1290, 0x294, 0x1408, 0x325, 0x378, 0x1408, 0x378, 0x3, 0x0, {[{{@ipv6={@loopback, @empty, [0xb4010000, 0x0, 0x0, 0xff000000], [], 'pimreg0\x00', 'macsec0\x00', {0xff}, {}, 0x0, 0x0, 0x3}, 0x0, 0x1228, 0x1290, 0x52020000, {}, [@common=@inet=@hashlimit2={{0x150}, {'gre0\x00', {0x0, 0x4, 0x60, 0x0, 0x0, 0x6, 0x7fffffff, 0x0, 0x8}}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0xfc, 0xfd, 0x0, './cgroup.net/syz1\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x108, 0x178, 0x0, {}, [@common=@ah={{0x30}}, @common=@frag={{0x30}, {[0x0, 0x101]}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0xcfd, 0x8000, 0x8, 0x1, 0x0, "40384e1aa968ae1a869c8ce9a46b9ff41931137193fc6c2a5d28667be0e6c0e8dd7ab2a2560d636022502c16f2d80f7e97c47fa0a3d21b373dc257058a128931"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1538) r5 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r5, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94) sendmsg(r5, &(0x7f00000000c0)={0x0, 0x9584, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x5, &(0x7f0000000bc0)=ANY=[], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x13c, 0x19, 0x1, 0x0, 0x1, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x800}, {0x0, 0x0, 0x0, 0x2000000000}}, [@tmpl={0x84, 0x5, [{{@in6=@remote, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x0, 0x40}, {{@in=@remote, 0x0, 0x32}, 0x0, @in6=@private1, 0x0, 0x5}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 3.757062076s ago: executing program 0 (id=959): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000340)="18000000010003", 0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100) socket(0x840000000002, 0x3, 0xff) io_uring_setup(0x0, 0x0) r1 = io_uring_setup(0x2c49, &(0x7f0000002240)={0x0, 0x0, 0x0, 0x3}) io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x18, &(0x7f0000000000), 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) syz_usb_connect(0x4, 0x80, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0xa1, 0xba, 0x14, 0x10, 0xb3c, 0xc002, 0xa39b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x90, 0x0, 0x6, 0xee, 0x23, 0x3e, 0x0, [], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x9, 0x68, 0x80}}, {{0x9, 0x5, 0x2, 0x10, 0x40, 0x2, 0x2, 0x63}}, {{0x9, 0x5, 0x9, 0x10, 0x10, 0x0, 0x6, 0x1}}, {{0x9, 0x5, 0xf5ee16fb96974caa, 0x11, 0x400, 0x40, 0x0, 0xb3}}, {{0x9, 0x5, 0xf, 0x0, 0x40, 0x8, 0x5, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x2, 0x45d5}]}}, {{0x9, 0x5, 0xb, 0x8, 0x8, 0x82, 0x6, 0x3, [@generic={0x1f, 0xc, "598c305f17a7f9f540d141c4a79533b54438d0ac02e76bc54debbd15a9"}]}}]}}]}}]}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x2c, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x4}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0xa, 0x84}}}, 0xb8}}, 0x20050800) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) bind$rose(r4, &(0x7f0000000040)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, 0x2, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x40) fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r4, 0x26, 0x0) fcntl$lock(r4, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9}) syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0xe1, 0xf7, 0x8, 0x20, 0x3275, 0x85, 0xf769, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x1, 0x40, 0x2, [{{0x9, 0x4, 0xbe, 0xc, 0x0, 0x7c, 0x56, 0x76, 0x80}}]}}]}}, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, 0x0}, {0x30, &(0x7f0000000c40)=ANY=[@ANYBLOB="30039dd9d7dfe8"]}]}) fcntl$lock(r4, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x90}) 3.640261572s ago: executing program 2 (id=960): munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) socketpair$unix(0x1, 0x5, 0x0, 0x0) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) prlimit64(0x0, 0xb, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xa4, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x7c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x44, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0xc, 0x5, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "8f"}]}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "8a95"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x118}}, 0x0) (async) syz_emit_ethernet(0x4a, &(0x7f0000000800)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, 0x0, {[@generic={0x0, 0x2}, @md5sig={0x1d, 0x12, "910000000000006f00"}]}}}}}}}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x4000084) (async) sched_setscheduler(r2, 0x2, &(0x7f0000000240)=0x8) (async) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) (async) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) (async) ptrace$getregset(0x4204, r5, 0x202, &(0x7f0000000100)={0x0}) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010c0000000000000000010000000900010073797a31000000000000010000000900030073797a320000000014000480080002400000000008000140000000050900010073797a31000000004c000000050a01020000000000000000010020000c00024000000000000000010900010073797a3100000000200004801400030076657468315f6d6163767461700000000800014000000005140000001100010000000000000000000000000a00"/212], 0xd4}}, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') renameat2(r6, &(0x7f0000000380)='./cgroup\x00', r6, &(0x7f00000003c0)='./mnt\x00', 0x5) 3.490906471s ago: executing program 3 (id=961): syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) landlock_create_ruleset(&(0x7f0000000000)={0x25, 0x2, 0x1}, 0x18, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f00000001c0)=0xa) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) timer_delete(0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40}, {0x6}]}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000280)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa000800450000300000000000019078ac1e0001ac14aa0c009078000000004500000000000000006c000000000000ac1414aa"], 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r5, &(0x7f0000000000)={0x2, @long={0x3, 0x0, {0xaaaaaaaaaaaa0302}}}, 0x14) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x4001, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r5, 0x8983, &(0x7f0000000340)={0x3, 'veth1_to_batadv\x00', {0x1}, 0x7}) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) 3.093981474s ago: executing program 2 (id=962): mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x900, 0xda) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x82a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r4 = socket$unix(0x1, 0x2, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)="6e37cff5b582e082d58cb23de3c19dc4971d9b59ddb52ae25a3ca48e8d5284721b4b722d1fd011fc3144e4ceb18b32b5b819d56f4aa3fe1aaf904aa0", 0x3c}, {0x0}], 0x2}, 0x0) futex(0x0, 0x7, 0x1, 0x0, 0x0, 0x1) 3.079408629s ago: executing program 4 (id=963): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) fsync(0xffffffffffffffff) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r1 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x24, 0x14, 0x100, 0xfffffffe, 0x8, {0x2, 0x0, 0x0, 0x0, {0x9a05a5ec0f9808cd, 0xb}, {0xfff1, 0x5}, {0x6, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x8100}, 0x4000) 2.790564743s ago: executing program 1 (id=964): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chdir(0x0) utimensat(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffc000, 0x0) 2.590015791s ago: executing program 4 (id=965): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknod(0x0, 0x8001420, 0x1) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000040)=0x401, 0x4) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x1f4}}], 0x400000000000172, 0x4001c00) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x1, r5}, 0x50) close(0x3) connect(r4, &(0x7f0000001340)=@in6={0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x1}, 0x80) 2.115136423s ago: executing program 2 (id=966): setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3e, &(0x7f00000000c0)=0x4e24e15c, 0x4) socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/handlers\x00', 0x0, 0x0) close(r2) statx(r2, 0x0, 0x1000, 0x6000, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f00000017c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a1ef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40dddb51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88370d9ed9467b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42553ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca000000000000000000000509619f5f0cbc72eebc653946d3552236f0dfe485cfa71bd69f4ded6e131128c3875b785875addfcbd5931c12adbef75535e694f3a19f28f9f99fa32e8ff66e7b1ff674434fb63ba0e28aadccf77d387525c98e81476058c958eaccfa7d251d0671222dc9d06485f7f690d3d4227bd21bd7ff8338617705b7faec47c86789a488b43d0fedf1b0ee05d65c677ced1e8214b2f6cb74d73886eb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/18], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, 0xffffffffffffffff, 0x5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r7}, &(0x7f00000006c0), &(0x7f0000000700)=r6}, 0x20) sendmsg$inet(r5, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1, 0x0, 0x0, 0x6000}, 0x20) r8 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r9, @ANYRES32=r8, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r9}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20) read$alg(r1, &(0x7f0000000e80)=""/4096, 0x1000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) 1.259222655s ago: executing program 1 (id=967): openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/meminfo\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) io_setup(0x222, &(0x7f0000000180)) creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = socket(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r1, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc), 0x4) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write(r1, &(0x7f0000000000)='\"', 0xfdef) 1.066251397s ago: executing program 4 (id=968): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r2 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r3, 0x0) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000740)=ANY=[@ANYBLOB="14020000140001002dbd7000000000000a"], 0x214}], 0x1}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWSET={0x48, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x3c1f}]}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2d}]}], {0x14, 0x10}}, 0x70}}, 0x0) 587.427799ms ago: executing program 0 (id=969): r0 = socket(0x2, 0x3, 0x5) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=ANY=[], 0x0}, 0x94) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='inet_sk_error_report\x00', r2}, 0x10) r3 = socket$kcm(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1e00000004000000040000000800000020", @ANYRES32, @ANYBLOB="040000000000000000002731a379a911b885713b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0500000002000000000000000a00"/24, @ANYRES32, @ANYBLOB], 0x50) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000080)={0x0, @rand_addr, @remote}, &(0x7f0000000280)=0xc) r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000840)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000000000000000003000000000200000004000000faffffff00005f5f0055b0e4b1766e2b74bf50bd2289b7aea25d727da2b6c8407f218fe58606db73987ede14112efa90d1d649adabeb251e2b47a065bcc60f965f2253d850ab060f6f516335eae3344145fbc4ea50fcfd810b6a03306b40a286acf51433e3c7fe"], &(0x7f0000000440)=""/221, 0x35, 0xdd, 0x1, 0x1, 0x10000}, 0x28) syz_io_uring_complete(0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1400fdffffff02000000000e830000000000000000", @ANYRES32=r6, @ANYBLOB="1100"/20, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="01000000040000000100"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x50) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) close_range(r1, r5, 0x2) sendmsg$inet(r4, 0x0, 0x10) sendmsg$kcm(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/27], 0x50) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r10, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a40)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010028bd7000f7dbdf2501000000100007800c00018008000100", @ANYRES32=r9, @ANYBLOB], 0x30}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) sendmsg$kcm(r3, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xd}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) r12 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000) syz_open_procfs(0x0, 0x0) 251.530008ms ago: executing program 4 (id=970): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x5, 0x0, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f00000006c0)=[{0x26, 0x0, [0x7, 0x9, 0x6, 0x1, 0x75, 0x8, 0x3, 0x9, 0xffffff81, 0x214, 0x3, 0x3, 0x7, 0x7, 0x5, 0x5]}, {0x20, 0x0, [0x7, 0x547d, 0x1, 0xcec3, 0x9, 0x5, 0xe, 0xe1, 0x1ff, 0x9, 0xca31, 0x400000, 0x0, 0x1ff, 0x3, 0x4]}, {0x27, 0x0, [0x8001, 0x5, 0x6, 0xc96, 0xc, 0x5, 0x1000, 0x8, 0xff, 0x78, 0x0, 0xff, 0x0, 0x633, 0x1, 0x6]}], r4, 0x1, 0x1, 0xd8}}, 0x20) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYRES8=r1]) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xb}}, 0x14}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADD(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0) r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000fe5000/0x1000)=nil, r6, 0x1, 0x11, r2, 0x0) r7 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x280000) ioctl$EVIOCGLED(r7, 0x80404519, &(0x7f0000000680)=""/4096) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000600)={0xbe, 0x0, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 0 (id=971): r0 = syz_io_uring_setup(0x126b, &(0x7f00000006c0)={0x0, 0x72de}, &(0x7f0000000140), &(0x7f0000000780)) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) r1 = syz_open_dev$sg(&(0x7f0000000100), 0xf9ba, 0x28540) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000002c0)={0x0, 0x401, 0xae}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff]}, 0x20) kernel console output (not intermixed with test programs): rex 4-1:0.50: USB YUREX #0 now disconnected [ 111.791045][ T5829] usb 1-1: Product: syz [ 111.801794][ T5829] usb 1-1: Manufacturer: syz [ 111.818063][ T5829] usb 1-1: SerialNumber: syz [ 111.833459][ T5829] usb 1-1: config 0 descriptor?? [ 111.844088][ T5829] hub 1-1:0.153: bad descriptor, ignoring hub [ 111.853148][ T5829] hub 1-1:0.153: probe with driver hub failed with error -5 [ 111.874640][ T5829] sierra 1-1:0.153: Sierra USB modem converter detected [ 112.266198][ T6166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.277676][ T6166] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.987332][ T6191] netlink: 8 bytes leftover after parsing attributes in process `syz.3.64'. [ 114.997042][ T6191] bridge_slave_0: entered promiscuous mode [ 115.635697][ T5829] usb 1-1: USB disconnect, device number 5 [ 116.110168][ T5829] sierra 1-1:0.153: device disconnected [ 117.697019][ T6225] netlink: 12 bytes leftover after parsing attributes in process `syz.1.72'. [ 117.706128][ T6225] nbd: must specify a size in bytes for the device [ 118.788863][ T6235] FAULT_INJECTION: forcing a failure. [ 118.788863][ T6235] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 118.813769][ T6235] CPU: 1 UID: 0 PID: 6235 Comm: syz.0.78 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 118.813793][ T6235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.813806][ T6235] Call Trace: [ 118.813817][ T6235] [ 118.813824][ T6235] dump_stack_lvl+0x189/0x250 [ 118.813861][ T6235] ? __pfx____ratelimit+0x10/0x10 [ 118.813886][ T6235] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.813912][ T6235] ? __pfx__printk+0x10/0x10 [ 118.813929][ T6235] ? __might_fault+0xb0/0x130 [ 118.813961][ T6235] should_fail_ex+0x414/0x560 [ 118.813986][ T6235] _copy_from_user+0x2d/0xb0 [ 118.814013][ T6235] kvm_arch_vcpu_ioctl+0x638/0x2a40 [ 118.814035][ T6235] ? __lock_acquire+0xab9/0xd20 [ 118.814056][ T6235] ? kvm_arch_vcpu_ioctl+0x5f8/0x2a40 [ 118.814079][ T6235] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 118.814103][ T6235] ? __lock_acquire+0xab9/0xd20 [ 118.814143][ T6235] ? is_bpf_text_address+0x26/0x2b0 [ 118.814172][ T6235] ? is_bpf_text_address+0x292/0x2b0 [ 118.814195][ T6235] ? is_bpf_text_address+0x26/0x2b0 [ 118.814222][ T6235] ? kernel_text_address+0xa5/0xe0 [ 118.814243][ T6235] ? __kernel_text_address+0xd/0x40 [ 118.814262][ T6235] ? unwind_get_return_address+0x4d/0x90 [ 118.814286][ T6235] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 118.814303][ T6235] ? arch_stack_walk+0xfc/0x150 [ 118.814341][ T6235] ? stack_trace_save+0x9c/0xe0 [ 118.814360][ T6235] ? stack_depot_save_flags+0x40/0x900 [ 118.814389][ T6235] ? kasan_save_track+0x4f/0x80 [ 118.814406][ T6235] ? kasan_save_track+0x3e/0x80 [ 118.814454][ T6235] ? __lock_acquire+0xab9/0xd20 [ 118.814502][ T6235] ? __mutex_trylock_common+0x153/0x260 [ 118.814535][ T6235] ? __pfx___mutex_trylock_common+0x10/0x10 [ 118.814568][ T6235] ? rcu_is_watching+0x15/0xb0 [ 118.814596][ T6235] ? trace_contention_end+0x39/0x120 [ 118.814614][ T6235] ? __mutex_lock+0x330/0xe80 [ 118.814644][ T6235] ? kasan_quarantine_put+0xdd/0x220 [ 118.814668][ T6235] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 118.814688][ T6235] ? __pfx___mutex_lock+0x10/0x10 [ 118.814716][ T6235] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 118.814740][ T6235] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 118.814762][ T6235] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 118.814791][ T6235] kvm_vcpu_ioctl+0x74d/0xe90 [ 118.814815][ T6235] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 118.814841][ T6235] ? __lock_acquire+0xab9/0xd20 [ 118.814868][ T6235] ? __asan_memset+0x22/0x50 [ 118.814885][ T6235] ? smack_file_ioctl+0x302/0x340 [ 118.814908][ T6235] ? __pfx_smack_file_ioctl+0x10/0x10 [ 118.814938][ T6235] ? __fget_files+0x2a/0x420 [ 118.814962][ T6235] ? __fget_files+0x3a0/0x420 [ 118.814984][ T6235] ? __fget_files+0x2a/0x420 [ 118.815012][ T6235] ? bpf_lsm_file_ioctl+0x9/0x20 [ 118.815036][ T6235] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 118.815064][ T6235] __se_sys_ioctl+0xfc/0x170 [ 118.815090][ T6235] do_syscall_64+0xfa/0x3b0 [ 118.815115][ T6235] ? lockdep_hardirqs_on+0x9c/0x150 [ 118.815140][ T6235] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.815158][ T6235] ? clear_bhb_loop+0x60/0xb0 [ 118.815180][ T6235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.815198][ T6235] RIP: 0033:0x7fa952b8e929 [ 118.815221][ T6235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.815236][ T6235] RSP: 002b:00007fa9509f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 118.815255][ T6235] RAX: ffffffffffffffda RBX: 00007fa952db5fa0 RCX: 00007fa952b8e929 [ 118.815269][ T6235] RDX: 0000200000000100 RSI: 000000004008ae89 RDI: 0000000000000005 [ 118.815280][ T6235] RBP: 00007fa9509f6090 R08: 0000000000000000 R09: 0000000000000000 [ 118.815291][ T6235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.815302][ T6235] R13: 0000000000000000 R14: 00007fa952db5fa0 R15: 00007ffe82dec228 [ 118.815331][ T6235] [ 119.130437][ T6244] netlink: 12 bytes leftover after parsing attributes in process `syz.3.80'. [ 119.879211][ T5827] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 120.379428][ T5827] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 120.570974][ T5827] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 120.585660][ T5827] usb 3-1: Product: syz [ 120.590782][ T5827] usb 3-1: Manufacturer: syz [ 120.611453][ T5827] usb 3-1: SerialNumber: syz [ 120.658398][ T5827] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 120.717323][ T5994] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 120.808891][ T6269] warning: `syz.0.88' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 120.859324][ T5994] usb 5-1: device descriptor read/64, error -71 [ 121.339075][ T5827] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 121.352680][ T5827] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 121.385211][ T5994] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 121.558730][ T5994] usb 5-1: device descriptor read/64, error -71 [ 121.677827][ T5827] usb 3-1: USB disconnect, device number 2 [ 121.707415][ T5994] usb usb5-port1: attempt power cycle [ 121.784481][ T6274] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 121.934514][ T6276] netlink: 'syz.3.90': attribute type 1 has an invalid length. [ 122.073334][ T6282] capability: warning: `syz.0.91' uses deprecated v2 capabilities in a way that may be insecure [ 122.125206][ T5994] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 122.207927][ T5994] usb 5-1: device descriptor read/8, error -71 [ 122.545364][ T5994] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 122.568873][ T5994] usb 5-1: device descriptor read/8, error -71 [ 122.693126][ T5994] usb usb5-port1: unable to enumerate USB device [ 123.284559][ T6294] IPVS: set_ctl: invalid protocol: 43 172.20.20.45:20002 [ 124.656790][ T6310] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 124.703066][ T6316] FAULT_INJECTION: forcing a failure. [ 124.703066][ T6316] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.724431][ T6316] CPU: 0 UID: 0 PID: 6316 Comm: syz.0.101 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 124.724448][ T6316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.724456][ T6316] Call Trace: [ 124.724461][ T6316] [ 124.724466][ T6316] dump_stack_lvl+0x189/0x250 [ 124.724489][ T6316] ? __pfx____ratelimit+0x10/0x10 [ 124.724506][ T6316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.724524][ T6316] ? __pfx__printk+0x10/0x10 [ 124.724536][ T6316] ? __might_fault+0xb0/0x130 [ 124.724559][ T6316] should_fail_ex+0x414/0x560 [ 124.724576][ T6316] _copy_from_iter+0x1db/0x16f0 [ 124.724596][ T6316] ? rcu_is_watching+0x15/0xb0 [ 124.724615][ T6316] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 124.724631][ T6316] ? __pfx__copy_from_iter+0x10/0x10 [ 124.724649][ T6316] ? __build_skb_around+0x257/0x3e0 [ 124.724663][ T6316] ? netlink_sendmsg+0x642/0xb30 [ 124.724675][ T6316] ? skb_put+0x11b/0x210 [ 124.724690][ T6316] netlink_sendmsg+0x6b2/0xb30 [ 124.724709][ T6316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.724727][ T6316] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 124.724742][ T6316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.724755][ T6316] __sock_sendmsg+0x219/0x270 [ 124.724775][ T6316] ____sys_sendmsg+0x505/0x830 [ 124.724792][ T6316] ? __pfx_____sys_sendmsg+0x10/0x10 [ 124.724812][ T6316] ? import_iovec+0x74/0xa0 [ 124.724832][ T6316] ___sys_sendmsg+0x21f/0x2a0 [ 124.724848][ T6316] ? __pfx____sys_sendmsg+0x10/0x10 [ 124.724885][ T6316] ? __fget_files+0x2a/0x420 [ 124.724900][ T6316] ? __fget_files+0x3a0/0x420 [ 124.724929][ T6316] __x64_sys_sendmsg+0x19b/0x260 [ 124.724945][ T6316] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 124.724966][ T6316] ? __pfx_ksys_write+0x10/0x10 [ 124.724984][ T6316] ? do_syscall_64+0xbe/0x3b0 [ 124.725004][ T6316] do_syscall_64+0xfa/0x3b0 [ 124.725021][ T6316] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.725038][ T6316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.725050][ T6316] ? clear_bhb_loop+0x60/0xb0 [ 124.725065][ T6316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.725085][ T6316] RIP: 0033:0x7fa952b8e929 [ 124.725101][ T6316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.725114][ T6316] RSP: 002b:00007fa9509d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.725132][ T6316] RAX: ffffffffffffffda RBX: 00007fa952db6080 RCX: 00007fa952b8e929 [ 124.725143][ T6316] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 124.725154][ T6316] RBP: 00007fa9509d5090 R08: 0000000000000000 R09: 0000000000000000 [ 124.725164][ T6316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.725173][ T6316] R13: 0000000000000001 R14: 00007fa952db6080 R15: 00007ffe82dec228 [ 124.725199][ T6316] [ 124.995768][ C0] vkms_vblank_simulate: vblank timer overrun [ 125.723027][ T6318] netlink: 12 bytes leftover after parsing attributes in process `syz.1.102'. [ 125.733249][ T6318] nbd: must specify a size in bytes for the device [ 126.298959][ T6323] netlink: 20 bytes leftover after parsing attributes in process `syz.0.103'. [ 128.831480][ T6338] syz.1.106: attempt to access beyond end of device [ 128.831480][ T6338] loop1: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 128.855727][ T6338] hfsplus: unable to find HFS+ superblock [ 128.866061][ T6332] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 131.579977][ T6362] FAULT_INJECTION: forcing a failure. [ 131.579977][ T6362] name failslab, interval 1, probability 0, space 0, times 1 [ 131.594022][ T6362] CPU: 0 UID: 0 PID: 6362 Comm: syz.1.114 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 131.594046][ T6362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.594056][ T6362] Call Trace: [ 131.594063][ T6362] [ 131.594071][ T6362] dump_stack_lvl+0x189/0x250 [ 131.594100][ T6362] ? __pfx____ratelimit+0x10/0x10 [ 131.594125][ T6362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.594150][ T6362] ? __pfx__printk+0x10/0x10 [ 131.594173][ T6362] ? __pfx___might_resched+0x10/0x10 [ 131.594197][ T6362] ? fs_reclaim_acquire+0x7d/0x100 [ 131.594225][ T6362] should_fail_ex+0x414/0x560 [ 131.594250][ T6362] should_failslab+0xa8/0x100 [ 131.594274][ T6362] __kmalloc_noprof+0xcb/0x4f0 [ 131.594292][ T6362] ? kfree+0x4d/0x440 [ 131.594307][ T6362] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 131.594337][ T6362] tomoyo_realpath_from_path+0xe3/0x5d0 [ 131.594363][ T6362] ? tomoyo_domain+0xda/0x130 [ 131.594393][ T6362] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 131.594414][ T6362] tomoyo_path_number_perm+0x1e8/0x5a0 [ 131.594437][ T6362] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 131.594460][ T6362] ? sb_end_write+0xe9/0x1c0 [ 131.594485][ T6362] ? vfs_write+0x8d8/0xa90 [ 131.594542][ T6362] ? ksys_write+0x1e1/0x250 [ 131.594567][ T6362] security_file_ioctl+0xcb/0x2d0 [ 131.594591][ T6362] __se_sys_ioctl+0x47/0x170 [ 131.594612][ T6362] do_syscall_64+0xfa/0x3b0 [ 131.594634][ T6362] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.594658][ T6362] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.594674][ T6362] ? clear_bhb_loop+0x60/0xb0 [ 131.594695][ T6362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.594712][ T6362] RIP: 0033:0x7f3843f8e929 [ 131.594727][ T6362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.594741][ T6362] RSP: 002b:00007f3844d6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 131.594759][ T6362] RAX: ffffffffffffffda RBX: 00007f38441b5fa0 RCX: 00007f3843f8e929 [ 131.594771][ T6362] RDX: 0000200000000300 RSI: 0000000080104592 RDI: 0000000000000003 [ 131.594783][ T6362] RBP: 00007f3844d6b090 R08: 0000000000000000 R09: 0000000000000000 [ 131.594793][ T6362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.594802][ T6362] R13: 0000000000000000 R14: 00007f38441b5fa0 R15: 00007ffde3b22b18 [ 131.594830][ T6362] [ 131.594836][ T6362] ERROR: Out of memory at tomoyo_realpath_from_path. [ 132.108965][ T6366] netlink: 12 bytes leftover after parsing attributes in process `syz.3.115'. [ 132.118531][ T6366] nbd: must specify a size in bytes for the device [ 132.706891][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.725716][ T6378] sctp: [Deprecated]: syz.4.116 (pid 6378) Use of struct sctp_assoc_value in delayed_ack socket option. [ 133.725716][ T6378] Use struct sctp_sack_info instead [ 134.904211][ T30] audit: type=1326 audit(1751304166.037:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 134.928053][ T6395] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 134.971460][ T30] audit: type=1326 audit(1751304166.067:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 135.024570][ T30] audit: type=1326 audit(1751304166.067:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 135.055405][ T30] audit: type=1326 audit(1751304166.067:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 135.098536][ T30] audit: type=1326 audit(1751304166.067:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 135.166354][ T30] audit: type=1326 audit(1751304166.067:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 135.189939][ T30] audit: type=1326 audit(1751304166.067:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 135.211999][ T30] audit: type=1326 audit(1751304166.067:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 135.234842][ T30] audit: type=1326 audit(1751304166.067:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 135.317869][ T30] audit: type=1326 audit(1751304166.067:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6383 comm="syz.1.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 137.535147][ T6419] syz.1.129: attempt to access beyond end of device [ 137.535147][ T6419] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0 [ 137.627830][ T6419] syz.1.129: attempt to access beyond end of device [ 137.627830][ T6419] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0 [ 137.664294][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 137.674740][ T6419] syz.1.129: attempt to access beyond end of device [ 137.674740][ T6419] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0 [ 137.690544][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 137.712514][ T6419] syz.1.129: attempt to access beyond end of device [ 137.712514][ T6419] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0 [ 137.913910][ T6419] syz.1.129: attempt to access beyond end of device [ 137.913910][ T6419] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0 [ 137.977791][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 138.781622][ T6419] syz.1.129: attempt to access beyond end of device [ 138.781622][ T6419] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 138.820656][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 138.873077][ T6419] syz.1.129: attempt to access beyond end of device [ 138.873077][ T6419] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0 [ 138.956032][ T6433] netlink: 260 bytes leftover after parsing attributes in process `syz.3.132'. [ 139.055474][ T6419] syz.1.129: attempt to access beyond end of device [ 139.055474][ T6419] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 139.089985][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 139.446097][ T6419] syz.1.129: attempt to access beyond end of device [ 139.446097][ T6419] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 139.485302][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 139.530906][ T6419] syz.1.129: attempt to access beyond end of device [ 139.530906][ T6419] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 139.578718][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256 [ 139.679462][ T6419] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512 [ 139.733862][ T6419] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1) [ 139.746189][ T6444] FAULT_INJECTION: forcing a failure. [ 139.746189][ T6444] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.815274][ T6444] CPU: 1 UID: 0 PID: 6444 Comm: syz.0.136 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 139.815300][ T6444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 139.815310][ T6444] Call Trace: [ 139.815318][ T6444] [ 139.815325][ T6444] dump_stack_lvl+0x189/0x250 [ 139.815357][ T6444] ? __pfx____ratelimit+0x10/0x10 [ 139.815381][ T6444] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.815407][ T6444] ? __pfx__printk+0x10/0x10 [ 139.815424][ T6444] ? __might_fault+0xb0/0x130 [ 139.815456][ T6444] should_fail_ex+0x414/0x560 [ 139.815480][ T6444] _copy_from_user+0x2d/0xb0 [ 139.815508][ T6444] ___sys_sendmsg+0x158/0x2a0 [ 139.815531][ T6444] ? __pfx____sys_sendmsg+0x10/0x10 [ 139.815604][ T6444] ? __might_fault+0xb0/0x130 [ 139.815628][ T6444] __sys_sendmmsg+0x227/0x430 [ 139.815653][ T6444] ? __pfx___sys_sendmmsg+0x10/0x10 [ 139.815671][ T6444] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 139.815721][ T6444] ? ksys_write+0x22a/0x250 [ 139.815743][ T6444] ? __pfx_ksys_write+0x10/0x10 [ 139.815760][ T6444] ? rcu_is_watching+0x15/0xb0 [ 139.815791][ T6444] __x64_sys_sendmmsg+0xa0/0xc0 [ 139.815814][ T6444] do_syscall_64+0xfa/0x3b0 [ 139.815838][ T6444] ? lockdep_hardirqs_on+0x9c/0x150 [ 139.815861][ T6444] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.815878][ T6444] ? clear_bhb_loop+0x60/0xb0 [ 139.815899][ T6444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.815916][ T6444] RIP: 0033:0x7fa952b8e929 [ 139.815931][ T6444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.815946][ T6444] RSP: 002b:00007fa9509f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 139.815964][ T6444] RAX: ffffffffffffffda RBX: 00007fa952db5fa0 RCX: 00007fa952b8e929 [ 139.815977][ T6444] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 139.815988][ T6444] RBP: 00007fa9509f6090 R08: 0000000000000000 R09: 0000000000000000 [ 139.815998][ T6444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 139.816008][ T6444] R13: 0000000000000000 R14: 00007fa952db5fa0 R15: 00007ffe82dec228 [ 139.816035][ T6444] [ 141.201127][ T6461] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 141.207829][ T6461] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 141.490320][ T6461] vhci_hcd vhci_hcd.0: Device attached [ 141.775574][ T6461] bridge_slave_0: left allmulticast mode [ 141.781266][ T6461] bridge_slave_0: left promiscuous mode [ 141.797935][ T6461] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.813834][ T6461] bridge_slave_1: left allmulticast mode [ 141.824162][ T6461] bridge_slave_1: left promiscuous mode [ 141.830764][ T6461] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.937523][ T977] usb 35-1: new high-speed USB device number 2 using vhci_hcd [ 141.968404][ T6470] netlink: 'syz.1.141': attribute type 10 has an invalid length. [ 142.200108][ T6461] bond0: (slave bond_slave_0): Releasing backup interface [ 142.790746][ T5829] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 142.816345][ T6461] bond0: (slave bond_slave_1): Releasing backup interface [ 143.015924][ T5829] usb 1-1: Using ep0 maxpacket: 32 [ 143.032336][ T5829] usb 1-1: config 0 has an invalid interface number: 146 but max is 0 [ 143.044865][ T5829] usb 1-1: config 0 has no interface number 0 [ 143.064841][ T5829] usb 1-1: config 0 interface 146 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 143.085855][ T6461] team0: Port device team_slave_0 removed [ 143.093010][ T5829] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 143.136770][ T6461] team0: Port device team_slave_1 removed [ 143.161825][ T6461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.170666][ T5829] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 143.171097][ T6461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.227421][ T5829] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 143.255885][ T5829] usb 1-1: config 0 interface 146 altsetting 0 has an endpoint descriptor with address 0xF2, changing to 0x82 [ 143.269257][ T6461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.280616][ T5829] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 143.291175][ T6461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.322968][ T5829] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 143.363324][ T5829] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 143.404047][ T5829] usb 1-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 143.458701][ T5829] usb 1-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 143.471229][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.493879][ T5829] usb 1-1: Product: syz [ 143.508898][ T6470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.513116][ T5829] usb 1-1: Manufacturer: syz [ 143.543942][ T5829] usb 1-1: SerialNumber: syz [ 143.551888][ T6470] team0: Port device bond0 added [ 143.560216][ T6463] vhci_hcd: connection reset by peer [ 143.582045][ T3491] vhci_hcd: stop threads [ 143.587465][ T5829] usb 1-1: config 0 descriptor?? [ 143.595784][ T3491] vhci_hcd: release socket [ 143.623967][ T3491] vhci_hcd: disconnect device [ 143.629380][ T6469] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 143.648347][ T5829] microtek usb (rev 0.4.3): can only deal with bulk endpoints; endpoint 1 is not bulk. [ 143.673041][ T5829] microtek usb (rev 0.4.3): couldn't find an output bulk endpoint. Bailing out. [ 143.868970][ T5829] usb 1-1: USB disconnect, device number 6 [ 144.095320][ T6470] syz.1.141 (6470) used greatest stack depth: 18952 bytes left [ 144.096768][ T6486] netlink: 12 bytes leftover after parsing attributes in process `syz.2.148'. [ 144.111985][ T6486] nbd: must specify a size in bytes for the device [ 144.934402][ T6497] bio_check_eod: 2 callbacks suppressed [ 144.934416][ T6497] syz.1.149: attempt to access beyond end of device [ 144.934416][ T6497] loop1: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 144.976542][ T6497] hfsplus: unable to find HFS+ superblock [ 146.717346][ T6515] bridge_slave_1: entered allmulticast mode [ 146.839705][ T6515] fuse: Bad value for 'fd' [ 147.032502][ T6523] netlink: 12 bytes leftover after parsing attributes in process `syz.3.160'. [ 147.041743][ T6523] nbd: must specify a size in bytes for the device [ 147.126098][ T977] vhci_hcd: vhci_device speed not set [ 147.405523][ T5829] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 147.413318][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 147.545721][ T5829] usb 1-1: device descriptor read/64, error -32 [ 147.765659][ T6530] netlink: 12 bytes leftover after parsing attributes in process `syz.1.162'. [ 147.774744][ T6530] nbd: must specify a size in bytes for the device [ 148.107747][ T5829] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 148.359616][ T5829] usb 1-1: Using ep0 maxpacket: 16 [ 148.370045][ T5829] usb 1-1: config 0 has an invalid interface number: 194 but max is 0 [ 148.388563][ T5829] usb 1-1: config 0 has no interface number 0 [ 148.407609][ T5829] usb 1-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=b4.25 [ 148.433640][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.015290][ T5829] usb 1-1: Product: syz [ 149.019931][ T5829] usb 1-1: Manufacturer: syz [ 149.025013][ T5829] usb 1-1: SerialNumber: syz [ 149.037645][ T5829] usb 1-1: config 0 descriptor?? [ 149.046353][ T5829] cypress_cy7c63 1-1:0.194: Cypress CY7C63xxx device now attached [ 149.648277][ T6517] tipc: Started in network mode [ 149.655452][ T6517] tipc: Node identity 7f000001, cluster identity 4711 [ 149.774665][ T6517] tipc: Enabled bearer , priority 10 [ 149.872579][ T5829] usb 1-1: USB disconnect, device number 8 [ 149.895954][ T5829] cypress_cy7c63 1-1:0.194: Cypress CY7C63xxx device now disconnected [ 150.776632][ T5829] tipc: Node number set to 2130706433 [ 151.798684][ T6562] capability: warning: `syz.0.170' uses 32-bit capabilities (legacy support in use) [ 152.921960][ T6573] nbd: socks must be embedded in a SOCK_ITEM attr [ 153.200607][ T6576] netlink: 12 bytes leftover after parsing attributes in process `syz.0.174'. [ 153.210089][ T6576] nbd: must specify a size in bytes for the device [ 153.556957][ T6567] netlink: 12 bytes leftover after parsing attributes in process `syz.3.172'. [ 153.565970][ T6567] nbd: must specify a size in bytes for the device [ 154.256689][ T6015] udevd[6015]: inotify_add_watch(7, /dev/nbd0, 10) failed: No such file or directory [ 155.616904][ T5899] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 156.009684][ T5899] usb 4-1: Using ep0 maxpacket: 16 [ 156.200196][ T5899] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 156.371407][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 157.035241][ T5899] usb 4-1: Product: syz [ 157.055486][ T5899] usb 4-1: Manufacturer: syz [ 157.060192][ T5899] usb 4-1: SerialNumber: syz [ 157.076048][ T5899] usb 4-1: config 0 descriptor?? [ 158.360126][ T6639] netlink: 12 bytes leftover after parsing attributes in process `syz.4.190'. [ 158.369334][ T6639] nbd: must specify a size in bytes for the device [ 159.858689][ T5899] usb 4-1: USB disconnect, device number 3 [ 162.128903][ T6689] netlink: 28 bytes leftover after parsing attributes in process `syz.1.202'. [ 162.136820][ T6686] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 162.158433][ T6689] netlink: 28 bytes leftover after parsing attributes in process `syz.1.202'. [ 162.745288][ T5938] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 162.915305][ T5938] usb 2-1: Using ep0 maxpacket: 16 [ 162.944307][ T5938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.017506][ T5938] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 163.067958][ T5938] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 163.166116][ T5938] usb 2-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 163.243446][ T5938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.323068][ T5938] usb 2-1: config 0 descriptor?? [ 163.468114][ T6713] could not allocate digest TFM handle poly1305-generic [ 163.962833][ T5938] usbhid 2-1:0.0: can't add hid device: -71 [ 164.327706][ T5938] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 164.352185][ T5938] usb 2-1: USB disconnect, device number 3 [ 164.995246][ T5870] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 165.010272][ T6736] netlink: 'syz.0.219': attribute type 1 has an invalid length. [ 165.018820][ T6736] netlink: 224 bytes leftover after parsing attributes in process `syz.0.219'. [ 165.069636][ T6736] netlink: 68 bytes leftover after parsing attributes in process `syz.0.219'. [ 165.245407][ T5870] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 165.253850][ T5870] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 165.365036][ T5870] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 165.415308][ T5870] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 165.436333][ T5870] usb 4-1: Manufacturer: syz [ 165.452045][ T5870] usb 4-1: config 0 descriptor?? [ 165.483840][ T5870] igorplugusb 4-1:0.0: endpoint incorrect [ 165.960403][ T5870] usb 4-1: USB disconnect, device number 4 [ 173.103685][ T6839] FAULT_INJECTION: forcing a failure. [ 173.103685][ T6839] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.117007][ T6839] CPU: 0 UID: 0 PID: 6839 Comm: syz.1.250 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 173.117028][ T6839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 173.117038][ T6839] Call Trace: [ 173.117045][ T6839] [ 173.117052][ T6839] dump_stack_lvl+0x189/0x250 [ 173.117081][ T6839] ? __pfx____ratelimit+0x10/0x10 [ 173.117104][ T6839] ? __pfx_dump_stack_lvl+0x10/0x10 [ 173.117129][ T6839] ? __pfx__printk+0x10/0x10 [ 173.117146][ T6839] ? __might_fault+0xb0/0x130 [ 173.117178][ T6839] should_fail_ex+0x414/0x560 [ 173.117202][ T6839] _copy_from_user+0x2d/0xb0 [ 173.117229][ T6839] ___sys_sendmsg+0x158/0x2a0 [ 173.117252][ T6839] ? __pfx____sys_sendmsg+0x10/0x10 [ 173.117303][ T6839] ? __fget_files+0x2a/0x420 [ 173.117324][ T6839] ? __fget_files+0x3a0/0x420 [ 173.117354][ T6839] __x64_sys_sendmsg+0x19b/0x260 [ 173.117377][ T6839] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 173.117406][ T6839] ? __pfx_ksys_write+0x10/0x10 [ 173.117423][ T6839] ? rcu_is_watching+0x15/0xb0 [ 173.117459][ T6839] ? do_syscall_64+0xbe/0x3b0 [ 173.117487][ T6839] do_syscall_64+0xfa/0x3b0 [ 173.117510][ T6839] ? lockdep_hardirqs_on+0x9c/0x150 [ 173.117532][ T6839] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.117549][ T6839] ? clear_bhb_loop+0x60/0xb0 [ 173.117570][ T6839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.117587][ T6839] RIP: 0033:0x7f3843f8e929 [ 173.117602][ T6839] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.117616][ T6839] RSP: 002b:00007f3844d4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 173.117634][ T6839] RAX: ffffffffffffffda RBX: 00007f38441b6080 RCX: 00007f3843f8e929 [ 173.117647][ T6839] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005 [ 173.117657][ T6839] RBP: 00007f3844d4a090 R08: 0000000000000000 R09: 0000000000000000 [ 173.117667][ T6839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 173.117677][ T6839] R13: 0000000000000000 R14: 00007f38441b6080 R15: 00007ffde3b22b18 [ 173.117704][ T6839] [ 173.322862][ C0] vkms_vblank_simulate: vblank timer overrun [ 174.445160][ T5899] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 174.655616][ T5899] usb 2-1: Using ep0 maxpacket: 16 [ 174.666289][ T5899] usb 2-1: too many configurations: 60, using maximum allowed: 8 [ 174.687967][ T5899] usb 2-1: config 0 has no interfaces? [ 174.712120][ T5899] usb 2-1: config 0 has no interfaces? [ 174.747297][ T5899] usb 2-1: config 0 has no interfaces? [ 175.023094][ T5899] usb 2-1: config 0 has no interfaces? [ 175.272980][ T5899] usb 2-1: config 0 has no interfaces? [ 175.284279][ T5899] usb 2-1: config 0 has no interfaces? [ 175.298000][ T5899] usb 2-1: config 0 has no interfaces? [ 175.305869][ T5899] usb 2-1: config 0 has no interfaces? [ 175.316319][ T5899] usb 2-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9 [ 175.331030][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204 [ 175.339461][ T5899] usb 2-1: Product: syz [ 175.530246][ T5899] usb 2-1: Manufacturer: syz [ 175.534975][ T5899] usb 2-1: SerialNumber: syz [ 175.586667][ T5899] usb 2-1: config 0 descriptor?? [ 176.222250][ T5899] usb 2-1: USB disconnect, device number 4 [ 176.834021][ T6876] netlink: 12 bytes leftover after parsing attributes in process `syz.0.262'. [ 176.844646][ T6876] nbd: must specify a size in bytes for the device [ 177.686213][ T6881] netlink: 40 bytes leftover after parsing attributes in process `syz.2.263'. [ 179.940031][ T6899] netlink: 260 bytes leftover after parsing attributes in process `syz.2.268'. [ 180.560263][ T6906] netlink: 1964 bytes leftover after parsing attributes in process `syz.1.270'. [ 180.631117][ T6906] netlink: 60 bytes leftover after parsing attributes in process `syz.1.270'. [ 186.075519][ T6978] netlink: 12 bytes leftover after parsing attributes in process `syz.2.287'. [ 186.085042][ T6978] nbd: must specify a size in bytes for the device [ 189.829459][ T7015] netlink: 260 bytes leftover after parsing attributes in process `syz.1.295'. [ 192.219213][ T7033] ======================================================= [ 192.219213][ T7033] WARNING: The mand mount option has been deprecated and [ 192.219213][ T7033] and is ignored by this kernel. Remove the mand [ 192.219213][ T7033] option from the mount to silence this warning. [ 192.219213][ T7033] ======================================================= [ 194.020419][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.881441][ T7069] netlink: 260 bytes leftover after parsing attributes in process `syz.0.309'. [ 194.891460][ T5831] Bluetooth: hci1: ACL packet for unknown connection handle 1 [ 200.210351][ T7117] xt_CT: You must specify a L4 protocol and not use inversions on it [ 200.569094][ T7120] netlink: 48 bytes leftover after parsing attributes in process `syz.1.324'. [ 200.661397][ T7120] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 200.669020][ T7120] IPv6: NLM_F_CREATE should be set when creating new route [ 201.245378][ T7120] netlink: 'syz.1.324': attribute type 9 has an invalid length. [ 201.455350][ T5829] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 201.495136][ T10] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 201.737683][ T5829] usb 5-1: Using ep0 maxpacket: 8 [ 201.745567][ T5829] usb 5-1: config 12 has an invalid interface number: 59 but max is 1 [ 201.753765][ T5829] usb 5-1: config 12 has an invalid descriptor of length 247, skipping remainder of the config [ 201.764507][ T5829] usb 5-1: config 12 has 1 interface, different from the descriptor's value: 2 [ 201.773563][ T5829] usb 5-1: config 12 has no interface number 0 [ 201.779861][ T5829] usb 5-1: config 12 interface 59 altsetting 11 has an invalid descriptor for endpoint zero, skipping [ 201.795758][ T5829] usb 5-1: config 12 interface 59 altsetting 11 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 201.810255][ T5829] usb 5-1: config 12 interface 59 has no altsetting 0 [ 201.890476][ T10] usb 2-1: config 0 has an invalid interface number: 64 but max is 0 [ 201.989503][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 202.013714][ T5829] usb 5-1: New USB device found, idVendor=24c6, idProduct=4879, bcdDevice= a.00 [ 202.050891][ T10] usb 2-1: config 0 has no interface number 0 [ 202.058490][ T5829] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.084944][ T5829] usb 5-1: Product:  [ 202.113471][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 202.179858][ T5829] usb 5-1: Manufacturer: 倃 [ 202.184925][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.194083][ T5829] usb 5-1: SerialNumber: à “ [ 202.202370][ T10] usb 2-1: Product: syz [ 202.226319][ T10] usb 2-1: Manufacturer: syz [ 202.238725][ T10] usb 2-1: SerialNumber: syz [ 202.259223][ T10] usb 2-1: config 0 descriptor?? [ 202.986487][ T7120] sctp: [Deprecated]: syz.1.324 (pid 7120) Use of int in maxseg socket option. [ 202.986487][ T7120] Use struct sctp_assoc_value instead [ 203.016279][ T5829] usb 5-1: USB disconnect, device number 6 [ 203.031951][ T24] usb 2-1: USB disconnect, device number 5 [ 205.029929][ T7179] Illegal XDP return value 4294967274 on prog (id 104) dev syz_tun, expect packet loss! [ 205.998217][ T7185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.343'. [ 206.329418][ T5826] Bluetooth: hci1: command 0x0406 tx timeout [ 206.329448][ T5142] Bluetooth: hci0: command 0x0406 tx timeout [ 206.336381][ T5826] Bluetooth: hci2: command 0x0406 tx timeout [ 206.341606][ T5142] Bluetooth: hci3: command 0x0406 tx timeout [ 207.108831][ T5899] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 207.761211][ T5899] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 207.775230][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.785407][ T5899] usb 5-1: Product: syz [ 207.789600][ T5899] usb 5-1: Manufacturer: syz [ 207.795264][ T5899] usb 5-1: SerialNumber: syz [ 208.900578][ T5899] usb 5-1: config 0 descriptor?? [ 209.180109][ T7231] IPv6: addrconf: prefix option has invalid lifetime [ 209.637694][ T5899] mos7840 5-1:0.0: required endpoints missing [ 209.646388][ T5899] usb 5-1: USB disconnect, device number 7 [ 210.714160][ T7246] FAULT_INJECTION: forcing a failure. [ 210.714160][ T7246] name failslab, interval 1, probability 0, space 0, times 0 [ 210.730723][ T7246] CPU: 0 UID: 0 PID: 7246 Comm: syz.0.360 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 210.730745][ T7246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.730756][ T7246] Call Trace: [ 210.730762][ T7246] [ 210.730767][ T7246] dump_stack_lvl+0x189/0x250 [ 210.730799][ T7246] ? __pfx____ratelimit+0x10/0x10 [ 210.730817][ T7246] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.730836][ T7246] ? __pfx__printk+0x10/0x10 [ 210.730853][ T7246] ? __pfx___might_resched+0x10/0x10 [ 210.730871][ T7246] ? fs_reclaim_acquire+0x7d/0x100 [ 210.730893][ T7246] should_fail_ex+0x414/0x560 [ 210.730912][ T7246] should_failslab+0xa8/0x100 [ 210.730930][ T7246] __kmalloc_noprof+0xcb/0x4f0 [ 210.730944][ T7246] ? kfree+0x4d/0x440 [ 210.730956][ T7246] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 210.730979][ T7246] tomoyo_realpath_from_path+0xe3/0x5d0 [ 210.730998][ T7246] ? tomoyo_domain+0xda/0x130 [ 210.731026][ T7246] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 210.731041][ T7246] tomoyo_path_number_perm+0x1e8/0x5a0 [ 210.731059][ T7246] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 210.731086][ T7246] ? __lock_acquire+0xab9/0xd20 [ 210.731117][ T7246] ? __fget_files+0x2a/0x420 [ 210.731137][ T7246] ? __fget_files+0x2a/0x420 [ 210.731153][ T7246] ? __fget_files+0x3a0/0x420 [ 210.731169][ T7246] ? __fget_files+0x2a/0x420 [ 210.731188][ T7246] security_file_ioctl+0xcb/0x2d0 [ 210.731206][ T7246] __se_sys_ioctl+0x47/0x170 [ 210.731222][ T7246] do_syscall_64+0xfa/0x3b0 [ 210.731242][ T7246] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.731254][ T7246] ? asm_sysvec_call_function_single+0x1a/0x20 [ 210.731267][ T7246] ? clear_bhb_loop+0x60/0xb0 [ 210.731283][ T7246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.731296][ T7246] RIP: 0033:0x7fa952b8e929 [ 210.731310][ T7246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.731321][ T7246] RSP: 002b:00007fa9509d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 210.731338][ T7246] RAX: ffffffffffffffda RBX: 00007fa952db6080 RCX: 00007fa952b8e929 [ 210.731348][ T7246] RDX: 00002000000001c0 RSI: 0000000040045431 RDI: 0000000000000006 [ 210.731356][ T7246] RBP: 00007fa9509d5090 R08: 0000000000000000 R09: 0000000000000000 [ 210.731364][ T7246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 210.731371][ T7246] R13: 0000000000000000 R14: 00007fa952db6080 R15: 00007ffe82dec228 [ 210.731391][ T7246] [ 210.731417][ T7246] ERROR: Out of memory at tomoyo_realpath_from_path. [ 211.283967][ T7248] netlink: 32 bytes leftover after parsing attributes in process `syz.4.361'. [ 213.665115][ T5892] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 213.842870][ T5892] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 213.868540][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 213.902587][ T5892] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 213.931061][ T5892] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 213.974186][ T5892] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 214.003698][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.039455][ T5892] usb 1-1: config 0 descriptor?? [ 215.127065][ T7278] netlink: 12 bytes leftover after parsing attributes in process `syz.3.369'. [ 215.137372][ T7278] nbd: must specify a size in bytes for the device [ 215.724242][ T7282] netlink: 12 bytes leftover after parsing attributes in process `syz.4.370'. [ 215.733972][ T7282] nbd: must specify a size in bytes for the device [ 216.132550][ T7255] syz.1.364 (7255) used greatest stack depth: 18592 bytes left [ 216.269771][ T7266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.309700][ T7266] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.415235][ T5892] usbhid 1-1:0.0: can't add hid device: -71 [ 216.421349][ T5892] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 216.431905][ T5892] usb 1-1: USB disconnect, device number 9 [ 219.513428][ T7299] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 220.418778][ T7313] netlink: 28 bytes leftover after parsing attributes in process `syz.1.378'. [ 220.458277][ T7313] netlink: 'syz.1.378': attribute type 8 has an invalid length. [ 220.530186][ T7313] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 220.614433][ T7320] bridge_slave_0: left allmulticast mode [ 220.631375][ T7320] bridge_slave_0: left promiscuous mode [ 220.637818][ T7320] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.653650][ T7320] bridge_slave_1: left allmulticast mode [ 220.663604][ T7320] bridge_slave_1: left promiscuous mode [ 220.669674][ T7320] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.684206][ T7320] bond0: (slave bond_slave_0): Releasing backup interface [ 220.854810][ T7320] bond0: (slave bond_slave_1): Releasing backup interface [ 221.346675][ T7320] team0: Port device team_slave_0 removed [ 221.366905][ T7320] team0: Port device team_slave_1 removed [ 221.397661][ T7320] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 221.413335][ T7327] syz.2.383: attempt to access beyond end of device [ 221.413335][ T7327] loop2: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 221.426832][ T7327] hfsplus: unable to find HFS+ superblock [ 221.471895][ T7320] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 222.109397][ T7320] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 222.136806][ T7320] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 222.173616][ T7322] netlink: 20 bytes leftover after parsing attributes in process `syz.0.382'. [ 222.848307][ T7333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.384'. [ 222.857451][ T7333] nbd: must specify a size in bytes for the device [ 223.953189][ T7340] kvm: vcpu 0: requested 8 ns lapic timer period limited to 200000 ns [ 224.000742][ T7340] netlink: 4 bytes leftover after parsing attributes in process `syz.4.388'. [ 225.031249][ T5832] Bluetooth: hci0: unknown advertising packet type: 0x82 [ 225.031305][ T5832] Bluetooth: hci0: Dropping invalid advertising data [ 225.051763][ T5832] Bluetooth: hci0: unknown advertising packet type: 0xf2 [ 225.051790][ T5832] Bluetooth: hci0: Malformed LE Event: 0x02 [ 225.166273][ T7367] program syz.0.393 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 225.254530][ T7364] syz.2.395: attempt to access beyond end of device [ 225.254530][ T7364] loop2: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 225.268625][ T7364] hfsplus: unable to find HFS+ superblock [ 225.372349][ T7370] netlink: 196 bytes leftover after parsing attributes in process `syz.1.394'. [ 225.372385][ T7369] netlink: 'syz.1.394': attribute type 11 has an invalid length. [ 225.519164][ T7369] netlink: 140 bytes leftover after parsing attributes in process `syz.1.394'. [ 227.416350][ T7387] netlink: 12 bytes leftover after parsing attributes in process `syz.3.400'. [ 227.425410][ T7387] nbd: must specify a size in bytes for the device [ 228.291343][ T7396] IPv6: Can't replace route, no match found [ 228.693819][ T7399] fuse: Bad value for 'fd' [ 229.744738][ T7405] netlink: 56 bytes leftover after parsing attributes in process `syz.1.406'. [ 230.405907][ T7413] netlink: 'syz.2.408': attribute type 27 has an invalid length. [ 231.605996][ T7423] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 232.815017][ T7437] netlink: 12 bytes leftover after parsing attributes in process `syz.2.412'. [ 232.824496][ T7437] nbd: must specify a size in bytes for the device [ 239.538631][ T7501] netlink: 8 bytes leftover after parsing attributes in process `syz.3.432'. [ 239.551164][ T7501] openvswitch: netlink: nsh attribute has 65520 unknown bytes. [ 239.605367][ T7501] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 239.626958][ T5827] kernel write not supported for file /sg0 (pid: 5827 comm: kworker/1:3) [ 239.767368][ T5827] libceph: connect (1)[c::]:6789 error -101 [ 239.773854][ T5827] libceph: mon0 (1)[c::]:6789 connect error [ 239.835125][ T5994] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 239.862761][ T7507] ceph: No mds server is up or the cluster is laggy [ 239.887887][ T7513] Bluetooth: hci0: invalid length 0, exp 2 for type 1 [ 239.990347][ T5994] usb 1-1: unable to get BOS descriptor or descriptor too short [ 240.025165][ T5994] usb 1-1: config 1 interface 0 altsetting 13 bulk endpoint 0x1 has invalid maxpacket 8 [ 240.049340][ T5994] usb 1-1: config 1 interface 0 has no altsetting 0 [ 240.081246][ T5994] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 240.096927][ T5892] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 240.113233][ T5994] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.141735][ T5994] usb 1-1: Product: syz [ 240.819929][ T5892] usb 2-1: Using ep0 maxpacket: 16 [ 240.835310][ T5994] usb 1-1: Manufacturer: syz [ 240.840893][ T5994] usb 1-1: SerialNumber: syz [ 240.847520][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 240.897730][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 240.913691][ T7503] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 241.101206][ T5892] usb 2-1: New USB device found, idVendor=0dac, idProduct=024b, bcdDevice= 0.04 [ 241.118600][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.160110][ T5892] usb 2-1: config 0 descriptor?? [ 241.992303][ T5994] usb 1-1: USB disconnect, device number 10 [ 242.360790][ T5892] hid (null): invalid report_size 24312 [ 242.376347][ T5892] hid (null): report_id 1312380026 is invalid [ 242.404860][ T5892] hid (null): unknown global tag 0xe [ 242.557666][ T5892] hid-generic 0003:0DAC:024B.0001: unknown main item tag 0x6 [ 242.705621][ T5892] hid-generic 0003:0DAC:024B.0001: invalid report_size 24312 [ 242.720461][ T5892] hid-generic 0003:0DAC:024B.0001: item 0 2 1 7 parsing failed [ 242.740071][ T5892] hid-generic 0003:0DAC:024B.0001: probe with driver hid-generic failed with error -22 [ 242.763289][ T5892] usb 2-1: USB disconnect, device number 6 [ 248.117573][ T7574] lo speed is unknown, defaulting to 1000 [ 248.146413][ T7574] lo speed is unknown, defaulting to 1000 [ 248.171819][ T7574] lo speed is unknown, defaulting to 1000 [ 248.728907][ T7574] infiniband syz2: set active [ 248.733814][ T7574] infiniband syz2: added lo [ 248.740467][ T7574] syz2: rxe_create_cq: returned err = -12 [ 248.746448][ T7574] infiniband syz2: Couldn't create ib_mad CQ [ 248.752540][ T7574] infiniband syz2: Couldn't open port 1 [ 248.768000][ T24] lo speed is unknown, defaulting to 1000 [ 248.859673][ T7574] RDS/IB: syz2: added [ 248.864164][ T7574] smc: adding ib device syz2 with port count 1 [ 248.870683][ T7574] smc: ib device syz2 port 1 has pnetid [ 248.879224][ T7574] lo speed is unknown, defaulting to 1000 [ 248.933840][ T24] lo speed is unknown, defaulting to 1000 [ 249.369667][ T7574] lo speed is unknown, defaulting to 1000 [ 249.499356][ T7574] lo speed is unknown, defaulting to 1000 [ 249.629079][ T7574] lo speed is unknown, defaulting to 1000 [ 249.771082][ T7574] lo speed is unknown, defaulting to 1000 [ 250.178064][ T7584] netlink: 264 bytes leftover after parsing attributes in process `syz.4.455'. [ 250.501370][ T7583] netlink: 72 bytes leftover after parsing attributes in process `syz.2.454'. [ 250.647456][ T7568] netlink: 40 bytes leftover after parsing attributes in process `syz.3.452'. [ 250.666089][ T7568] hfsplus: unable to find HFS+ superblock [ 250.710020][ T7578] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(14) [ 250.716684][ T7578] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 250.735265][ T7578] vhci_hcd vhci_hcd.0: Device attached [ 250.834148][ T7578] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(16) [ 250.840806][ T7578] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 250.962569][ T7578] vhci_hcd vhci_hcd.0: Device attached [ 251.031600][ T10] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 251.035388][ T7591] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 251.232404][ T7600] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(24) [ 251.239060][ T7600] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 251.758869][ T7600] vhci_hcd vhci_hcd.0: Device attached [ 251.955761][ T7578] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 252.142822][ T7604] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(18) [ 252.149469][ T7604] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 252.745406][ T7578] vhci_hcd vhci_hcd.0: pdev(0) rhport(5) sockfd(29) [ 252.752072][ T7578] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 252.871489][ T7619] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 252.878890][ T7619] IPv6: NLM_F_CREATE should be set when creating new route [ 252.886328][ T7619] IPv6: NLM_F_CREATE should be set when creating new route [ 252.893566][ T7619] IPv6: NLM_F_CREATE should be set when creating new route [ 253.725372][ T7604] vhci_hcd vhci_hcd.0: Device attached [ 253.762958][ T7591] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 253.806608][ T7578] vhci_hcd vhci_hcd.0: Device attached [ 254.853149][ T7601] vhci_hcd: connection closed [ 254.853952][ T7605] vhci_hcd: connection closed [ 254.854712][ T7590] vhci_hcd: connection closed [ 254.868144][ T59] vhci_hcd: stop threads [ 254.877184][ T7588] vhci_hcd: connection reset by peer [ 254.885354][ T7616] vhci_hcd: connection closed [ 254.892805][ T59] vhci_hcd: release socket [ 254.903756][ T59] vhci_hcd: disconnect device [ 254.929022][ T59] vhci_hcd: stop threads [ 254.953660][ T59] vhci_hcd: release socket [ 254.976789][ T59] vhci_hcd: disconnect device [ 255.449126][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.614393][ T59] vhci_hcd: stop threads [ 255.619095][ T59] vhci_hcd: release socket [ 255.624006][ T59] vhci_hcd: disconnect device [ 255.630110][ T59] vhci_hcd: stop threads [ 255.645072][ T59] vhci_hcd: release socket [ 255.658904][ T59] vhci_hcd: disconnect device [ 255.671097][ T59] vhci_hcd: stop threads [ 255.678291][ T59] vhci_hcd: release socket [ 255.683997][ T59] vhci_hcd: disconnect device [ 255.799367][ T7636] overlayfs: failed to resolve './file1': -2 [ 256.418976][ T10] vhci_hcd: vhci_device speed not set [ 258.338068][ T7662] netlink: 12 bytes leftover after parsing attributes in process `syz.0.474'. [ 258.351469][ T7662] nbd: must specify a size in bytes for the device [ 258.788307][ T5892] usb usb34-port1: attempt power cycle [ 259.379429][ T7678] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 259.756298][ T5892] usb usb34-port1: unable to enumerate USB device [ 263.200969][ T7707] netlink: 12 bytes leftover after parsing attributes in process `syz.4.488'. [ 263.210789][ T7707] nbd: must specify a size in bytes for the device [ 267.216598][ T7746] overlay: Unknown parameter '\' [ 268.337866][ T7763] tmpfs: Bad value for 'mpol' [ 269.878420][ T7764] netlink: 12 bytes leftover after parsing attributes in process `syz.2.504'. [ 269.888765][ T7764] nbd: must specify a size in bytes for the device [ 274.345627][ T5938] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 274.513633][ T7809] netlink: 12 bytes leftover after parsing attributes in process `syz.3.517'. [ 274.527033][ T7809] nbd: must specify a size in bytes for the device [ 274.675175][ T5938] usb 5-1: Using ep0 maxpacket: 32 [ 274.707814][ T5938] usb 5-1: config 2 has an invalid interface number: 190 but max is 0 [ 274.728328][ T5938] usb 5-1: config 2 has no interface number 0 [ 274.897337][ T5938] usb 5-1: config 2 interface 190 has no altsetting 0 [ 274.928972][ T5938] usb 5-1: language id specifier not provided by device, defaulting to English [ 274.967220][ T5938] usb 5-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 274.983020][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.995592][ T5938] usb 5-1: Product: syz [ 275.805914][ T5938] usb 5-1: Manufacturer: ñ·Ÿ—è [ 275.895121][ T5938] usb 5-1: SerialNumber: syz [ 275.966694][ T7818] cgroup: Invalid name [ 277.182162][ T5938] usb 5-1: USB disconnect, device number 8 [ 277.198392][ T7829] xt_CT: No such helper "snmp" [ 277.320764][ T5899] libceph: connect (1)[c::]:6789 error -101 [ 277.328669][ T5899] libceph: mon0 (1)[c::]:6789 connect error [ 277.376691][ T7839] ceph: No mds server is up or the cluster is laggy [ 278.291120][ T7854] netlink: 12 bytes leftover after parsing attributes in process `syz.4.529'. [ 278.300438][ T7854] nbd: must specify a size in bytes for the device [ 279.835136][ T5899] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 280.116170][ T5899] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 280.392252][ T5899] usb 4-1: config 0 interface 0 has no altsetting 0 [ 280.468238][ T5899] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c04, bcdDevice= 0.00 [ 280.886409][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.926724][ T5899] usb 4-1: config 0 descriptor?? [ 281.335244][ T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 282.048353][ T5899] corsair-psu 0003:1B1C:1C04.0002: hidraw0: USB HID v0.01 Device [HID 1b1c:1c04] on usb-dummy_hcd.3-1/input0 [ 282.065096][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 282.080646][ T24] usb 2-1: config 2 has an invalid interface number: 190 but max is 0 [ 282.093570][ T24] usb 2-1: config 2 has no interface number 0 [ 282.106898][ T24] usb 2-1: config 2 interface 190 has no altsetting 0 [ 282.189703][ T5899] corsair-psu 0003:1B1C:1C04.0002: unable to initialize device (-71) [ 282.205677][ T24] usb 2-1: language id specifier not provided by device, defaulting to English [ 282.235994][ T24] usb 2-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 282.263219][ T5899] corsair-psu 0003:1B1C:1C04.0002: probe with driver corsair-psu failed with error -71 [ 282.342584][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.355121][ T24] usb 2-1: Product: syz [ 282.373067][ T24] usb 2-1: Manufacturer: ñ·Ÿ—è [ 282.378537][ T24] usb 2-1: SerialNumber: syz [ 282.384885][ T5899] usb 4-1: USB disconnect, device number 5 [ 283.659070][ T7896] netlink: 12 bytes leftover after parsing attributes in process `syz.3.542'. [ 283.668175][ T7896] nbd: must specify a size in bytes for the device [ 284.114201][ T7901] netlink: 'syz.4.543': attribute type 3 has an invalid length. [ 284.127661][ T7901] netlink: 666 bytes leftover after parsing attributes in process `syz.4.543'. [ 285.079858][ T5938] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 285.087488][ T977] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 285.156168][ T24] usb 2-1: USB disconnect, device number 7 [ 285.204988][ T7911] pimreg: entered allmulticast mode [ 285.434078][ T977] usb 3-1: unable to get BOS descriptor or descriptor too short [ 285.561960][ T7919] netlink: 92 bytes leftover after parsing attributes in process `syz.1.546'. [ 286.019143][ T977] usb 3-1: not running at top speed; connect to a high speed hub [ 286.048101][ T5938] usb 5-1: Using ep0 maxpacket: 8 [ 286.083687][ T977] usb 3-1: config 1 has an invalid interface number: 38 but max is 0 [ 286.095823][ T977] usb 3-1: config 1 has no interface number 0 [ 286.102504][ T977] usb 3-1: config 1 interface 38 altsetting 3 endpoint 0x5 has invalid wMaxPacketSize 0 [ 286.246456][ T977] usb 3-1: config 1 interface 38 has no altsetting 0 [ 286.254474][ T5938] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 286.271022][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.301915][ T977] usb 3-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=fd.63 [ 286.370114][ T5938] usb 5-1: Product: syz [ 286.378318][ T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.428126][ T5938] usb 5-1: Manufacturer: syz [ 286.450251][ T977] usb 3-1: Product: syz [ 286.459317][ T5938] usb 5-1: SerialNumber: syz [ 286.484470][ T977] usb 3-1: Manufacturer: syz [ 286.526008][ T5938] usb 5-1: config 0 descriptor?? [ 286.542138][ T977] usb 3-1: SerialNumber: syz [ 286.561579][ T5938] gspca_main: sq930x-2.14.0 probing 2770:930c [ 286.785137][ T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 286.960791][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 287.078247][ T977] snd-usb-audio 3-1:1.38: probe with driver snd-usb-audio failed with error -22 [ 287.078426][ T10] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.176460][ T977] usb 3-1: USB disconnect, device number 3 [ 287.233377][ T10] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.247011][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 287.358117][ T7931] syzkaller1: entered promiscuous mode [ 287.375225][ T5938] gspca_sq930x: ucbus_write failed -71 [ 287.380792][ T5938] sq930x 5-1:0.0: probe with driver sq930x failed with error -71 [ 287.401078][ T10] usb 1-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 287.402090][ T7931] syzkaller1: entered allmulticast mode [ 287.423276][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.423897][ T5938] usb 5-1: USB disconnect, device number 9 [ 287.491439][ T10] usb 1-1: config 0 descriptor?? [ 288.574040][ T7922] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.588272][ T7922] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.637828][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 288.656136][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 288.758090][ T10] usb 1-1: USB disconnect, device number 11 [ 288.858977][ T7950] netlink: 'syz.3.557': attribute type 5 has an invalid length. [ 288.875675][ T7950] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.557'. [ 289.653534][ T5938] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 289.925345][ T5938] usb 3-1: Using ep0 maxpacket: 32 [ 289.983099][ T5938] usb 3-1: config 2 has an invalid interface number: 190 but max is 0 [ 290.010384][ T5938] usb 3-1: config 2 has no interface number 0 [ 290.165154][ T5938] usb 3-1: config 2 interface 190 has no altsetting 0 [ 290.187870][ T5938] usb 3-1: language id specifier not provided by device, defaulting to English [ 290.204788][ T5938] usb 3-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 290.214161][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.222441][ T5938] usb 3-1: Product: syz [ 290.227390][ T5938] usb 3-1: Manufacturer: ñ·Ÿ—è [ 290.232274][ T5938] usb 3-1: SerialNumber: syz [ 290.238632][ T7963] fuse: Bad value for 'fd' [ 292.250583][ T5938] usb 3-1: USB disconnect, device number 4 [ 293.365089][ T5832] Bluetooth: hci4: command 0x0406 tx timeout [ 297.594619][ T8028] syz.0.576: attempt to access beyond end of device [ 297.594619][ T8028] loop0: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 297.608474][ T8028] hfsplus: unable to find HFS+ superblock [ 298.849882][ T8043] FAULT_INJECTION: forcing a failure. [ 298.849882][ T8043] name failslab, interval 1, probability 0, space 0, times 0 [ 298.862723][ T8043] CPU: 1 UID: 0 PID: 8043 Comm: syz.4.582 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 298.862738][ T8043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 298.862752][ T8043] Call Trace: [ 298.862758][ T8043] [ 298.862763][ T8043] dump_stack_lvl+0x189/0x250 [ 298.862787][ T8043] ? __pfx____ratelimit+0x10/0x10 [ 298.862805][ T8043] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.862823][ T8043] ? __pfx__printk+0x10/0x10 [ 298.862839][ T8043] ? __pfx___might_resched+0x10/0x10 [ 298.862857][ T8043] ? fs_reclaim_acquire+0x7d/0x100 [ 298.862877][ T8043] should_fail_ex+0x414/0x560 [ 298.862895][ T8043] should_failslab+0xa8/0x100 [ 298.862912][ T8043] __kmalloc_noprof+0xcb/0x4f0 [ 298.862926][ T8043] ? security_prepare_creds+0x52/0x390 [ 298.862946][ T8043] security_prepare_creds+0x52/0x390 [ 298.862968][ T8043] prepare_creds+0x497/0x6c0 [ 298.862984][ T8043] smk_write_relabel_self+0x22b/0x4e0 [ 298.863006][ T8043] ? __pfx_smk_write_relabel_self+0x10/0x10 [ 298.863030][ T8043] vfs_writev+0x4b6/0x960 [ 298.863050][ T8043] ? __pfx_smk_write_relabel_self+0x10/0x10 [ 298.863070][ T8043] ? __pfx_vfs_writev+0x10/0x10 [ 298.863097][ T8043] ? __fget_files+0x2a/0x420 [ 298.863117][ T8043] ? __fget_files+0x3a0/0x420 [ 298.863133][ T8043] ? __fget_files+0x2a/0x420 [ 298.863155][ T8043] do_writev+0x14d/0x2d0 [ 298.863174][ T8043] ? __pfx_do_writev+0x10/0x10 [ 298.863195][ T8043] ? do_syscall_64+0xbe/0x3b0 [ 298.863216][ T8043] do_syscall_64+0xfa/0x3b0 [ 298.863233][ T8043] ? lockdep_hardirqs_on+0x9c/0x150 [ 298.863250][ T8043] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.863263][ T8043] ? clear_bhb_loop+0x60/0xb0 [ 298.863278][ T8043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.863290][ T8043] RIP: 0033:0x7f23b798e929 [ 298.863301][ T8043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 298.863312][ T8043] RSP: 002b:00007f23b88d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 298.863325][ T8043] RAX: ffffffffffffffda RBX: 00007f23b7bb5fa0 RCX: 00007f23b798e929 [ 298.863334][ T8043] RDX: 0000000000000002 RSI: 0000200000000780 RDI: 0000000000000005 [ 298.863342][ T8043] RBP: 00007f23b88d8090 R08: 0000000000000000 R09: 0000000000000000 [ 298.863349][ T8043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.863356][ T8043] R13: 0000000000000000 R14: 00007f23b7bb5fa0 R15: 00007ffd8a903bf8 [ 298.863375][ T8043] [ 301.312727][ T8056] 9pnet_fd: Insufficient options for proto=fd [ 301.856232][ T8066] overlayfs: overlapping lowerdir path [ 301.898144][ T8066] netlink: 44 bytes leftover after parsing attributes in process `syz.3.589'. [ 301.999988][ T8066] hfs: unable to load iocharset "io#harset" [ 302.558688][ T8073] overlay: Unknown parameter 'fsname' [ 302.643320][ T8077] syz.0.591: attempt to access beyond end of device [ 302.643320][ T8077] loop0: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 302.656817][ T8077] hfsplus: unable to find HFS+ superblock [ 303.179347][ T8079] netlink: 32 bytes leftover after parsing attributes in process `syz.4.592'. [ 304.212713][ T8094] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 305.224341][ T8104] 9pnet_fd: Insufficient options for proto=fd [ 307.849197][ T5892] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 308.346054][ T5892] usb 2-1: Using ep0 maxpacket: 8 [ 308.400887][ T5892] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 308.410298][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.424008][ T5892] usb 2-1: Product: syz [ 308.434120][ T5892] usb 2-1: Manufacturer: syz [ 308.465113][ T5892] usb 2-1: SerialNumber: syz [ 308.565443][ T5892] usb 2-1: config 0 descriptor?? [ 308.801663][ T5892] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 308.835196][ T7907] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 309.038494][ T7907] usb 5-1: Using ep0 maxpacket: 8 [ 309.044434][ T7907] usb 5-1: too many configurations: 65, using maximum allowed: 8 [ 309.089139][ T7907] usb 5-1: New USB device found, idVendor=1044, idProduct=800d, bcdDevice=57.5c [ 309.105052][ T7907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.123469][ T7907] usb 5-1: Product: syz [ 309.132957][ T7907] usb 5-1: Manufacturer: syz [ 309.148020][ T7907] usb 5-1: SerialNumber: syz [ 309.164266][ T7907] usb 5-1: config 0 descriptor?? [ 309.204801][ T5892] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 309.261824][ T5892] usb 2-1: USB disconnect, device number 8 [ 309.371484][ T8146] 9pnet_fd: Insufficient options for proto=fd [ 309.395672][ T8132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 309.404621][ T8132] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 309.418452][ T7907] usb 5-1: bad CDC descriptors [ 309.428030][ T7907] usb 5-1: USB disconnect, device number 10 [ 309.825184][ T977] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 310.076204][ T977] usb 1-1: config 8 has an invalid interface number: 223 but max is 0 [ 310.293496][ T977] usb 1-1: config 8 contains an unexpected descriptor of type 0x1, skipping [ 310.329313][ T977] usb 1-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 310.341979][ T977] usb 1-1: config 8 has no interface number 0 [ 310.355359][ T977] usb 1-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 15872, setting to 64 [ 310.373942][ T977] usb 1-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 310.406381][ T977] usb 1-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 310.504844][ T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.512988][ T977] usb 1-1: Product: syz [ 310.517253][ T977] usb 1-1: Manufacturer: syz [ 310.521888][ T977] usb 1-1: SerialNumber: syz [ 310.659534][ T7907] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 311.501119][ T8151] netlink: 8 bytes leftover after parsing attributes in process `syz.0.614'. [ 311.510095][ T8151] netlink: 32 bytes leftover after parsing attributes in process `syz.0.614'. [ 312.323035][ T7907] usb 2-1: Using ep0 maxpacket: 16 [ 312.417651][ T7907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 312.745323][ T7907] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 312.754552][ T7907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.424013][ T7907] usb 2-1: Product: syz [ 313.468969][ T977] usb 1-1: USB disconnect, device number 12 [ 313.499305][ T7907] usb 2-1: Manufacturer: syz [ 313.504059][ T7907] usb 2-1: SerialNumber: syz [ 313.776673][ T7907] usb 2-1: config 0 descriptor?? [ 313.830167][ T7907] usb 2-1: can't set config #0, error -71 [ 313.875669][ T7907] usb 2-1: USB disconnect, device number 9 [ 314.041311][ T8189] 9pnet_fd: Insufficient options for proto=fd [ 314.236767][ T8188] hsr0: entered promiscuous mode [ 314.242479][ T8188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.622'. [ 314.792118][ T8188] hsr_slave_0: left promiscuous mode [ 314.798686][ T8188] hsr_slave_1: left promiscuous mode [ 314.840987][ T8188] hsr0 (unregistering): left promiscuous mode [ 316.896216][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.759289][ T8244] 9pnet_fd: Insufficient options for proto=fd [ 320.134958][ T8277] input: syz0 as /devices/virtual/input/input6 [ 321.561191][ T8288] program syz.4.651 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 321.573154][ T8288] openvswitch: netlink: Multiple metadata blocks provided [ 321.780917][ T8298] 9pnet_fd: Insufficient options for proto=fd [ 321.895185][ T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 322.077239][ T7907] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 322.112180][ T10] usb 5-1: device descriptor read/64, error -71 [ 322.234158][ T8311] evm: overlay not supported [ 323.795123][ T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 324.288688][ T8310] netlink: 28 bytes leftover after parsing attributes in process `syz.2.657'. [ 325.606461][ T8310] netlink: 28 bytes leftover after parsing attributes in process `syz.2.657'. [ 325.834367][ T10] usb 5-1: device descriptor read/64, error -71 [ 325.891941][ T7907] usb 4-1: device descriptor read/all, error -71 [ 325.956787][ T977] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 325.985125][ T10] usb usb5-port1: attempt power cycle [ 326.681586][ T977] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 326.706815][ T977] usb 1-1: config 1 interface 0 has no altsetting 0 [ 326.957819][ T977] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 326.970387][ T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.979002][ T977] usb 1-1: Product: syz [ 326.983506][ T977] usb 1-1: Manufacturer: syz [ 327.369458][ T977] usb 1-1: SerialNumber: syz [ 327.474663][ T977] usb 1-1: can't set config #1, error -71 [ 327.576621][ T977] usb 1-1: USB disconnect, device number 13 [ 327.783733][ T8346] 9pnet_fd: Insufficient options for proto=fd [ 327.985309][ T7907] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 328.535182][ T5892] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 329.621387][ T5892] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 329.635067][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.643122][ T5892] usb 2-1: Product: syz [ 329.675286][ T5892] usb 2-1: Manufacturer: syz [ 329.681446][ T5892] usb 2-1: SerialNumber: syz [ 329.756195][ T5892] usb 2-1: config 0 descriptor?? [ 330.491702][ T7907] usb 2-1: USB disconnect, device number 10 [ 330.964288][ T8382] veth1_to_bond: entered allmulticast mode [ 331.084542][ T8386] 9pnet_fd: Insufficient options for proto=fd [ 331.434744][ T8381] veth1_to_bond: left allmulticast mode [ 331.589648][ T8398] 9pnet_fd: Insufficient options for proto=fd [ 333.815139][ T8183] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 333.975198][ T8183] usb 1-1: Using ep0 maxpacket: 8 [ 333.977780][ T8421] netlink: 12 bytes leftover after parsing attributes in process `syz.1.686'. [ 333.982358][ T8183] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 333.989501][ T8421] nbd: must specify a size in bytes for the device [ 334.058316][ T8183] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 334.117062][ T8183] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 334.202593][ T8183] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 334.316722][ T8183] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 334.351523][ T8183] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.791315][ T8183] usb 1-1: GET_CAPABILITIES returned 0 [ 335.248327][ T8432] openvswitch: netlink: Missing key (keys=40, expected=80) [ 335.604686][ T8183] usbtmc 1-1:16.0: can't read capabilities [ 336.693928][ T8183] usb 1-1: USB disconnect, device number 14 [ 336.805482][ T8447] 9pnet_fd: Insufficient options for proto=fd [ 336.939854][ T8454] netlink: 'syz.2.699': attribute type 6 has an invalid length. [ 336.962563][ T8454] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.699'. [ 336.985560][ T5827] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 337.308237][ T5827] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 337.424095][ T5827] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.560222][ T5827] usb 4-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00 [ 337.674713][ T5827] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.939508][ T5827] usb 4-1: config 0 descriptor?? [ 338.140164][ T8459] netlink: 12 bytes leftover after parsing attributes in process `syz.0.700'. [ 338.149403][ T8459] nbd: must specify a size in bytes for the device [ 338.822186][ T8461] C: renamed from team_slave_0 (while UP) [ 338.922168][ T8461] netlink: 'syz.0.701': attribute type 1 has an invalid length. [ 338.962351][ T8461] netlink: 'syz.0.701': attribute type 3 has an invalid length. [ 339.027437][ T8461] netlink: 100 bytes leftover after parsing attributes in process `syz.0.701'. [ 339.059599][ T8461] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 339.184038][ T8443] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 339.239449][ T8443] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 339.348785][ T8443] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 339.360394][ T8443] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 339.457138][ T8443] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 339.466446][ T8443] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 339.513072][ T8443] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 339.560566][ T8443] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 339.751003][ T8443] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 339.868501][ T8443] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 340.035180][ T5827] usbhid 4-1:0.0: can't add hid device: -71 [ 340.041454][ T5827] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 340.071937][ T5827] usb 4-1: USB disconnect, device number 8 [ 340.939897][ T8499] 9pnet_fd: Insufficient options for proto=fd [ 341.216269][ T5831] Bluetooth: hci0: command 0x0406 tx timeout [ 341.367020][ T5831] Bluetooth: hci1: command 0x0406 tx timeout [ 341.562095][ T5831] Bluetooth: hci3: command 0x0406 tx timeout [ 341.575040][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 341.734884][ T8514] netlink: 12 bytes leftover after parsing attributes in process `syz.4.711'. [ 341.743963][ T8514] nbd: must specify a size in bytes for the device [ 341.919331][ T5832] Bluetooth: hci4: command 0x0406 tx timeout [ 342.079131][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 342.488435][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 342.504528][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 342.706017][ T10] usb 4-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00 [ 342.715586][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.761804][ T10] usb 4-1: config 0 descriptor?? [ 342.802391][ T8520] FAULT_INJECTION: forcing a failure. [ 342.802391][ T8520] name failslab, interval 1, probability 0, space 0, times 0 [ 342.833543][ T8520] CPU: 1 UID: 0 PID: 8520 Comm: syz.4.715 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 342.833565][ T8520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 342.833576][ T8520] Call Trace: [ 342.833583][ T8520] [ 342.833591][ T8520] dump_stack_lvl+0x189/0x250 [ 342.833622][ T8520] ? __pfx____ratelimit+0x10/0x10 [ 342.833647][ T8520] ? __pfx_dump_stack_lvl+0x10/0x10 [ 342.833670][ T8520] ? __pfx__printk+0x10/0x10 [ 342.833691][ T8520] ? __pfx___might_resched+0x10/0x10 [ 342.833715][ T8520] ? fs_reclaim_acquire+0x7d/0x100 [ 342.833743][ T8520] should_fail_ex+0x414/0x560 [ 342.833768][ T8520] should_failslab+0xa8/0x100 [ 342.833793][ T8520] __kmalloc_cache_noprof+0x70/0x3d0 [ 342.833814][ T8520] ? p9_fd_create+0xf4/0x3f0 [ 342.833844][ T8520] p9_fd_create+0xf4/0x3f0 [ 342.833867][ T8520] ? kfree+0x18e/0x440 [ 342.833889][ T8520] p9_client_create+0x7fa/0xfe0 [ 342.833940][ T8520] ? __pfx_p9_client_create+0x10/0x10 [ 342.833980][ T8520] ? __raw_spin_lock_init+0x45/0x100 [ 342.834004][ T8520] v9fs_session_init+0x1d7/0x19a0 [ 342.834055][ T8520] ? __pfx_v9fs_session_init+0x10/0x10 [ 342.834089][ T8520] ? v9fs_mount+0xb2/0xa10 [ 342.834109][ T8520] ? __kasan_kmalloc+0x93/0xb0 [ 342.834132][ T8520] ? v9fs_mount+0xb2/0xa10 [ 342.834154][ T8520] v9fs_mount+0xc8/0xa10 [ 342.834175][ T8520] ? __kasan_kmalloc+0x93/0xb0 [ 342.834196][ T8520] ? __pfx_v9fs_mount+0x10/0x10 [ 342.834215][ T8520] ? rcu_is_watching+0x15/0xb0 [ 342.834241][ T8520] ? cap_capable+0x11f/0x460 [ 342.834264][ T8520] legacy_get_tree+0xfd/0x1a0 [ 342.834286][ T8520] ? __pfx_v9fs_mount+0x10/0x10 [ 342.834307][ T8520] vfs_get_tree+0x8f/0x2b0 [ 342.834331][ T8520] do_new_mount+0x24a/0xa40 [ 342.834361][ T8520] __se_sys_mount+0x317/0x410 [ 342.834389][ T8520] ? __pfx___se_sys_mount+0x10/0x10 [ 342.834409][ T8520] ? rcu_is_watching+0x15/0xb0 [ 342.834437][ T8520] ? do_syscall_64+0xbe/0x3b0 [ 342.834460][ T8520] ? __x64_sys_mount+0x20/0xc0 [ 342.834485][ T8520] do_syscall_64+0xfa/0x3b0 [ 342.834512][ T8520] ? lockdep_hardirqs_on+0x9c/0x150 [ 342.834536][ T8520] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.834553][ T8520] ? clear_bhb_loop+0x60/0xb0 [ 342.834574][ T8520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.834590][ T8520] RIP: 0033:0x7f23b798e929 [ 342.834606][ T8520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 342.834620][ T8520] RSP: 002b:00007f23b88d8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 342.834639][ T8520] RAX: ffffffffffffffda RBX: 00007f23b7bb5fa0 RCX: 00007f23b798e929 [ 342.834651][ T8520] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 0000000000000000 [ 342.834663][ T8520] RBP: 00007f23b88d8090 R08: 0000200000000040 R09: 0000000000000000 [ 342.834674][ T8520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 342.834684][ T8520] R13: 0000000000000000 R14: 00007f23b7bb5fa0 R15: 00007ffd8a903bf8 [ 342.834710][ T8520] [ 343.125496][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.285356][ T5831] Bluetooth: hci0: command 0x0406 tx timeout [ 343.314278][ T8524] binder: 8506:8524 ioctl c0306201 200000000340 returned -14 [ 343.470383][ T5831] Bluetooth: hci1: command 0x0406 tx timeout [ 343.504907][ T10] sony 0003:1345:3008.0003: hiddev0,hidraw0: USB HID v80.07 Device [HID 1345:3008] on usb-dummy_hcd.3-1/input0 [ 343.776016][ T5832] Bluetooth: hci3: command 0x0406 tx timeout [ 343.782338][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 344.005162][ T5831] Bluetooth: hci4: command 0x0406 tx timeout [ 344.036349][ T10] sony 0003:1345:3008.0003: failed to claim input [ 344.198441][ T10] usb 4-1: USB disconnect, device number 9 [ 344.651818][ T8536] 9pnet_fd: Insufficient options for proto=fd [ 344.675820][ T8532] fido_id[8532]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 345.205497][ T5829] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 345.221051][ T8543] netlink: 'syz.2.722': attribute type 1 has an invalid length. [ 345.229732][ T8543] netlink: 4 bytes leftover after parsing attributes in process `syz.2.722'. [ 345.240189][ T8543] netlink: 44 bytes leftover after parsing attributes in process `syz.2.722'. [ 345.365642][ T5829] usb 1-1: Using ep0 maxpacket: 32 [ 345.863883][ T5827] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 346.161933][ T5829] usb 1-1: config 2 has an invalid interface number: 190 but max is 0 [ 346.170477][ T5829] usb 1-1: config 2 has no interface number 0 [ 346.176911][ T5829] usb 1-1: config 2 interface 190 has no altsetting 0 [ 346.187276][ T5829] usb 1-1: language id specifier not provided by device, defaulting to English [ 346.200405][ T5829] usb 1-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 346.210126][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.223028][ T8548] netlink: 4 bytes leftover after parsing attributes in process `syz.3.724'. [ 346.232132][ T5829] usb 1-1: Product: syz [ 346.242016][ T5829] usb 1-1: Manufacturer: ñ·Ÿ—è [ 346.247449][ T5829] usb 1-1: SerialNumber: syz [ 346.265218][ T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 346.296841][ T5827] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 346.337540][ T5827] usb 5-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 346.359162][ T5829] usb 1-1: USB disconnect, device number 15 [ 346.376711][ T5827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.394821][ T8550] netlink: 12 bytes leftover after parsing attributes in process `syz.3.724'. [ 346.416147][ T10] usb 3-1: device descriptor read/64, error -71 [ 346.424810][ T5827] usb 5-1: config 0 descriptor?? [ 346.443662][ T5827] smsusb:smsusb_probe: board id=8, interface number 0 [ 346.474869][ T5827] smsusb:smsusb_probe: Device initialized with return code -19 [ 346.985460][ T8183] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 346.994506][ T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 347.425135][ T8183] usb 4-1: Using ep0 maxpacket: 32 [ 347.433795][ T8183] usb 4-1: unable to get BOS descriptor or descriptor too short [ 347.453400][ T8183] usb 4-1: config 6 has an invalid interface number: 165 but max is 0 [ 347.456764][ T10] usb 3-1: device descriptor read/64, error -71 [ 347.462599][ T8183] usb 4-1: config 6 has no interface number 0 [ 347.474541][ T8183] usb 4-1: config 6 interface 165 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 347.494437][ T8183] usb 4-1: New USB device found, idVendor=0403, idProduct=faf0, bcdDevice=24.f7 [ 347.504609][ T8183] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.516435][ T8183] usb 4-1: Product: syz [ 347.521092][ T8183] usb 4-1: Manufacturer: syz [ 347.527833][ T8183] usb 4-1: SerialNumber: syz [ 347.557061][ T8564] dvmrp0: entered allmulticast mode [ 347.562891][ T8565] tipc: Enabled bearer , priority 0 [ 347.584572][ T8565] syzkaller0: entered promiscuous mode [ 347.590686][ T8565] syzkaller0: entered allmulticast mode [ 347.595470][ T10] usb usb3-port1: attempt power cycle [ 347.722549][ T8567] tipc: Resetting bearer [ 347.739752][ T8567] tipc: Disabling bearer [ 347.752582][ T8548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.724'. [ 347.838457][ T5892] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 347.945093][ T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 347.965797][ T10] usb 3-1: device descriptor read/8, error -71 [ 347.985091][ T5892] usb 2-1: device descriptor read/64, error -71 [ 348.174172][ T5829] usb 5-1: USB disconnect, device number 15 [ 348.208625][ T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 348.226842][ T5892] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 348.255557][ T10] usb 3-1: device descriptor read/8, error -71 [ 348.378142][ T5892] usb 2-1: device descriptor read/64, error -71 [ 348.384771][ T10] usb usb3-port1: unable to enumerate USB device [ 348.448693][ T8578] 9pnet_fd: Insufficient options for proto=fd [ 348.485324][ T5892] usb usb2-port1: attempt power cycle [ 348.998870][ T5892] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 349.101916][ T8587] syz.0.735: attempt to access beyond end of device [ 349.101916][ T8587] loop0: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 349.115363][ T8587] hfsplus: unable to find HFS+ superblock [ 349.795750][ T5892] usb 2-1: device descriptor read/8, error -71 [ 350.265254][ T5892] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 350.324933][ T8183] ftdi_sio 4-1:6.165: FTDI USB Serial Device converter detected [ 350.346465][ T5892] usb 2-1: device descriptor read/8, error -71 [ 350.347153][ T8183] ftdi_sio ttyUSB0: unknown device type: 0x24f7 [ 350.375614][ T8183] usb 4-1: USB disconnect, device number 10 [ 350.400627][ T8183] ftdi_sio 4-1:6.165: device disconnected [ 350.541740][ T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 350.550160][ T5892] usb usb2-port1: unable to enumerate USB device [ 351.132105][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 351.148478][ T10] usb 5-1: config 2 has an invalid interface number: 190 but max is 0 [ 351.160295][ T10] usb 5-1: config 2 has no interface number 0 [ 351.177375][ T10] usb 5-1: config 2 interface 190 has no altsetting 0 [ 351.282059][ T10] usb 5-1: language id specifier not provided by device, defaulting to English [ 351.293369][ T8601] loop2: detected capacity change from 0 to 7 [ 351.303640][ T8601] Dev loop2: unable to read RDB block 7 [ 351.313179][ T10] usb 5-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 351.325424][ T8601] loop2: unable to read partition table [ 351.331304][ T8601] loop2: partition table beyond EOD, truncated [ 351.334338][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.372259][ T10] usb 5-1: Product: syz [ 351.375157][ T8601] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 351.385020][ T10] usb 5-1: Manufacturer: ñ·Ÿ—è [ 351.400013][ T10] usb 5-1: SerialNumber: syz [ 352.279941][ T8613] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 352.289163][ T8613] VFS: Can't find a romfs filesystem on dev nullb0. [ 352.289163][ T8613] [ 352.924118][ T8627] hugetlbfs: syz.0.747 (8627): Using mlock ulimits for SHM_HUGETLB is obsolete [ 353.645698][ T10] usb 5-1: USB disconnect, device number 16 [ 353.820036][ T8635] process 'syz.0.750' launched './file0' with NULL argv: empty string added [ 354.228013][ T8637] netlink: 36 bytes leftover after parsing attributes in process `syz.3.748'. [ 354.276762][ T10] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 354.839718][ T10] usb 1-1: config 0 has no interfaces? [ 354.852336][ T10] usb 1-1: New USB device found, idVendor=056d, idProduct=0000, bcdDevice=39.00 [ 355.074214][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.083206][ T10] usb 1-1: Product: syz [ 355.335383][ T10] usb 1-1: Manufacturer: syz [ 355.342034][ T10] usb 1-1: SerialNumber: syz [ 355.579110][ T10] usb 1-1: config 0 descriptor?? [ 355.809832][ T10] usb 1-1: USB disconnect, device number 16 [ 356.300393][ T5892] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 356.555220][ T5892] usb 5-1: device descriptor read/64, error -71 [ 356.802573][ T5892] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 357.094612][ T5892] usb 5-1: device descriptor read/64, error -71 [ 357.339242][ T5892] usb usb5-port1: attempt power cycle [ 357.515440][ T5829] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 357.805154][ T5829] usb 3-1: Using ep0 maxpacket: 32 [ 357.814076][ T5829] usb 3-1: config 2 has an invalid interface number: 190 but max is 0 [ 357.828271][ T5829] usb 3-1: config 2 has no interface number 0 [ 357.841679][ T5829] usb 3-1: config 2 interface 190 has no altsetting 0 [ 357.879397][ T5829] usb 3-1: language id specifier not provided by device, defaulting to English [ 357.903032][ T5829] usb 3-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 357.918047][ T5829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.935212][ T5829] usb 3-1: Product: syz [ 357.969956][ T5829] usb 3-1: Manufacturer: ñ·Ÿ—è [ 358.025497][ T5892] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 358.139149][ T5829] usb 3-1: SerialNumber: syz [ 358.300849][ T5892] usb 5-1: device descriptor read/8, error -71 [ 358.636497][ T5892] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 358.890160][ T5892] usb 5-1: device descriptor read/8, error -71 [ 358.958547][ T8687] netlink: 8 bytes leftover after parsing attributes in process `syz.0.764'. [ 359.035328][ T5892] usb usb5-port1: unable to enumerate USB device [ 360.472076][ T5829] usb 3-1: USB disconnect, device number 9 [ 360.515704][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 360.515720][ T30] audit: type=1326 audit(1751304391.637:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 360.614911][ T30] audit: type=1326 audit(1751304391.637:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 360.683381][ T30] audit: type=1326 audit(1751304391.637:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 360.783448][ T30] audit: type=1326 audit(1751304391.637:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 360.878422][ T30] audit: type=1326 audit(1751304391.637:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 360.972563][ T30] audit: type=1326 audit(1751304391.647:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 360.986306][ T8711] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 361.060931][ T30] audit: type=1326 audit(1751304391.657:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 361.089623][ T30] audit: type=1326 audit(1751304391.657:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 361.211129][ T30] audit: type=1326 audit(1751304391.657:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 361.267050][ T30] audit: type=1326 audit(1751304391.657:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8701 comm="syz.1.770" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7f3843f8e929 code=0x7ffc0000 [ 361.345389][ T8721] netlink: 'syz.2.777': attribute type 27 has an invalid length. [ 361.965105][ T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 362.440190][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 362.876784][ T10] usb 2-1: too many configurations: 101, using maximum allowed: 8 [ 362.896111][ T10] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 362.903794][ T10] usb 2-1: can't read configurations, error -61 [ 363.085015][ T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 363.353263][ T5829] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 363.405042][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 363.412366][ T10] usb 2-1: too many configurations: 101, using maximum allowed: 8 [ 363.422342][ T10] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 363.441407][ T10] usb 2-1: can't read configurations, error -61 [ 363.448711][ T10] usb usb2-port1: attempt power cycle [ 363.535133][ T5829] usb 1-1: Using ep0 maxpacket: 32 [ 363.549041][ T5829] usb 1-1: config 2 has an invalid interface number: 190 but max is 0 [ 363.563671][ T5829] usb 1-1: config 2 has no interface number 0 [ 363.580919][ T5829] usb 1-1: config 2 interface 190 has no altsetting 0 [ 363.598531][ T5829] usb 1-1: language id specifier not provided by device, defaulting to English [ 363.614099][ T5829] usb 1-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 363.624403][ T5829] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.633706][ T5829] usb 1-1: Product: syz [ 363.638024][ T5829] usb 1-1: Manufacturer: ñ·Ÿ—è [ 363.642908][ T5829] usb 1-1: SerialNumber: syz [ 363.758140][ T5899] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 363.795078][ T8183] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 363.795201][ T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 363.835733][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 363.841829][ T10] usb 2-1: too many configurations: 101, using maximum allowed: 8 [ 363.871613][ T10] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 363.879407][ T10] usb 2-1: can't read configurations, error -61 [ 363.907072][ T5899] usb 4-1: device descriptor read/64, error -71 [ 363.958965][ T8183] usb 5-1: config 0 has an invalid interface number: 133 but max is 0 [ 363.971505][ T8183] usb 5-1: config 0 has no interface number 0 [ 363.980754][ T8183] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 363.991267][ T8183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.999712][ T8183] usb 5-1: Product: syz [ 364.004107][ T8183] usb 5-1: Manufacturer: syz [ 364.009200][ T8183] usb 5-1: SerialNumber: syz [ 364.023620][ T8183] usb 5-1: config 0 descriptor?? [ 364.035869][ T10] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 364.068151][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 364.077362][ T10] usb 2-1: too many configurations: 101, using maximum allowed: 8 [ 364.090979][ T10] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 364.102767][ T10] usb 2-1: can't read configurations, error -61 [ 364.113027][ T10] usb usb2-port1: unable to enumerate USB device [ 364.145141][ T5899] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 364.286435][ T5899] usb 4-1: device descriptor read/64, error -71 [ 364.405837][ T5899] usb usb4-port1: attempt power cycle [ 364.813518][ T8779] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 365.342516][ T5899] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 365.370724][ T5899] usb 4-1: device descriptor read/8, error -71 [ 365.592035][ T8183] keyspan 5-1:0.133: Keyspan 1 port adapter converter detected [ 365.625492][ T5899] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 365.627049][ T8183] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 81 [ 365.666947][ T5899] usb 4-1: device descriptor read/8, error -71 [ 365.813561][ T8183] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 1 [ 365.814246][ T5899] usb usb4-port1: unable to enumerate USB device [ 365.857621][ T8183] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 2 [ 365.867426][ T8787] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.789'. [ 365.879058][ T8787] netlink: 40 bytes leftover after parsing attributes in process `syz.1.789'. [ 365.895426][ T5829] usb 1-1: USB disconnect, device number 17 [ 365.916072][ T8183] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 365.977799][ T8183] usb 5-1: USB disconnect, device number 21 [ 366.012676][ T8183] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 366.057390][ T8183] keyspan 5-1:0.133: device disconnected [ 367.468542][ T8814] syz.0.796: attempt to access beyond end of device [ 367.468542][ T8814] loop0: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 367.482188][ T8814] hfsplus: unable to find HFS+ superblock [ 369.281620][ T8830] netlink: 8 bytes leftover after parsing attributes in process `syz.4.800'. [ 370.475337][ T5899] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 370.994872][ T8183] usb 2-1: new low-speed USB device number 19 using dummy_hcd [ 371.022819][ T8855] netlink: 'syz.2.807': attribute type 1 has an invalid length. [ 371.035885][ T5899] usb 4-1: Using ep0 maxpacket: 32 [ 371.053504][ T5899] usb 4-1: config 2 has an invalid interface number: 190 but max is 0 [ 371.079015][ T5899] usb 4-1: config 2 has no interface number 0 [ 371.095340][ T8855] 8021q: adding VLAN 0 to HW filter on device bond1 [ 371.100193][ T5899] usb 4-1: config 2 interface 190 has no altsetting 0 [ 371.109573][ T10] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 371.122493][ T5899] usb 4-1: language id specifier not provided by device, defaulting to English [ 371.202358][ T8855] veth3: entered promiscuous mode [ 371.218030][ T8855] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 371.242154][ T5899] usb 4-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 371.254566][ T8183] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 371.269401][ T8183] usb 2-1: config 0 has no interface number 0 [ 371.269399][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.269423][ T5899] usb 4-1: Product: syz [ 371.275747][ T8183] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 371.296816][ T5899] usb 4-1: Manufacturer: ñ·Ÿ—è [ 371.307430][ T10] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 371.319294][ T5899] usb 4-1: SerialNumber: syz [ 371.333863][ T8183] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 371.339167][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 371.375076][ T8183] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 371.392809][ T10] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 371.404721][ T8183] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.435799][ T8183] usb 2-1: config 0 descriptor?? [ 371.441389][ T8840] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 371.455776][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.463814][ T10] usb 1-1: Product: syz [ 371.478196][ T8183] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 371.494774][ T10] usb 1-1: Manufacturer: syz [ 371.527766][ T10] usb 1-1: SerialNumber: syz [ 371.736758][ T10] usb 1-1: config 0 descriptor?? [ 371.977411][ T10] usb 1-1: selecting invalid altsetting 0 [ 373.367369][ T10] usb 1-1: USB disconnect, device number 18 [ 374.797528][ T8877] x_tables: unsorted entry at hook 1 [ 376.256926][ C1] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1 [ 376.709091][ T8886] syz.3.814 uses old SIOCAX25GETINFO [ 376.762102][ T5899] usb 4-1: USB disconnect, device number 15 [ 377.523299][ T5878] udevd[5878]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 377.594726][ T5892] usb 2-1: USB disconnect, device number 19 [ 377.685556][ T8896] binder: 8894:8896 ioctl c0306201 200000000240 returned -11 [ 378.188986][ T8906] bridge0: port 1(team0) entered blocking state [ 378.196468][ T8906] bridge0: port 1(team0) entered disabled state [ 378.203759][ T8906] team0: entered allmulticast mode [ 378.222446][ T8906] team0: entered promiscuous mode [ 378.620376][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.684071][ T8909] netlink: 248 bytes leftover after parsing attributes in process `syz.0.821'. [ 378.798394][ T8903] 9pnet: Could not find request transport: fd0x0000000000000003 [ 379.448018][ T8919] syz.3.823: attempt to access beyond end of device [ 379.448018][ T8919] loop3: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 379.461609][ T8919] hfsplus: unable to find HFS+ superblock [ 380.441435][ T8937] syz.3.828: attempt to access beyond end of device [ 380.441435][ T8937] loop3: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 380.455420][ T8937] hfsplus: unable to find HFS+ superblock [ 380.645129][ T5832] Bluetooth: hci4: command 0x0406 tx timeout [ 382.150331][ T8961] netlink: 4 bytes leftover after parsing attributes in process `syz.4.835'. [ 382.328045][ T8965] netlink: 24 bytes leftover after parsing attributes in process `syz.0.833'. [ 382.472186][ T5938] IPVS: starting estimator thread 0... [ 382.527582][ T8967] FAULT_INJECTION: forcing a failure. [ 382.527582][ T8967] name failslab, interval 1, probability 0, space 0, times 0 [ 382.682835][ T8967] CPU: 1 UID: 0 PID: 8967 Comm: syz.3.836 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 382.682859][ T8967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 382.682869][ T8967] Call Trace: [ 382.682876][ T8967] [ 382.682884][ T8967] dump_stack_lvl+0x189/0x250 [ 382.682915][ T8967] ? __pfx____ratelimit+0x10/0x10 [ 382.682940][ T8967] ? __pfx_dump_stack_lvl+0x10/0x10 [ 382.682964][ T8967] ? __pfx__printk+0x10/0x10 [ 382.682984][ T8967] ? lock_acquire+0x175/0x360 [ 382.683006][ T8967] ? __pfx___might_resched+0x10/0x10 [ 382.683039][ T8967] should_fail_ex+0x414/0x560 [ 382.683063][ T8967] should_failslab+0xa8/0x100 [ 382.683087][ T8967] kmem_cache_alloc_noprof+0x73/0x3c0 [ 382.683107][ T8967] ? getname_flags+0xb8/0x540 [ 382.683134][ T8967] getname_flags+0xb8/0x540 [ 382.683157][ T8967] ? preempt_schedule_thunk+0x16/0x30 [ 382.683180][ T8967] user_path_at+0x24/0x60 [ 382.683197][ T8967] do_fchownat+0x105/0x270 [ 382.683224][ T8967] ? __pfx_do_fchownat+0x10/0x10 [ 382.683247][ T8967] ? __pfx_ksys_write+0x10/0x10 [ 382.683281][ T8967] __x64_sys_chown+0x82/0xa0 [ 382.683307][ T8967] do_syscall_64+0xfa/0x3b0 [ 382.683334][ T8967] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.683350][ T8967] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 382.683367][ T8967] ? clear_bhb_loop+0x60/0xb0 [ 382.683388][ T8967] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.683405][ T8967] RIP: 0033:0x7f024c78e929 [ 382.683420][ T8967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.683436][ T8967] RSP: 002b:00007f024a5d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c [ 382.683455][ T8967] RAX: ffffffffffffffda RBX: 00007f024c9b6080 RCX: 00007f024c78e929 [ 382.683467][ T8967] RDX: 000000000000ee01 RSI: 0000000000000000 RDI: 00002000000003c0 [ 382.683478][ T8967] RBP: 00007f024a5d5090 R08: 0000000000000000 R09: 0000000000000000 [ 382.683489][ T8967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 382.683500][ T8967] R13: 0000000000000000 R14: 00007f024c9b6080 R15: 00007fff19ccb778 [ 382.683526][ T8967] [ 382.999597][ T8968] IPVS: using max 29 ests per chain, 69600 per kthread [ 383.192472][ T8971] 9pnet: Could not find request transport: fd0x0000000000000003 [ 385.995857][ T5892] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 386.185193][ T5892] usb 5-1: Using ep0 maxpacket: 32 [ 386.216826][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 386.272717][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 387.067980][ T9045] vlan2: entered allmulticast mode [ 387.073202][ T9045] vlan1: entered allmulticast mode [ 387.078473][ T9045] veth0_vlan: entered allmulticast mode [ 387.787874][ T5892] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 387.797034][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.812844][ T5892] usb 5-1: config 0 descriptor?? [ 388.829983][ T5892] ft260 0003:0403:6030.0004: item fetching failed at offset 0/2 [ 388.873039][ T5892] ft260 0003:0403:6030.0004: failed to parse HID [ 388.902811][ T5892] ft260 0003:0403:6030.0004: probe with driver ft260 failed with error -22 [ 390.270081][ T8183] usb 5-1: USB disconnect, device number 22 [ 390.315180][ T5938] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 390.467531][ T9087] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 390.486959][ T5938] usb 3-1: Using ep0 maxpacket: 16 [ 390.495035][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 390.495049][ T30] audit: type=1326 audit(1751304421.617:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9085 comm="syz.0.866" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa952b8e929 code=0x0 [ 390.536066][ T5938] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 390.555077][ T5938] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 390.566230][ T5938] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 390.579441][ T5938] usb 3-1: New USB device found, idVendor=0b05, idProduct=1a30, bcdDevice= 0.00 [ 390.596666][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.636576][ T5938] usb 3-1: config 0 descriptor?? [ 390.735461][ T9094] futex_wake_op: syz.3.867 tries to shift op by -1; fix this program [ 390.764477][ T9093] netlink: 4 bytes leftover after parsing attributes in process `syz.3.867'. [ 390.985053][ T5892] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 391.072500][ T5938] hid (null): unknown global tag 0xd [ 391.105624][ T5938] asus 0003:0B05:1A30.0005: unknown main item tag 0x6 [ 391.125192][ T5892] usb 5-1: device descriptor read/64, error -71 [ 391.125751][ T5938] asus 0003:0B05:1A30.0005: unknown global tag 0xd [ 391.157352][ T5938] asus 0003:0B05:1A30.0005: item 0 1 1 13 parsing failed [ 391.177166][ T5938] asus 0003:0B05:1A30.0005: Asus hid parse failed: -22 [ 391.210406][ T5938] asus 0003:0B05:1A30.0005: probe with driver asus failed with error -22 [ 391.478416][ T5938] usb 3-1: USB disconnect, device number 10 [ 391.517207][ T9103] netlink: 2384 bytes leftover after parsing attributes in process `syz.3.869'. [ 391.635275][ T5892] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 391.646379][ T5832] Bluetooth: hci4: unexpected event for opcode 0x6572 [ 391.845157][ T5892] usb 5-1: device descriptor read/64, error -71 [ 392.063983][ T5892] usb usb5-port1: attempt power cycle [ 392.829467][ T5892] usb 5-1: new full-speed USB device number 25 using dummy_hcd [ 392.868911][ T5892] usb 5-1: device descriptor read/8, error -71 [ 392.949165][ T9132] netlink: 4 bytes leftover after parsing attributes in process `syz.2.876'. [ 393.051174][ T5938] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 393.334020][ T5938] usb 2-1: config 2 has an invalid interface number: 233 but max is 0 [ 393.519869][ T5938] usb 2-1: config 2 has no interface number 0 [ 393.670908][ T5892] usb 5-1: new full-speed USB device number 26 using dummy_hcd [ 393.710733][ T5938] usb 2-1: config 2 interface 233 has no altsetting 0 [ 393.725666][ T5938] usb 2-1: New USB device found, idVendor=1b3d, idProduct=0109, bcdDevice=33.00 [ 393.741804][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.750248][ T5938] usb 2-1: Product: syz [ 393.754545][ T5938] usb 2-1: Manufacturer: syz [ 393.759275][ T5938] usb 2-1: SerialNumber: syz [ 393.775296][ T5892] usb 5-1: device descriptor read/8, error -71 [ 393.936732][ T5892] usb usb5-port1: unable to enumerate USB device [ 394.396578][ T5938] ftdi_sio 2-1:2.233: FTDI USB Serial Device converter detected [ 394.464130][ T5938] usb 2-1: Detected FT232HP [ 394.488952][ T5938] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 394.518511][ T5938] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 394.666943][ T5938] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 395.281061][ T5938] usb 2-1: USB disconnect, device number 20 [ 395.318716][ T5938] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 395.450891][ T5938] ftdi_sio 2-1:2.233: device disconnected [ 395.529471][ T9167] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 395.708932][ T9166] can: request_module (can-proto-0) failed. [ 396.037676][ T9188] netlink: 8 bytes leftover after parsing attributes in process `syz.4.888'. [ 396.047167][ T9188] netlink: 8 bytes leftover after parsing attributes in process `syz.4.888'. [ 396.745057][ T10] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 396.876923][ T9196] netlink: 'syz.3.891': attribute type 15 has an invalid length. [ 396.915204][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 396.937051][ T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 396.950769][ T9194] syz.3.891: attempt to access beyond end of device [ 396.950769][ T9194] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 396.979798][ T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 396.990582][ T10] usb 5-1: config 0 interface 0 has no altsetting 0 [ 396.997736][ T10] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 397.009563][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.051460][ T10] usb 5-1: config 0 descriptor?? [ 398.476566][ T9186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 398.485404][ T9186] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 398.832191][ T5938] usb 5-1: USB disconnect, device number 27 [ 398.956250][ T9198] 9pnet_fd: Insufficient options for proto=fd [ 399.019618][ T30] audit: type=1326 audit(1751304430.157:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9213 comm="syz.2.896" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3a3278e929 code=0x0 [ 399.481745][ T9224] 9pnet_fd: Insufficient options for proto=fd [ 399.705449][ T10] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 400.145077][ T10] usb 2-1: device descriptor read/64, error -71 [ 400.676111][ T5938] usb 5-1: new full-speed USB device number 28 using dummy_hcd [ 400.942974][ T5938] usb 5-1: config 0 has an invalid interface number: 212 but max is 0 [ 400.964268][ T5938] usb 5-1: config 0 has no interface number 0 [ 400.974735][ T5938] usb 5-1: config 0 interface 212 has no altsetting 0 [ 400.985265][ T10] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 400.992974][ T5899] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 400.997961][ T5938] usb 5-1: New USB device found, idVendor=1ae7, idProduct=0525, bcdDevice=ca.e6 [ 401.011141][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.021589][ T5938] usb 5-1: Product: syz [ 401.111681][ T5938] usb 5-1: Manufacturer: syz [ 401.130662][ T5938] usb 5-1: SerialNumber: syz [ 401.148543][ T5938] usb 5-1: config 0 descriptor?? [ 401.151796][ T10] usb 2-1: device descriptor read/64, error -71 [ 401.160744][ T9241] netlink: 56 bytes leftover after parsing attributes in process `syz.3.904'. [ 401.169667][ T5938] HFC-S_USB 5-1:0.212: probe with driver HFC-S_USB failed with error -5 [ 401.171648][ T5899] usb 1-1: Using ep0 maxpacket: 32 [ 401.203692][ T5899] usb 1-1: config 2 has an invalid interface number: 190 but max is 0 [ 401.219267][ T5899] usb 1-1: config 2 has no interface number 0 [ 401.233083][ T5899] usb 1-1: config 2 interface 190 has no altsetting 0 [ 401.247174][ T5899] usb 1-1: language id specifier not provided by device, defaulting to English [ 401.276039][ T5899] usb 1-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 401.293092][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.317937][ T10] usb usb2-port1: attempt power cycle [ 401.352827][ T9248] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 401.404450][ T9246] openvswitch: netlink: ct_state flags 7fffffff unsupported [ 401.468270][ T5892] usb 5-1: USB disconnect, device number 28 [ 401.509440][ T5899] usb 1-1: Product: syz [ 401.572793][ T5899] usb 1-1: Manufacturer: ñ·Ÿ—è [ 401.666037][ T5899] usb 1-1: SerialNumber: syz [ 401.795261][ T10] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 401.926690][ T10] usb 2-1: device descriptor read/8, error -71 [ 402.245641][ T10] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 402.412893][ T10] usb 2-1: device descriptor read/8, error -71 [ 402.555446][ T9257] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 402.919108][ T10] usb usb2-port1: unable to enumerate USB device [ 403.179423][ T5899] usb 1-1: USB disconnect, device number 19 [ 403.578273][ T5899] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 403.750629][ T5899] usb 1-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62 [ 403.767351][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.793583][ T5899] usb 1-1: Product: syz [ 403.808135][ T5899] usb 1-1: Manufacturer: syz [ 403.812919][ T5899] usb 1-1: SerialNumber: syz [ 403.837935][ T5899] usb 1-1: config 0 descriptor?? [ 403.889439][ T5899] usb 1-1: selecting invalid altsetting 1 [ 403.898927][ T5899] comedi comedi0: could not switch to alternate setting 1 [ 403.906224][ T5899] usbduxfast 1-1:0.0: driver 'usbduxfast' failed to auto-configure device. [ 404.193806][ T9266] overlayfs: overlapping lowerdir path [ 405.156082][ T9270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.912'. [ 405.952358][ T9259] dummy0: entered promiscuous mode [ 405.962021][ T9259] macsec1: entered promiscuous mode [ 405.967745][ T9259] macsec1: entered allmulticast mode [ 405.973106][ T9259] dummy0: entered allmulticast mode [ 406.071751][ T9274] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1642504120 (13140032960 ns) > initial count (744665392 ns). Using initial count to start timer. [ 406.097649][ T9274] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 406.176597][ T5899] usb 1-1: USB disconnect, device number 20 [ 407.296473][ T9290] fuse: Unknown parameter 'grou' [ 407.327664][ T30] audit: type=1326 audit(1751304438.447:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9277 comm="syz.3.916" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f024c78e929 code=0x0 [ 407.329715][ T9290] new mount options do not match the existing superblock, will be ignored [ 407.557302][ T9290] netlink: 8 bytes leftover after parsing attributes in process `syz.0.918'. [ 407.579073][ T9290] netlink: 56 bytes leftover after parsing attributes in process `syz.0.918'. [ 407.695212][ T5899] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 408.265101][ T8183] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 408.410346][ T5899] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84 [ 408.450968][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 408.499709][ T5899] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 408.505192][ T8183] usb 5-1: Using ep0 maxpacket: 32 [ 408.518665][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.526127][ T8183] usb 5-1: config 2 has an invalid interface number: 190 but max is 0 [ 408.540923][ T8183] usb 5-1: config 2 has no interface number 0 [ 408.542002][ T5899] usb 4-1: config 0 descriptor?? [ 408.603949][ T8183] usb 5-1: config 2 interface 190 has no altsetting 0 [ 408.629791][ T8183] usb 5-1: language id specifier not provided by device, defaulting to English [ 408.671101][ T8183] usb 5-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 408.694937][ T8183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.727189][ T8183] usb 5-1: Product: syz [ 408.740718][ T8183] usb 5-1: Manufacturer: ñ·Ÿ—è [ 408.780214][ T8183] usb 5-1: SerialNumber: syz [ 409.812661][ T5899] ath6kl: Failed to submit usb control message: -110 [ 409.825055][ T5899] ath6kl: unable to send the bmi data to the device: -110 [ 409.832227][ T5899] ath6kl: Unable to send get target info: -110 [ 409.872290][ T5899] ath6kl: Failed to init ath6kl core: -110 [ 410.065618][ T5899] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 410.290195][ T5899] usb 4-1: USB disconnect, device number 16 [ 410.435309][ T5938] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 410.615154][ T5938] usb 1-1: Using ep0 maxpacket: 16 [ 410.652243][ T5938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 410.713978][ T5938] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 410.754441][ T5938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.896657][ T9333] netlink: 24 bytes leftover after parsing attributes in process `syz.3.927'. [ 411.012241][ T9333] vxcan3: entered promiscuous mode [ 411.307912][ T5938] usb 1-1: config 0 descriptor?? [ 411.418316][ T8183] usb 5-1: USB disconnect, device number 29 [ 411.924056][ T9345] syz.3.931: attempt to access beyond end of device [ 411.924056][ T9345] loop3: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 411.967003][ T9345] hfsplus: unable to find HFS+ superblock [ 413.031952][ T5938] apple 0003:05AC:024B.0007: unknown main item tag 0x0 [ 413.045557][ T5938] apple 0003:05AC:024B.0007: unknown main item tag 0x6 [ 413.052466][ T5938] apple 0003:05AC:024B.0007: collection stack underflow [ 413.059593][ T5938] apple 0003:05AC:024B.0007: item 0 0 0 12 parsing failed [ 413.074146][ T5938] apple 0003:05AC:024B.0007: parse failed [ 413.080065][ T5938] apple 0003:05AC:024B.0007: probe with driver apple failed with error -22 [ 413.833542][ T9361] netlink: 'syz.4.934': attribute type 10 has an invalid length. [ 414.797700][ T10] usb 1-1: USB disconnect, device number 21 [ 416.765057][ T5899] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 417.495431][ T9400] netlink: 4384 bytes leftover after parsing attributes in process `syz.0.947'. [ 417.507233][ T5899] usb 2-1: Using ep0 maxpacket: 32 [ 417.531726][ T5899] usb 2-1: config 2 has an invalid interface number: 190 but max is 0 [ 417.540770][ T5899] usb 2-1: config 2 has no interface number 0 [ 417.547163][ T5899] usb 2-1: config 2 interface 190 has no altsetting 0 [ 417.559757][ T5899] usb 2-1: language id specifier not provided by device, defaulting to English [ 417.578698][ T5899] usb 2-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 417.589803][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.601860][ T5899] usb 2-1: Product: syz [ 417.607858][ T5899] usb 2-1: Manufacturer: ñ·Ÿ—è [ 417.613188][ T5899] usb 2-1: SerialNumber: syz [ 417.719465][ T5899] usb 2-1: can't set config #2, error -71 [ 417.746640][ T5899] usb 2-1: USB disconnect, device number 25 [ 418.341745][ T9416] vimc link validate: Scaler:src:4096x16 (0x33424752, 3, 1, 1, 7) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 418.357446][ T9416] fuse: Unknown parameter '' [ 418.553780][ T9420] netlink: 8 bytes leftover after parsing attributes in process `syz.3.953'. [ 418.590055][ T9420] netlink: 16 bytes leftover after parsing attributes in process `syz.3.953'. [ 418.888038][ T9423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 419.036754][ T9423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 419.185216][ T9430] netlink: 12 bytes leftover after parsing attributes in process `syz.0.957'. [ 419.194181][ T9430] nbd: must specify a size in bytes for the device [ 419.486936][ T9423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 419.617663][ T9433] xt_hashlimit: overflow, rate too high: 0 [ 420.625036][ T10] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 420.795117][ T30] audit: type=1326 audit(1751304451.917:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000 [ 420.858047][ T30] audit: type=1326 audit(1751304451.917:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23b798e929 code=0x7ffc0000 [ 420.879928][ T30] audit: type=1326 audit(1751304451.917:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000 [ 421.446361][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 421.451671][ T30] audit: type=1326 audit(1751304451.917:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000 [ 421.475130][ T30] audit: type=1326 audit(1751304451.927:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f23b798e929 code=0x7ffc0000 [ 421.585419][ T10] usb 1-1: config 2 has an invalid interface number: 190 but max is 0 [ 421.593651][ T10] usb 1-1: config 2 has no interface number 0 [ 421.613105][ T30] audit: type=1326 audit(1751304451.927:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000 [ 421.655080][ T10] usb 1-1: config 2 interface 190 has no altsetting 0 [ 421.679286][ T30] audit: type=1326 audit(1751304451.927:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000 [ 422.385934][ T30] audit: type=1326 audit(1751304451.927:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f23b798e929 code=0x7ffc0000 [ 422.409761][ T30] audit: type=1326 audit(1751304451.927:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23b798e929 code=0x7ffc0000 [ 422.431630][ T30] audit: type=1326 audit(1751304451.927:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9449 comm="syz.4.963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=126 compat=0 ip=0x7f23b798e929 code=0x7ffc0000 [ 422.544864][ T10] usb 1-1: language id specifier not provided by device, defaulting to English [ 422.765347][ T10] usb 1-1: New USB device found, idVendor=3275, idProduct=0085, bcdDevice=f7.69 [ 422.775593][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.785016][ T10] usb 1-1: Product: syz [ 422.789243][ T10] usb 1-1: Manufacturer: ñ·Ÿ—è [ 422.796600][ T10] usb 1-1: SerialNumber: syz [ 423.074228][ T9469] netlink: 512 bytes leftover after parsing attributes in process `syz.4.968'. [ 423.124554][ T10] usb 1-1: USB disconnect, device number 22 [ 423.332942][ T9473] netlink: 12 bytes leftover after parsing attributes in process `syz.0.969'. [ 423.342488][ T9473] nbd: must specify a size in bytes for the device [ 423.718479][ T9476] ------------[ cut here ]------------ [ 423.724343][ T9476] WARNING: CPU: 0 PID: 9476 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310 [ 423.734887][ T9476] Modules linked in: [ 423.739415][ T9476] CPU: 0 UID: 0 PID: 9476 Comm: syz.4.970 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 423.750063][ T9476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 423.760906][ T9476] RIP: 0010:folio_memcg+0x1a8/0x310 [ 423.766625][ T9476] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 89 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 423.786365][ T9476] RSP: 0018:ffffc90002e77250 EFLAGS: 00010283 [ 423.792547][ T9476] RAX: ffffffff8205d907 RBX: 0000000000000000 RCX: 0000000000080000 [ 423.800623][ T9476] RDX: ffffc9000d5ba000 RSI: 0000000000000766 RDI: 0000000000000767 [ 423.808700][ T9476] RBP: 0000000000000000 R08: ffffea0001d602c7 R09: 1ffffd40003ac058 [ 423.817414][ T9476] R10: dffffc0000000000 R11: fffff940003ac059 R12: ffffea0001d602f0 [ 423.825775][ T9476] R13: dffffc0000000000 R14: ffff88802fc6fb00 R15: 0000000000000002 [ 423.833758][ T9476] FS: 00007f23b88d86c0(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000 [ 423.842730][ T9476] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 423.849331][ T9476] CR2: 0000000000000000 CR3: 000000003248e000 CR4: 00000000003526f0 [ 423.857325][ T9476] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000004144 [ 423.865331][ T9476] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 423.873324][ T9476] Call Trace: [ 423.876693][ T9476] [ 423.879627][ T9476] workingset_activation+0x5f/0x4a0 [ 423.884833][ T9476] ? folio_mark_accessed+0x341/0x4a0 [ 423.890138][ T9476] folio_mark_accessed+0x3b5/0x4a0 [ 423.895277][ T9476] kvm_release_page_clean+0x9a/0xe0 [ 423.900506][ T9476] kvm_tdp_page_fault+0x2dd/0x370 [ 423.905562][ T9476] kvm_mmu_do_page_fault+0x2c5/0x640 [ 423.910878][ T9476] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 423.916741][ T9476] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 423.922631][ T9476] ? __pfx_current_save_fsgs+0x10/0x10 [ 423.928404][ T9476] kvm_mmu_page_fault+0x22f/0xb70 [ 423.933439][ T9476] ? __pfx_handle_ept_violation+0x10/0x10 [ 423.939196][ T9476] vmx_handle_exit+0x1093/0x18a0 [ 423.944148][ T9476] ? vcpu_run+0x361c/0x6f70 [ 423.948677][ T9476] vcpu_run+0x432e/0x6f70 [ 423.953018][ T9476] ? vcpu_run+0x361c/0x6f70 [ 423.957569][ T9476] ? __pfx_vcpu_run+0x10/0x10 [ 423.962250][ T9476] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 423.968049][ T9476] ? rcu_is_watching+0x15/0xb0 [ 423.972826][ T9476] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 423.978401][ T9476] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 423.984120][ T9476] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 423.990125][ T9476] ? rcu_is_watching+0x15/0xb0 [ 423.994892][ T9476] ? trace_contention_end+0x39/0x120 [ 424.000209][ T9476] ? __mutex_lock+0x330/0xe80 [ 424.004896][ T9476] ? kasan_quarantine_put+0xdd/0x220 [ 424.010344][ T9476] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 424.015325][ T9476] ? __pfx___mutex_lock+0x10/0x10 [ 424.020411][ T9476] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 424.028592][ T9476] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 424.034294][ T9476] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 424.040409][ T9476] ? kvm_vcpu_ioctl+0xb82/0xe90 [ 424.045416][ T9476] kvm_vcpu_ioctl+0x95c/0xe90 [ 424.050156][ T9476] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 424.055545][ T9476] ? __lock_acquire+0xab9/0xd20 [ 424.060463][ T9476] ? __asan_memset+0x22/0x50 [ 424.065179][ T9476] ? smack_file_ioctl+0x302/0x340 [ 424.070260][ T9476] ? __pfx_smack_file_ioctl+0x10/0x10 [ 424.075824][ T9476] ? __fget_files+0x2a/0x420 [ 424.080487][ T9476] ? __fget_files+0x3a0/0x420 [ 424.085335][ T9476] ? __fget_files+0x2a/0x420 [ 424.089993][ T9476] ? bpf_lsm_file_ioctl+0x9/0x20 [ 424.095029][ T9476] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 424.100297][ T9476] __se_sys_ioctl+0xfc/0x170 [ 424.104976][ T9476] do_syscall_64+0xfa/0x3b0 [ 424.109541][ T9476] ? lockdep_hardirqs_on+0x9c/0x150 [ 424.114803][ T9476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.121082][ T9476] ? clear_bhb_loop+0x60/0xb0 [ 424.128292][ T9476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.134247][ T9476] RIP: 0033:0x7f23b798e929 [ 424.138792][ T9476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.158703][ T9476] RSP: 002b:00007f23b88d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 424.167283][ T9476] RAX: ffffffffffffffda RBX: 00007f23b7bb5fa0 RCX: 00007f23b798e929 [ 424.175373][ T9476] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 424.183396][ T9476] RBP: 00007f23b7a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 424.191497][ T9476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.199560][ T9476] R13: 0000000000000000 R14: 00007f23b7bb5fa0 R15: 00007ffd8a903bf8 [ 424.207699][ T9476] [ 424.210782][ T9476] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 424.218069][ T9476] CPU: 0 UID: 0 PID: 9476 Comm: syz.4.970 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full) [ 424.228213][ T9476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 424.238267][ T9476] Call Trace: [ 424.241546][ T9476] [ 424.244478][ T9476] dump_stack_lvl+0x99/0x250 [ 424.249079][ T9476] ? __asan_memcpy+0x40/0x70 [ 424.253674][ T9476] ? __pfx_dump_stack_lvl+0x10/0x10 [ 424.258876][ T9476] ? __pfx__printk+0x10/0x10 [ 424.263488][ T9476] panic+0x2db/0x790 [ 424.267393][ T9476] ? __pfx_panic+0x10/0x10 [ 424.271822][ T9476] __warn+0x31b/0x4b0 [ 424.275804][ T9476] ? folio_memcg+0x1a8/0x310 [ 424.280411][ T9476] ? folio_memcg+0x1a8/0x310 [ 424.285019][ T9476] report_bug+0x2be/0x4f0 [ 424.289351][ T9476] ? folio_memcg+0x1a8/0x310 [ 424.293944][ T9476] ? folio_memcg+0x1a8/0x310 [ 424.298536][ T9476] ? folio_memcg+0x1aa/0x310 [ 424.303127][ T9476] handle_bug+0x84/0x160 [ 424.307364][ T9476] exc_invalid_op+0x1a/0x50 [ 424.311862][ T9476] asm_exc_invalid_op+0x1a/0x20 [ 424.316706][ T9476] RIP: 0010:folio_memcg+0x1a8/0x310 [ 424.321907][ T9476] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 89 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 424.341521][ T9476] RSP: 0018:ffffc90002e77250 EFLAGS: 00010283 [ 424.347593][ T9476] RAX: ffffffff8205d907 RBX: 0000000000000000 RCX: 0000000000080000 [ 424.355560][ T9476] RDX: ffffc9000d5ba000 RSI: 0000000000000766 RDI: 0000000000000767 [ 424.363531][ T9476] RBP: 0000000000000000 R08: ffffea0001d602c7 R09: 1ffffd40003ac058 [ 424.371514][ T9476] R10: dffffc0000000000 R11: fffff940003ac059 R12: ffffea0001d602f0 [ 424.379483][ T9476] R13: dffffc0000000000 R14: ffff88802fc6fb00 R15: 0000000000000002 [ 424.387460][ T9476] ? folio_memcg+0x1a7/0x310 [ 424.392064][ T9476] workingset_activation+0x5f/0x4a0 [ 424.397265][ T9476] ? folio_mark_accessed+0x341/0x4a0 [ 424.402550][ T9476] folio_mark_accessed+0x3b5/0x4a0 [ 424.407665][ T9476] kvm_release_page_clean+0x9a/0xe0 [ 424.412890][ T9476] kvm_tdp_page_fault+0x2dd/0x370 [ 424.417918][ T9476] kvm_mmu_do_page_fault+0x2c5/0x640 [ 424.423207][ T9476] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 424.429028][ T9476] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 424.434589][ T9476] ? __pfx_current_save_fsgs+0x10/0x10 [ 424.440050][ T9476] kvm_mmu_page_fault+0x22f/0xb70 [ 424.445079][ T9476] ? __pfx_handle_ept_violation+0x10/0x10 [ 424.450792][ T9476] vmx_handle_exit+0x1093/0x18a0 [ 424.455735][ T9476] ? vcpu_run+0x361c/0x6f70 [ 424.460238][ T9476] vcpu_run+0x432e/0x6f70 [ 424.464577][ T9476] ? vcpu_run+0x361c/0x6f70 [ 424.469107][ T9476] ? __pfx_vcpu_run+0x10/0x10 [ 424.473785][ T9476] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 424.479501][ T9476] ? rcu_is_watching+0x15/0xb0 [ 424.484276][ T9476] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 424.489835][ T9476] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 424.495565][ T9476] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 424.501569][ T9476] ? rcu_is_watching+0x15/0xb0 [ 424.506351][ T9476] ? trace_contention_end+0x39/0x120 [ 424.511647][ T9476] ? __mutex_lock+0x330/0xe80 [ 424.516327][ T9476] ? kasan_quarantine_put+0xdd/0x220 [ 424.521612][ T9476] ? kvm_vcpu_ioctl+0x22e/0xe90 [ 424.526460][ T9476] ? __pfx___mutex_lock+0x10/0x10 [ 424.531518][ T9476] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 424.537194][ T9476] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 424.542832][ T9476] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 424.548809][ T9476] ? kvm_vcpu_ioctl+0xb82/0xe90 [ 424.553658][ T9476] kvm_vcpu_ioctl+0x95c/0xe90 [ 424.558335][ T9476] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 424.563544][ T9476] ? __lock_acquire+0xab9/0xd20 [ 424.568403][ T9476] ? __asan_memset+0x22/0x50 [ 424.573011][ T9476] ? smack_file_ioctl+0x302/0x340 [ 424.578033][ T9476] ? __pfx_smack_file_ioctl+0x10/0x10 [ 424.583408][ T9476] ? __fget_files+0x2a/0x420 [ 424.588001][ T9476] ? __fget_files+0x3a0/0x420 [ 424.592677][ T9476] ? __fget_files+0x2a/0x420 [ 424.597272][ T9476] ? bpf_lsm_file_ioctl+0x9/0x20 [ 424.602214][ T9476] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 424.607437][ T9476] __se_sys_ioctl+0xfc/0x170 [ 424.612039][ T9476] do_syscall_64+0xfa/0x3b0 [ 424.616572][ T9476] ? lockdep_hardirqs_on+0x9c/0x150 [ 424.621787][ T9476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.627856][ T9476] ? clear_bhb_loop+0x60/0xb0 [ 424.632532][ T9476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.638425][ T9476] RIP: 0033:0x7f23b798e929 [ 424.642839][ T9476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.662446][ T9476] RSP: 002b:00007f23b88d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 424.670865][ T9476] RAX: ffffffffffffffda RBX: 00007f23b7bb5fa0 RCX: 00007f23b798e929 [ 424.678832][ T9476] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 424.686801][ T9476] RBP: 00007f23b7a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 424.694768][ T9476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.702733][ T9476] R13: 0000000000000000 R14: 00007f23b7bb5fa0 R15: 00007ffd8a903bf8 [ 424.710756][ T9476] [ 424.714121][ T9476] Kernel Offset: disabled [ 424.718453][ T9476] Rebooting in 86400 seconds..