last executing test programs: 2m12.388509813s ago: executing program 0 (id=648): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, &(0x7f0000000140)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000040)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x0, @remote, 0xf}, r1}}, 0x30) keyctl$instantiate(0xc, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6c6f61642074727573daa1643a4730303020303031e9b9fba2debf30333320c05c283482e80100f220ad60e2"], 0x30, 0xfffffffffffffffe) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="0200"], 0x10) socket$inet_mptcp(0x2, 0x1, 0x106) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc00, @remote, 0xffffffff}, r1, 0x9dffffff}}, 0x48) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000480)=[{&(0x7f00000000c0)="27050200240f3c000600", 0xa}, {&(0x7f00000014c0)="856a2198c2a8c1cdc831d7d987c0734165ba37a8a88bba408abbf312624162b7de33cc9eeb06449cdd32c29fb5eba091347da0020803580dd5a661a2e12562853ef84b1d", 0x44}], 0x2}, 0x9cdc2384056b48b8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, 0x0, 0x82}], 0x1, 0x0, 0x0, 0x1) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000280)=[@in={0x2, 0x4e21, @multicast1}, @in6={0xa, 0x4e23, 0x2, @rand_addr=' \x01\x00'}], 0x2c) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000f9dbdf2501000000040001800800028004200180"], 0x20}}, 0x2000c050) ioctl$VHOST_SET_VRING_ENDIAN(r5, 0x4008af13, &(0x7f0000000240)) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000200)={0xffffffffffffffff}, 0x106}}, 0x20) r10 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r10, 0x29, 0x2f, &(0x7f0000000480)={0xe, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @local}}}, 0x108) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0xffff}, {0xa, 0xfffe, 0x7, @mcast2, 0xfffffffe}, r9, 0x2}}, 0x48) syz_usb_connect(0x5, 0x59, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ec13b2106c04e814280b0102030109024700010000000009046900000e010000182402010202", @ANYRES16], 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0x4003, 0x0, @remote, 0x4}, {0xa, 0x4e24, 0x0, @empty}, r9}}, 0x48) 2m12.054652294s ago: executing program 2 (id=651): syz_usb_connect(0x0, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="1201000068e04d206f0e2c586831010203010902240001000000000904000002ff47d000090509e700008000040905", @ANYBLOB="b5174f"], 0x0) r0 = socket(0x2b, 0x80801, 0x1) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, 0x0, 0x18) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x1d, r1}, 0x10, &(0x7f0000000080)={&(0x7f0000000100)={0x3, 0x804, 0x2, {}, {}, {0x1, 0x0, 0x0, 0x1}, 0x1, @canfd={{0x0, 0x0, 0x0, 0x1}, 0x5, 0x2, 0x0, 0x0, "475ffd55998951226156450cd02ee3a18aa6eb7a3c478916a47ac012937c79f5e52ad7046404ed32a0d55b661c51faee2a235fd6a4222df035fc2235779cd386"}}, 0x80}}, 0x4040000) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000280)=@buf={0x8d, &(0x7f00000001c0)="f30f32af3f71a2cc0b9c8042d20069f6fb300b2e68f8e9960ce3fe99c29c822e9fcb12ff4efa40e2f348c113c5431f1ee3ed44dabdb44c79d453e77ad0cdc28ef17995e467588933050b7e6837eef3ffcb765d191c05e1de3fc71345396053594f4929fa97b67bae788d9440bb524327b8cd05c2063d61e341514038982a9396b26ef10d0c9df03b5b79cf49d4"}) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r2 = socket$igmp6(0xa, 0x3, 0x2) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x20d}) r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) r5 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030010000b05d25a806c8c6394f90324fc60100002000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000100)={r4, r4, r4}, 0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={'sha224\x00'}}) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0xfc1, &(0x7f0000001fc0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd67ac85e00f8b8400fe8000000000000000000000000000aafe8000000000000000000000000000bb2d13b33be3f5d870d376502cefae1c1608e54371f32965179df24db263f4cfe67e25f3eced87fe7f9f253ad451ef1b46003067006eda0000dcae411197839ac04296a2c5cb14eaa0b2cf4d9b44d65763578854a1ba031166850958cb084827b22e1257f89418fa9c423f47e64c8de2dd9e02ecf97dd8ab6735cb497c6fcb3cc81668b1b3582dfd467135ee639a516671dd5503e95c0d77da05596651e070b4dd18797fdb7b7ca2123ebb5eaa88dd8ad16799bb229e5cd5e72a40f3ecaf4217740920c84340d55779295f708774978dd7017083a9cfdf57e4b3711eeb40e3f1e017fea9f16ea7e123bf40b1451c2be855c54d7757236840ef53766d60a4ecb82c3618f30275dfe3d8c5ae677d1e821363b051956c24a566ef15098bef7f1f32805f5e24c48756e866eace7a96784b869081e83ea77352cf0c2f7074f66a8af7d43ccde123764eba6215ae73ebbd3308e0682ac9191a096e8bb68417551c2793b1928b06b9cc7dd40b4985f10d53c2c26ace9e8c38381110c28242aa601fc920d8a402ebf3401a8c81735ea4ea1c440080bd564e0db1891e9b74f6a1158012d784333ab3a26030ad6d1f121dd704268129f6bfba3b3785f286dcdb3370ba61c221d5a539a9a0453b58561b0870e3c1dee337e0f13a68c2703429c1c41e3fb7acdbe504ec1f0e251b8886a882281a2c4a4666fe28a477a497c896465bc93f4b49c65410ba7cdf3f65070c7fdc475716aff51d9e144989c04e03065489b2299c78ac74b3a559f871f0278b300eb7d50d82de82efd9e5bd56f76e4624f6d85f54c6e6640b867948df76febeda3e1f4326357bd014dda31346dfaba20893267f2da002eb14e9ac0ef27a420106b00704393d9b96d6fdfae3329471fd9737550122a9408fc18a7abf3691b0e7bd17fb4f3b1021090c0359cde017ecedb46f3c6db6054316601b19219c2ad16ac191e5ecd8752e0d87db6ea57196327678dd251f2cd9af3c4eb74f53322234c524c280fd9c3f6124c29fb7824bad7123a098783c2089f44ce8934a676508e16917245e6fa5298a31e8ed492d85ff21e1edf96398cf0963c0e6d9a4201ab6d683f5f0e3a6ca1cb05f0f3358d8b5279047ff6c8b896f8ab815e6e1541fe03a786377dcfe4ab774791cf85c75394f55a499a91b4e9bc7ee99dc2ce0478d9f7ab7aef86a120448aa8b34dc63aae289cfc9742c3be30cfb536c93c3175282f71fa5590a86b2a89290515481810e5275e2904b8cf5302636ba9cfabb9a8450cc987e40772eafa087b32a29ce68fecc8f42c0205bb38186470f4deeea3079a888422d9a61a02d7076976e6de07936239027e0558117ae0c808908b91341a8eb7a7ce0b7688530e8e196a84ec986f06064f4a4776f84e2491e75e4640fb5e0d10ecd20cfc88ab4bc3ca1474b9af644d486007cd80a2da571462a5dc4e58b4e79dbf31f33ffc4fd891af800227a21112912a093b1b766aa4569ecf15599b9d39e140d7eab5070504d6852c29806204a178f15633928951bb6f692597d09186a9b54d8db4c1bd1357ae50d559705d058ec246711fd09c1aa5e4d0fff9cee5843e94790db48507493f9bbf1710aa80da012d1fa26fae2bcb04f203f0504fada797f439c6dc05944cb3ea8153d8bd3a158db483adfa336508d03676d1736b047b1dd428d019b5e7bf7a8bbc2e061cb8d44c08733e5352e87205a10798282578d88299dd228e705881be8491c20dfb60d24da7feb7a77efbd865391222669d9434626f114db618e6ad41d5a3f7ef0676982c0e9fabad53f04f86bc17fb7a767b417e0fe576b3e6aef1a7de77437e4a05331c0100e69971124e42a63ca354edac975434b4765b77437634785cb10b3f5503b1e4b85311e44c9ac71d75d9faa2c5188af20717f7b5e8704c0df81c4426b5246f09b76b9c9467e6a048449ce3b71aaf172a3faeb06eded67747afe6e0ed04730f911d7d8dbb4dcfe0284740657ecfd2c804c4a5e9dd6e10767c39a5bfd616f13c9d5e73517dba8df922c41f1696c1b2ef756ffe9d70d4955d6aef3a2f4995a293aac0b022ed74187f3fc2756a4791e103be02c8cefbbe030b3eb61cd040366dffd0b2d1eb4dd35af52a3e516db7a3b5ef073fe2cf2a69e5d0d06bc4bf4d2d70fd568b234371510f01c2ca82d6920e1110a0216941c756c756e0230ed97219dd7a807dfaded5519fc9a06ef2e4b25483eab3cf0c6d21c420dc5c00b18fed5ca2ad938f0bed53b568182bd692f1f68d52249eb6b55f9a8f885e9121ea839a071250fb09d4a8aa803f84bea3c45a9ceb9cc21e3baa9b98e430884fd856b485c82d3041237aca26d9833d1606c5407c7a3e544068f83294b052a6655460d0d783614bc96b0838633f297fef91d186516cc0b68a1b03451e91122c5a081d9f739c408525e67fdf398b7a8a2e5ad90904cdd4471cb885452a26a3b43e46d32feb11930e13506276fac6b2f51f2f066c8de7ce6239a78ed77f8a8745867e071ea7dd217a72a52a2624234a2c57b1df3fc3c83b552636a4d93b20db9acdf0c0af9f765a1993ee84bc2a395c785e785b24524a9c6757a30c6b276710245b627cfe5594a22be97b768b58fa3959fe8e774f1411bf01cee14524d401073dbc13c5a9789eb950b43a64194fea16447694de1e38f1ac9c610edb85224671cdbb47ac280dfc02221e5fc0079dd2f4d52bbde726d6c4e33d44512d1c61f4b78ee20d9d1e0b99c711f495803c231ca37adc7f2f87601c432f1395e01e6342d162be20d38b2777fbe5f84b85cbca6de5b7a7ad05315a70e6ebc4aa12b37ac4c4a6eeae1002c22a154bc60d77cd65649a363092fa16dbfb7eac51efbde9a7d2c94a4fd50b3d3f3ec4eeec737f245bb0acf8fc91fd83ba099594ade06acc96da61329b0ac970a50b81d128c5766be625e659824d53a00b5d335b1831707a082c6cbd707a2d448b2e7b589b5ab04a7d2a399e4a3e825c4a52bcd034921b73a96bdc3a90e54edb09b5b34dc46c851f159ce234b685d312ca083efa57b789af69821d8c3b601730f67785761e8adc5615a03140931ce765d87cfee6d472d3babb6cdf51f6ffdeb382e776731a9103cabfe100a4e2a765a539d22cb91881e7a4cae9d1f3156c078e288206d2e92ab841096d178a0d3e505839db3c4672e3d847da061881408bed8d8132c7ab719cc752f49e3f8ecdb8314d28d8ef55c8403bdc1dce5ccccaf0e5908c305c5f83d54109a302db01bd8efe8b1cd1004b30493435be76c3e2178da429edc22735183a30efe28d4a306c267543af0fe48ae5e6a9cd789eab2b83b8f107ee5220633629c48e9d688ed3b8473d2253aa34e7d68329227414a9110dd4c5c7e2c869db7801b385e65e85f26ec42f6b22cb94e3018ca7da454c41cb7fe7516dd0bad8de89ce01a3435806d9a664cc9f9f7ed2a9c8692743adc8acac780a2d0bb14ae9ed4c79150fa436d36abaf12928a2016ec5873c501599a1263578e3aea3614d97c631a74b3869054deb42ff725c04c52e77d1c4afda878b3ad2d1a9666e544c0d5a9642eb762adedb443f27a2c44274600c0c9eb93957bc2d219c6ac63cd6effae3eb487c6ee8b149393bfa8845bccb8f6ff563e3a44c84758922810a25f308b70886b6050e93942e6b8f1ccf0eaad4adebdf3afdaba4b72438ee7c39477db44baa885db40f2202c4ebbe7dcfdd035cfe7242f4136c5156a2dea8c3746c511889116b55a784d3211d95a30b688fc1786d07bbd2ce5a60578120fd2844d476b49cbdb877f88e002ba5c418c3876cbb1405e1000a4809cfa0057743d3b957be1ad77df488b3946de756e6dafa66776e7e1b2e7f57ecbe6b7061745ff9cc32de654f23321c4b65a28bd5dcbb5c0678aba037ff7dbb56b4ba7681795b6a2078c38a3b3d02be2ac57ab8cbcdefb91f4edb4332e1cd79fda6d30a20d2341ddb35abc8e78aad0069791a58510fc8f21ff01f03a90375d2fd3748cab46e954378a0d7c39e789aada4fd11640e72c772e944013f5f29ec6f0ddf04bc256ef76c9a403162702f88a69de249e445f1e12fc952206d1a03fac439d1dd7edf9fdca41e4c0d6fbc725793fdb67f3c58505da74e913d5163c95aaf9b55fba713252347255641e8ad7541ecc2b0d7aa97fd57727bf3e46b3f82945235612cab57298d19db65beeb874c1ad498d5625e73bdbe81060cf1e2f2bdf12dbb37a916f854cba0b2493fc849832022edd30cf172c0488f54fefe635850afd9f680b1e45745c41cb9e723748ec1cd8f5e9a0cb1402403a62a01d88e175543d81cb4d089c5207f5ad28991ddb664ebc35d368d370a8e7eb6fd15f31a308dd9f37795713db6d9daaac10b564c96a6075e079f7d65f64b703d3a783c784c36d02c2dd13d901e89f57cc7d528bdeff064869a20ecc4a17e8cbe31dfe59e6705d26ca76c90421b50f55c6723228326a80b8a64f9db178cdfa1e63b484a3ae4b57ae167dd31a9e459ea8f6fbe3efa1a029231e255c02affd48cb03f9877780bd3866990c9e9b82005c7e058616773e18715a75ce6dec2bd6dca302e40fa3c152d2c7132ed57258b046e13a8a28e58c6bcab60342083c19ccff565fe7d4e3a9e226ff88d63dba39b2110c89867f6bc67b860195b7974fb39558edc05891e3a0238940b976fb7dacf14289c69be7fbfd50e303e3e84134ea4e39fc74780f5124f2ac4d58f9014e2863dc09b0262c87ef01d4925f9f0311175a64785f175c5ccce1ff1618e7052f7a1334e2e580fe2e5441a26993b7cbc80c2f0476f6a7ea822eeb2347251dfdca5ac2c1b8d17baea4dff76ded47ca77ba3eb1ec6c849ae7bed47853d4ef305c1aeb5f56a4f9b3869ae49678cfddabbde61091e46599d4eb2eb2f78fa0edc329732ab1f6d234e11d25bbe0dc4a632e2fa56c234009c1a2a3ed6538163b9c5a8f43e7f3fb56e3dd4c02684758ac3cfd42ab889545f1daf0e9e257bebdff2858a727c7f1211e228bf54f8d28b79e274714836e31dc5730e0984a203814589e4c138607275706364dafb7cadcff71501a4619add7d154647916786a839d9e0f077c3eb882813c2b52a9de6850f63443a8e8e883ad6edaa819324bcc645d155efd113b5903763d6e48b72871cf60e095b4e67f92ba4d97830208e0a4a87e2334e0bf671a1324b29f90c4c6e97ca7591b8ef06e7342ae318a31ac52acbc97a5669fde5227db5c987d39feb02834ed344ee707bb7fa2632a4b7c7a0a5e51983aacf184becfafe8b0e2ec5fc92eb83ff943fb8f738b127ddaef333a04961906a7c02d32505a7c79067bf3cbd558e6f1bd8a3a0b0810e2125f0a6781fb4ec0f66f290f18e1f1273e3cecbde08a8381e2dc24855a56250fbd2417a902760dc58f50abc6e39784caafe1dd4658d763919389270b383e5ce4cb59ea45f170099da412a0268c9fcaf3b80bdf8d5fa3e3343aa0e01843960bb8d9e024ff3552c08f507f0b8062219a95baf8602884f8c65365f3cdf64dc4d1b2f13795002c694bfa101a5790319371d44413336afe063088ac620c7615a9b65310992aaee2e8b896c900521cdc18d14f4b5e57b7b89c54814ff7446ab1f5ad8c547dc8503658fb6fe3511b354e424b37f86ad7edc18a643af4bfa117b38fc825350a4c4baced8b3dd014e32833b3fa21516fc31b67a9285eb64f"], 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58) setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000200)={0x1, 0x7}, 0x8) r7 = socket$kcm(0x21, 0x2, 0x2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) sendmsg$kcm(r7, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x20000000) sendmsg$kcm(r7, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000100000051d833483cc75dd6900000000000000004000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319e2e66d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0) listen(r6, 0x5) accept4(r6, &(0x7f0000000240)=@x25, 0x0, 0x80800) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r8, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) 2m9.820065469s ago: executing program 0 (id=654): ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x9}}, './file0\x00'}) r1 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) bind$inet(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, r2, 0x28f41000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) signalfd(0xffffffffffffffff, &(0x7f00007aeff8), 0x8) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) timer_create(0x3, 0x0, 0x0) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$smc(&(0x7f00000004c0), r0) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='flush_foreign\x00', r10}, 0x18) sendmsg$SMC_PNETID_ADD(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="28241fd9", @ANYRES16=r9, @ANYBLOB="01002dbd7000000000100200000014000200766c616e3000000000000000000000000900010073797a3000000000"], 0x34}}, 0x8000) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0e0000000400000008000000c108000000000000", @ANYRES32, @ANYBLOB="d2b2800060f6a6aee71391772710002864153b72f3c18963c9a33725185b1bf301551b66efaf9d5b85f92417846d312cbd11b2107d24c35fd522982641701a0fff76d624b7f5e0e7e2762eb0f3743b9c365c45e1c3a331e85e970b6cc58bb1e621b96851a8be79f7191ec015dcee818f774a812593bc06039495d5", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_buf(r0, 0x0, 0x20, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2006c08020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e06018000020000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb70067", 0x5c) shmat(r1, &(0x7f0000ff7000/0x3000)=nil, 0x400c) munmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000080)=0xf3b5, 0x4) 2m8.976292533s ago: executing program 0 (id=657): setresgid(0x0, 0xffffffffffffffff, 0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x59, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x3, 0x4, 0x801, 0x1, r1, 0x15b4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20) close(r1) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r2, &(0x7f0000000900)}, 0x20) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000086a8acaed41f89d7b3d02f162c63e37b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r4, &(0x7f0000001a00)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000004c0)={0x14, 0x2, 0x7, 0x101}, 0x14}, 0x1, 0x0, 0x0, 0x4000800}, 0x4040006) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') 2m6.840734961s ago: executing program 2 (id=663): syz_io_uring_setup(0x88e, &(0x7f0000000140)={0x0, 0x44b6b, 0x0, 0x6, 0xbfdffffc}, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) syz_init_net_socket$llc(0x1a, 0x801, 0x0) syz_init_net_socket$llc(0x1a, 0x801, 0x0) syz_init_net_socket$llc(0x1a, 0x801, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xb00, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 2m5.966513755s ago: executing program 2 (id=667): socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(0xffffffffffffffff, 0x84, 0x6e, &(0x7f0000000200)=[@in={0x2, 0x4e24, @private=0xa010101}], 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61122400000000006113340000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000560300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c785fb77dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25f40c87bf25b750bbaa"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioctl$KVM_GET_MSRS(r2, 0xc048aeca, &(0x7f0000000200)) 2m3.60535849s ago: executing program 2 (id=669): r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) r1 = syz_open_dev$vim2m(&(0x7f0000000280), 0x4, 0x2) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000003680)=[{&(0x7f0000001400)="eb", 0x1}], 0x1, 0xe) write$binfmt_misc(r2, &(0x7f00000000c0)="8a6586815e8ae2beaf57b5a9f94fce5b001b67ebe769f294157719b43d20e4af06e65f4beb4144ecd2b2c28a7db406694b203b26f936f15482f948a34117fab3bd0b", 0x42) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af936"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mkdir(&(0x7f0000000300)='./file1\x00', 0x10) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1/file0\x00', 0x111) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0) ioctl$AUTOFS_IOC_EXPIRE(r3, 0x810c9365, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000002c0)={0x0, 0x30c000, 0x800, 0x0, 0x4}, 0x20) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0xb, 0x1, 0x2, "f819ebf45608e255b61c5deb3eb574d486d27e0600000000040000000006f100"}) ioctl$SG_IO(r0, 0x2285, 0x0) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e2400a0000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9d85e44751170", 0x30}], 0x2) 2m3.299032067s ago: executing program 2 (id=671): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) unshare(0x20000400) bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r1, 0x4) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4}, &(0x7f0000bbdffc)) fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x3, r2, 0x0, &(0x7f0000000400)) r3 = syz_io_uring_setup(0x64e, 0x0, &(0x7f0000000cc0), &(0x7f0000000d00)) sendmmsg(0xffffffffffffffff, &(0x7f0000000300)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0x7000000}, 0xf401}], 0x1, 0x0) io_uring_register$IORING_REGISTER_FILES2(r3, 0xd, &(0x7f0000001c80)={0x0, 0x0, 0x0, &(0x7f0000001c00), &(0x7f0000001c40)=[0x8]}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000) r5 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x0) ioctl$CEC_G_MODE(r5, 0x80046108, &(0x7f0000000440)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000500)={0x1, 0x0, 0xfffffffffffffffe}) ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f000001b000)={{0x3, 0x100, 0x5, 0x41, 0x400, 0x10001}, 0x3b1, [0x400, 0x2, 0x4, 0x1, 0xdc80, 0x1514, 0x3, 0xff, 0x400, 0x6, 0x4, 0x6, 0x8, 0x10, 0x5, 0x0, 0x8, 0x6, 0x2, 0x9, 0x6, 0x7, 0x2, 0x0, 0x9, 0x2, 0x0, 0x6, 0x1, 0x882, 0x1ff, 0x401, 0x1, 0xf, 0x6, 0x80000001, 0x1, 0x6, 0x79, 0xab4, 0x6, 0x7, 0x1, 0xf5, 0xfffffff4, 0x80000000, 0x3, 0x7, 0x9, 0x6, 0x2, 0x5293a367, 0x2, 0x1, 0xfffff79c, 0x7f, 0x438f483, 0x2, 0x10, 0x7, 0x7557, 0x3ff, 0x10000, 0x2, 0x8, 0x5, 0x401, 0x3, 0x1, 0x3, 0xfff, 0x7, 0x63, 0x3, 0x7, 0x80000000, 0x9, 0xba3, 0x40, 0x26bd, 0x0, 0x2, 0x2, 0x8, 0x7, 0x8, 0x7, 0x3a, 0x3, 0xfff, 0x1, 0x5, 0x0, 0xda6, 0x1cef, 0x7, 0x0, 0x6, 0x0, 0x1, 0x6, 0x5, 0x9, 0x4, 0x0, 0xd683, 0x7, 0x8, 0x6, 0x80000001, 0x93, 0x4, 0x4b7, 0x8, 0x6, 0x800, 0x8, 0x1, 0x6, 0x2, 0x8, 0x9, 0xaa, 0x10001, 0x0, 0x6, 0x6, 0x5, 0x0, 0x5, 0x7, 0x4, 0x6, 0x25, 0xc, 0x7fff, 0x8909, 0x6, 0x3, 0x9b1a, 0x3cc6, 0xb7cb, 0x8000, 0x8, 0x81, 0xc9, 0x18701f62, 0x9, 0x401, 0x1, 0xf3f, 0x40, 0x0, 0x3803, 0xf4, 0x9b4, 0x2, 0x0, 0xff, 0xac16, 0x62a, 0x2, 0x9c21, 0x3, 0x0, 0xfffffffe, 0x4, 0x66, 0x49b, 0x3, 0x4, 0x8000, 0x6, 0x6, 0x101, 0x3, 0x0, 0x9, 0xd6, 0x3, 0x7, 0x1b, 0x400, 0x8001, 0x6, 0x81b3, 0x3, 0x6204, 0xff, 0x1ff, 0x1, 0x10001, 0xe998, 0x4, 0x13d, 0x6, 0x6, 0x6, 0x21, 0x200, 0xfffffff9, 0x78, 0x7fffffff, 0x5, 0xfffffff7, 0xffff7fff, 0x6, 0x1, 0x2, 0x1, 0x4, 0x2, 0x8c, 0x2, 0x10000, 0x7f, 0x2, 0xd, 0x0, 0x101, 0x4, 0x3, 0x1, 0x7, 0x400, 0x6, 0x7, 0x1, 0x80000001, 0x4, 0x3, 0x4, 0x5, 0x6, 0x8, 0x7, 0x7, 0xfffff801, 0x80000000, 0xf82, 0x1, 0x80, 0x81, 0x5, 0x4, 0x2, 0x5, 0x1c, 0x8, 0x3, 0x7, 0x7, 0x8, 0x10001, 0xfff, 0x4, 0x2, 0x6, 0xfffffff6, 0x2, 0x997, 0x4, 0xc4, 0x6, 0x1, 0x8, 0x4, 0x4, 0x63f2, 0x1ff, 0xff, 0x2d, 0x7ff, 0x1, 0x0, 0x7, 0xfb, 0x7fffffff, 0x9, 0x8, 0x8001, 0x6, 0x6, 0x6737, 0x10, 0x6, 0x1, 0x0, 0x6, 0x6, 0x0, 0x3, 0xac6fda18, 0x4f601fa7, 0x2, 0xad, 0x2, 0x2486, 0xffffff80, 0x7, 0x4, 0x2, 0x4, 0xc68, 0x8, 0x80000001, 0x9, 0x9, 0xd422, 0x5, 0x5, 0x60c7, 0x80, 0xffffffff, 0x3, 0x1, 0x92, 0x5, 0x80, 0x7ff, 0x40, 0x80, 0x4, 0x800, 0xfffffffb, 0x7, 0x7, 0x9e, 0x8d, 0x30bf, 0x2, 0x7, 0x5, 0xfffffffc, 0x9, 0x6, 0x1, 0x8f829607, 0xe, 0x6f, 0x200, 0x1ff, 0x6, 0x46, 0x5, 0xfffff58b, 0x8001, 0x6, 0x8, 0x4, 0x8, 0x3, 0x1, 0x4, 0x1, 0xccc, 0x7f, 0x7fffffff, 0x5, 0xd, 0x2e, 0xfffffe01, 0x6, 0x5, 0x7, 0x2, 0x2, 0x1, 0xed2, 0xbc3, 0x4, 0x3, 0x7fff, 0x81, 0xffffff98, 0x8, 0x5, 0x10001, 0x5, 0x3, 0x4, 0xf3, 0x100, 0x4, 0x800, 0x0, 0x6, 0x5, 0x9, 0x400, 0x3e612cc, 0x2, 0x5, 0x400, 0x60b2, 0x5, 0xb, 0x9ec, 0xab1e, 0x5f88, 0x4, 0x67, 0xef, 0x66, 0x7, 0xb8, 0x6, 0x4, 0x7, 0xf0, 0x5, 0x6, 0x8, 0xfffffff9, 0x0, 0x3, 0x6, 0x5, 0xa31, 0x8001, 0xffffffff, 0xe79, 0x101, 0x4, 0x800, 0x7, 0x0, 0x9, 0x1, 0x40000000, 0xce4, 0x330d, 0xfffffffd, 0x925, 0x5, 0x1, 0x1, 0x0, 0x4, 0x8, 0x2, 0x1, 0x0, 0x55, 0x9, 0x2, 0x9, 0x7, 0xd5, 0x9, 0xf, 0x4, 0xac, 0xba, 0x2, 0x8, 0xef, 0x6, 0x80, 0x2, 0x40, 0x0, 0xc8f, 0x81, 0x56, 0x1, 0x12, 0xaadc, 0x9, 0xa031, 0x48e, 0x400, 0x1, 0x9, 0x2, 0x100, 0x7, 0x5e57, 0x8, 0xfff, 0x7, 0x800, 0xffff0e3d, 0x7f1, 0x5, 0x5, 0x7, 0xf32, 0xfffffffe, 0x9, 0x75, 0xffffffff, 0xb, 0x8, 0x80000001, 0x7f, 0x40, 0x0, 0x0, 0xdf, 0x1, 0xbac4, 0x2, 0x1a, 0x4, 0x5, 0x4, 0x4, 0x5, 0xc589, 0x7, 0x7, 0x8, 0xfffffff2, 0xd, 0x7fff, 0x3, 0x3, 0x7, 0x0, 0xffff4e3d, 0xb, 0x1, 0x5, 0x8000, 0x7, 0x7, 0x400, 0x3, 0x9, 0x8001, 0x8, 0xf, 0x87, 0x7, 0x2, 0x934, 0x6, 0x7f, 0xe9, 0x1, 0x2fd, 0x4, 0x9, 0x6, 0x5, 0x1, 0xfffffffc, 0x80000000, 0x1, 0x8796, 0x711, 0x1ff, 0x401, 0x7, 0x3, 0xfffffffd, 0x7, 0xffff8001, 0x6, 0x0, 0x0, 0x7, 0x2, 0x5, 0xff5, 0x40, 0x7, 0x0, 0x0, 0xda, 0x1, 0x14000000, 0x0, 0x2, 0x3, 0x1, 0xe, 0x401, 0x74, 0x4, 0xffff8000, 0x95f, 0x5, 0x6, 0x5, 0xfffffff4, 0x1, 0x5, 0x4d3, 0xffffffff, 0x0, 0x1, 0x9f, 0x1, 0x8, 0x80, 0xffffffff, 0x3, 0xffffffff, 0x9, 0x10000, 0x2f, 0x1, 0x401, 0x3, 0xb35, 0xc, 0x4, 0x1, 0x61, 0x2, 0x4, 0x99d7, 0x50, 0x5, 0x4d6, 0x8, 0x17, 0x7c6, 0x0, 0x9e95, 0xb, 0x1, 0xae, 0x5, 0x3, 0x2, 0x0, 0x8, 0x4, 0x80000000, 0x1, 0x7, 0x0, 0x7, 0x6, 0x30000000, 0x7, 0x4, 0x2, 0x5, 0x1, 0x0, 0x5, 0x6, 0x2, 0x0, 0x4d8, 0xc, 0x1, 0xaf, 0xf4, 0xf, 0x0, 0xa, 0x400, 0x3, 0x0, 0x3, 0x80000001, 0x8, 0x5, 0xe, 0x27e7, 0x1, 0xd, 0xd55c, 0x1, 0x40, 0xfffffff8, 0xcc42, 0x0, 0x5bb6, 0x5, 0x1, 0x800, 0xc, 0x8, 0x0, 0xfffffffa, 0xe0df, 0x3, 0xffffffff, 0x9, 0x0, 0x5, 0x99d, 0x0, 0x3, 0x3c19, 0x4, 0x5, 0x6, 0x1aa9, 0x1, 0xb, 0x2, 0x4, 0xf7e, 0x850, 0x2, 0xf, 0x7bc0, 0x1, 0x0, 0x7, 0x39, 0x101, 0x43e3, 0x0, 0x7, 0x3, 0x5, 0x7fffffff, 0x1, 0x7e, 0x3411, 0x7, 0x6, 0x4, 0x3, 0xbca, 0x374, 0x7, 0x3, 0x3fe, 0x9015, 0x86, 0x2, 0xb201, 0x0, 0x7ff, 0xb, 0x80, 0x0, 0x45ea86b4, 0x1, 0x9, 0x10001, 0x8382, 0x3, 0x6, 0x80, 0x80, 0x400, 0x7f, 0xffff, 0x9, 0x2, 0x57d0, 0x0, 0x2, 0x80000001, 0x8, 0x0, 0x0, 0x1, 0x4, 0x80000000, 0x6, 0x0, 0xfbd2, 0x1, 0x3ff, 0x1685, 0x1000, 0x101, 0x7ff, 0x80000000, 0x87fc, 0x4c0, 0x401, 0xa, 0x9, 0x6808, 0xf, 0x4, 0x6, 0x9, 0x682, 0x7, 0x6, 0x8, 0xfffff521, 0x9, 0x0, 0xc34, 0x3, 0x8, 0x5, 0x7fffffff, 0x1, 0xff, 0x4, 0x2, 0xd, 0x7, 0x6, 0x3, 0x9, 0x1, 0x6, 0x1e3d3c73, 0x10, 0x1c000, 0x2, 0x101, 0x40, 0x6, 0x0, 0xfffffffc, 0x200, 0x446, 0x5, 0x3, 0x3, 0xca9, 0x3ff, 0x1, 0x3, 0x200, 0xce, 0x7, 0x9, 0x6, 0x0, 0xffff0000, 0x9, 0x1, 0x4, 0xdd, 0x401, 0xa2, 0x200, 0x800, 0xa62d, 0xfffff105, 0x9, 0x1, 0xf3, 0xd, 0xbb83, 0x4, 0x10000, 0x7, 0x1, 0x7, 0x6, 0x1, 0xa, 0x2, 0x0, 0x7, 0x7, 0x5, 0x5, 0x5e55b9e8, 0x10, 0xf9, 0x1, 0x8, 0xd6, 0x6, 0x7, 0x8001, 0xea2, 0x9, 0xffffffff, 0xc17, 0x34a6938c, 0x800, 0x5, 0x5a, 0x4, 0x2c, 0xa, 0xffff, 0x81, 0x101, 0x7, 0x8, 0xf, 0x0, 0x403, 0xc, 0xc6b9, 0xfffffff7, 0x9, 0x400, 0x1, 0x4, 0x825635bd, 0x1ff, 0x9, 0x5, 0x4, 0x5962, 0x1, 0x9, 0x9, 0x5, 0x0, 0xa, 0xf, 0x0, 0x9, 0xea, 0x5, 0x3, 0x0, 0xffff, 0x2, 0xffff, 0xd5e, 0x9, 0x9, 0xb5, 0x7fff, 0x5, 0x0, 0xfffffffb, 0x3, 0x5, 0xffffff71, 0x3, 0x93c2, 0x1, 0xc82, 0x0, 0x80, 0x1, 0x8, 0x3, 0x5, 0x6, 0x81, 0x1000, 0x8, 0xa, 0x0, 0x2cd3, 0xa1c0, 0xff, 0x8, 0x3, 0x45, 0xca1, 0x4, 0xa000, 0x3, 0x480, 0x7, 0xd7, 0x101, 0x8001, 0xc, 0x2, 0xfffffffe, 0x2, 0x4, 0x10000, 0x3e8, 0x5fb3, 0x10000, 0x80, 0xc1, 0x4, 0x40f, 0x9, 0xffffffcb, 0x80, 0x80000001, 0xff, 0x8001, 0x80000001, 0xffff, 0x4, 0x0, 0x2c, 0x4, 0x40000000, 0xb, 0xee7, 0x10001, 0xfff, 0x3, 0x2, 0x1, 0x3, 0x9, 0xff, 0x3, 0x5, 0xe, 0x5, 0x1, 0xd69, 0x3, 0x8000, 0x80000000, 0x8, 0x2, 0x0, 0x8001, 0x8, 0x8, 0x0, 0x9, 0x2, 0x4, 0x0, 0xfff, 0xffffffff, 0x80000001, 0x9, 0x5536, 0x1, 0x9, 0x0, 0x6, 0x4, 0x8, 0x7]}) pselect6(0x40, &(0x7f0000000300)={0x10000, 0xa, 0xa6b, 0x8, 0x3, 0x1, 0xfffffffffffffffe, 0x8}, &(0x7f0000000340)={0x6, 0x9, 0x6, 0x100, 0x4, 0x5, 0xfffffffffffffc01, 0x2}, &(0x7f0000000380)={0x1, 0x100000000, 0xffff, 0x419, 0x0, 0x9, 0x9e7, 0x8000000000000001}, &(0x7f00000003c0)={0x0, 0x3938700}, &(0x7f0000000480)={0x0}) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000280), 0x240, 0x0) r6 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0xff00}}) 1m56.525452985s ago: executing program 2 (id=683): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r0) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc000}, 0x488b4) 1m55.867498979s ago: executing program 32 (id=683): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000340), r0) sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0xc000}, 0x488b4) 1m28.26187154s ago: executing program 0 (id=657): setresgid(0x0, 0xffffffffffffffff, 0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x59, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x3, 0x4, 0x801, 0x1, r1, 0x15b4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20) close(r1) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r2, &(0x7f0000000900)}, 0x20) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000086a8acaed41f89d7b3d02f162c63e37b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r4, &(0x7f0000001a00)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000004c0)={0x14, 0x2, 0x7, 0x101}, 0x14}, 0x1, 0x0, 0x0, 0x4000800}, 0x4040006) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') 46.580847483s ago: executing program 0 (id=657): setresgid(0x0, 0xffffffffffffffff, 0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x59, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x3, 0x4, 0x801, 0x1, r1, 0x15b4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20) close(r1) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r2, &(0x7f0000000900)}, 0x20) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000086a8acaed41f89d7b3d02f162c63e37b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r4, &(0x7f0000001a00)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000004c0)={0x14, 0x2, 0x7, 0x101}, 0x14}, 0x1, 0x0, 0x0, 0x4000800}, 0x4040006) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') 10.795949072s ago: executing program 0 (id=657): setresgid(0x0, 0xffffffffffffffff, 0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x59, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x3, 0x4, 0x801, 0x1, r1, 0x15b4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r2}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20) close(r1) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r2, &(0x7f0000000900)}, 0x20) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000086a8acaed41f89d7b3d02f162c63e37b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r4, &(0x7f0000001a00)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000004c0)={0x14, 0x2, 0x7, 0x101}, 0x14}, 0x1, 0x0, 0x0, 0x4000800}, 0x4040006) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r0}, 0x10) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') 10.448404494s ago: executing program 5 (id=907): socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = memfd_secret(0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x2, 0x40020002, 0x0, 0xa17433da3c5d69ad, 0x2, 0x7f}, 0x9c) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0) openat$cgroup_ro(r0, &(0x7f00000002c0)='memory.events.local\x00', 0x0, 0x0) r3 = socket(0x1e, 0x4, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000700)=@delqdisc={0x24, 0x25, 0x200, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x10}, {0x0, 0xe}, {0x3, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40090}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x4}}]}, 0x30}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) recvmsg$unix(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r6 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) socket(0x1e, 0x4, 0x0) 8.851252299s ago: executing program 3 (id=909): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x30, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x14, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0xc4) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x1000, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() r4 = syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc1105511, &(0x7f00000000c0)={{0xc, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x0, 0x7ffc, 0x0, 0x9, 0x100000000, 0x0, 0x4, 0x8, 0x0, 0x0, 0x7f, 0x3cb7, 0x0, 0x8000000, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10000000, 0x100000000, 0xffffffffffffffff, 0x0, 0x100000000, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0xfffffffe, 0x0, 0x6, 0xfffffdfffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x9, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd89, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xdf9cd8e, 0x8000000, 0x6, 0x2, 0x0, 0x0, 0x0, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7ffffffd, 0x0, 0x0, 0xffffffffffff2328, 0xffffffffffffffff, 0x3, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0x0, 0xb, 0x1, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800]}) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) accept$unix(0xffffffffffffffff, &(0x7f0000000640), &(0x7f00000006c0)=0x6e) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000700), 0x40000, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r10, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001700)={&(0x7f0000001580)={0x14, 0x20, 0x1, 0x70bd2c, 0x25dfdbfb, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4008080}, 0x24000100) socket$inet_mptcp(0x2, 0x1, 0x106) 8.042034948s ago: executing program 1 (id=911): setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x1, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRESDEC], 0xfc}, 0x1, 0x0, 0x0, 0x810}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) bind$netlink(r2, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0xc3, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007663616e000000000400028008000a00", @ANYRES32=r3], 0x3c}}, 0x0) 7.365513473s ago: executing program 4 (id=913): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e000000040000000400000009"], 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r0, &(0x7f00000004c0)="4509c21f", 0x0}, 0x20) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="40000000041401002cbd7000fedbdf25080011"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x88c0) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="800000000514820029bd7000ff4e9cbbdbdf25080001000000000008000300010000000800010000000000080003000100000003000000000000000800030002000000080001000100000008000300040000000800010002000000080003000300000008000100fdffffff0800030004000000080001000100000008000300010000008f1f7239a5582a7d0b0d45032ca3168e99fbc3b8812ec840fda4e74ae08b110c8b3a69a58592eb6a4074bd545831b4914a20b80000000000000000c4fa461020e27fff28164c127e8218fa103a7cc4ffbd0d12c39168ea990d5c165caa86f328ed56602aa65e17c9e71dcce8e501432a42707bf9247969f738e4093d605ac6646a8eed02a063849543df953deef016ca0c2b96a9c467528b8715a33047"], 0x80}}, 0x20000811) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fstat(r1, &(0x7f00000002c0)) fsetxattr$security_capability(r2, &(0x7f00000001c0), &(0x7f0000000180)=@v1={0x1000000, [{0xa, 0xff}]}, 0xc, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000080)='cgroup.events\x00', 0x275a, 0x0) preadv(r3, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/56, 0x38}], 0x1, 0x8, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f0000000240)={0x3}, 0x1) socket$pppoe(0x18, 0x1, 0x0) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000500)={{0x2, 0x6e7, 0x8, 0x7}, 'syz1\x00', 0x13}) signalfd4(0xffffffffffffffff, &(0x7f00000003c0)={[0x1fffffffff]}, 0x8, 0x0) r4 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x2def, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_emit_ethernet(0x6a, &(0x7f00000003c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa0008004503005c00000000002f907800000000e000000124806558000000000000100008000000000086dd86dd88be00000000100000000100000000000000080022eb0000000020000000020000000000000000000000080065580000000014d8a09d22b2c3272d2490f73180a8abf0704de05215f5f33defc80ab1cffda2b4b7f5a6d8c5c04e718126327e867186c5acaf118d0716ea3f1f26aaf05d5d80aee3bbbab28720a8bca1f36ba50c001ff7dbe0a33982907bb378c2eae30018a9d6e7dc9ce9c6842ac92c2c44d71868581eb92d1f6f090b05ceb795651785bfe4fac284b8fd68975ec8f706dcd49e56aaf534474f97d95100000000000000002fe50d46453c2c"], 0x0) r7 = openat$random(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r7, 0x541b, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f0000000000)=0x1) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001a80)={0x4, 0x0, &(0x7f0000001900)=[@enter_looper], 0x1, 0x0, &(0x7f0000000040)="a1"}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 7.321390074s ago: executing program 5 (id=914): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000000)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xffffffeffffffffc) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0x2, 0x3, 0xeffffdff, 0x0, [{0x0, 0x80}, {0x19, 0x5, 0x0, '\x00', 0x10}, {0xfc, 0x4}, {0xfe, 0x0, 0x7f, '\x00', 0x2}, {0x8, 0x0, 0x5, '\x00', 0x9}, {}, {0x0, 0x85, 0xbe}, {0x0, 0x6}, {0x0, 0x0, 0x0, '\x00', 0x7f}, {0x8, 0x6, 0xfe, '\x00', 0x42}, {0x0, 0x2}, {0x0, 0x50}, {0x4, 0x0, 0x4, '\x00', 0x3}, {0x1, 0x4e}, {0x2, 0x2, 0x4, '\x00', 0x9}, {}, {0x1, 0x0, 0x4, '\x00', 0x4}, {0x0, 0x0, 0x0, '\x00', 0xfd}, {0x1, 0x4, 0x7, '\x00', 0x3}, {0x80, 0x0, 0x0, '\x00', 0x40}, {0x0, 0x4}, {0x0, 0x0, 0x0, '\x00', 0x70}, {0x1, 0x0, 0x0, '\x00', 0xe}, {0x10, 0x83, 0xe}]}}) 7.172078384s ago: executing program 3 (id=915): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4028af11, &(0x7f00000001c0)) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001180)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001bc0)={r1, 0x7000000, 0x4000, 0x4000, &(0x7f0000001cc0)="633268f83ca3000000a2029e3815bb2fa117d8326687688b2c969fd7267d546214af00d1ca2524d00f9e4d9555f3ab381b5d44fd6bda8c509e66101d296f10c805252e7c5d48d9814f46db8f07441878734b13270fe47fba418b7358984b9a61c2bbf964a520459fd0d90590b46cf1677d580a26933b6e35aee75996b73a15a25aa8ae2f1f9bc9699a505c0dc4050ab2255fc35f508ccc52f10ac12febf28652fe36f725714868675ca2a7042ab4b26904b2f000589694f69ab0b22a5aec72c5036ce1c8974690045e4ab412a70336b4c65b2dfc8121af4143c2e10a0e5632bcd44e0b000029da424d86f298656822dae2c002e289fbfa6fe0dfb2fd57713a7684dc166c628dc45027ac174c5db54f22e409eb4e94263dbc9919f90f1af3290918b9824c3e0268b300bf69cc2eb3fc58f655439bdbe2b905", &(0x7f0000001c40)=""/76, 0x0, 0x0, 0x47, 0x50, &(0x7f0000001ac0)="9c01bd6f9a6028c80d7364240fd78867d9d62eca43c565f2c5ac65dd4a0fadceb6c65dcb07f2421e69087e0f17b4eb709e4805f2722709c46bef17c4cb9aed9fb1c342179ea349", &(0x7f0000001a40)="408fd0050dc7945b483103067eca9bd26ffbe35abf0f88a103f6893dc2b1d1cdc2195d4ae89abc04ff5fe5d2466892c81015df835a7d47be4f852161bc4015e7564b08584290fe1762f943a653008ac5", 0x1, 0x0, 0x13}, 0x22) 7.053704305s ago: executing program 1 (id=916): syz_emit_ethernet(0xca, &(0x7f0000000680)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xbc, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x28, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@cipso={0x86, 0x2a, 0x0, [{0x0, 0xd, "5e000000ff000000000000"}, {0x5, 0x5, "4eb8a6"}, {0x0, 0x12, "9606053d0006ff00800000b61af93a93"}]}, @lsrr={0x83, 0x3}, @cipso={0x86, 0x48, 0xffffffffffffffff, [{0x2, 0x7, "4b6cefc500"}, {0x0, 0xc, "df61168c24ac88ad078c"}, {0x0, 0xa, "2189ea43a2149b84"}, {0x6, 0xb, "f7d11634eea26b75af"}, {0x0, 0x9, "02a20948fd7406"}, {0x0, 0x11, "ccf0294e2a3bdb4aa40b249e8e0c1a"}]}, @timestamp={0x44, 0x14, 0x56, 0x0, 0x0, [0x0, 0x0, 0xfffffffe, 0x0]}]}}}}}}}, 0x0) 6.807660705s ago: executing program 1 (id=917): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='mountinfo\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') 6.461743866s ago: executing program 4 (id=918): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r0, @ANYRES16=r1, @ANYRES64=r3], 0x14}, 0x1, 0x0, 0x0, 0x2404c025}, 0x8000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$qrtr(0x2a, 0x2, 0x0) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='qnx4\x00', 0x0, 0x0) dup(r1) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x10, 0xc, &(0x7f0000000200)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r5, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)=r6}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000e80)={r7, &(0x7f0000000300)="15ed6c41c1", 0x0}, 0x20) socket$nl_route(0x10, 0x3, 0x0) unshare(0x400) 5.710589308s ago: executing program 3 (id=919): r0 = open(&(0x7f0000000200)='./file0\x00', 0x40, 0x0) getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9ab, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000240)=[{&(0x7f0000000200)="d93db731205681d52d10713337237ab8f409e9d0286ac4f933a70765062bd617b586b1232882b4bd1d68", 0xf000}, {0x0, 0xffffffc0}], 0x2) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) r4 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_devices(r4, 0x0, 0xa) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) execve(&(0x7f0000000080)='./file0\x00', &(0x7f0000000500)={[&(0x7f0000000180)='sched_switch\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000300)='\xff\xff', &(0x7f0000000340)='GPL\x00', &(0x7f0000000440)='\x00', &(0x7f0000000480)='\xff\xff']}, &(0x7f0000000640)={[&(0x7f0000000540)='{\x00', &(0x7f0000000580)='\x00', &(0x7f00000005c0)='/dev/sequencer\x00', &(0x7f0000000600)='sched_switch\x00']}) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) socket$alg(0x26, 0x5, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r6}) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000140)={0xc}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r5, 0x3b8b, &(0x7f0000000040)={0x10, 0x1}) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6}]}) socket$inet6_sctp(0xa, 0x1, 0x84) close_range(r7, 0xffffffffffffffff, 0x0) fcntl$setlease(r0, 0x400, 0x0) fanotify_init(0x8, 0x400) 5.671827799s ago: executing program 5 (id=920): socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = memfd_secret(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x2, 0x40020002, 0x0, 0xa17433da3c5d69ad, 0x2, 0x7f}, 0x9c) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0) openat$cgroup_ro(r0, &(0x7f00000002c0)='memory.events.local\x00', 0x0, 0x0) r3 = socket(0x1e, 0x4, 0x0) r4 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40090}, 0x0) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x4}}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000800)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r5, {0x0, 0xfff3}, {}, {0x1c}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x8, 0x2, [@TCA_CGROUP_POLICE={0x0, 0x2, [@TCA_POLICE_AVRATE={0x0, 0x4, 0xfffffffd}, @TCA_POLICE_RESULT={0x0, 0x5, 0x7fffffff}, @TCA_POLICE_PEAKRATE={0x0, 0x3, [0x9, 0x0, 0x0, 0x7, 0x8001, 0xffff, 0x4, 0x5, 0x6, 0xfa9, 0x5, 0x5, 0x9, 0x8, 0x876, 0x4, 0x7d, 0x7, 0x10000, 0x2, 0x2, 0x401, 0x6, 0x3, 0x4, 0x2c00000, 0x200, 0x8, 0x5, 0x5b14, 0x77c099aa, 0x1, 0xfffffff8, 0xd, 0x524, 0x2, 0x401, 0x0, 0x4, 0xfe89, 0x9, 0x9, 0x80000000, 0xfffffeff, 0x61, 0x1aaf, 0x3, 0x80000000, 0x8, 0x7, 0xffffffff, 0x3, 0x4, 0xfffffbff, 0x6, 0x2, 0x719, 0x6, 0x7, 0x8, 0x479, 0xfffffff3, 0x87, 0x4, 0x5, 0xfd, 0x9, 0xee, 0x9, 0x100, 0x4e6, 0x7, 0x83e, 0x2, 0x1, 0x99, 0x5, 0x5, 0x1000, 0x1000, 0x0, 0xa0c, 0x8, 0xa989, 0x9, 0x5, 0x81, 0xffffffff, 0x1, 0x7ff, 0x5, 0xa3, 0xed, 0x3ff, 0xc, 0x3, 0x10, 0xf, 0xfffffffc, 0x0, 0x0, 0x0, 0x400, 0x0, 0x3, 0x1ff, 0xb, 0x5, 0x4, 0xc29, 0x5, 0x7f80000, 0x396, 0x1000, 0x8, 0x4a88, 0xe9c9, 0x7, 0xfffffc00, 0x8, 0x5a31, 0x2d, 0x52f3, 0x10001, 0x2, 0x80, 0x0, 0x3, 0x5742b2c3, 0x2, 0x81, 0x2, 0xc46, 0x5, 0x80, 0xea, 0x6, 0x20400000, 0xffffffff, 0x3ff, 0x8, 0x5, 0x2, 0x5, 0xf, 0x2, 0xffffffff, 0x2, 0x40, 0x7, 0xffff, 0xfffffc58, 0xf, 0x2, 0xc7e, 0x6, 0x1, 0x689, 0x0, 0xfffffff8, 0xe53, 0x36, 0x8000, 0x7, 0x1, 0x5e1e, 0x3, 0xffffffff, 0x10, 0x2, 0x80000001, 0x7f, 0x8, 0x1, 0x84, 0x6, 0x9, 0x10000, 0x7fffffff, 0x4, 0xd, 0x1, 0x6, 0x5c3a7609, 0x6, 0xdb1, 0x510d, 0x8, 0x6, 0x0, 0x8, 0x2, 0x6, 0x98, 0x9, 0x40, 0x2, 0x9, 0x7, 0x59, 0xfff, 0xb, 0xfb, 0x2, 0x8, 0x6, 0x9f9, 0x7, 0x7, 0x2, 0x3, 0xfffffffe, 0x3, 0x9, 0x1, 0x8, 0xfffffffe, 0x5, 0x8, 0x4, 0x0, 0x1b, 0xa975, 0xfff, 0x6, 0x3ff, 0x3b3b772b, 0xf, 0x40, 0xf, 0x7, 0x1, 0x4, 0x5, 0x4, 0x1, 0x48, 0x5, 0x5, 0x342d, 0x0, 0x6, 0x6, 0x6, 0x70, 0x4, 0xc4, 0x0, 0x5, 0xa, 0x7, 0xb, 0xe, 0x6, 0x6fa, 0x4]}]}]}}]}, 0x38}}, 0x44050) r6 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) recvmsg$unix(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r7 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) socket(0x1e, 0x4, 0x0) 5.669840233s ago: executing program 1 (id=921): socket$kcm(0x10, 0x2, 0x0) socket$kcm(0x29, 0x5, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = memfd_secret(0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x0, 0x2, 0x40020002, 0x0, 0xa17433da3c5d69ad, 0x2, 0x7f}, 0x9c) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0) openat$cgroup_ro(r0, &(0x7f00000002c0)='memory.events.local\x00', 0x0, 0x0) r3 = socket(0x1e, 0x4, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000700)=@delqdisc={0x24, 0x25, 0x200, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffff, 0x10}, {0x0, 0xe}, {0x3, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40090}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x4}}]}, 0x30}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) recvmsg$unix(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) r6 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c) socket(0x1e, 0x4, 0x0) 4.557172062s ago: executing program 4 (id=922): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf253f00000008000300", @ANYRES32, @ANYBLOB="18005e800400010008000600030000de0700050006000000"], 0x34}, 0x1, 0x0, 0x0, 0x81}, 0x20004840) 3.939918765s ago: executing program 3 (id=923): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mprotect(&(0x7f00005f6000/0x1000)=nil, 0x1000, 0xb) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0xa, 0x0, 0x5, 0x1}}, 0x20) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) sendmmsg$inet(r7, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f00000005c0)="96a67b36bd06304a08a67f14f6c3881ca6167592ce060670a396f8ab05ace2ca", 0x20}], 0x1, 0x0, 0x0, 0xf400}}], 0x1, 0x0) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="88000000", @ANYRES16=r8, @ANYBLOB="080026bd7000fddbdf2507000000080003000700000008000400ff0700003000018008000300ac1414bb060005004e21000008000700", @ANYRES32=0x0, @ANYBLOB="1400040000000000000000000000000000000001000a000000050000f30000000500020503615600060005004e220000060005004e210000050002000300000000"], 0x88}, 0x1, 0x0, 0x0, 0x8001}, 0xc885) unshare(0x4020000) r9 = fanotify_init(0xf00, 0x0) fanotify_mark(r9, 0x2, 0x40009975, 0xffffffffffffffff, 0x0) 2.737058575s ago: executing program 3 (id=924): r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x10000, @empty}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x12, &(0x7f0000000ec0)=0x9, 0x4) socket$phonet(0x23, 0x2, 0x1) r1 = syz_io_uring_setup(0x6440, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, 0x0, &(0x7f00000001c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x3, 0x1, 0x0, 0xce}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x140f, 0xc12, 0x70bd28, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xd, 0x45, 'opa_vnic\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x4804}, 0x800) 2.736028555s ago: executing program 4 (id=925): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@nat={'nat\x00', 0x1b, 0x5, 0x328, 0xe8, 0x180, 0xffffffff, 0xe8, 0x248, 0x2f0, 0x2f0, 0xffffffff, 0x2f0, 0x2f0, 0x5, 0x0, {[{{@ip={@dev={0xac, 0x14, 0x14, 0x11}, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'bridge_slave_0\x00', 'dvmrp0\x00', {}, {0xff}, 0x2e, 0xf4ab02e8767cd66d, 0x2a}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x1, 'syz0\x00', {0x5}}}}, {{@ip={@rand_addr=0x64010100, @private=0xa010101, 0xffffffff, 0xff, 'veth0_to_hsr\x00', 'veth0_macvtap\x00', {}, {}, 0x9e, 0x2, 0x58}, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x5, 0x2}}}, {{@uncond, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x2, @local, @broadcast, @port=0x4e21, @gre_key=0x4cf}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x388) (async) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@nat={'nat\x00', 0x1b, 0x5, 0x328, 0xe8, 0x180, 0xffffffff, 0xe8, 0x248, 0x2f0, 0x2f0, 0xffffffff, 0x2f0, 0x2f0, 0x5, 0x0, {[{{@ip={@dev={0xac, 0x14, 0x14, 0x11}, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'bridge_slave_0\x00', 'dvmrp0\x00', {}, {0xff}, 0x2e, 0xf4ab02e8767cd66d, 0x2a}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x1, 'syz0\x00', {0x5}}}}, {{@ip={@rand_addr=0x64010100, @private=0xa010101, 0xffffffff, 0xff, 'veth0_to_hsr\x00', 'veth0_macvtap\x00', {}, {}, 0x9e, 0x2, 0x58}, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x5, 0x2}}}, {{@uncond, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x2, @local, @broadcast, @port=0x4e21, @gre_key=0x4cf}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x388) socket$netlink(0x10, 0x3, 0x0) (async) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001e00190f00003fffffffda060200000000e80001dd0008040d000800ea11c21d0005000000", 0x29}], 0x1) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r1) socket$packet(0x11, 0x3, 0x300) (async) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639) (async) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[], 0x50) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000280)={r5, 0x0, 0x0}, 0x20) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000000), 0x0) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) (async) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4) sendto$packet(r2, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_usb_connect(0x0, 0x332, &(0x7f0000000080)=ANY=[@ANYBLOB="120100002180231010113290f49d0102030109022003030000000009049408039ae1c30309050401ff0306f7a009050b0218ba060901090500082000ea26f3020a24010800810201020f2406030104030008000300593b630b240603020202000400aa0c24020504020400080009080904fb0108ada0eae409210500030122520d09050a01200002f909072501c16b000009050c00ff0300040109050800ff030107040725018206a6ff09050c00200010010107250180010700a53049db8f6b5107fe768dce302e899207093a1b17df2240287c706a22a81b24c5f59bcb584dff30255fa9fcb7cf53d491bf77c9e3b91991ae287a8e259758d9668219512b958a4db99a5f55463432d8560540cbe9cce1db72be6b682d2b5dd9130a3c6755325baaceb2ee85a1915d2a48f2333292d7bc87c3b2d8820b00f1c38feb8bab884b1d1943a16228bc8269235347fe4705ad0ef6c01646927dd6d1a75f758e236309050901000207000749226a5fe01f54633cff5dc521f98550919a7e4f08cde53021b09605d81f474621d78e35287fc45a05a8c2362c333d744b5b6d3fbd7706f6224eb25d42ed74117a4393552a62b7dc8a5f075238486f3bf1ce60959799f257775b3aa56e463c715f6a1807f5676155f625eadc655025776e7c43210a8eeb87aecfe303384c30fff9ae8510f7cfb460dbc5dd219bc801a4b60f19bccb9881a7f5d7613f0656a612b6012c178b77f2250905080000027ffa1007250100100a00f10a6699e125483e5aa756d544a568f5ba8a1723d370538cb465ebd48ec1152ccf0c72b35ed53426f5b9fd784b2a66579f849d217ae0c20d4421c1510dddb88e29aec16b11d8f5e653d39d6fdbcebb32bf932679f0cc4352b82282efce3723553b3ace9bc262f80287935ff380160cae153fb33c56ce890ead78dae8e338c9ad068cf8062a9a32996a5a8c78eca860a7a66fdcfd5e839693027b136ea88d1a89014c2e66510701e90e5c57d0c89408e30e67c6f30f41aa44cc2cccdb98299732d33fa220c505b39987181889bc77c1c9bad225f10d26424a7226d53d0eb647b02381b7474747f648ad056339905d7b47a20905020240009601fe072501010301010905070c20000507560000000000000000"], 0x0) 1.917497534s ago: executing program 3 (id=926): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffd51, &(0x7f0000000000)='cgroup\x00'}, 0x30) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000040)={0x2c, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x3, 0x1, 0x81}}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000080)={0x0, 0x2, 0x1, "d1c2b511a55f1324212a27077232e09b769604fbc3d2422b5bb2a234629058e3", 0x32344d59}) ioctl$KDSKBENT(r2, 0x4b47, &(0x7f0000000080)={0x10, 0x7d, 0x211}) ioctl$EVIOCGMASK(r1, 0x5b04, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@cgroup=r3, 0x15, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_io_uring_setup(0x1370, &(0x7f00000000c0)={0x0, 0x200049fa, 0x10, 0x0, 0x4e, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x4}}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x54}, 0x1, 0x0, 0x0, 0x58fe7ab67a988db6}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, 0x0}) io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c080003400000000808000740000000310800064000000000d40000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000a8000380a4000080080003400000000298000280940001"], 0x170}}, 0x0) r9 = getpgid(0x0) fcntl$setown(r4, 0x8, r9) 1.130508512s ago: executing program 5 (id=927): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r1, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x420000, 0x0) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000003c0)={0x2, 0x0, &(0x7f0000000200)=""/248, &(0x7f0000000300)=""/96, &(0x7f0000000380)=""/29, 0x3000}) r4 = io_uring_setup(0x2fee, &(0x7f0000000400)={0x0, 0x6ab4, 0x2, 0x3, 0x16d, 0x0, r3}) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000480)={'erspan0\x00', 0x400}) io_uring_register$IORING_REGISTER_FILES2(r3, 0xd, &(0x7f0000001b80)={0xa, 0x1, 0x0, &(0x7f0000001a80)=[{&(0x7f00000004c0)=""/166, 0xa6}, {&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000001580)=""/216, 0xd8}, {&(0x7f0000001680)=""/178, 0xb2}, {&(0x7f0000001740)=""/177, 0xb1}, {&(0x7f0000001800)=""/26, 0x1a}, {&(0x7f0000001840)=""/47, 0x2f}, {&(0x7f0000001880)=""/148, 0x94}, {&(0x7f0000001940)=""/114, 0x72}, {&(0x7f00000019c0)=""/178, 0xb2}], &(0x7f0000001b40)=[0x8, 0x5, 0x8, 0x5]}, 0x20) ioctl$INCFS_IOC_CREATE_FILE(r2, 0xc058671e, &(0x7f0000001ec0)={{'\x00', 0x1}, {0xffffffffffffdc31}, 0xaf, 0x0, 0x0, &(0x7f0000001bc0)='./file0\x00', &(0x7f0000001c00)='./file0\x00', &(0x7f0000001c40)="5eb23049c44118360b8fafc041a5f6fca2c0e31f5892e55ebd8ef6cf4fb6e032add287545e2309eb23c6a8", 0x2b, 0x0, &(0x7f0000001c80)={0x2, 0x137, {0x0, 0xc, 0xe3, "8b1597ffc5a72b74fb8b82409874f9414c6bc5caf9eed604d3833549a089996099da3c2b8d3e40aa727925c0dee6a8bb6dbdb8b7eede637d461556bac3c3b8191b716268a5ca0bc97de62e28eea5629faac02048844acfcb0a18ceb9eccaa59c4957216fa52889e87392dc1e7482f4b303740b59e4fb196b3f3c78ce263bf89f91ac71eada7198f89fcbb85e3c7fa2a7749fad6268c8318f0ea5f64effb28fe53a85e6a7fe1913a8fa31190c974d44f8cf0c3855e2c2506760db0d11a74e5409154fec06a30a9b9fb1c7d24071ec77a85aae61dfcabbc33aa69ce20c89ed21ce5d7a4f", 0x47, "fd97246b0f376f329b5361071d96e4b5be117dd9b8e64e70e819647680c482cad8d62fa5443f53ab88423d71a9037e1d4a133aac14e2c894488b8fa81a8aba10eb7c47009a075e"}, 0xe0, "054e64206f4d199ef68169adeef8fe278f4937a899f8fe446d83a76cbcdc802dfb5484518f75a31b15d779cdc8269eb506b235c850f56e4b50dad71e1b2aa2c8552eea17b25faa9745d8f3d7cf1910224d8f7e97c738d378e6e61889c7d018cfe3bc6e83b1eeea51f8ec308e9bcc9948a643a28fce2844e4c4d5dcd0b7d03361955998f7767ca6851e76493300bc665b638c0889b9df13ced9e48b395e88c3e63f06f0606a46dfd25bf434ec584417fc9e03b44a8a4ed205c586f8f425503aaa2bedc8d6e0124ba80aedf308def36b81f6d7b588cd4e3953ef375ffa25707ad0"}, 0x223}) syz_open_dev$loop(&(0x7f0000001f40), 0x0, 0x581000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001fc0)={&(0x7f0000001f80)='snd_soc_dapm_walk_done\x00', r2, 0x0, 0x1}, 0x18) openat$tun(0xffffffffffffff9c, &(0x7f0000002000), 0x40, 0x0) preadv(r4, &(0x7f0000002280)=[{&(0x7f0000002040)=""/171, 0xab}, {&(0x7f0000002100)=""/158, 0x9e}, {&(0x7f00000021c0)=""/163, 0xa3}], 0x3, 0xff, 0x6c7) fstat(r0, &(0x7f00000022c0)) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r3, &(0x7f0000002400)={&(0x7f0000002340)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000023c0)={&(0x7f0000002380)={0x14, 0x3, 0x2, 0x101, 0x0, 0x0, {0x5}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4040010}, 0x20048080) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000002540)={@ifindex, 0x2, 0x0, 0x26c, &(0x7f0000002440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000002480)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000024c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000002500)=[0x0, 0x0], 0x0}, 0x40) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000002640)={'ip6_vti0\x00', &(0x7f00000025c0)={'ip6_vti0\x00', 0x0, 0x29, 0xf5, 0x83, 0x6, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, 0x1, 0x7800, 0x3, 0xc}}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000002940)={r3, 0xe0, &(0x7f0000002840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000002680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x5, &(0x7f00000026c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000002700)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xd4, &(0x7f0000002740)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000002780), &(0x7f00000027c0), 0x8, 0x1f, 0x8, 0x8, &(0x7f0000002800)}}, 0x10) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000002580)={@ifindex=r6, r3, 0x1, 0x24, 0x0, @void, @void, @void, @value=r7, r5}, 0x20) r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000002980)={@local, 0x53, 0x0, 0x76e7a754cde16f44, 0x1, 0x4, 0x8}, &(0x7f00000029c0)=0x20) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000002a00)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000002a80)={r9, 0x2, r8, 0x5, 0x80000}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000002ac0)={'hsr0\x00'}) r10 = syz_genetlink_get_family_id$fou(&(0x7f0000002b40), r0) sendmsg$FOU_CMD_GET(r0, &(0x7f0000002c00)={&(0x7f0000002b00)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000002bc0)={&(0x7f0000002b80)={0x1c, r10, 0x800, 0x70bd27, 0x25dfdbff, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @local}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x90) writev(r2, &(0x7f0000002c40), 0x0) sendmsg$L2TP_CMD_NOOP(r3, &(0x7f0000002d80)={&(0x7f0000002c80)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000002d40)={&(0x7f0000002d00)={0x30, 0x0, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @private1}, @L2TP_ATTR_DEBUG={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x440c0}, 0xc080) 857.288568ms ago: executing program 5 (id=928): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_udplite(0xa, 0x2, 0x88) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4affeeaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80", @ANYRES16=r2, @ANYRES32=r2], 0x44}}, 0x0) 848.475756ms ago: executing program 1 (id=929): r0 = open(&(0x7f0000000200)='./file0\x00', 0x40, 0x0) getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9ab, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffc000/0x4000)=nil) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000240)=[{&(0x7f0000000200)="d93db731205681d52d10713337237ab8f409e9d0286ac4f933a70765062bd617b586b1232882b4bd1d68", 0xf000}, {0x0, 0xffffffc0}], 0x2) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) r4 = openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0) write$cgroup_devices(r4, 0x0, 0xa) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) execve(&(0x7f0000000080)='./file0\x00', &(0x7f0000000500)={[&(0x7f0000000180)='sched_switch\x00', &(0x7f00000001c0)='\x00', &(0x7f0000000300)='\xff\xff', &(0x7f0000000340)='GPL\x00', &(0x7f0000000440)='\x00', &(0x7f0000000480)='\xff\xff']}, &(0x7f0000000640)={[&(0x7f0000000540)='{\x00', &(0x7f0000000580)='\x00', &(0x7f00000005c0)='/dev/sequencer\x00', &(0x7f0000000600)='sched_switch\x00']}) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) socket$alg(0x26, 0x5, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r6}) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000140)={0xc}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r5, 0x3b8b, &(0x7f0000000040)={0x10, 0x1}) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6}]}) socket$inet6_sctp(0xa, 0x1, 0x84) close_range(r7, 0xffffffffffffffff, 0x0) fcntl$setlease(r0, 0x400, 0x0) fanotify_init(0x8, 0x400) 301.641416ms ago: executing program 4 (id=930): ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4028af11, &(0x7f00000001c0)) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001180)={0x6, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001bc0)={r1, 0x7000000, 0x4000, 0x4000, &(0x7f0000001cc0)="633268f83ca3000000a2029e3815bb2fa117d8326687688b2c969fd7267d546214af00d1ca2524d00f9e4d9555f3ab381b5d44fd6bda8c509e66101d296f10c805252e7c5d48d9814f46db8f07441878734b13270fe47fba418b7358984b9a61c2bbf964a520459fd0d90590b46cf1677d580a26933b6e35aee75996b73a15a25aa8ae2f1f9bc9699a505c0dc4050ab2255fc35f508ccc52f10ac12febf28652fe36f725714868675ca2a7042ab4b26904b2f000589694f69ab0b22a5aec72c5036ce1c8974690045e4ab412a70336b4c65b2dfc8121af4143c2e10a0e5632bcd44e0b000029da424d86f298656822dae2c002e289fbfa6fe0dfb2fd57713a7684dc166c628dc45027ac174c5db54f22e409eb4e94263dbc9919f90f1af3290918b9824c3e0268b300bf69cc2eb3fc58f655439bdbe2b905", &(0x7f0000001c40)=""/76, 0x0, 0x0, 0x47, 0x50, &(0x7f0000001ac0)="9c01bd6f9a6028c80d7364240fd78867d9d62eca43c565f2c5ac65dd4a0fadceb6c65dcb07f2421e69087e0f17b4eb709e4805f2722709c46bef17c4cb9aed9fb1c342179ea349", &(0x7f0000001a40)="408fd0050dc7945b483103067eca9bd26ffbe35abf0f88a103f6893dc2b1d1cdc2195d4ae89abc04ff5fe5d2466892c81015df835a7d47be4f852161bc4015e7564b08584290fe1762f943a653008ac5", 0x1, 0x0, 0x13}, 0x22) 101.764353ms ago: executing program 5 (id=931): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="130000001000000008"], 0x50) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES32=r3], 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r2}, &(0x7f0000000080), &(0x7f0000000100)=r3}, 0x20) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000002380)={0x0, 0x0, &(0x7f0000002340)={&(0x7f00000022c0)={0x24, 0x7, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x3}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x8000) r4 = creat(&(0x7f00000001c0)='./file0\x00', 0x40) close(r4) r5 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000280)={'syz_tun\x00', 0x0}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.net/syz0\x00', 0x1ff) bind$packet(r4, &(0x7f0000000080)={0x11, 0x808, r6, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14) r7 = socket$inet6(0xa, 0x80002, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000001bc0)={'batadv_slave_1\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r7, 0x8916, &(0x7f00000003c0)={@remote, 0x1d, r8}) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000b80)={'batadv_slave_1\x00', 0x0}) setsockopt$inet6_mreq(r9, 0x29, 0x1b, &(0x7f0000000300)={@remote, r11}, 0x14) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 93.28145ms ago: executing program 1 (id=932): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, 0x0) 0s ago: executing program 4 (id=933): syz_usb_connect(0x0, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="1201000068e04d206f0e2c586831010203010902240001000000000904000002ff47d000090509e700008000040905", @ANYBLOB="b5174f"], 0x0) r0 = socket(0x2b, 0x80801, 0x1) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, 0x0, 0x18) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x1d, r1}, 0x10, &(0x7f0000000080)={&(0x7f0000000100)={0x3, 0x804, 0x2, {}, {}, {0x1, 0x0, 0x0, 0x1}, 0x1, @canfd={{0x0, 0x0, 0x0, 0x1}, 0x5, 0x2, 0x0, 0x0, "475ffd55998951226156450cd02ee3a18aa6eb7a3c478916a47ac012937c79f5e52ad7046404ed32a0d55b661c51faee2a235fd6a4222df035fc2235779cd386"}}, 0x80}}, 0x4040000) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000280)=@buf={0x8d, &(0x7f00000001c0)="f30f32af3f71a2cc0b9c8042d20069f6fb300b2e68f8e9960ce3fe99c29c822e9fcb12ff4efa40e2f348c113c5431f1ee3ed44dabdb44c79d453e77ad0cdc28ef17995e467588933050b7e6837eef3ffcb765d191c05e1de3fc71345396053594f4929fa97b67bae788d9440bb524327b8cd05c2063d61e341514038982a9396b26ef10d0c9df03b5b79cf49d4"}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = socket$igmp6(0xa, 0x3, 0x2) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000180)={0xaa, 0x20d}) r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) r6 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030010000b05d25a806c8c6394f90324fc60100002000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000100)={r5, r5, r5}, 0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={'sha224\x00'}}) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0xfc1, &(0x7f0000001fc0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd67ac85e00f8b8400fe8000000000000000000000000000aafe8000000000000000000000000000bb2d13b33be3f5d870d376502cefae1c1608e54371f32965179df24db263f4cfe67e25f3eced87fe7f9f253ad451ef1b46003067006eda0000dcae411197839ac04296a2c5cb14eaa0b2cf4d9b44d65763578854a1ba031166850958cb084827b22e1257f89418fa9c423f47e64c8de2dd9e02ecf97dd8ab6735cb497c6fcb3cc81668b1b3582dfd467135ee639a516671dd5503e95c0d77da05596651e070b4dd18797fdb7b7ca2123ebb5eaa88dd8ad16799bb229e5cd5e72a40f3ecaf4217740920c84340d55779295f708774978dd7017083a9cfdf57e4b3711eeb40e3f1e017fea9f16ea7e123bf40b1451c2be855c54d7757236840ef53766d60a4ecb82c3618f30275dfe3d8c5ae677d1e821363b051956c24a566ef15098bef7f1f32805f5e24c48756e866eace7a96784b869081e83ea77352cf0c2f7074f66a8af7d43ccde123764eba6215ae73ebbd3308e0682ac9191a096e8bb68417551c2793b1928b06b9cc7dd40b4985f10d53c2c26ace9e8c38381110c28242aa601fc920d8a402ebf3401a8c81735ea4ea1c440080bd564e0db1891e9b74f6a1158012d784333ab3a26030ad6d1f121dd704268129f6bfba3b3785f286dcdb3370ba61c221d5a539a9a0453b58561b0870e3c1dee337e0f13a68c2703429c1c41e3fb7acdbe504ec1f0e251b8886a882281a2c4a4666fe28a477a497c896465bc93f4b49c65410ba7cdf3f65070c7fdc475716aff51d9e144989c04e03065489b2299c78ac74b3a559f871f0278b300eb7d50d82de82efd9e5bd56f76e4624f6d85f54c6e6640b867948df76febeda3e1f4326357bd014dda31346dfaba20893267f2da002eb14e9ac0ef27a420106b00704393d9b96d6fdfae3329471fd9737550122a9408fc18a7abf3691b0e7bd17fb4f3b1021090c0359cde017ecedb46f3c6db6054316601b19219c2ad16ac191e5ecd8752e0d87db6ea57196327678dd251f2cd9af3c4eb74f53322234c524c280fd9c3f6124c29fb7824bad7123a098783c2089f44ce8934a676508e16917245e6fa5298a31e8ed492d85ff21e1edf96398cf0963c0e6d9a4201ab6d683f5f0e3a6ca1cb05f0f3358d8b5279047ff6c8b896f8ab815e6e1541fe03a786377dcfe4ab774791cf85c75394f55a499a91b4e9bc7ee99dc2ce0478d9f7ab7aef86a120448aa8b34dc63aae289cfc9742c3be30cfb536c93c3175282f71fa5590a86b2a89290515481810e5275e2904b8cf5302636ba9cfabb9a8450cc987e40772eafa087b32a29ce68fecc8f42c0205bb38186470f4deeea3079a888422d9a61a02d7076976e6de07936239027e0558117ae0c808908b91341a8eb7a7ce0b7688530e8e196a84ec986f06064f4a4776f84e2491e75e4640fb5e0d10ecd20cfc88ab4bc3ca1474b9af644d486007cd80a2da571462a5dc4e58b4e79dbf31f33ffc4fd891af800227a21112912a093b1b766aa4569ecf15599b9d39e140d7eab5070504d6852c29806204a178f15633928951bb6f692597d09186a9b54d8db4c1bd1357ae50d559705d058ec246711fd09c1aa5e4d0fff9cee5843e94790db48507493f9bbf1710aa80da012d1fa26fae2bcb04f203f0504fada797f439c6dc05944cb3ea8153d8bd3a158db483adfa336508d03676d1736b047b1dd428d019b5e7bf7a8bbc2e061cb8d44c08733e5352e87205a10798282578d88299dd228e705881be8491c20dfb60d24da7feb7a77efbd865391222669d9434626f114db618e6ad41d5a3f7ef0676982c0e9fabad53f04f86bc17fb7a767b417e0fe576b3e6aef1a7de77437e4a05331c0100e69971124e42a63ca354edac975434b4765b77437634785cb10b3f5503b1e4b85311e44c9ac71d75d9faa2c5188af20717f7b5e8704c0df81c4426b5246f09b76b9c9467e6a048449ce3b71aaf172a3faeb06eded67747afe6e0ed04730f911d7d8dbb4dcfe0284740657ecfd2c804c4a5e9dd6e10767c39a5bfd616f13c9d5e73517dba8df922c41f1696c1b2ef756ffe9d70d4955d6aef3a2f4995a293aac0b022ed74187f3fc2756a4791e103be02c8cefbbe030b3eb61cd040366dffd0b2d1eb4dd35af52a3e516db7a3b5ef073fe2cf2a69e5d0d06bc4bf4d2d70fd568b234371510f01c2ca82d6920e1110a0216941c756c756e0230ed97219dd7a807dfaded5519fc9a06ef2e4b25483eab3cf0c6d21c420dc5c00b18fed5ca2ad938f0bed53b568182bd692f1f68d52249eb6b55f9a8f885e9121ea839a071250fb09d4a8aa803f84bea3c45a9ceb9cc21e3baa9b98e430884fd856b485c82d3041237aca26d9833d1606c5407c7a3e544068f83294b052a6655460d0d783614bc96b0838633f297fef91d186516cc0b68a1b03451e91122c5a081d9f739c408525e67fdf398b7a8a2e5ad90904cdd4471cb885452a26a3b43e46d32feb11930e13506276fac6b2f51f2f066c8de7ce6239a78ed77f8a8745867e071ea7dd217a72a52a2624234a2c57b1df3fc3c83b552636a4d93b20db9acdf0c0af9f765a1993ee84bc2a395c785e785b24524a9c6757a30c6b276710245b627cfe5594a22be97b768b58fa3959fe8e774f1411bf01cee14524d401073dbc13c5a9789eb950b43a64194fea16447694de1e38f1ac9c610edb85224671cdbb47ac280dfc02221e5fc0079dd2f4d52bbde726d6c4e33d44512d1c61f4b78ee20d9d1e0b99c711f495803c231ca37adc7f2f87601c432f1395e01e6342d162be20d38b2777fbe5f84b85cbca6de5b7a7ad05315a70e6ebc4aa12b37ac4c4a6eeae1002c22a154bc60d77cd65649a363092fa16dbfb7eac51efbde9a7d2c94a4fd50b3d3f3ec4eeec737f245bb0acf8fc91fd83ba099594ade06acc96da61329b0ac970a50b81d128c5766be625e659824d53a00b5d335b1831707a082c6cbd707a2d448b2e7b589b5ab04a7d2a399e4a3e825c4a52bcd034921b73a96bdc3a90e54edb09b5b34dc46c851f159ce234b685d312ca083efa57b789af69821d8c3b601730f67785761e8adc5615a03140931ce765d87cfee6d472d3babb6cdf51f6ffdeb382e776731a9103cabfe100a4e2a765a539d22cb91881e7a4cae9d1f3156c078e288206d2e92ab841096d178a0d3e505839db3c4672e3d847da061881408bed8d8132c7ab719cc752f49e3f8ecdb8314d28d8ef55c8403bdc1dce5ccccaf0e5908c305c5f83d54109a302db01bd8efe8b1cd1004b30493435be76c3e2178da429edc22735183a30efe28d4a306c267543af0fe48ae5e6a9cd789eab2b83b8f107ee5220633629c48e9d688ed3b8473d2253aa34e7d68329227414a9110dd4c5c7e2c869db7801b385e65e85f26ec42f6b22cb94e3018ca7da454c41cb7fe7516dd0bad8de89ce01a3435806d9a664cc9f9f7ed2a9c8692743adc8acac780a2d0bb14ae9ed4c79150fa436d36abaf12928a2016ec5873c501599a1263578e3aea3614d97c631a74b3869054deb42ff725c04c52e77d1c4afda878b3ad2d1a9666e544c0d5a9642eb762adedb443f27a2c44274600c0c9eb93957bc2d219c6ac63cd6effae3eb487c6ee8b149393bfa8845bccb8f6ff563e3a44c84758922810a25f308b70886b6050e93942e6b8f1ccf0eaad4adebdf3afdaba4b72438ee7c39477db44baa885db40f2202c4ebbe7dcfdd035cfe7242f4136c5156a2dea8c3746c511889116b55a784d3211d95a30b688fc1786d07bbd2ce5a60578120fd2844d476b49cbdb877f88e002ba5c418c3876cbb1405e1000a4809cfa0057743d3b957be1ad77df488b3946de756e6dafa66776e7e1b2e7f57ecbe6b7061745ff9cc32de654f23321c4b65a28bd5dcbb5c0678aba037ff7dbb56b4ba7681795b6a2078c38a3b3d02be2ac57ab8cbcdefb91f4edb4332e1cd79fda6d30a20d2341ddb35abc8e78aad0069791a58510fc8f21ff01f03a90375d2fd3748cab46e954378a0d7c39e789aada4fd11640e72c772e944013f5f29ec6f0ddf04bc256ef76c9a403162702f88a69de249e445f1e12fc952206d1a03fac439d1dd7edf9fdca41e4c0d6fbc725793fdb67f3c58505da74e913d5163c95aaf9b55fba713252347255641e8ad7541ecc2b0d7aa97fd57727bf3e46b3f82945235612cab57298d19db65beeb874c1ad498d5625e73bdbe81060cf1e2f2bdf12dbb37a916f854cba0b2493fc849832022edd30cf172c0488f54fefe635850afd9f680b1e45745c41cb9e723748ec1cd8f5e9a0cb1402403a62a01d88e175543d81cb4d089c5207f5ad28991ddb664ebc35d368d370a8e7eb6fd15f31a308dd9f37795713db6d9daaac10b564c96a6075e079f7d65f64b703d3a783c784c36d02c2dd13d901e89f57cc7d528bdeff064869a20ecc4a17e8cbe31dfe59e6705d26ca76c90421b50f55c6723228326a80b8a64f9db178cdfa1e63b484a3ae4b57ae167dd31a9e459ea8f6fbe3efa1a029231e255c02affd48cb03f9877780bd3866990c9e9b82005c7e058616773e18715a75ce6dec2bd6dca302e40fa3c152d2c7132ed57258b046e13a8a28e58c6bcab60342083c19ccff565fe7d4e3a9e226ff88d63dba39b2110c89867f6bc67b860195b7974fb39558edc05891e3a0238940b976fb7dacf14289c69be7fbfd50e303e3e84134ea4e39fc74780f5124f2ac4d58f9014e2863dc09b0262c87ef01d4925f9f0311175a64785f175c5ccce1ff1618e7052f7a1334e2e580fe2e5441a26993b7cbc80c2f0476f6a7ea822eeb2347251dfdca5ac2c1b8d17baea4dff76ded47ca77ba3eb1ec6c849ae7bed47853d4ef305c1aeb5f56a4f9b3869ae49678cfddabbde61091e46599d4eb2eb2f78fa0edc329732ab1f6d234e11d25bbe0dc4a632e2fa56c234009c1a2a3ed6538163b9c5a8f43e7f3fb56e3dd4c02684758ac3cfd42ab889545f1daf0e9e257bebdff2858a727c7f1211e228bf54f8d28b79e274714836e31dc5730e0984a203814589e4c138607275706364dafb7cadcff71501a4619add7d154647916786a839d9e0f077c3eb882813c2b52a9de6850f63443a8e8e883ad6edaa819324bcc645d155efd113b5903763d6e48b72871cf60e095b4e67f92ba4d97830208e0a4a87e2334e0bf671a1324b29f90c4c6e97ca7591b8ef06e7342ae318a31ac52acbc97a5669fde5227db5c987d39feb02834ed344ee707bb7fa2632a4b7c7a0a5e51983aacf184becfafe8b0e2ec5fc92eb83ff943fb8f738b127ddaef333a04961906a7c02d32505a7c79067bf3cbd558e6f1bd8a3a0b0810e2125f0a6781fb4ec0f66f290f18e1f1273e3cecbde08a8381e2dc24855a56250fbd2417a902760dc58f50abc6e39784caafe1dd4658d763919389270b383e5ce4cb59ea45f170099da412a0268c9fcaf3b80bdf8d5fa3e3343aa0e01843960bb8d9e024ff3552c08f507f0b8062219a95baf8602884f8c65365f3cdf64dc4d1b2f13795002c694bfa101a5790319371d44413336afe063088ac620c7615a9b65310992aaee2e8b896c900521cdc18d14f4b5e57b7b89c54814ff7446ab1f5ad8c547dc8503658fb6fe3511b354e424b37f86ad7edc18a643af4bfa117b38fc825350a4c4baced8b3dd014e32833b3fa21516fc31b67a9285eb64f"], 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58) setsockopt$sock_linger(r7, 0x1, 0xd, &(0x7f0000000200)={0x1, 0x7}, 0x8) r8 = socket$kcm(0x21, 0x2, 0x2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) sendmsg$kcm(r8, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0xffff, 0x2, 0x10, {0x2, 0x4e21, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x20000000) sendmsg$kcm(r8, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000100000051d833483cc75dd6900000000000000004000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319e2e66d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0) listen(r7, 0x5) accept4(r7, &(0x7f0000000240)=@x25, 0x0, 0x80800) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r9, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) kernel console output (not intermixed with test programs): : Insufficient options for proto=fd [ 333.746004][ T7817] qnx4: no qnx4 filesystem (no root dir). [ 333.796865][ T7817] ubi: mtd0 is already attached to ubi31 [ 335.339907][ T5824] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 336.976205][ T5880] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 337.568897][ T5824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.839629][ T9] usb 1-1: USB disconnect, device number 10 [ 337.881212][ T5880] usb 4-1: Using ep0 maxpacket: 32 [ 337.970636][ T7836] netlink: 'syz.4.511': attribute type 10 has an invalid length. [ 338.660133][ T7829] qnx4: no qnx4 filesystem (no root dir). [ 338.679969][ T7829] ubi: mtd0 is already attached to ubi31 [ 339.191453][ T5824] usb 5-1: can't set config #32, error -71 [ 339.279856][ T5824] usb 5-1: USB disconnect, device number 11 [ 339.660711][ T7843] netlink: 40 bytes leftover after parsing attributes in process `syz.2.513'. [ 340.350452][ T7842] netlink: 8 bytes leftover after parsing attributes in process `syz.4.512'. [ 340.390283][ T7700] udevd[7700]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 340.416367][ T5880] usb 4-1: device descriptor read/all, error -71 [ 340.758576][ T7850] netlink: 16 bytes leftover after parsing attributes in process `syz.2.515'. [ 340.857759][ T7850] team0: No ports can be present during mode change [ 340.895120][ T7850] netlink: 'syz.2.515': attribute type 10 has an invalid length. [ 340.979580][ T7851] netlink: 4 bytes leftover after parsing attributes in process `syz.2.515'. [ 341.024722][ T7850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 341.045587][ T7850] team0: Port device bond0 added [ 341.105216][ T7852] netlink: 16 bytes leftover after parsing attributes in process `syz.3.516'. [ 342.392018][ T7857] program syz.4.517 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 342.411788][ T7860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.516'. [ 343.126248][ T7876] qnx4: no qnx4 filesystem (no root dir). [ 344.030637][ T7851] team0 (unregistering): Port device team_slave_0 removed [ 344.044017][ T7851] team0 (unregistering): Port device team_slave_1 removed [ 344.060835][ T7851] team0 (unregistering): Port device bond0 removed [ 344.099060][ T7848] team0: No ports can be present during mode change [ 344.181700][ T7862] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 344.189085][ T7862] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 344.195250][ T7862] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 344.201426][ T7862] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 344.207560][ T7862] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 344.855827][ T7890] netlink: 'syz.2.522': attribute type 10 has an invalid length. [ 345.812455][ T7892] qnx4: no qnx4 filesystem (no root dir). [ 345.854680][ T7892] ubi: mtd0 is already attached to ubi31 [ 346.281590][ T5131] Bluetooth: hci0: command 0x0406 tx timeout [ 346.287781][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 346.287805][ T5838] Bluetooth: hci2: command 0x0406 tx timeout [ 346.293933][ T5131] Bluetooth: hci1: command 0x0406 tx timeout [ 346.294033][ T5829] Bluetooth: hci4: command 0x0406 tx timeout [ 346.352723][ T7860] team0 (unregistering): Port device team_slave_0 removed [ 346.392573][ T7860] team0 (unregistering): Port device team_slave_1 removed [ 346.707764][ T7904] 9pnet_fd: Insufficient options for proto=fd [ 347.281052][ T5824] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 347.656437][ T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 348.700258][ T5824] usb 1-1: Using ep0 maxpacket: 32 [ 350.131904][ T7907] netlink: 8 bytes leftover after parsing attributes in process `syz.2.527'. [ 350.207674][ T5895] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 350.249650][ T5824] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 350.277543][ T5824] usb 1-1: can't read configurations, error -71 [ 350.391442][ T5895] usb 2-1: Using ep0 maxpacket: 32 [ 350.400617][ T5895] usb 2-1: config 2 has an invalid interface number: 45 but max is 0 [ 351.941149][ T5895] usb 2-1: config 2 has no interface number 0 [ 352.131230][ T5895] usb 2-1: config 2 interface 45 has no altsetting 0 [ 352.189641][ T5895] usb 2-1: string descriptor 0 read error: -71 [ 352.225143][ T5895] usb 2-1: New USB device found, idVendor=1b3d, idProduct=011a, bcdDevice=e5.fe [ 352.237172][ T7918] 9pnet_fd: Insufficient options for proto=fd [ 352.275605][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.322132][ T5895] usb 2-1: can't set config #2, error -71 [ 352.350079][ T5895] usb 2-1: USB disconnect, device number 10 [ 352.383556][ T5824] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 352.535073][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 352.598717][ T7926] qnx4: no qnx4 filesystem (no root dir). [ 352.632643][ T7926] ubi: mtd0 is already attached to ubi31 [ 352.782253][ T5824] usb 3-1: Using ep0 maxpacket: 32 [ 353.049110][ T5824] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 353.058974][ T5824] usb 3-1: config 0 has no interface number 0 [ 353.083988][ T5824] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 353.158875][ T7932] qnx4: no qnx4 filesystem (no root dir). [ 353.183535][ T7932] ubi: mtd0 is already attached to ubi31 [ 353.323090][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 353.466995][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 353.488508][ T5824] usb 3-1: config 0 interface 85 has no altsetting 0 [ 353.498537][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 353.524747][ T5824] usb 3-1: string descriptor 0 read error: -71 [ 353.533619][ T5824] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 353.543950][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85 [ 353.570801][ T5824] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.584118][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 353.600526][ T9] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 353.618837][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.643797][ T5824] usb 3-1: config 0 descriptor?? [ 353.661565][ T5824] usb 3-1: can't set config #0, error -71 [ 353.667508][ T9] usb 1-1: Product: syz [ 353.683835][ T9] usb 1-1: Manufacturer: syz [ 353.691772][ T5824] usb 3-1: USB disconnect, device number 16 [ 353.704016][ T9] usb 1-1: SerialNumber: syz [ 353.721269][ T7935] netlink: 12 bytes leftover after parsing attributes in process `syz.2.537'. [ 353.743022][ T9] usb 1-1: config 0 descriptor?? [ 353.891872][ T7941] netlink: 16 bytes leftover after parsing attributes in process `syz.4.538'. [ 354.031426][ T7941] team0: No ports can be present during mode change [ 354.103587][ T7941] netlink: 'syz.4.538': attribute type 10 has an invalid length. [ 354.264376][ T7945] netlink: 'syz.0.530': attribute type 1 has an invalid length. [ 354.300527][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input26 [ 354.311401][ T7945] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.530'. [ 354.361446][ T7941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 354.392240][ T7941] team0: Port device bond0 added [ 354.668354][ T7937] netlink: 4 bytes leftover after parsing attributes in process `syz.4.538'. [ 354.785202][ T5176] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 354.917584][ T7937] team0 (unregistering): Port device team_slave_0 removed [ 354.937028][ T7937] team0 (unregistering): Port device team_slave_1 removed [ 354.954116][ T7937] team0 (unregistering): Port device bond0 removed [ 354.994505][ T5176] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 355.136368][ T5176] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 355.157159][ T7944] 9pnet_virtio: no channels available for device syz [ 355.215858][ T7700] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 355.274713][ T5176] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 355.303762][ C1] xpad 1-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1 [ 355.321254][ T5176] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 355.496154][ T5176] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 355.628520][ T5895] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 355.781270][ T5895] usb 3-1: device descriptor read/64, error -71 [ 356.000649][ T9] usb 1-1: USB disconnect, device number 13 [ 356.064811][ T5895] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 356.311180][ T5895] usb 3-1: device descriptor read/64, error -71 [ 356.591575][ T7977] netlink: 'syz.0.547': attribute type 10 has an invalid length. [ 356.813685][ T5895] usb usb3-port1: attempt power cycle [ 357.654701][ T5895] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 357.687296][ T7981] syz.0.548: attempt to access beyond end of device [ 357.687296][ T7981] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0 [ 357.701046][ T7981] MINIX-fs: unable to read superblock [ 357.711458][ T7981] netlink: 'syz.0.548': attribute type 44 has an invalid length. [ 357.711856][ T5895] usb 3-1: device descriptor read/8, error -71 [ 358.391932][ T5895] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 358.427935][ T7987] qnx4: no qnx4 filesystem (no root dir). [ 358.459480][ T7987] ubi: mtd0 is already attached to ubi31 [ 358.828607][ T5895] usb 3-1: device not accepting address 20, error -71 [ 358.835840][ T5895] usb usb3-port1: unable to enumerate USB device [ 359.170686][ T7991] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.190111][ T7991] bond0: (slave rose0): Enslaving as an active interface with an up link [ 359.902609][ T8003] netlink: 16 bytes leftover after parsing attributes in process `syz.0.553'. [ 359.969443][ T8003] team0: No ports can be present during mode change [ 359.993541][ T8003] netlink: 'syz.0.553': attribute type 10 has an invalid length. [ 360.102605][ T8004] netlink: 4 bytes leftover after parsing attributes in process `syz.0.553'. [ 360.455785][ T8003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 360.535775][ T8003] team0: Port device bond0 added [ 361.499649][ T8018] netlink: 'syz.4.555': attribute type 10 has an invalid length. [ 361.698239][ T8023] netlink: 12 bytes leftover after parsing attributes in process `syz.3.556'. [ 361.905125][ T8004] team0 (unregistering): Port device team_slave_0 removed [ 361.959211][ T8004] team0 (unregistering): Port device team_slave_1 removed [ 361.997372][ T8004] team0 (unregistering): Port device bond0 removed [ 362.097727][ T5880] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 362.153621][ T7991] bond0: (slave rose0): Releasing backup interface [ 362.361225][ T5880] usb 2-1: Using ep0 maxpacket: 32 [ 362.376969][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 362.434116][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 362.475723][ T5880] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85 [ 362.507979][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 362.683368][ T5880] usb 2-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 362.723769][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.742159][ T5880] usb 2-1: Product: syz [ 362.746386][ T5880] usb 2-1: Manufacturer: syz [ 362.751006][ T5880] usb 2-1: SerialNumber: syz [ 362.782388][ T5880] usb 2-1: config 0 descriptor?? [ 362.825471][ T5880] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input27 [ 362.938260][ T5176] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 363.104212][ T8028] netlink: 'syz.1.557': attribute type 1 has an invalid length. [ 363.113876][ T8055] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 363.217862][ T5176] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 363.219762][ T8056] qnx4: no qnx4 filesystem (no root dir). [ 363.251827][ T8028] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.557'. [ 363.291793][ T8054] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 363.294779][ T8056] ubi: mtd0 is already attached to ubi31 [ 363.393189][ C1] xpad 2-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1 [ 363.685841][ T5176] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 363.791742][ C1] xpad 2-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1 [ 364.221687][ T5176] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 364.569759][ T7700] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 364.638754][ T5176] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 364.753571][ T5176] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 364.870043][ T5176] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 365.173198][ C1] xpad 2-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1 [ 365.183592][ T8095] netlink: 'syz.0.569': attribute type 10 has an invalid length. [ 365.455680][ T24] usb 2-1: USB disconnect, device number 11 [ 365.614378][ T8104] netlink: 16 bytes leftover after parsing attributes in process `syz.4.572'. [ 365.696684][ T8106] netlink: 'syz.4.572': attribute type 10 has an invalid length. [ 365.730627][ T8106] netlink: 4 bytes leftover after parsing attributes in process `syz.4.572'. [ 365.739919][ T5879] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 365.991873][ T5879] usb 1-1: Using ep0 maxpacket: 32 [ 366.008510][ T5879] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 366.044820][ T5879] usb 1-1: config 0 has no interface number 0 [ 366.074256][ T5879] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 366.140903][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.224361][ T5879] usb 1-1: Product: syz [ 366.243868][ T5879] usb 1-1: Manufacturer: syz [ 366.248545][ T5879] usb 1-1: SerialNumber: syz [ 366.290556][ T5879] usb 1-1: config 0 descriptor?? [ 366.323314][ T8113] binder: BINDER_SET_CONTEXT_MGR already set [ 366.329647][ T8113] binder: 8112:8113 ioctl 4018620d 200000000040 returned -16 [ 366.337962][ T8113] binder: 8112:8113 ioctl c0306201 2000000003c0 returned -14 [ 366.340509][ T5879] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 366.360962][ T8113] binder: 8112:8113 ioctl ae01 0 returned -22 [ 366.523276][ C1] usb-serial ttyUSB0: qt2_process_read_urb - unsupported command 21 [ 366.570421][ T5879] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 366.604833][ T5879] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 366.733630][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 366.742180][ T5879] usb 1-1: USB disconnect, device number 14 [ 366.753224][ T5879] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 366.850865][ T5879] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 366.869123][ T5879] quatech2 1-1:0.51: device disconnected [ 367.364332][ T8130] netlink: 'syz.4.577': attribute type 10 has an invalid length. [ 369.648333][ T8145] netlink: 10 bytes leftover after parsing attributes in process `syz.2.578'. [ 369.862903][ T8144] netlink: 'syz.1.581': attribute type 10 has an invalid length. [ 370.313046][ T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 370.571188][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 370.817536][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 370.829798][ T8158] netlink: 16 bytes leftover after parsing attributes in process `syz.3.585'. [ 370.878784][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 370.894373][ T8163] netlink: 'syz.3.585': attribute type 10 has an invalid length. [ 370.932980][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85 [ 370.954161][ T8166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.585'. [ 371.001768][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 371.959708][ T9] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 371.981293][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.989345][ T9] usb 1-1: Product: syz [ 372.092349][ T9] usb 1-1: Manufacturer: syz [ 372.364584][ T9] usb 1-1: SerialNumber: syz [ 372.399766][ T9] usb 1-1: config 0 descriptor?? [ 372.509444][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input29 [ 372.601666][ T5176] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 372.645979][ T8148] netlink: 'syz.0.583': attribute type 1 has an invalid length. [ 372.654741][ T8148] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.583'. [ 372.712603][ T5176] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 372.865243][ T7700] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 372.968496][ T5176] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 373.065605][ T8186] netlink: 28 bytes leftover after parsing attributes in process `syz.2.590'. [ 373.453622][ T5176] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 374.647055][ T9] usb 1-1: USB disconnect, device number 15 [ 374.690348][ T8194] netlink: 4 bytes leftover after parsing attributes in process `syz.2.590'. [ 374.701120][ T8194] netlink: 8 bytes leftover after parsing attributes in process `syz.2.590'. [ 375.225731][ T8201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 375.289805][ T8201] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 375.487193][ T8213] siw: device registration error -23 [ 375.621371][ T24] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 375.911589][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 375.969543][ T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 375.994582][ T24] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 376.021141][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.076915][ T24] usb 5-1: config 0 descriptor?? [ 376.162420][ T9] usb 1-1: device descriptor read/64, error -71 [ 376.411637][ T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 376.431276][ T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 376.485311][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 376.513392][ T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 376.547134][ T24] usb 5-1: media controller created [ 376.611183][ T9] usb 1-1: device descriptor read/64, error -71 [ 376.619247][ T8208] az6027: more than 2 i2c messages at a time is not handled yet. TODO. [ 376.634227][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 376.797204][ T9] usb usb1-port1: attempt power cycle [ 376.940033][ T24] az6027: usb out operation failed. (-71) [ 377.032656][ T24] az6027: usb out operation failed. (-71) [ 377.038791][ T24] stb0899_attach: Driver disabled by Kconfig [ 377.121512][ T24] az6027: no front-end attached [ 377.121512][ T24] [ 377.149670][ T8231] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 377.221584][ T24] az6027: usb out operation failed. (-71) [ 377.242487][ T8231] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 377.269757][ T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 377.294590][ T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 377.352350][ T9] usb 1-1: device descriptor read/8, error -71 [ 377.389908][ T8231] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 377.393939][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input31 [ 377.438993][ T8231] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 377.452255][ T24] dvb-usb: schedule remote query interval to 400 msecs. [ 377.470933][ T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 377.497377][ T8231] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 377.528035][ T8231] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 377.536177][ T24] usb 5-1: USB disconnect, device number 13 [ 377.543014][ T8231] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 377.569415][ T8231] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 377.605684][ T8231] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 377.634954][ T8236] fuse: Unknown parameter '' [ 377.641988][ T8231] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 377.653626][ T9] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 377.664349][ T8236] netlink: 20 bytes leftover after parsing attributes in process `syz.1.595'. [ 377.725547][ T9] usb 1-1: device descriptor read/8, error -71 [ 377.829763][ T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 377.843279][ T9] usb usb1-port1: unable to enumerate USB device [ 377.928822][ T30] audit: type=1800 audit(1748251150.167:5): pid=8239 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.603" name="bus" dev="overlay" ino=641 res=0 errno=0 [ 378.471289][ T9] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 378.601748][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.608135][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.614677][ T9] usb 3-1: device descriptor read/64, error -71 [ 378.680779][ T8254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.608'. [ 378.948140][ T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 378.975693][ T8261] netlink: 4 bytes leftover after parsing attributes in process `syz.0.609'. [ 378.985478][ T8261] netlink: 8 bytes leftover after parsing attributes in process `syz.0.609'. [ 379.221259][ T9] usb 3-1: device descriptor read/64, error -71 [ 379.461606][ T9] usb usb3-port1: attempt power cycle [ 379.836403][ T9] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 380.182541][ T9] usb 3-1: device descriptor read/8, error -71 [ 381.005677][ T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 381.640202][ T9] usb 3-1: device descriptor read/8, error -71 [ 381.825508][ T9] usb usb3-port1: unable to enumerate USB device [ 382.806645][ T8300] bond0: (slave rose0): Enslaving as an active interface with an up link [ 383.175150][ T8316] Bluetooth: MGMT ver 1.23 [ 383.258496][ T8322] tipc: Enabling of bearer rejected, failed to enable media [ 383.639977][ T8323] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 383.716724][ T24] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 383.741969][ T30] audit: type=1326 audit(1748251155.997:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8321 comm="syz.2.627" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4bf7d8e969 code=0x0 [ 383.880459][ T24] usb 4-1: too many configurations: 253, using maximum allowed: 8 [ 384.009349][ T24] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 384.106458][ T24] usb 4-1: can't read configurations, error -61 [ 384.412694][ T24] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 384.460534][ T8334] FAULT_INJECTION: forcing a failure. [ 384.460534][ T8334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 384.514981][ T8334] CPU: 1 UID: 0 PID: 8334 Comm: syz.1.630 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 384.515011][ T8334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 384.515029][ T8334] Call Trace: [ 384.515038][ T8334] [ 384.515051][ T8334] dump_stack_lvl+0x189/0x250 [ 384.515089][ T8334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.515117][ T8334] ? __pfx__printk+0x10/0x10 [ 384.515163][ T8334] should_fail_ex+0x414/0x560 [ 384.515196][ T8334] _copy_to_user+0x31/0xb0 [ 384.515229][ T8334] simple_read_from_buffer+0xe1/0x170 [ 384.515265][ T8334] proc_fail_nth_read+0x1df/0x250 [ 384.515297][ T8334] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 384.515322][ T8334] ? rw_verify_area+0x258/0x650 [ 384.515350][ T8334] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 384.515373][ T8334] vfs_read+0x200/0x980 [ 384.515407][ T8334] ? __pfx___mutex_lock+0x10/0x10 [ 384.515435][ T8334] ? __pfx_vfs_read+0x10/0x10 [ 384.515465][ T8334] ? __fget_files+0x2a/0x420 [ 384.515490][ T8334] ? __fget_files+0x3a0/0x420 [ 384.515508][ T8334] ? __fget_files+0x2a/0x420 [ 384.515537][ T8334] ksys_read+0x145/0x250 [ 384.515564][ T8334] ? rcu_is_watching+0x15/0xb0 [ 384.515595][ T8334] ? __pfx_ksys_read+0x10/0x10 [ 384.515627][ T8334] ? do_syscall_64+0xba/0x210 [ 384.515659][ T8334] do_syscall_64+0xf6/0x210 [ 384.515686][ T8334] ? clear_bhb_loop+0x60/0xb0 [ 384.515711][ T8334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.515731][ T8334] RIP: 0033:0x7f1a4118d37c [ 384.515750][ T8334] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 384.515768][ T8334] RSP: 002b:00007f1a42037030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 384.515789][ T8334] RAX: ffffffffffffffda RBX: 00007f1a413b5fa0 RCX: 00007f1a4118d37c [ 384.515804][ T8334] RDX: 000000000000000f RSI: 00007f1a420370a0 RDI: 0000000000000006 [ 384.515835][ T8334] RBP: 00007f1a42037090 R08: 0000000000000000 R09: 0000000000000000 [ 384.515853][ T8334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.515865][ T8334] R13: 0000000000000000 R14: 00007f1a413b5fa0 R15: 00007ffce64dab48 [ 384.515897][ T8334] [ 384.815157][ T24] usb 4-1: too many configurations: 253, using maximum allowed: 8 [ 384.824570][ T24] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 384.833559][ T24] usb 4-1: can't read configurations, error -61 [ 384.841525][ T24] usb usb4-port1: attempt power cycle [ 384.857566][ T8344] FAULT_INJECTION: forcing a failure. [ 384.857566][ T8344] name failslab, interval 1, probability 0, space 0, times 0 [ 384.870760][ T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 384.874075][ T8344] CPU: 1 UID: 0 PID: 8344 Comm: syz.1.633 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 384.874107][ T8344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 384.874121][ T8344] Call Trace: [ 384.874131][ T8344] [ 384.874142][ T8344] dump_stack_lvl+0x189/0x250 [ 384.874182][ T8344] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.874212][ T8344] ? __pfx__printk+0x10/0x10 [ 384.874253][ T8344] ? __pfx___might_resched+0x10/0x10 [ 384.874294][ T8344] ? fs_reclaim_acquire+0x7d/0x100 [ 384.874324][ T8344] should_fail_ex+0x414/0x560 [ 384.874353][ T8344] should_failslab+0xa8/0x100 [ 384.874377][ T8344] __kmalloc_noprof+0xcb/0x4f0 [ 384.874410][ T8344] ? tipc_nl_compat_doit+0x19b/0x5f0 [ 384.874438][ T8344] tipc_nl_compat_doit+0x19b/0x5f0 [ 384.874469][ T8344] ? __pfx_tipc_nl_compat_doit+0x10/0x10 [ 384.874495][ T8344] ? rcu_is_watching+0x15/0xb0 [ 384.874528][ T8344] ? cap_capable+0x11f/0x460 [ 384.874558][ T8344] ? safesetid_security_capable+0xa9/0x1a0 [ 384.874596][ T8344] ? bpf_lsm_capable+0x9/0x20 [ 384.874624][ T8344] ? security_capable+0x7e/0x2e0 [ 384.874663][ T8344] tipc_nl_compat_recv+0x83c/0xbe0 [ 384.874690][ T8344] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 384.874714][ T8344] ? __mutex_trylock_common+0x153/0x260 [ 384.874738][ T8344] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 384.874765][ T8344] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 384.874787][ T8344] ? __pfx___mutex_trylock_common+0x10/0x10 [ 384.874807][ T8344] ? __local_bh_enable_ip+0x12d/0x1c0 [ 384.874845][ T8344] ? rcu_is_watching+0x15/0xb0 [ 384.874888][ T8344] genl_family_rcv_msg_doit+0x215/0x300 [ 384.874931][ T8344] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 384.874992][ T8344] genl_rcv_msg+0x60e/0x790 [ 384.875032][ T8344] ? __pfx_genl_rcv_msg+0x10/0x10 [ 384.875063][ T8344] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 384.875089][ T8344] ? ref_tracker_free+0x63a/0x7d0 [ 384.875112][ T8344] ? __copy_skb_header+0xa7/0x550 [ 384.875156][ T8344] netlink_rcv_skb+0x219/0x490 [ 384.875184][ T8344] ? __pfx_genl_rcv_msg+0x10/0x10 [ 384.875217][ T8344] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 384.875278][ T8344] ? down_read+0x1ad/0x2e0 [ 384.875311][ T8344] genl_rcv+0x28/0x40 [ 384.875340][ T8344] netlink_unicast+0x75b/0x8d0 [ 384.875377][ T8344] netlink_sendmsg+0x805/0xb30 [ 384.875402][ T8344] ? is_bpf_text_address+0x26/0x2b0 [ 384.875442][ T8344] ? __pfx_netlink_sendmsg+0x10/0x10 [ 384.875479][ T8344] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 384.875502][ T8344] ? __pfx_netlink_sendmsg+0x10/0x10 [ 384.875530][ T8344] __sock_sendmsg+0x21c/0x270 [ 384.875557][ T8344] ____sys_sendmsg+0x505/0x830 [ 384.875595][ T8344] ? __pfx_____sys_sendmsg+0x10/0x10 [ 384.875637][ T8344] ? import_iovec+0x74/0xa0 [ 384.875672][ T8344] ___sys_sendmsg+0x21f/0x2a0 [ 384.875705][ T8344] ? __pfx____sys_sendmsg+0x10/0x10 [ 384.875780][ T8344] ? __fget_files+0x2a/0x420 [ 384.875800][ T8344] ? __fget_files+0x3a0/0x420 [ 384.875834][ T8344] __x64_sys_sendmsg+0x19b/0x260 [ 384.875867][ T8344] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 384.875919][ T8344] ? do_syscall_64+0xba/0x210 [ 384.875952][ T8344] do_syscall_64+0xf6/0x210 [ 384.875981][ T8344] ? clear_bhb_loop+0x60/0xb0 [ 384.876007][ T8344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.876028][ T8344] RIP: 0033:0x7f1a4118e969 [ 384.876049][ T8344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.876067][ T8344] RSP: 002b:00007f1a42037038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 384.876091][ T8344] RAX: ffffffffffffffda RBX: 00007f1a413b5fa0 RCX: 00007f1a4118e969 [ 384.876107][ T8344] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 384.876119][ T8344] RBP: 00007f1a42037090 R08: 0000000000000000 R09: 0000000000000000 [ 384.876133][ T8344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.876146][ T8344] R13: 0000000000000000 R14: 00007f1a413b5fa0 R15: 00007ffce64dab48 [ 384.876181][ T8344] [ 384.990086][ T8348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.634'. [ 385.231556][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 385.291281][ T24] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 385.299668][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 385.317920][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 385.322830][ T24] usb 4-1: too many configurations: 253, using maximum allowed: 8 [ 385.330282][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85 [ 385.350781][ T24] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 385.360127][ T24] usb 4-1: can't read configurations, error -61 [ 385.366663][ T5880] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 385.386346][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 385.406746][ T9] usb 5-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 385.416751][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.429488][ T9] usb 5-1: Product: syz [ 385.433808][ T9] usb 5-1: Manufacturer: syz [ 385.438443][ T9] usb 5-1: SerialNumber: syz [ 385.455112][ T8350] netlink: 4 bytes leftover after parsing attributes in process `syz.1.635'. [ 385.461944][ T9] usb 5-1: config 0 descriptor?? [ 385.492219][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input32 [ 385.502369][ T5880] usb 1-1: device descriptor read/64, error -71 [ 385.502435][ T24] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 385.520600][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 385.524189][ T24] usb 4-1: too many configurations: 253, using maximum allowed: 8 [ 385.548269][ T24] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 385.556848][ T24] usb 4-1: can't read configurations, error -61 [ 385.557508][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 385.564002][ T24] usb usb4-port1: unable to enumerate USB device [ 385.596038][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 385.653171][ T7700] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 385.683057][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 385.744447][ T8338] netlink: 'syz.4.631': attribute type 1 has an invalid length. [ 385.752500][ T8338] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.631'. [ 385.761804][ T5880] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 385.796814][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 385.855974][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 385.901467][ T5880] usb 1-1: device descriptor read/64, error -71 [ 386.183410][ T24] usb 2-1: new full-speed USB device number 12 using dummy_hcd [ 386.192472][ T5880] usb usb1-port1: attempt power cycle [ 386.217421][ T5895] usb 5-1: USB disconnect, device number 14 [ 386.303399][ T8368] No such timeout policy "syz1" [ 386.314691][ T8368] netlink: 'syz.2.638': attribute type 10 has an invalid length. [ 386.584990][ T24] usb 2-1: config 0 has an invalid interface number: 139 but max is 0 [ 386.590765][ T8370] qnx4: no qnx4 filesystem (no root dir). [ 386.601225][ T24] usb 2-1: config 0 has no interface number 0 [ 386.607848][ T24] usb 2-1: config 0 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 386.626505][ T24] usb 2-1: config 0 interface 139 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D [ 386.641222][ T24] usb 2-1: config 0 interface 139 altsetting 0 endpoint 0x8D has invalid maxpacket 14158, setting to 64 [ 386.651887][ T8370] ubi: mtd0 is already attached to ubi31 [ 386.661310][ T24] usb 2-1: config 0 interface 139 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 386.700601][ T24] usb 2-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6 [ 386.715205][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.733776][ T24] usb 2-1: Product: syz [ 386.738125][ T24] usb 2-1: Manufacturer: syz [ 386.757454][ T24] usb 2-1: SerialNumber: syz [ 386.781327][ T5880] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 386.817594][ T5880] usb 1-1: device descriptor read/8, error -71 [ 386.835678][ T24] usb 2-1: config 0 descriptor?? [ 386.869986][ T8356] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 386.883091][ T8356] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 387.121386][ T5880] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 387.198048][ T5880] usb 1-1: device descriptor read/8, error -71 [ 387.326613][ T5880] usb usb1-port1: unable to enumerate USB device [ 388.083305][ T8373] netlink: 8 bytes leftover after parsing attributes in process `syz.4.641'. [ 388.396613][ T8380] netlink: 28 bytes leftover after parsing attributes in process `syz.3.644'. [ 388.515875][ T8383] qrtr: Invalid version 0 [ 389.774630][ T8396] trusted_key: encrypted_key: insufficient parameters specified [ 389.994910][ T8396] ucma_write: process 435 (syz.0.648) changed security contexts after opening file descriptor, this is not allowed. [ 390.189108][ T8404] 9pnet: p9_errstr2errno: server reported unknown error 1844674407 [ 391.121462][ T6013] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 391.291414][ T6013] usb 3-1: Using ep0 maxpacket: 32 [ 391.378652][ T6013] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 391.436798][ T6013] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 391.467674][ T6013] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85 [ 391.553111][ T6013] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 391.685276][ T6013] usb 3-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 391.724998][ T6013] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.741526][ T6013] usb 3-1: Product: syz [ 391.745887][ T6013] usb 3-1: Manufacturer: syz [ 391.750536][ T6013] usb 3-1: SerialNumber: syz [ 391.784191][ T6013] usb 3-1: config 0 descriptor?? [ 391.812816][ T6013] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input33 [ 391.837314][ T5176] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 391.889215][ T5176] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 391.972758][ T24] mct_u232 2-1:0.139: MCT U232 converter detected [ 392.019316][ T8407] netlink: 'syz.2.651': attribute type 1 has an invalid length. [ 392.027224][ T8407] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.651'. [ 392.035404][ T5176] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 392.037083][ T8410] 9pnet_virtio: no channels available for device syz [ 392.061685][ T24] usb 2-1: MCT U232 converter now attached to ttyUSB0 [ 392.074715][ T24] usb 2-1: USB disconnect, device number 12 [ 392.167516][ T24] mct_u232 ttyUSB0: MCT U232 converter now disconnected from ttyUSB0 [ 392.181987][ T24] mct_u232 2-1:0.139: device disconnected [ 392.189998][ C0] xpad 3-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1 [ 392.221254][ T5824] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 392.319788][ T6230] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 392.427347][ T5824] usb 5-1: Using ep0 maxpacket: 8 [ 392.442056][ T5176] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 392.484531][ T5824] usb 5-1: config 2 has an invalid interface number: 206 but max is 0 [ 392.535714][ T5824] usb 5-1: config 2 has no interface number 0 [ 392.577306][ T5824] usb 5-1: config 2 interface 206 has no altsetting 0 [ 392.605085][ T5176] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 392.642821][ T5824] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10b2, bcdDevice=b1.2a [ 392.717774][ T5824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.738299][ T5176] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 393.020541][ T8430] netlink: 28 bytes leftover after parsing attributes in process `syz.3.656'. [ 393.127161][ T8426] 9pnet_fd: p9_fd_create_tcp (8426): problem connecting socket to 127.0.0.1 [ 393.170247][ T69] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 393.256616][ T6013] usb 5-1: USB disconnect, device number 15 [ 393.365600][ T69] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 393.518180][ T69] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.874245][ T5824] usb 3-1: USB disconnect, device number 26 [ 394.957213][ T69] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.042279][ T8450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.660'. [ 395.055340][ T8450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.660'. [ 395.546507][ T8445] netlink: 28 bytes leftover after parsing attributes in process `syz.1.660'. [ 397.325537][ T8472] netlink: 56 bytes leftover after parsing attributes in process `syz.4.665'. [ 397.360374][ T8469] FAULT_INJECTION: forcing a failure. [ 397.360374][ T8469] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 397.451720][ T8469] CPU: 0 UID: 0 PID: 8469 Comm: syz.3.666 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 397.451759][ T8469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 397.451772][ T8469] Call Trace: [ 397.451779][ T8469] [ 397.451788][ T8469] dump_stack_lvl+0x189/0x250 [ 397.451825][ T8469] ? __pfx_dump_stack_lvl+0x10/0x10 [ 397.451853][ T8469] ? __pfx__printk+0x10/0x10 [ 397.451897][ T8469] should_fail_ex+0x414/0x560 [ 397.451924][ T8469] _copy_to_user+0x31/0xb0 [ 397.451955][ T8469] simple_read_from_buffer+0xe1/0x170 [ 397.451991][ T8469] proc_fail_nth_read+0x1df/0x250 [ 397.452016][ T8469] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 397.452040][ T8469] ? rw_verify_area+0x258/0x650 [ 397.452067][ T8469] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 397.452089][ T8469] vfs_read+0x200/0x980 [ 397.452122][ T8469] ? __pfx___mutex_lock+0x10/0x10 [ 397.452149][ T8469] ? __pfx_vfs_read+0x10/0x10 [ 397.452178][ T8469] ? __fget_files+0x2a/0x420 [ 397.452201][ T8469] ? __fget_files+0x3a0/0x420 [ 397.452219][ T8469] ? __fget_files+0x2a/0x420 [ 397.452248][ T8469] ksys_read+0x145/0x250 [ 397.452273][ T8469] ? __fget_files+0x2a/0x420 [ 397.452293][ T8469] ? __pfx_ksys_read+0x10/0x10 [ 397.452324][ T8469] ? do_syscall_64+0xba/0x210 [ 397.452354][ T8469] do_syscall_64+0xf6/0x210 [ 397.452397][ T8469] ? asm_sysvec_call_function_single+0x1a/0x20 [ 397.452418][ T8469] ? clear_bhb_loop+0x60/0xb0 [ 397.452443][ T8469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.452463][ T8469] RIP: 0033:0x7f41f618d37c [ 397.452481][ T8469] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 397.452499][ T8469] RSP: 002b:00007f41f6f36030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 397.452520][ T8469] RAX: ffffffffffffffda RBX: 00007f41f63b5fa0 RCX: 00007f41f618d37c [ 397.452544][ T8469] RDX: 000000000000000f RSI: 00007f41f6f360a0 RDI: 0000000000000005 [ 397.452557][ T8469] RBP: 00007f41f6f36090 R08: 0000000000000000 R09: 0000000000000000 [ 397.452570][ T8469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 397.452582][ T8469] R13: 0000000000000000 R14: 00007f41f63b5fa0 R15: 00007ffc6d0c6788 [ 397.452615][ T8469] [ 397.708279][ T69] bridge_slave_1: left allmulticast mode [ 397.718749][ T69] bridge_slave_1: left promiscuous mode [ 397.783607][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.881425][ T69] bridge_slave_0: left allmulticast mode [ 397.907211][ T69] bridge_slave_0: left promiscuous mode [ 397.960588][ T56] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 397.960600][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.987488][ T56] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 397.996087][ T56] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 398.023135][ T56] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 398.091154][ T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 398.122085][ T56] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 398.137906][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 398.149098][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 398.156751][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 398.166183][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 398.176177][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 398.270214][ T9] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 398.320756][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 398.362085][ T9] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 398.391218][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.425075][ T9] usb 5-1: Product: syz [ 398.429326][ T9] usb 5-1: Manufacturer: syz [ 398.441144][ T9] usb 5-1: SerialNumber: syz [ 398.462897][ T9] usb 5-1: config 0 descriptor?? [ 398.521981][ T9] usb 5-1: selecting invalid altsetting 0 [ 401.816756][ T8461] snd-usb-audio 5-1:0.0: Runtime PM usage count underflow! [ 402.032065][ T5838] Bluetooth: hci0: command tx timeout [ 402.066819][ T6013] usb 5-1: USB disconnect, device number 16 [ 402.568194][ T8507] ubi: mtd0 is already attached to ubi31 [ 402.702056][ T8511] netlink: 4 bytes leftover after parsing attributes in process `syz.1.675'. [ 402.711982][ T8511] netlink: 8 bytes leftover after parsing attributes in process `syz.1.675'. [ 403.499610][ T8512] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 403.833568][ T30] audit: type=1326 audit(1748251175.787:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8505 comm="syz.4.674" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcd8438e969 code=0x0 [ 403.840314][ T6181] udevd[6181]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 404.121710][ T5838] Bluetooth: hci0: command tx timeout [ 404.777956][ T8522] qnx4: no qnx4 filesystem (no root dir). [ 404.788470][ T8522] ubi: mtd0 is already attached to ubi31 [ 404.810409][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 404.825368][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 404.845453][ T69] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 404.873102][ T69] bond0 (unregistering): Released all slaves [ 405.000890][ T8506] netlink: 28 bytes leftover after parsing attributes in process `syz.1.675'. [ 405.069642][ T69] IPVS: stopping master sync thread 6006 ... [ 405.816352][ T69] hsr_slave_0: left promiscuous mode [ 405.829771][ T69] hsr_slave_1: left promiscuous mode [ 405.846733][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 405.870851][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 405.888009][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 405.970958][ T69] veth1_macvtap: left promiscuous mode [ 405.980912][ T8551] netlink: 4 bytes leftover after parsing attributes in process `syz.4.686'. [ 406.002233][ T69] veth0_macvtap: left promiscuous mode [ 406.008164][ T69] veth1_vlan: left promiscuous mode [ 406.025265][ T69] veth0_vlan: left promiscuous mode [ 406.191464][ T5838] Bluetooth: hci0: command tx timeout [ 407.142467][ T8570] netlink: 4 bytes leftover after parsing attributes in process `syz.3.689'. [ 407.151388][ T8570] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 407.168084][ T56] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 407.176916][ T56] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 407.185349][ T56] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 407.206818][ T56] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 407.226890][ T56] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 407.836695][ T8576] netlink: 20 bytes leftover after parsing attributes in process `syz.3.690'. [ 408.111495][ T8584] netlink: 28 bytes leftover after parsing attributes in process `syz.1.692'. [ 408.226781][ T8586] netlink: 4 bytes leftover after parsing attributes in process `syz.1.692'. [ 408.235937][ T8586] netlink: 8 bytes leftover after parsing attributes in process `syz.1.692'. [ 408.261465][ T8478] chnl_net:caif_netlink_parms(): no params data found [ 408.281802][ T56] Bluetooth: hci0: command tx timeout [ 408.720227][ T8606] FAULT_INJECTION: forcing a failure. [ 408.720227][ T8606] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 408.747065][ T8606] CPU: 0 UID: 0 PID: 8606 Comm: syz.4.696 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 408.747095][ T8606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 408.747107][ T8606] Call Trace: [ 408.747115][ T8606] [ 408.747123][ T8606] dump_stack_lvl+0x189/0x250 [ 408.747153][ T8606] ? __lock_acquire+0xaac/0xd20 [ 408.747183][ T8606] ? __pfx_dump_stack_lvl+0x10/0x10 [ 408.747208][ T8606] ? __pfx__printk+0x10/0x10 [ 408.747238][ T8606] ? __might_fault+0xb0/0x130 [ 408.747268][ T8606] should_fail_ex+0x414/0x560 [ 408.747294][ T8606] _copy_from_user+0x2d/0xb0 [ 408.747324][ T8606] ___sys_sendmsg+0x158/0x2a0 [ 408.747354][ T8606] ? __pfx____sys_sendmsg+0x10/0x10 [ 408.747419][ T8606] ? __fget_files+0x2a/0x420 [ 408.747436][ T8606] ? __fget_files+0x3a0/0x420 [ 408.747465][ T8606] __sys_sendmmsg+0x227/0x430 [ 408.747498][ T8606] ? __pfx___sys_sendmmsg+0x10/0x10 [ 408.747542][ T8606] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 408.747587][ T8606] ? ksys_write+0x1f0/0x250 [ 408.747612][ T8606] ? rcu_is_watching+0x15/0xb0 [ 408.747650][ T8606] __x64_sys_sendmmsg+0xa0/0xc0 [ 408.747680][ T8606] do_syscall_64+0xf6/0x210 [ 408.747706][ T8606] ? clear_bhb_loop+0x60/0xb0 [ 408.747730][ T8606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.747749][ T8606] RIP: 0033:0x7fcd8438e969 [ 408.747766][ T8606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.747783][ T8606] RSP: 002b:00007fcd8512a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 408.747804][ T8606] RAX: ffffffffffffffda RBX: 00007fcd845b5fa0 RCX: 00007fcd8438e969 [ 408.747818][ T8606] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005 [ 408.747831][ T8606] RBP: 00007fcd8512a090 R08: 0000000000000000 R09: 0000000000000000 [ 408.747843][ T8606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 408.747855][ T8606] R13: 0000000000000000 R14: 00007fcd845b5fa0 R15: 00007ffebe8d7d78 [ 408.747886][ T8606] [ 409.411205][ T56] Bluetooth: hci1: command tx timeout [ 410.701150][ T8478] bridge0: port 1(bridge_slave_0) entered blocking state [ 410.738708][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.747518][ T8478] bridge_slave_0: entered allmulticast mode [ 410.798747][ T8640] netlink: 16 bytes leftover after parsing attributes in process `syz.3.701'. [ 410.807861][ T8478] bridge_slave_0: entered promiscuous mode [ 411.407544][ T8568] chnl_net:caif_netlink_parms(): no params data found [ 411.440091][ T8478] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.484135][ T56] Bluetooth: hci1: command tx timeout [ 411.484216][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.516285][ T8478] bridge_slave_1: entered allmulticast mode [ 411.524483][ T8478] bridge_slave_1: entered promiscuous mode [ 411.801841][ T5880] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 411.865214][ T8649] qnx4: no qnx4 filesystem (no root dir). [ 412.146393][ T5880] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 412.191457][ T5880] usb 2-1: config 0 has no interface number 0 [ 412.206230][ T5880] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 412.218566][ T5880] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 412.239559][ T5880] usb 2-1: config 0 interface 255 has no altsetting 0 [ 412.254339][ T8478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 412.291650][ T5880] usb 2-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd [ 412.302621][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.329031][ T5880] usb 2-1: Product: syz [ 412.338565][ T8478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 412.353946][ T5880] usb 2-1: Manufacturer: syz [ 412.367643][ T5880] usb 2-1: SerialNumber: syz [ 412.390955][ T5880] usb 2-1: config 0 descriptor?? [ 412.438269][ T8654] netlink: 'syz.3.706': attribute type 29 has an invalid length. [ 412.480436][ T8657] netlink: 'syz.3.706': attribute type 29 has an invalid length. [ 412.497322][ T8654] netlink: 500 bytes leftover after parsing attributes in process `syz.3.706'. [ 413.153534][ T8645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 413.195321][ T8645] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 413.246706][ T5879] usb 2-1: USB disconnect, device number 13 [ 413.524075][ T8675] 9pnet_virtio: no channels available for device syz [ 413.551360][ T56] Bluetooth: hci1: command tx timeout [ 414.219134][ T69] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.335477][ T8478] team0: Port device team_slave_0 added [ 414.385094][ T8478] team0: Port device team_slave_1 added [ 414.545265][ T8568] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.570359][ T8568] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.584970][ T8568] bridge_slave_0: entered allmulticast mode [ 414.600133][ T8568] bridge_slave_0: entered promiscuous mode [ 414.624663][ T8568] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.653645][ T8568] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.669043][ T8568] bridge_slave_1: entered allmulticast mode [ 414.686029][ T8568] bridge_slave_1: entered promiscuous mode [ 415.630940][ T69] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.632703][ T56] Bluetooth: hci1: command tx timeout [ 415.771815][ T5895] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 415.951600][ T69] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.983522][ T5895] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 416.002358][ T5895] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 416.052032][ T5895] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 416.086621][ T5895] usb 2-1: config 1 has no interface number 1 [ 416.098294][ T5895] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 416.116609][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 416.129397][ T30] audit: type=1326 audit(1748251188.377:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8698 comm="syz.4.713" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcd8438e969 code=0x0 [ 416.131805][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.176600][ C1] vkms_vblank_simulate: vblank timer overrun [ 416.177596][ T5895] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 416.193659][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.206641][ T5895] usb 2-1: Product: syz [ 416.210881][ T5895] usb 2-1: Manufacturer: syz [ 416.216867][ T8478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 416.226548][ T5895] usb 2-1: SerialNumber: syz [ 416.256553][ T8568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 416.319812][ T69] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.351923][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 416.358984][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.385038][ C1] vkms_vblank_simulate: vblank timer overrun [ 416.394092][ T8478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 416.415776][ T8568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 416.641112][ T8568] team0: Port device team_slave_0 added [ 416.769361][ T8568] team0: Port device team_slave_1 added [ 416.874958][ T8478] hsr_slave_0: entered promiscuous mode [ 416.889062][ T8478] hsr_slave_1: entered promiscuous mode [ 416.896069][ T8478] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 416.910199][ T8478] Cannot create hsr debugfs directory [ 416.965291][ T8704] netlink: 16 bytes leftover after parsing attributes in process `syz.3.714'. [ 417.058997][ T8568] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 417.067854][ T8568] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 417.096633][ T8568] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 417.821986][ T5895] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 417.829223][ T5895] usb 2-1: MIDIStreaming interface descriptor not found [ 417.854046][ T8568] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 417.891157][ T8568] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 417.997612][ T8568] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 418.015228][ T5895] usb 2-1: USB disconnect, device number 14 [ 418.099867][ T5874] udevd[5874]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 418.267285][ T69] bridge_slave_1: left allmulticast mode [ 418.279647][ T69] bridge_slave_1: left promiscuous mode [ 418.287508][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.336667][ T69] bridge_slave_0: left allmulticast mode [ 418.355281][ T69] bridge_slave_0: left promiscuous mode [ 418.371458][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.599448][ T8721] netlink: 8 bytes leftover after parsing attributes in process `syz.3.721'. [ 418.652513][ T5895] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 418.711530][ T8714] Cannot find add_set index 0 as target [ 418.821425][ T5895] usb 5-1: Using ep0 maxpacket: 32 [ 418.859114][ T5895] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 418.885016][ T5895] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 418.914148][ T5895] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85 [ 418.936553][ T5895] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 418.960623][ T5895] usb 5-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 418.972192][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.983400][ T5895] usb 5-1: Product: syz [ 418.988496][ T5895] usb 5-1: Manufacturer: syz [ 419.001659][ T5895] usb 5-1: SerialNumber: syz [ 419.025688][ T5895] usb 5-1: config 0 descriptor?? [ 419.058505][ T5895] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input36 [ 419.077890][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 419.260728][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 419.390278][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 419.476920][ C1] xpad 5-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1 [ 419.492003][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 419.506122][ C1] xpad 5-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1 [ 419.747041][ T8728] netlink: 'syz.4.720': attribute type 1 has an invalid length. [ 419.755455][ T8728] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.720'. [ 419.885819][ T6230] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 419.972800][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 420.013045][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 420.046204][ T5176] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 420.247088][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 420.277837][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 420.281746][ T69] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 420.282667][ T69] bond0 (unregistering): Released all slaves [ 420.628857][ T8568] hsr_slave_0: entered promiscuous mode [ 420.630045][ T8568] hsr_slave_1: entered promiscuous mode [ 420.630782][ T8568] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 420.630831][ T8568] Cannot create hsr debugfs directory [ 421.183648][ T69] hsr_slave_0: left promiscuous mode [ 421.184740][ T69] hsr_slave_1: left promiscuous mode [ 421.185440][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 421.188470][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 421.188501][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 421.228701][ T69] veth1_macvtap: left promiscuous mode [ 421.228809][ T69] veth0_macvtap: left promiscuous mode [ 421.229006][ T69] veth1_vlan: left promiscuous mode [ 421.229148][ T69] veth0_vlan: left promiscuous mode [ 421.529281][ T6013] usb 5-1: USB disconnect, device number 17 [ 422.123523][ T8765] netlink: 52 bytes leftover after parsing attributes in process `syz.4.729'. [ 422.380504][ T8767] netlink: 'syz.1.725': attribute type 8 has an invalid length. [ 422.997553][ T8775] IPVS: ip_vs_edit_dest(): server weight less than zero [ 423.006200][ T6013] IPVS: starting estimator thread 0... [ 423.111284][ T8776] IPVS: using max 30 ests per chain, 72000 per kthread [ 424.098205][ T8783] qnx4: no qnx4 filesystem (no root dir). [ 424.110363][ T8783] ubi: mtd0 is already attached to ubi31 [ 424.328527][ T8794] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 425.211198][ T30] audit: type=1326 audit(1748251196.617:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8791 comm="syz.1.735" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a4118e969 code=0x0 [ 425.467231][ T8799] netlink: 28 bytes leftover after parsing attributes in process `syz.1.736'. [ 425.673728][ T8801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.736'. [ 425.683743][ T8801] netlink: 8 bytes leftover after parsing attributes in process `syz.1.736'. [ 426.210923][ T8568] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 426.375333][ T8568] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 426.390730][ T8568] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 426.403343][ T8568] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 426.983883][ T8807] netlink: 40 bytes leftover after parsing attributes in process `syz.4.738'. [ 426.987983][ T6013] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 427.130411][ T8478] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 427.190172][ T6013] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 427.210964][ T8478] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 427.218654][ T6013] usb 4-1: Duplicate descriptor for config 0 interface 0 altsetting 0, skipping [ 427.230554][ T6013] usb 4-1: config 0 interface 0 has no altsetting 1 [ 427.230816][ T8814] No such timeout policy "syz1" [ 427.239493][ T6013] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 427.239522][ T6013] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.265286][ T6013] usb 4-1: config 0 descriptor?? [ 427.274169][ T8814] netlink: 'syz.4.741': attribute type 10 has an invalid length. [ 427.303435][ T8478] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 427.363245][ T8478] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 427.484472][ T6013] Bluetooth: Can't get state to change to load ram patch err [ 427.522431][ T6013] Bluetooth: Loading patch file failed [ 427.528616][ T6013] ath3k 4-1:0.0: probe with driver ath3k failed with error -71 [ 427.562475][ T6013] usb 4-1: USB disconnect, device number 20 [ 427.646517][ T8568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 427.745442][ T8568] 8021q: adding VLAN 0 to HW filter on device team0 [ 427.799293][ T5943] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.806531][ T5943] bridge0: port 1(bridge_slave_0) entered forwarding state [ 427.834201][ T5943] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.841531][ T5943] bridge0: port 2(bridge_slave_1) entered forwarding state [ 427.930429][ T8478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 428.082829][ T8831] qnx4: no qnx4 filesystem (no root dir). [ 428.272430][ T8831] ubi: mtd0 is already attached to ubi31 [ 428.433872][ T8478] 8021q: adding VLAN 0 to HW filter on device team0 [ 428.476840][ T2985] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.484101][ T2985] bridge0: port 1(bridge_slave_0) entered forwarding state [ 428.539628][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.546898][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state [ 428.733437][ T8478] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 429.561497][ T8853] netlink: 28 bytes leftover after parsing attributes in process `syz.3.749'. [ 429.675499][ T8856] netlink: 4 bytes leftover after parsing attributes in process `syz.3.749'. [ 429.684761][ T8856] netlink: 8 bytes leftover after parsing attributes in process `syz.3.749'. [ 431.152281][ T8866] FAULT_INJECTION: forcing a failure. [ 431.152281][ T8866] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 431.165651][ T8866] CPU: 1 UID: 0 PID: 8866 Comm: syz.3.752 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 431.165680][ T8866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 431.165693][ T8866] Call Trace: [ 431.165701][ T8866] [ 431.165710][ T8866] dump_stack_lvl+0x189/0x250 [ 431.165741][ T8866] ? __lock_acquire+0xaac/0xd20 [ 431.165773][ T8866] ? __pfx_dump_stack_lvl+0x10/0x10 [ 431.165800][ T8866] ? __pfx__printk+0x10/0x10 [ 431.165832][ T8866] ? __might_fault+0xb0/0x130 [ 431.165864][ T8866] should_fail_ex+0x414/0x560 [ 431.165890][ T8866] _copy_from_user+0x2d/0xb0 [ 431.165927][ T8866] __se_sys_mount+0x18a/0x410 [ 431.165954][ T8866] ? __pfx___se_sys_mount+0x10/0x10 [ 431.165973][ T8866] ? rcu_is_watching+0x15/0xb0 [ 431.166007][ T8866] ? __x64_sys_mount+0x20/0xc0 [ 431.166029][ T8866] do_syscall_64+0xf6/0x210 [ 431.166057][ T8866] ? clear_bhb_loop+0x60/0xb0 [ 431.166083][ T8866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.166102][ T8866] RIP: 0033:0x7f41f618e969 [ 431.166121][ T8866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.166138][ T8866] RSP: 002b:00007f41f6f36038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 431.166159][ T8866] RAX: ffffffffffffffda RBX: 00007f41f63b5fa0 RCX: 00007f41f618e969 [ 431.166175][ T8866] RDX: 0000200000000440 RSI: 0000200000000400 RDI: 00002000000003c0 [ 431.166190][ T8866] RBP: 00007f41f6f36090 R08: 00002000000005c0 R09: 0000000000000000 [ 431.166204][ T8866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 431.166216][ T8866] R13: 0000000000000000 R14: 00007f41f63b5fa0 R15: 00007ffc6d0c6788 [ 431.166248][ T8866] [ 431.500473][ T8568] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 431.554866][ T8478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 431.669076][ T8478] veth0_vlan: entered promiscuous mode [ 431.738448][ T8478] veth1_vlan: entered promiscuous mode [ 431.785456][ T8880] 9pnet_virtio: no channels available for device syz [ 431.836328][ T8478] veth0_macvtap: entered promiscuous mode [ 431.862906][ T5824] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 431.875525][ T8478] veth1_macvtap: entered promiscuous mode [ 431.959425][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 431.996646][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 432.019856][ T8478] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.050548][ T8478] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.070419][ T5824] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 432.071178][ T8478] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.087372][ T5824] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 432.098384][ T8478] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.111744][ T5824] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 432.120499][ T8885] input: syz1 as /devices/virtual/input/input37 [ 432.131100][ T5824] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 432.196267][ T5824] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 432.239428][ T5824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 432.262346][ T5824] usb 5-1: SerialNumber: syz [ 432.280167][ T8871] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 432.310283][ T8871] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 432.336950][ T5824] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 432.358287][ T5955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.387130][ T5955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.469067][ T5943] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.480164][ T5943] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.549129][ T5824] cdc_acm 5-1:1.0: ttyACM0: USB ACM device [ 432.591875][ T8568] veth0_vlan: entered promiscuous mode [ 432.607957][ T5824] usb 5-1: USB disconnect, device number 18 [ 432.642918][ T8568] veth1_vlan: entered promiscuous mode [ 432.858421][ T8901] qnx4: no qnx4 filesystem (no root dir). [ 432.886945][ T8568] veth0_macvtap: entered promiscuous mode [ 432.991408][ T8901] ubi: mtd0 is already attached to ubi31 [ 433.461798][ T8568] veth1_macvtap: entered promiscuous mode [ 433.672032][ T8908] 9pnet_fd: Insufficient options for proto=fd [ 433.781196][ T5880] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 434.067513][ T5824] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 434.664849][ T5824] usb 5-1: Using ep0 maxpacket: 32 [ 436.560448][ T5824] usb 5-1: config 2 has an invalid interface number: 45 but max is 0 [ 436.619448][ T5824] usb 5-1: config 2 has no interface number 0 [ 436.696201][ T5824] usb 5-1: config 2 interface 45 has no altsetting 0 [ 437.409916][ T5943] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.628677][ T5824] usb 5-1: New USB device found, idVendor=1b3d, idProduct=011a, bcdDevice=e5.fe [ 437.639680][ T5824] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.659412][ T5943] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.678300][ T5824] usb 5-1: Product: syz [ 437.756500][ T5824] usb 5-1: can't set config #2, error -71 [ 437.819842][ T5824] usb 5-1: USB disconnect, device number 19 [ 437.835364][ T8568] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 437.898927][ T8568] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 438.068368][ T8568] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.098902][ T8568] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.111854][ T8568] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.124019][ T8568] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.379791][ T8925] /dev/nullb0: Can't open blockdev [ 438.489016][ T8925] ubi: mtd0 is already attached to ubi31 [ 438.695803][ T5943] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.880421][ T5943] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.104940][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 439.118988][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 439.131354][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 439.142119][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 439.165239][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 440.142196][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.151519][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.186602][ T5955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 440.201271][ T5955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 441.102904][ T8960] ieee802154 phy0 wpan0: encryption failed: -22 [ 441.190141][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 441.241639][ T56] Bluetooth: hci0: command tx timeout [ 441.256426][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 441.715281][ T5943] bridge_slave_1: left allmulticast mode [ 441.720986][ T5943] bridge_slave_1: left promiscuous mode [ 442.171928][ T5943] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.288281][ T5943] bridge_slave_0: left allmulticast mode [ 442.323660][ T5943] bridge_slave_0: left promiscuous mode [ 442.330635][ T5943] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.842544][ T8976] netlink: 'syz.4.769': attribute type 10 has an invalid length. [ 443.401226][ T5838] Bluetooth: hci0: command tx timeout [ 444.483014][ T6013] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 444.574312][ T5943] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 444.588615][ T5943] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 444.599702][ T5943] bond0 (unregistering): Released all slaves [ 444.773531][ T6013] usb 2-1: Using ep0 maxpacket: 32 [ 444.823381][ T6013] usb 2-1: config 2 has an invalid interface number: 45 but max is 0 [ 444.861935][ T6013] usb 2-1: config 2 has no interface number 0 [ 444.868978][ T6013] usb 2-1: config 2 interface 45 has no altsetting 0 [ 444.887675][ T6013] usb 2-1: New USB device found, idVendor=1b3d, idProduct=011a, bcdDevice=e5.fe [ 444.898022][ T6013] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 444.906203][ T6013] usb 2-1: Product: syz [ 444.910426][ T6013] usb 2-1: Manufacturer: syz [ 444.915192][ T6013] usb 2-1: SerialNumber: syz [ 445.178353][ T9001] qnx4: no qnx4 filesystem (no root dir). [ 445.472365][ T56] Bluetooth: hci0: command tx timeout [ 445.986999][ T8929] chnl_net:caif_netlink_parms(): no params data found [ 447.353303][ T6013] ftdi_sio 2-1:2.45: FTDI USB Serial Device converter detected [ 447.393760][ T6013] ftdi_sio ttyUSB0: unknown device type: 0xe5fe [ 447.454949][ T6013] usb 2-1: USB disconnect, device number 15 [ 447.463284][ T6013] ftdi_sio 2-1:2.45: device disconnected [ 447.555839][ T56] Bluetooth: hci0: command tx timeout [ 448.317086][ T5943] hsr_slave_0: left promiscuous mode [ 448.345504][ T5943] hsr_slave_1: left promiscuous mode [ 448.359997][ T5943] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 448.387980][ T5943] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 448.434486][ T5943] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 448.455844][ T5943] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 448.550565][ T5943] veth1_macvtap: left promiscuous mode [ 448.566853][ T5943] veth0_macvtap: left promiscuous mode [ 448.580345][ T5943] veth1_vlan: left promiscuous mode [ 448.592166][ T5943] veth0_vlan: left promiscuous mode [ 449.603971][ T5943] team0 (unregistering): Port device team_slave_1 removed [ 449.656963][ T5943] team0 (unregistering): Port device team_slave_0 removed [ 450.019786][ T9027] netlink: 20 bytes leftover after parsing attributes in process `syz.5.782'. [ 450.742613][ T8929] bridge0: port 1(bridge_slave_0) entered blocking state [ 450.789758][ T8929] bridge0: port 1(bridge_slave_0) entered disabled state [ 450.822994][ T8929] bridge_slave_0: entered allmulticast mode [ 450.855847][ T8929] bridge_slave_0: entered promiscuous mode [ 450.923949][ T8929] bridge0: port 2(bridge_slave_1) entered blocking state [ 450.986780][ T8929] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.991288][ T8929] bridge_slave_1: entered allmulticast mode [ 452.000303][ T8929] bridge_slave_1: entered promiscuous mode [ 452.985158][ T9085] qnx4: no qnx4 filesystem (no root dir). [ 452.992555][ T9085] ubi: mtd0 is already attached to ubi31 [ 453.021279][ T9084] netlink: 8 bytes leftover after parsing attributes in process `syz.5.790'. [ 453.116109][ T8929] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 453.198617][ T8929] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 453.778178][ T8929] team0: Port device team_slave_0 added [ 453.825842][ T9108] netlink: 'syz.4.796': attribute type 10 has an invalid length. [ 453.836653][ T8929] team0: Port device team_slave_1 added [ 454.103790][ T8929] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.127086][ T8929] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.253669][ T8929] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 454.312842][ T8929] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 454.319849][ T8929] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.481450][ T8929] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 455.391602][ T8929] hsr_slave_0: entered promiscuous mode [ 455.443444][ T8929] hsr_slave_1: entered promiscuous mode [ 455.791827][ T6013] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 456.121461][ T6013] usb 2-1: Using ep0 maxpacket: 32 [ 456.140856][ T6013] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 456.189722][ T6013] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 456.254769][ T6013] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 456.297848][ T9145] netlink: 28 bytes leftover after parsing attributes in process `syz.4.804'. [ 456.346027][ T6013] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 456.384826][ T6013] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 456.416169][ T6013] usb 2-1: Product: syz [ 456.421098][ T6013] usb 2-1: Manufacturer: syz [ 456.440542][ T9146] netlink: 4 bytes leftover after parsing attributes in process `syz.4.804'. [ 456.449555][ T9146] netlink: 8 bytes leftover after parsing attributes in process `syz.4.804'. [ 456.471357][ T6013] usb 2-1: SerialNumber: syz [ 456.555591][ T6013] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input41 [ 457.152882][ T9159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.803'. [ 457.527519][ T6013] usb 2-1: USB disconnect, device number 16 [ 457.527589][ C0] appletouch 2-1:1.0: atp_complete: usb_submit_urb failed with result -19 [ 460.637049][ T6013] appletouch 2-1:1.0: input: appletouch disconnected [ 460.711235][ T5833] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 461.451095][ T5833] usb 4-1: Using ep0 maxpacket: 32 [ 461.458037][ T5833] usb 4-1: config 2 has an invalid interface number: 45 but max is 0 [ 461.466335][ T5833] usb 4-1: config 2 has no interface number 0 [ 461.477061][ T5833] usb 4-1: config 2 interface 45 has no altsetting 0 [ 461.490548][ T5833] usb 4-1: New USB device found, idVendor=1b3d, idProduct=011a, bcdDevice=e5.fe [ 461.513539][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.600486][ T5833] usb 4-1: Product: syz [ 461.617364][ T5833] usb 4-1: Manufacturer: syz [ 461.773673][ T5833] usb 4-1: SerialNumber: syz [ 461.799823][ T5833] usb 4-1: can't set config #2, error -71 [ 461.817048][ T5833] usb 4-1: USB disconnect, device number 22 [ 461.826635][ T9176] netlink: 'syz.4.809': attribute type 10 has an invalid length. [ 463.314746][ T9180] 9pnet_virtio: no channels available for device syz [ 463.765488][ T8929] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 464.089639][ T8929] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 464.190576][ T8929] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 464.416367][ T8929] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 464.836697][ T9211] No control pipe specified [ 464.968002][ T8929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 465.058363][ T8929] 8021q: adding VLAN 0 to HW filter on device team0 [ 465.189253][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.196540][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 465.356750][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.364023][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 465.865891][ T6013] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 466.021416][ T24] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 466.441221][ T6013] usb 6-1: Using ep0 maxpacket: 32 [ 466.740383][ T6013] usb 6-1: config 2 has an invalid interface number: 45 but max is 0 [ 466.768729][ T24] usb 4-1: device descriptor read/64, error -71 [ 466.826680][ T6013] usb 6-1: config 2 has no interface number 0 [ 466.899155][ T6013] usb 6-1: config 2 interface 45 has no altsetting 0 [ 469.049571][ T6013] usb 6-1: New USB device found, idVendor=1b3d, idProduct=011a, bcdDevice=e5.fe [ 469.059376][ T6013] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.071664][ T6013] usb 6-1: Product: syz [ 469.075884][ T6013] usb 6-1: Manufacturer: syz [ 469.080502][ T6013] usb 6-1: SerialNumber: syz [ 469.141794][ T24] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 469.298390][ T9234] netlink: 'syz.4.823': attribute type 10 has an invalid length. [ 470.667999][ T6013] ftdi_sio 6-1:2.45: FTDI USB Serial Device converter detected [ 470.696432][ T6013] ftdi_sio ttyUSB0: unknown device type: 0xe5fe [ 470.801873][ T6013] usb 6-1: USB disconnect, device number 2 [ 470.862089][ T6013] ftdi_sio 6-1:2.45: device disconnected [ 472.190079][ T8929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 472.336249][ T8929] veth0_vlan: entered promiscuous mode [ 472.412839][ T8929] veth1_vlan: entered promiscuous mode [ 472.595142][ T9266] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 472.686161][ T30] audit: type=1326 audit(1748251244.887:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9258 comm="syz.1.829" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a4118e969 code=0x0 [ 473.186510][ T9265] No such timeout policy "syz1" [ 473.420056][ T9268] netlink: 'syz.3.827': attribute type 10 has an invalid length. [ 473.426850][ T8929] veth0_macvtap: entered promiscuous mode [ 473.463791][ T8929] veth1_macvtap: entered promiscuous mode [ 473.515445][ T8929] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 473.527567][ T8929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 473.538837][ T8929] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.548052][ T8929] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.557196][ T8929] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.621454][ T8929] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.985361][ T5955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.018862][ T5955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.184922][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 474.222715][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 474.784578][ T9282] usb usb8: usbfs: process 9282 (syz.1.832) did not claim interface 0 before use [ 475.023059][ T9282] netlink: 44 bytes leftover after parsing attributes in process `syz.1.832'. [ 475.383618][ T9290] loop2: detected capacity change from 0 to 7 [ 475.398888][ T9280] 9pnet_virtio: no channels available for device syz [ 475.427530][ T5955] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.441973][ T9290] Dev loop2: unable to read RDB block 7 [ 475.447801][ T9290] loop2: unable to read partition table [ 475.484758][ T9290] loop2: partition table beyond EOD, truncated [ 475.505101][ T9290] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 475.718515][ T9300] Bluetooth: MGMT ver 1.23 [ 476.151516][ T9314] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 476.309599][ T24] IPVS: starting estimator thread 0... [ 476.421138][ T9316] IPVS: using max 25 ests per chain, 60000 per kthread [ 476.530558][ T9324] netlink: 'syz.3.835': attribute type 10 has an invalid length. [ 477.097091][ T5955] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.471834][ T5955] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.297138][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 479.299272][ T5955] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.321286][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 479.333248][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 479.343740][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 479.361276][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 480.273761][ T5955] bridge_slave_1: left allmulticast mode [ 480.279480][ T5955] bridge_slave_1: left promiscuous mode [ 480.322937][ T5955] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.359330][ T5955] bridge_slave_0: left allmulticast mode [ 480.384107][ T5955] bridge_slave_0: left promiscuous mode [ 480.389938][ T5955] bridge0: port 1(bridge_slave_0) entered disabled state [ 481.341343][ T5824] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 481.417432][ T9385] TCP: TCP_TX_DELAY enabled [ 481.471141][ T56] Bluetooth: hci0: command tx timeout [ 481.502331][ T5824] usb 6-1: Using ep0 maxpacket: 32 [ 481.518304][ T5824] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 481.536167][ T5824] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 481.556038][ T5824] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85 [ 481.581347][ T5824] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 481.606021][ T5824] usb 6-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 481.621278][ T5824] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.651183][ T5824] usb 6-1: Product: syz [ 481.656967][ T5824] usb 6-1: Manufacturer: syz [ 481.669400][ T5824] usb 6-1: SerialNumber: syz [ 481.691618][ T5824] usb 6-1: config 0 descriptor?? [ 481.708149][ T5824] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input43 [ 481.730440][ T5176] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 481.771974][ T5176] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 481.795519][ T5176] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 481.828107][ T5955] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 481.857996][ T5176] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 481.919677][ T5955] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 481.968415][ T5955] bond0 (unregistering): Released all slaves [ 481.994161][ T5176] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 482.036974][ T5176] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 482.072619][ T6230] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 482.144242][ T9395] netlink: 'syz.5.847': attribute type 1 has an invalid length. [ 482.210241][ T9395] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.847'. [ 482.298290][ T5176] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 482.395811][ T5176] xpad 6-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 482.535905][ T9408] netlink: 28 bytes leftover after parsing attributes in process `syz.4.853'. [ 482.713737][ T9411] netlink: 4 bytes leftover after parsing attributes in process `syz.4.853'. [ 482.726172][ T9411] netlink: 8 bytes leftover after parsing attributes in process `syz.4.853'. [ 482.921428][ T5833] usb 6-1: USB disconnect, device number 3 [ 483.304654][ T9348] chnl_net:caif_netlink_parms(): no params data found [ 483.454451][ T9417] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 483.479570][ T30] audit: type=1326 audit(1748251255.727:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9413 comm="syz.1.854" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a4118e969 code=0x0 [ 483.564765][ T56] Bluetooth: hci0: command tx timeout [ 483.977648][ T5955] hsr_slave_0: left promiscuous mode [ 484.085188][ T5955] hsr_slave_1: left promiscuous mode [ 484.185822][ T5955] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 484.255929][ T5955] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 484.473420][ T5955] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 484.480886][ T5955] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 485.251934][ T9428] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 485.305411][ T5955] veth1_macvtap: left promiscuous mode [ 485.333759][ T5955] veth0_macvtap: left promiscuous mode [ 485.345847][ T5955] veth1_vlan: left promiscuous mode [ 485.388880][ T5955] veth0_vlan: left promiscuous mode [ 485.435859][ T9434] FAULT_INJECTION: forcing a failure. [ 485.435859][ T9434] name failslab, interval 1, probability 0, space 0, times 0 [ 485.510934][ T9434] CPU: 1 UID: 0 PID: 9434 Comm: syz.1.858 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 485.510964][ T9434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 485.510977][ T9434] Call Trace: [ 485.510985][ T9434] [ 485.510994][ T9434] dump_stack_lvl+0x189/0x250 [ 485.511034][ T9434] ? __pfx_dump_stack_lvl+0x10/0x10 [ 485.511061][ T9434] ? __pfx__printk+0x10/0x10 [ 485.511093][ T9434] ? __pfx___might_resched+0x10/0x10 [ 485.511122][ T9434] ? fs_reclaim_acquire+0x7d/0x100 [ 485.511150][ T9434] should_fail_ex+0x414/0x560 [ 485.511176][ T9434] should_failslab+0xa8/0x100 [ 485.511196][ T9434] __kmalloc_noprof+0xcb/0x4f0 [ 485.511225][ T9434] ? tomoyo_mount_permission+0x27a/0x970 [ 485.511249][ T9434] ? tomoyo_encode+0x28b/0x550 [ 485.511279][ T9434] tomoyo_encode+0x28b/0x550 [ 485.511308][ T9434] ? tomoyo_mount_permission+0x27a/0x970 [ 485.511333][ T9434] tomoyo_mount_permission+0x331/0x970 [ 485.511359][ T9434] ? stack_depot_save_flags+0x40/0x910 [ 485.511382][ T9434] ? __pfx_tomoyo_mount_permission+0x10/0x10 [ 485.511470][ T9434] security_sb_mount+0xec/0x350 [ 485.511524][ T9434] path_mount+0xbc/0xfe0 [ 485.511553][ T9434] ? user_path_at+0x44/0x60 [ 485.511592][ T9434] ? kmem_cache_free+0x192/0x3f0 [ 485.511633][ T9434] __se_sys_mount+0x317/0x410 [ 485.511660][ T9434] ? __pfx___se_sys_mount+0x10/0x10 [ 485.511709][ T9434] ? do_syscall_64+0xba/0x210 [ 485.511755][ T9434] ? __x64_sys_mount+0x20/0xc0 [ 485.511777][ T9434] do_syscall_64+0xf6/0x210 [ 485.511804][ T9434] ? clear_bhb_loop+0x60/0xb0 [ 485.511836][ T9434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.511856][ T9434] RIP: 0033:0x7f1a4118e969 [ 485.511875][ T9434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.511893][ T9434] RSP: 002b:00007f1a42037038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 485.511914][ T9434] RAX: ffffffffffffffda RBX: 00007f1a413b5fa0 RCX: 00007f1a4118e969 [ 485.511943][ T9434] RDX: 0000200000000040 RSI: 0000200000004a00 RDI: 0000200000000000 [ 485.511957][ T9434] RBP: 00007f1a42037090 R08: 0000000000000000 R09: 0000000000000000 [ 485.511970][ T9434] R10: 0000000000008007 R11: 0000000000000246 R12: 0000000000000001 [ 485.511993][ T9434] R13: 0000000000000000 R14: 00007f1a413b5fa0 R15: 00007ffce64dab48 [ 485.512026][ T9434] [ 485.745036][ C1] vkms_vblank_simulate: vblank timer overrun [ 485.753597][ T56] Bluetooth: hci0: command tx timeout [ 486.584700][ T9446] FAULT_INJECTION: forcing a failure. [ 486.584700][ T9446] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 486.650269][ T9446] CPU: 1 UID: 0 PID: 9446 Comm: syz.1.861 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 486.650299][ T9446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 486.650312][ T9446] Call Trace: [ 486.650320][ T9446] [ 486.650329][ T9446] dump_stack_lvl+0x189/0x250 [ 486.650365][ T9446] ? __pfx_dump_stack_lvl+0x10/0x10 [ 486.650392][ T9446] ? __pfx__printk+0x10/0x10 [ 486.650435][ T9446] should_fail_ex+0x414/0x560 [ 486.650461][ T9446] _copy_to_user+0x31/0xb0 [ 486.650492][ T9446] simple_read_from_buffer+0xe1/0x170 [ 486.650528][ T9446] proc_fail_nth_read+0x1df/0x250 [ 486.650553][ T9446] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 486.650578][ T9446] ? rw_verify_area+0x258/0x650 [ 486.650604][ T9446] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 486.650626][ T9446] vfs_read+0x200/0x980 [ 486.650659][ T9446] ? __pfx___mutex_lock+0x10/0x10 [ 486.650686][ T9446] ? __pfx_vfs_read+0x10/0x10 [ 486.650714][ T9446] ? __fget_files+0x2a/0x420 [ 486.650738][ T9446] ? __fget_files+0x3a0/0x420 [ 486.650755][ T9446] ? __fget_files+0x2a/0x420 [ 486.650783][ T9446] ksys_read+0x145/0x250 [ 486.650813][ T9446] ? __pfx_ksys_read+0x10/0x10 [ 486.650844][ T9446] ? do_syscall_64+0xba/0x210 [ 486.650873][ T9446] do_syscall_64+0xf6/0x210 [ 486.650900][ T9446] ? clear_bhb_loop+0x60/0xb0 [ 486.650925][ T9446] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.650944][ T9446] RIP: 0033:0x7f1a4118d37c [ 486.650961][ T9446] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 486.650977][ T9446] RSP: 002b:00007f1a42037030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 486.650997][ T9446] RAX: ffffffffffffffda RBX: 00007f1a413b5fa0 RCX: 00007f1a4118d37c [ 486.651015][ T9446] RDX: 000000000000000f RSI: 00007f1a420370a0 RDI: 0000000000000004 [ 486.651027][ T9446] RBP: 00007f1a42037090 R08: 0000000000000000 R09: 0000000000000000 [ 486.651039][ T9446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 486.651050][ T9446] R13: 0000000000000000 R14: 00007f1a413b5fa0 R15: 00007ffce64dab48 [ 486.651081][ T9446] [ 486.861743][ C1] vkms_vblank_simulate: vblank timer overrun [ 487.413990][ T5833] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 487.593836][ T5833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 487.617493][ T5833] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 487.641343][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.676696][ T5833] usb 2-1: config 0 descriptor?? [ 487.693439][ T9454] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 487.791374][ T5838] Bluetooth: hci0: command tx timeout [ 487.961842][ T5880] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 488.136475][ T5880] usb 4-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 488.169991][ T5833] elan 0003:04F3:0755.0003: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 488.170668][ T5880] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 488.233769][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 488.271188][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 488.301185][ T5880] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 488.335863][ T5880] usb 4-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 488.377201][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.391781][ T5880] usb 4-1: Product: syz [ 488.410948][ T5880] usb 4-1: Manufacturer: syz [ 488.420642][ T5880] usb 4-1: SerialNumber: syz [ 488.451673][ T6013] usb 2-1: USB disconnect, device number 17 [ 488.491880][ T5880] usb 4-1: config 0 descriptor?? [ 488.632114][ T5955] team0 (unregistering): Port device team_slave_1 removed [ 488.688996][ T5955] team0 (unregistering): Port device team_slave_0 removed [ 489.143090][ T9461] netlink: 'syz.1.864': attribute type 1 has an invalid length. [ 489.150816][ T9461] netlink: 228 bytes leftover after parsing attributes in process `syz.1.864'. [ 489.301662][ T5880] usb 4-1: ucan: probing device on interface #0 [ 489.308097][ T5880] usb 4-1: ucan: invalid EP count (1) [ 489.353872][ T5880] usb 4-1: ucan: probe failed; try to update the device firmware [ 489.368513][ T5880] usb 4-1: USB disconnect, device number 25 [ 489.573157][ T9436] netlink: 'syz.5.860': attribute type 5 has an invalid length. [ 489.573213][ T9437] dummy0: entered allmulticast mode [ 489.681436][ T5824] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 489.832787][ T5880] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 489.858791][ T9479] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 489.966868][ T30] audit: type=1326 audit(1748251262.217:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9474 comm="syz.5.868" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb45c58e969 code=0x0 [ 490.654633][ T5824] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 490.688700][ T9476] netlink: 8 bytes leftover after parsing attributes in process `syz.4.867'. [ 490.708515][ T5824] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.721422][ T6013] IPVS: starting estimator thread 0... [ 490.782984][ T5824] usb 2-1: config 0 descriptor?? [ 490.974610][ T5824] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 490.993785][ T5880] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 491.801243][ T9481] IPVS: using max 27 ests per chain, 64800 per kthread [ 492.014774][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 492.030073][ T5880] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 492.039327][ T5824] gspca_cpia1: usb_control_msg 05, error -110 [ 492.040171][ T5824] gspca_cpia1: usb_control_msg 01, error -32 [ 492.085181][ T5880] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 492.088872][ T5824] gspca_cpia1: usb_control_msg 01, error -32 [ 492.104985][ T9348] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.127802][ T9348] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.136502][ T5880] usb 4-1: Manufacturer: syz [ 492.141689][ T5824] gspca_cpia1: usb_control_msg 01, error -32 [ 492.152368][ T5824] gspca_cpia1: usb_control_msg 01, error -32 [ 492.158790][ T9348] bridge_slave_0: entered allmulticast mode [ 492.168435][ T5880] usb 4-1: config 0 descriptor?? [ 492.171227][ T5824] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 492.220798][ T9348] bridge_slave_0: entered promiscuous mode [ 492.268246][ T9348] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.300761][ T9348] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.319094][ T9348] bridge_slave_1: entered allmulticast mode [ 492.327817][ T9348] bridge_slave_1: entered promiscuous mode [ 492.561691][ T5880] rc_core: IR keymap rc-hauppauge not found [ 492.577401][ T5880] Registered IR keymap rc-empty [ 492.593633][ T5880] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 492.659973][ T5880] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input45 [ 492.676179][ T9348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 492.762169][ T9348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 493.243462][ T5880] usb 4-1: USB disconnect, device number 26 [ 493.488395][ T5833] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 493.731743][ T5833] usb 5-1: Using ep0 maxpacket: 32 [ 493.751747][ T5833] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 493.760423][ T5833] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 493.787015][ T5833] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 493.828639][ T5833] usb 5-1: config 1 has no interface number 0 [ 493.858206][ T5833] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 493.910065][ T5833] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 493.910900][ T9348] team0: Port device team_slave_0 added [ 493.944491][ T9504] 9pnet_virtio: no channels available for device syz [ 493.979166][ T5833] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 493.980182][ T9348] team0: Port device team_slave_1 added [ 494.028893][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.122678][ T5833] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 494.286214][ T5833] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached [ 494.314309][ T9348] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 494.357563][ T9348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 494.513586][ T9348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 494.586533][ T9348] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 494.626685][ T9348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 494.822125][ T9348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 495.776089][ T5833] snd_usb_pod 5-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 496.138714][ T9348] hsr_slave_0: entered promiscuous mode [ 496.159885][ T30] audit: type=1804 audit(1748251268.407:13): pid=9526 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.876" name="/newroot/212/file0" dev="tmpfs" ino=1131 res=1 errno=0 [ 496.223205][ T9348] hsr_slave_1: entered promiscuous mode [ 497.023651][ T5895] usb 2-1: USB disconnect, device number 18 [ 498.013923][ T6013] usb 5-1: USB disconnect, device number 20 [ 498.022675][ T6013] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 499.173296][ T9557] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (254) [ 500.025598][ T9566] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 500.198898][ T9348] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 500.231441][ T5833] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 500.268545][ T9348] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 500.332287][ T9348] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 500.387488][ T9348] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 500.402175][ T5833] usb 4-1: Using ep0 maxpacket: 32 [ 500.417247][ T5833] usb 4-1: config 2 has an invalid interface number: 45 but max is 0 [ 500.442264][ T5833] usb 4-1: config 2 has no interface number 0 [ 500.485933][ T5833] usb 4-1: config 2 interface 45 has no altsetting 0 [ 500.524452][ T5833] usb 4-1: New USB device found, idVendor=1b3d, idProduct=011a, bcdDevice=e5.fe [ 500.544298][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.571333][ T5833] usb 4-1: Product: syz [ 500.590602][ T5833] usb 4-1: Manufacturer: syz [ 500.617648][ T5833] usb 4-1: SerialNumber: syz [ 500.738006][ T9348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 500.790090][ T9348] 8021q: adding VLAN 0 to HW filter on device team0 [ 500.830934][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 500.838224][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 500.886535][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 500.893788][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 501.476146][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.482902][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.885023][ T9348] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 502.078251][ T9604] No such timeout policy "syz1" [ 502.116219][ T9604] netlink: 'syz.5.888': attribute type 10 has an invalid length. [ 502.222056][ T9608] netlink: 'syz.4.890': attribute type 6 has an invalid length. [ 502.847963][ T9604] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 502.890506][ T5833] ftdi_sio 4-1:2.45: FTDI USB Serial Device converter detected [ 502.930608][ T5833] ftdi_sio ttyUSB0: unknown device type: 0xe5fe [ 502.969705][ T5833] usb 4-1: USB disconnect, device number 27 [ 502.991208][ T9348] veth0_vlan: entered promiscuous mode [ 503.032578][ T5833] ftdi_sio 4-1:2.45: device disconnected [ 503.047211][ T9348] veth1_vlan: entered promiscuous mode [ 503.057886][ T9609] nvme_fabrics: missing parameter 'transport=%s' [ 503.091493][ T9609] nvme_fabrics: missing parameter 'nqn=%s' [ 503.225057][ T9348] veth0_macvtap: entered promiscuous mode [ 503.260463][ T9348] veth1_macvtap: entered promiscuous mode [ 503.373101][ T9348] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 503.423922][ T9348] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 503.456534][ T9348] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.675574][ T9348] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.691630][ T9348] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.700506][ T9348] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.885038][ T9628] FAULT_INJECTION: forcing a failure. [ 503.885038][ T9628] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 503.901065][ T9628] CPU: 0 UID: 0 PID: 9628 Comm: syz.5.894 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 503.901092][ T9628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 503.901104][ T9628] Call Trace: [ 503.901112][ T9628] [ 503.901120][ T9628] dump_stack_lvl+0x189/0x250 [ 503.901156][ T9628] ? __pfx_dump_stack_lvl+0x10/0x10 [ 503.901182][ T9628] ? __pfx__printk+0x10/0x10 [ 503.901227][ T9628] should_fail_ex+0x414/0x560 [ 503.901253][ T9628] strncpy_from_user+0x36/0x290 [ 503.901277][ T9628] getname_flags+0xf3/0x540 [ 503.901303][ T9628] user_path_at+0x24/0x60 [ 503.901327][ T9628] __se_sys_mount+0x2d3/0x410 [ 503.901354][ T9628] ? __pfx___se_sys_mount+0x10/0x10 [ 503.901378][ T9628] ? __x64_sys_mount+0x20/0xc0 [ 503.901400][ T9628] do_syscall_64+0xf6/0x210 [ 503.901428][ T9628] ? clear_bhb_loop+0x60/0xb0 [ 503.901453][ T9628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.901472][ T9628] RIP: 0033:0x7fb45c58e969 [ 503.901489][ T9628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.901506][ T9628] RSP: 002b:00007fb45d35f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 503.901533][ T9628] RAX: ffffffffffffffda RBX: 00007fb45c7b6080 RCX: 00007fb45c58e969 [ 503.901547][ T9628] RDX: 00002000000001c0 RSI: 0000200000000180 RDI: 0000000000000000 [ 503.901561][ T9628] RBP: 00007fb45d35f090 R08: 0000200000000000 R09: 0000000000000000 [ 503.901574][ T9628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 503.901586][ T9628] R13: 0000000000000000 R14: 00007fb45c7b6080 R15: 00007ffce903d148 [ 503.901618][ T9628] [ 505.554739][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 505.577793][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 506.110290][ T9639] 9pnet_virtio: no channels available for device syz [ 506.230106][ T5962] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 506.716800][ T5962] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 506.789272][ T9643] 9pnet_virtio: no channels available for device syz [ 510.670899][ T9659] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 510.710845][ T9669] FAULT_INJECTION: forcing a failure. [ 510.710845][ T9669] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 510.730623][ T9669] CPU: 0 UID: 0 PID: 9669 Comm: syz.5.904 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 510.730651][ T9669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 510.730664][ T9669] Call Trace: [ 510.730672][ T9669] [ 510.730681][ T9669] dump_stack_lvl+0x189/0x250 [ 510.730711][ T9669] ? __lock_acquire+0xaac/0xd20 [ 510.730748][ T9669] ? __pfx_dump_stack_lvl+0x10/0x10 [ 510.730775][ T9669] ? __pfx__printk+0x10/0x10 [ 510.730804][ T9669] ? __might_fault+0xb0/0x130 [ 510.730835][ T9669] should_fail_ex+0x414/0x560 [ 510.730860][ T9669] _copy_from_user+0x2d/0xb0 [ 510.730889][ T9669] ___sys_sendmsg+0x158/0x2a0 [ 510.730920][ T9669] ? __pfx____sys_sendmsg+0x10/0x10 [ 510.730984][ T9669] ? __fget_files+0x2a/0x420 [ 510.731005][ T9669] ? __fget_files+0x3a0/0x420 [ 510.731034][ T9669] __sys_sendmmsg+0x227/0x430 [ 510.731066][ T9669] ? __pfx___sys_sendmmsg+0x10/0x10 [ 510.731103][ T9669] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 510.731148][ T9669] ? ksys_write+0x1f0/0x250 [ 510.731174][ T9669] ? rcu_is_watching+0x15/0xb0 [ 510.731212][ T9669] __x64_sys_sendmmsg+0xa0/0xc0 [ 510.731241][ T9669] do_syscall_64+0xf6/0x210 [ 510.731268][ T9669] ? clear_bhb_loop+0x60/0xb0 [ 510.731292][ T9669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.731311][ T9669] RIP: 0033:0x7fb45c58e969 [ 510.731329][ T9669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 510.731346][ T9669] RSP: 002b:00007fb45d380038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 510.731367][ T9669] RAX: ffffffffffffffda RBX: 00007fb45c7b5fa0 RCX: 00007fb45c58e969 [ 510.731381][ T9669] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 510.731395][ T9669] RBP: 00007fb45d380090 R08: 0000000000000000 R09: 0000000000000000 [ 510.731407][ T9669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.731418][ T9669] R13: 0000000000000000 R14: 00007fb45c7b5fa0 R15: 00007ffce903d148 [ 510.731449][ T9669] [ 510.980348][ T5833] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 511.452681][ T9680] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 511.679598][ T5833] usb 4-1: Using ep0 maxpacket: 32 [ 511.834426][ T30] audit: type=1326 audit(1748251283.937:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9670 comm="syz.1.905" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a4118e969 code=0x0 [ 512.002204][ T5833] usb 4-1: device descriptor read/all, error -71 [ 512.533318][ T69] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.803240][ T69] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.069594][ T30] audit: type=1326 audit(1748251285.317:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9695 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd8438e969 code=0x7ffc0000 [ 513.092405][ T9697] FAULT_INJECTION: forcing a failure. [ 513.092405][ T9697] name failslab, interval 1, probability 0, space 0, times 0 [ 513.123290][ T9697] CPU: 1 UID: 0 PID: 9697 Comm: syz.4.910 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 513.123338][ T9697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 513.123351][ T9697] Call Trace: [ 513.123360][ T9697] [ 513.123369][ T9697] dump_stack_lvl+0x189/0x250 [ 513.123405][ T9697] ? __pfx_dump_stack_lvl+0x10/0x10 [ 513.123432][ T9697] ? __pfx__printk+0x10/0x10 [ 513.123473][ T9697] ? __pfx___might_resched+0x10/0x10 [ 513.123503][ T9697] ? fs_reclaim_acquire+0x7d/0x100 [ 513.123532][ T9697] should_fail_ex+0x414/0x560 [ 513.123559][ T9697] should_failslab+0xa8/0x100 [ 513.123580][ T9697] __kmalloc_cache_noprof+0x70/0x3d0 [ 513.123611][ T9697] ? audit_log_d_path+0xb5/0x190 [ 513.123636][ T9697] audit_log_d_path+0xb5/0x190 [ 513.123656][ T9697] audit_log_d_path_exe+0x42/0x70 [ 513.123676][ T9697] audit_log_task+0x2b3/0x3c0 [ 513.123709][ T9697] ? __pfx_audit_log_task+0x10/0x10 [ 513.123742][ T9697] ? __pfx_migrate_enable+0x10/0x10 [ 513.123769][ T9697] audit_seccomp+0x86/0x190 [ 513.123804][ T9697] __seccomp_filter+0x9aa/0x1a40 [ 513.123843][ T9697] ? ksys_write+0x1cb/0x250 [ 513.123870][ T9697] ? __pfx___seccomp_filter+0x10/0x10 [ 513.123900][ T9697] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 513.123927][ T9697] ? __pfx_vfs_write+0x10/0x10 [ 513.123958][ T9697] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 513.123988][ T9697] ? __fget_files+0x3a0/0x420 [ 513.124019][ T9697] ? ksys_write+0x1f0/0x250 [ 513.124045][ T9697] ? rcu_is_watching+0x15/0xb0 [ 513.124077][ T9697] ? __secure_computing+0xe2/0x2a0 [ 513.124109][ T9697] syscall_trace_enter+0xaa/0x160 [ 513.124139][ T9697] do_syscall_64+0xcf/0x210 [ 513.124166][ T9697] ? clear_bhb_loop+0x60/0xb0 [ 513.124191][ T9697] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.124257][ T9697] RIP: 0033:0x7fcd8438e969 [ 513.124276][ T9697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 513.124293][ T9697] RSP: 002b:00007fcd8512a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 513.124315][ T9697] RAX: ffffffffffffffda RBX: 00007fcd845b5fa0 RCX: 00007fcd8438e969 [ 513.124329][ T9697] RDX: 00002000000002c0 RSI: 0000200000000240 RDI: 0000200000000200 [ 513.124343][ T9697] RBP: 00007fcd8512a090 R08: fffffffffffffffe R09: 0000000000000000 [ 513.124357][ T9697] R10: 00000000000000ba R11: 0000000000000246 R12: 0000000000000001 [ 513.124370][ T9697] R13: 0000000000000000 R14: 00007fcd845b5fa0 R15: 00007ffebe8d7d78 [ 513.124402][ T9697] [ 513.403942][ T69] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.422864][ T30] audit: type=1326 audit(1748251285.347:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9695 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcd8438d2d0 code=0x7ffc0000 [ 513.444654][ T30] audit: type=1326 audit(1748251285.347:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9695 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fcd8438d41f code=0x7ffc0000 [ 513.466791][ T30] audit: type=1326 audit(1748251285.347:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9695 comm="syz.4.910" exe="" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fcd8438e969 code=0x7ffc0000 [ 513.487756][ T30] audit: type=1326 audit(1748251285.647:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9695 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fcd8438d37c code=0x7ffc0000 [ 513.509115][ T30] audit: type=1326 audit(1748251285.647:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9695 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fcd8438d41f code=0x7ffc0000 [ 513.530351][ T30] audit: type=1326 audit(1748251285.647:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9695 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fcd8438d5ca code=0x7ffc0000 [ 513.551800][ T30] audit: type=1326 audit(1748251285.647:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9695 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd8438e969 code=0x7ffc0000 [ 513.574070][ T30] audit: type=1326 audit(1748251285.647:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9695 comm="syz.4.910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd8438e969 code=0x7ffc0000 [ 513.662702][ T9698] netlink: 'syz.1.908': attribute type 5 has an invalid length. [ 513.956746][ T9704] netlink: 'syz.4.912': attribute type 1 has an invalid length. [ 513.980187][ T69] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.992509][ T9703] netlink: 'syz.1.911': attribute type 1 has an invalid length. [ 514.009067][ T9704] netlink: 172 bytes leftover after parsing attributes in process `syz.4.912'. [ 514.362586][ T9706] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 514.402186][ T9706] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 514.504417][ T9706] bond1: (slave vcan1): making interface the new active one [ 514.547932][ T9706] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 514.661571][ T56] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 514.686760][ T56] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 514.697899][ T56] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 514.708135][ T56] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 514.719038][ T56] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 515.180769][ T69] bridge_slave_1: left allmulticast mode [ 515.199982][ T69] bridge_slave_1: left promiscuous mode [ 515.223385][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 515.289644][ T69] bridge_slave_0: left allmulticast mode [ 515.305607][ T69] bridge_slave_0: left promiscuous mode [ 515.335195][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 515.667075][ T9741] qnx4: no qnx4 filesystem (no root dir). [ 515.858430][ T9741] ubi: mtd0 is already attached to ubi31 [ 516.705397][ T9750] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 516.927718][ T56] Bluetooth: hci0: command tx timeout [ 517.063143][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 517.063161][ T30] audit: type=1326 audit(1748251289.317:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9744 comm="syz.3.919" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f41f618e969 code=0x0 [ 519.071674][ T56] Bluetooth: hci0: command tx timeout [ 519.224081][ T9774] netlink: 'syz.4.925': attribute type 8 has an invalid length. [ 519.982870][ T9] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 520.157170][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 520.181609][ T9] usb 5-1: config 0 has an invalid interface number: 148 but max is 2 [ 520.197127][ T9] usb 5-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 520.215557][ T9] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 520.233307][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 520.251260][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 520.266437][ T97] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 520.274255][ T9] usb 5-1: config 0 has no interface number 0 [ 520.288935][ T9] usb 5-1: config 0 interface 148 altsetting 8 endpoint 0xB has invalid maxpacket 47640, setting to 1024 [ 520.301657][ T9] usb 5-1: config 0 interface 148 altsetting 8 bulk endpoint 0xB has invalid maxpacket 1024 [ 520.319159][ T9] usb 5-1: config 0 interface 148 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 520.330476][ T9] usb 5-1: config 0 interface 148 altsetting 8 has an invalid endpoint descriptor of length 2, skipping [ 520.341990][ T9] usb 5-1: config 0 interface 148 altsetting 8 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 520.356473][ T9] usb 5-1: config 0 interface 148 has no altsetting 0 [ 520.369030][ T9] usb 5-1: New USB device found, idVendor=1110, idProduct=9032, bcdDevice=9d.f4 [ 520.378934][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.387478][ T9] usb 5-1: Product: syz [ 520.392114][ T9] usb 5-1: Manufacturer: syz [ 520.396747][ T9] usb 5-1: SerialNumber: syz [ 520.404637][ T9] usb 5-1: config 0 descriptor?? [ 520.411668][ T9778] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 520.421705][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 520.434942][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 520.445886][ T69] bond0 (unregistering): Released all slaves [ 520.452070][ T97] usb 4-1: Using ep0 maxpacket: 8 [ 520.463430][ T97] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 520.478561][ T97] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 520.496930][ T97] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 520.518008][ T97] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 520.528434][ T97] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 520.543326][ T97] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 520.591060][ T97] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.624456][ T9] usb 5-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9032) Rev (0X9DF4): Eagle III [ 520.831201][ T97] usb 4-1: usb_control_msg returned -32 [ 520.836832][ T97] usbtmc 4-1:16.0: can't read capabilities [ 521.138923][ T9791] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 521.163536][ T56] Bluetooth: hci0: command tx timeout [ 521.183397][ T30] audit: type=1326 audit(1748251293.437:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9788 comm="syz.1.929" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a4118e969 code=0x0 [ 521.619994][ T9] usb 5-1: [ueagle-atm] pre-firmware device, uploading firmware [ 521.651904][ T5824] usb 4-1: USB disconnect, device number 30 [ 521.688609][ T9] usb 5-1: [ueagle-atm] loading firmware ueagle-atm/eagleIII.fw [ 521.717527][ T97] usb 5-1: Direct firmware load for ueagle-atm/eagleIII.fw failed with error -2 [ 521.749883][ T97] usb 5-1: Falling back to sysfs fallback for: ueagle-atm/eagleIII.fw [ 521.760569][ T9] usb 5-1: USB disconnect, device number 21 [ 521.772975][ T69] hsr_slave_0: left promiscuous mode [ 521.814770][ T97] ------------[ cut here ]------------ [ 521.820557][ T97] WARNING: CPU: 0 PID: 97 at fs/kernfs/dir.c:537 kernfs_get+0x72/0x90 [ 521.829460][ T97] Modules linked in: [ 521.833745][ T97] CPU: 0 UID: 0 PID: 97 Comm: kworker/0:2 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 521.845763][ T97] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 521.856350][ T97] Workqueue: events request_firmware_work_func [ 521.862941][ T97] RIP: 0010:kernfs_get+0x72/0x90 [ 521.868129][ T97] Code: e8 f3 cf 66 ff 48 89 df be 04 00 00 00 e8 c6 a6 c6 ff f0 ff 03 eb 05 e8 dc cf 66 ff 5b 5d e9 55 46 f9 08 cc e8 cf cf 66 ff 90 <0f> 0b 90 eb d6 89 d9 80 e1 07 80 c1 03 38 c1 7c b6 48 89 df e8 c5 [ 521.888011][ T97] RSP: 0018:ffffc900026af680 EFLAGS: 00010293 [ 521.894170][ T97] RAX: ffffffff82592111 RBX: ffff88814b3952d0 RCX: ffff88801cb73c00 [ 521.902240][ T97] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 521.910241][ T97] RBP: 0000000000000000 R08: ffff88814b3952d3 R09: 1ffff11029672a5a [ 521.918533][ T97] R10: dffffc0000000000 R11: ffffed1029672a5b R12: ffff88802f2deea8 [ 521.926948][ T97] R13: 1ffff11005e5bdd6 R14: ffff88802f2deeb0 R15: 1ffff11005e5bdd5 [ 521.935007][ T97] FS: 0000000000000000(0000) GS:ffff8881260f6000(0000) knlGS:0000000000000000 [ 521.944049][ T97] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 521.951067][ T97] CR2: 0000555577380588 CR3: 0000000045d32000 CR4: 00000000003526f0 [ 521.955050][ T69] hsr_slave_1: left promiscuous mode [ 521.959055][ T97] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 521.974580][ T97] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 521.982925][ T97] Call Trace: [ 521.986253][ T97] [ 521.989212][ T97] kobject_add_internal+0x632/0xb40 [ 521.989844][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 521.994773][ T97] kobject_add+0x155/0x220 [ 521.994815][ T97] ? __pfx_kobject_add+0x10/0x10 [ 522.011969][ T97] ? kobject_init+0x83/0x1e0 [ 522.016612][ T97] get_device_parent+0x316/0x3a0 [ 522.021667][ T97] device_add+0x2e1/0xb50 [ 522.026080][ T97] firmware_fallback_sysfs+0x2e4/0x9b0 [ 522.031713][ T97] _request_firmware+0xf83/0x15b0 [ 522.036816][ T97] ? __pfx__request_firmware+0x10/0x10 [ 522.042393][ T97] ? process_scheduled_works+0x9ec/0x17a0 [ 522.048631][ T97] request_firmware_work_func+0xaf/0x1c0 [ 522.054787][ T97] ? process_scheduled_works+0x9ec/0x17a0 [ 522.060567][ T97] process_scheduled_works+0xade/0x17a0 [ 522.066471][ T97] ? __pfx_process_scheduled_works+0x10/0x10 [ 522.072565][ T97] worker_thread+0x8a0/0xda0 [ 522.077229][ T97] kthread+0x711/0x8a0 [ 522.081439][ T97] ? __pfx_worker_thread+0x10/0x10 [ 522.086601][ T97] ? __pfx_kthread+0x10/0x10 [ 522.091294][ T97] ? __pfx_kthread+0x10/0x10 [ 522.095927][ T97] ? _raw_spin_unlock_irq+0x23/0x50 [ 522.101320][ T97] ? lockdep_hardirqs_on+0x9c/0x150 [ 522.106567][ T97] ? __pfx_kthread+0x10/0x10 [ 522.111321][ T97] ret_from_fork+0x4b/0x80 [ 522.114369][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 522.115753][ T97] ? __pfx_kthread+0x10/0x10 [ 522.115785][ T97] ret_from_fork_asm+0x1a/0x30 [ 522.132449][ T97] [ 522.135511][ T97] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 522.142811][ T97] CPU: 0 UID: 0 PID: 97 Comm: kworker/0:2 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 522.154795][ T97] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 522.164949][ T97] Workqueue: events request_firmware_work_func [ 522.171131][ T97] Call Trace: [ 522.174420][ T97] [ 522.177361][ T97] dump_stack_lvl+0x99/0x250 [ 522.181967][ T97] ? __asan_memcpy+0x40/0x70 [ 522.186744][ T97] ? __pfx_dump_stack_lvl+0x10/0x10 [ 522.191957][ T97] ? __pfx__printk+0x10/0x10 [ 522.196579][ T97] panic+0x2db/0x790 [ 522.200491][ T97] ? __pfx_panic+0x10/0x10 [ 522.204917][ T97] ? show_trace_log_lvl+0x4fb/0x550 [ 522.210132][ T97] ? ret_from_fork_asm+0x1a/0x30 [ 522.215112][ T97] __warn+0x31b/0x4b0 [ 522.219117][ T97] ? kernfs_get+0x72/0x90 [ 522.223468][ T97] ? kernfs_get+0x72/0x90 [ 522.227807][ T97] report_bug+0x2be/0x4f0 [ 522.232148][ T97] ? kernfs_get+0x72/0x90 [ 522.236491][ T97] ? kernfs_get+0x72/0x90 [ 522.240828][ T97] ? kernfs_get+0x74/0x90 [ 522.245165][ T97] handle_bug+0x84/0x160 [ 522.249425][ T97] exc_invalid_op+0x1a/0x50 [ 522.253939][ T97] asm_exc_invalid_op+0x1a/0x20 [ 522.258794][ T97] RIP: 0010:kernfs_get+0x72/0x90 [ 522.263735][ T97] Code: e8 f3 cf 66 ff 48 89 df be 04 00 00 00 e8 c6 a6 c6 ff f0 ff 03 eb 05 e8 dc cf 66 ff 5b 5d e9 55 46 f9 08 cc e8 cf cf 66 ff 90 <0f> 0b 90 eb d6 89 d9 80 e1 07 80 c1 03 38 c1 7c b6 48 89 df e8 c5 [ 522.283350][ T97] RSP: 0018:ffffc900026af680 EFLAGS: 00010293 [ 522.289424][ T97] RAX: ffffffff82592111 RBX: ffff88814b3952d0 RCX: ffff88801cb73c00 [ 522.297402][ T97] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 522.305378][ T97] RBP: 0000000000000000 R08: ffff88814b3952d3 R09: 1ffff11029672a5a [ 522.313361][ T97] R10: dffffc0000000000 R11: ffffed1029672a5b R12: ffff88802f2deea8 [ 522.321334][ T97] R13: 1ffff11005e5bdd6 R14: ffff88802f2deeb0 R15: 1ffff11005e5bdd5 [ 522.329325][ T97] ? kernfs_get+0x71/0x90 [ 522.333688][ T97] kobject_add_internal+0x632/0xb40 [ 522.338922][ T97] kobject_add+0x155/0x220 [ 522.343354][ T97] ? __pfx_kobject_add+0x10/0x10 [ 522.348308][ T97] ? kobject_init+0x83/0x1e0 [ 522.352907][ T97] get_device_parent+0x316/0x3a0 [ 522.357877][ T97] device_add+0x2e1/0xb50 [ 522.362233][ T97] firmware_fallback_sysfs+0x2e4/0x9b0 [ 522.367705][ T97] _request_firmware+0xf83/0x15b0 [ 522.372757][ T97] ? __pfx__request_firmware+0x10/0x10 [ 522.378227][ T97] ? process_scheduled_works+0x9ec/0x17a0 [ 522.383959][ T97] request_firmware_work_func+0xaf/0x1c0 [ 522.389604][ T97] ? process_scheduled_works+0x9ec/0x17a0 [ 522.395338][ T97] process_scheduled_works+0xade/0x17a0 [ 522.400925][ T97] ? __pfx_process_scheduled_works+0x10/0x10 [ 522.406930][ T97] worker_thread+0x8a0/0xda0 [ 522.411544][ T97] kthread+0x711/0x8a0 [ 522.415624][ T97] ? __pfx_worker_thread+0x10/0x10 [ 522.420736][ T97] ? __pfx_kthread+0x10/0x10 [ 522.425332][ T97] ? __pfx_kthread+0x10/0x10 [ 522.429928][ T97] ? _raw_spin_unlock_irq+0x23/0x50 [ 522.435135][ T97] ? lockdep_hardirqs_on+0x9c/0x150 [ 522.440362][ T97] ? __pfx_kthread+0x10/0x10 [ 522.444957][ T97] ret_from_fork+0x4b/0x80 [ 522.449375][ T97] ? __pfx_kthread+0x10/0x10 [ 522.453967][ T97] ret_from_fork_asm+0x1a/0x30 [ 522.458770][ T97] [ 522.462120][ T97] Kernel Offset: disabled [ 522.466454][ T97] Rebooting in 86400 seconds..