last executing test programs: 18.482885109s ago: executing program 0 (id=3379): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x50, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r1 = creat(0x0, 0x0) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@host}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{}, &(0x7f0000000180), &(0x7f0000000400)='%+9llu \x00'}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {0x0}], 0x2, 0x0, 0x0, 0x0) ptrace$ARCH_SHSTK_UNLOCK(0x1e, 0x0, 0x0, 0x5004) setsockopt$inet6_udp_int(r1, 0x11, 0x66, &(0x7f0000000200)=0x45, 0x4) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140), 0x4) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) fsopen(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000440), r3) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x600301, 0x3) r5 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01003137a611ac75c04f190000cd13d392ff4cb0620000000000001360c208173073000004318a6a8825a59abfa0e65d6bdcfd0d0a0000faffe64fe056fe64ac53c8768daccca73a351736ecf59737ff756d0214f6232c64cefe70e5a18e39350f8c36be39fe62e3ab8fa7ae92c4e4f8b779c49cf81aa5bee9c494"], 0x0, 0x4a}, 0x20) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009b23fd406d04c1088dee000000010902240001000000000904000000ff0100000724", @ANYRES16=r5], 0x0) sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="090d00000000000000001f0000005926e1f083304eb6642140963fa013d9a29319c8964e9930c80090dd4cc34801b2abd66e5f7ef02060f184ebdfd0be413be2097f5f2cb40d46e8dee93602264c6f6f580de610f50722abfa1ab7c11b760021a32ade829c3834bd77a1e17963dc19282ec798e92c7666830f34f96c8d6ee73407cd38babf191a020850fb56d869026a54aa5331d55b40105dfb7d32084e9031fe173709b787ea47d519fca7c761981165b3c051652620855de3bfbbd7476a0d07eec9615229823a19a33d"], 0x14}}, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), r0) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000240)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000980)=ANY=[], 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x40841) 15.117783306s ago: executing program 0 (id=3388): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300000095"], &(0x7f0000000180)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r3}, 0x10) unshare(0x2a020400) semget$private(0x0, 0x2, 0x0) syz_emit_vhci(0x0, 0x7) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_io_capa_reply={{0x32, 0x9}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x40, 0x9}}}, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x9, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720aacff0000000071102b00000000009500000000000000"], &(0x7f0000000480)='GPL\x00'}, 0x90) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@bridge_setlink={0x74, 0x13, 0xa29, 0xfffffffc, 0x0, {}, [@IFLA_AF_SPEC={0x8, 0xc, 0x0, 0x0, [@AF_BRIDGE={0x4}]}, @IFLA_AF_SPEC={0x4c, 0x1a, 0x0, 0x1, [@AF_INET6={0x3c, 0x3, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0xb}, @IFLA_INET6_TOKEN={0x14, 0x7, @private1}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}, @IFLA_INET6_ADDR_GEN_MODE={0x5}]}, @AF_BRIDGE={0x4}, @AF_INET6={0x4}, @AF_MPLS={0x4}]}]}, 0x74}}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r5 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000000140)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0x0) 9.982775951s ago: executing program 3 (id=3405): sched_setaffinity(0x0, 0x96dca55c25fb4027, &(0x7f0000000180)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @link_local={0x3}, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@rr={0x44, 0xb, 0x8, [@remote, @multicast2]}, @ssrr={0x89, 0x7, 0xd7, [@private]}, @timestamp={0x44, 0x4}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x334, r2, 0x1, 0x0, 0xfffffffe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x318, 0x33, @beacon={{{}, {}, @device_b, @device_b}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3, {0x0, 0x7c}}, @val={0x25, 0x3, {0x1, 0xb6}}, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @val={0x3c, 0x4}, @void, @void, @void, @val={0x76, 0x6}, [{0xdd, 0xb7, "31851c27f0515dccb7554d54162c7b9db37edff2415d5589b53027d4db2f9527a9858f2910b19c7737136d933c4cb8b186a2cb77d33dc186120309d0107aae1822ca939dc88880a147e71f89f5936e8d68041d7e8bcc0f1b2831ed25db982a9cd8fcd5160c5cdc0cbe25dce28dc9925779fc4799284de17406d9ac3b5e35515e37ca5568297e0d3e19d80a5d5addb3184fec9543e41f70eb1bcd9a87da2f4b39e15dca2e549f43749edc5d2150d9349f08894e39ac26f6"}, {0xdd, 0xba, "1cb11f4c9767b25df19d1cb86cc9f4059996ff0021375555251d74cf6f777d24ac2b13bbd9b9d6f27b608e3a58d27ba7b7e16a8e13f0d8f288fa3e9a5e6c9ba0bd7028c0866f7cec56d3e0ae5cb3c8963c4d6e991fbd1547b046152bed86b40dc529d6663ed96a2f54759ca9fd4841407c6fb63f588fed1344890b04c3914826eaa5b022f53aa9fb6bffaa0370be496fc201cd5b33db589eb87730dee906175a89a626342c521f0b18b5cb5ed9de356bf155e503ca39d841b335"}, {0xdd, 0x25, "523a4aa23e4123ca5c555c2b2bf412911511b4b39a758f6e3a496d64414c19f01ba62cf366"}, {0xdd, 0x12, "0941a0e096d40b7d3b60bec79aa8aaa3f566"}, {0xdd, 0x3f, "7b1f666daa2c5732ac642cd918aea5ee68d9287e589b7d5326dd3b2bfb9e3d1679ee7c57f9ddfe7cc6179e25076e5fbf36bd5882a567a92f5c2ba4e5d1fe2e"}, {0xdd, 0xb, "0da71e815422994325dfec"}, {0xdd, 0xd0, "30d8ac98fdedffdf2ad390d8c532101bdebf905f4f96a12b5400578c02f802cac6cedd077c38a52b4fb790de3ab2c28eed8f45baef37217a654a07159fd6efe9fc5a4effdb0327c0802a3a873eb1979e62ab34d31a748ae171a86d656075c5a8c88eaba15c64af81d2a1d27711b205b8054c3de5a350e513bd56b74b0fdb2d754c4107263cd5172972ac7809a66b08917a11a738872f4aed2639de9df88a49198da03d7b0cc082feaf048bb22b35d6a3caf417bb7b2764066743ec0351ce70032b95ad051deb8fda16dceb2b3b6d5140"}]}}]}, 0x334}}, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)=0xff, 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file1/file3\x00', 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x3, 0x261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r5}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r6, &(0x7f0000000000), &(0x7f0000000080)=@udp}, 0x20) socket$kcm(0x29, 0x2, 0x0) r7 = socket$kcm(0x29, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') preadv(r7, &(0x7f00000003c0)=[{&(0x7f0000000280)=""/191, 0xbf}], 0x1, 0x4a9a8af7, 0x1000) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r6, 0xffffffffffffffff}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r8, &(0x7f0000000340), &(0x7f0000000400)=@tcp6}, 0x20) setresuid(0x0, 0xee00, 0x0) sendmsg$NFT_MSG_GETCHAIN(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="14f4a22f01e7c39bbe4bc9b5d792720000000000"], 0x14}}, 0x0) sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r2, 0x200, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x800, 0x2d}}}}, [@NL80211_ATTR_STA_TX_POWER={0x6}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0xe, 0xbd, [0x3, 0x1, 0x9, 0x9, 0x8]}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x800, 0xce}}, @NL80211_ATTR_STA_PLINK_STATE={0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0xffffffffffffffff, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) 9.931975401s ago: executing program 0 (id=3406): bpf$PROG_LOAD(0x5, 0x0, 0x0) fsopen(0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000000)={0xfffffffffffffe7a, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0022110000000837c700039e22a8610b0100120009bc6ef0ac84f7cf7bbb"], 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGREPORT(r3, 0x400c4807, &(0x7f0000000040)={0x2}) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000340)=ANY=[@ANYBLOB="2294d328336209110b982a756c99c054fefe846a6039fc09b4", @ANYRES16=r0, @ANYRES32=r4, @ANYRES32=r4, @ANYBLOB="0a000600080211000001000030005080110001004abee339084eeef16f162471f4000000080007000000000005000200000000000800030006ac0f00"], 0x58}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x2, &(0x7f00000001c0)=0x7ff, 0x4) syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd6000000000083a00fe040000000000000000000000000001ff02000000000000000000001a0000018000907800000000"], 0x0) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x8000002, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0xffffffffffffffbb) sendto$inet6(r7, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) splice(r7, 0x0, r6, 0x0, 0x406f413, 0x0) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r8, &(0x7f0000000480)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x0, 0x0, 0x9}, [@TCA_NETEM_RATE64={0xc, 0x8, 0x2cf44237d582c0a}]}}}]}, 0x58}}, 0x0) write$binfmt_elf64(r8, &(0x7f0000000200)=ANY=[], 0xc63b9e35) 6.431012459s ago: executing program 3 (id=3409): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x1, 0x0, 0x0, 0x3970b8090d64f40c}}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x400145042, 0x0) socket$packet(0x11, 0x3, 0x300) ftruncate(r1, 0x796c) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x8, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0xa3}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt(r2, 0x28, 0x1, 0x0, &(0x7f0000000000)) 6.340876736s ago: executing program 2 (id=3410): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x50}, @l2cap_cid_signaling={{0x4c}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0xf07, 0xffff}}, @l2cap_conf_req={{0x4, 0x8, 0x21}, {0x8, 0xe2, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x0, 0x8566, 0x8, 0x9, 0x7}}, @l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_ews={0x7, 0x2, 0x9}, @l2cap_conf_mtu={0x1, 0x2, 0x1}]}}, @l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0xc, 0xf}}, @l2cap_disconn_req={{0x6, 0x7, 0x4}, {0x3, 0xe8}}, @l2cap_conf_req={{0x4, 0x5, 0xb}, {0x37a7, 0xbc, [@l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_ews={0x7, 0x2, 0x10}]}}]}}, 0x55) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r4, &(0x7f0000000180)={0x5, 0x10, 0xfa00, {&(0x7f0000002200), r5}}, 0x18) 6.296493458s ago: executing program 3 (id=3412): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000049fe"], &(0x7f0000000140)='GPL\x00', 0x8}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0x88, 0x1b1804, 0x0, 0x8000008, 0x3, 0x2, 0x8001, 0x0, 0x3, 0xff}) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a85323, &(0x7f0000000000)={{0x80}, 'port0\x00'}) ioctl$SNDCTL_SEQ_PANIC(r2, 0x5111) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc) socket$inet6(0xa, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x11) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f0000000200)={@remote, 0x2, 0x0, 0x62e3e968d2cce7dd}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f00000000c0)={@remote, 0xc}, 0x20) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000000300)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r7, 0xc0182101, &(0x7f0000000180)={r8}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r7, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r7, 0x40182103, &(0x7f0000000080)={r9, 0x3, r7, 0x5}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x8925, 0x0) 6.295747075s ago: executing program 4 (id=3413): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(0x0, 0x580200, 0x40) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000000000000000850000002300"], &(0x7f0000000180)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r4}, 0x10) unshare(0x2a020400) semget$private(0x0, 0x2, 0x0) semtimedop(0x0, &(0x7f0000000000)=[{0x500, 0x0, 0x1800}], 0x1, 0x0) syz_emit_vhci(0x0, 0x7) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e1f0a"], 0x22) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_io_capa_reply={{0x32, 0x9}, {@fixed, 0x40, 0x9}}}, 0xc) socket(0x10, 0x80002, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f00000000c0)={0x0, 0x0, {0x2}}) 5.353500712s ago: executing program 2 (id=3415): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x1de) write$binfmt_script(r1, &(0x7f00000019c0)={'#! ', './file0', [{0x20, '\x06^-'}, {0x20, 'gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x10\xdfH(|\xf4:e\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f'}]}, 0x488) close(r1) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100), &(0x7f00000012c0)=[&(0x7f0000001200)='\x00', &(0x7f0000001240)='#! ', &(0x7f0000001280)='!*\'-\x00']) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000000)=ANY=[@ANYRES64=0x0], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x41000, 0x0, '\x00', 0x0, 0x15}, 0x90) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) accept4(r2, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r3], 0x3c}}, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000280)=ANY=[@ANYRES16=r0, @ANYRESOCT=r0, @ANYRESHEX=r1, @ANYRES32=r1, @ANYRES8, @ANYRESOCT=0x0, @ANYRES32=r0], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x8, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000004740)=[{{0x0, 0xfffffffffffffe10, 0x0}}], 0x1, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f0000002300)=""/133) 5.000445801s ago: executing program 3 (id=3416): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2d, 0x4, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x14, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1}, {@remote}, {@dev, 0x659}, {@broadcast}, {@multicast2, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@broadcast, 0x852b1}, {@multicast2}]}, @noop, @noop, @noop, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 4.163214852s ago: executing program 2 (id=3418): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x6, 0x31, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f0000000040)}, 0x20) syz_emit_ethernet(0x4e, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd708", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x10, 0x0, 0x0, 0x0, {[@sack={0x5, 0x2}]}}}}}}}}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x210900, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000240)={'wg0\x00', @multicast}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x16}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000680)='contention_end\x00'}, 0x10) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=@newsa={0x148, 0x10, 0x713, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@ipv4={'\x00', '\xff\xff', @local}}, {@in=@empty, 0x0, 0x32}, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @etimer_thresh={0x8}, @replay_thresh={0x8}]}, 0x148}}, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/partitions\x00', 0x0, 0x0) preadv(r6, &(0x7f0000001500)=[{&(0x7f00000002c0)=""/4084, 0xff4}], 0x1, 0x202, 0x0) 3.770689819s ago: executing program 1 (id=3419): r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)={@map, 0xffffffffffffffff, 0xf, 0x4}, 0x20) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c40)=ANY=[@ANYBLOB='I\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000100000000000000000100000008000100", @ANYRES32=0x0, @ANYBLOB="2c00088028000080240001"], 0x48}}, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90324fc60100c034002000600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000000)={0x2, 'ip6gretap0\x00', 0x2}, 0x18) ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f0000000080)={0x1}) 3.60180451s ago: executing program 3 (id=3420): socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) geteuid() socket(0x10, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000000)={0x24, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TX_RATES={0x8, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}, 0x24}}, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8946, &(0x7f00000000c0)={'veth0_vlan\x00', @random='\x00\x00\x00 \x00'}) socket$netlink(0x10, 0x3, 0x5) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000040)=0xfffe, 0x4) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) bind$inet(r1, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10) socket$packet(0x11, 0x3, 0x300) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r2, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r2, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) sendto$inet(r1, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb) 3.520208918s ago: executing program 1 (id=3421): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="14"], 0x12c}}, 0x0) getpid() process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000600)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r3}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018000000000000000000000000000000660000000000000018000000000000000000000000000000950000000000000067030000000000009500000000806f00"], &(0x7f0000000000)='GPL\x00'}, 0x90) r4 = open$dir(0x0, 0x0, 0x0) r5 = open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0) splice(r4, 0x0, r5, 0x0, 0x1f0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000900), 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(r2, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r3}}, 0x18) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000044000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85823d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2ba9c29faa38c409d32b6b7d6cf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e933119c5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247fa62fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120bed64069dcf82d3e5e0361e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a1000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0daca8d4c1090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c607ef50a991c410f7c60e45b5c193f813a36d841165b91b5e170f6ba24558df57145eb8142a6ed87c6d5cbae3e52d569996604669a6e9ca1a3689c795970b4bcd00881faff52a6766fafa07ed7d4a49f47d34fd76a394adcb33a270b6a14e74bca7c2ea92dd845d3f774fde1bbea911c1ea76d52f7912e2597e6a33380647ed44956730b5b84662b8e659124379c0d86b1d28fdfa3cd2013103e3048c4ad4f5a4dcd133b2fc8fae3b51e4433cee7c08e67c7d7ed4432045e10f8718e5c163b1704fa2c707b61a1a9f63edfceff1a0cd7baf4a15b2fd607a09d398d73243bdcc664fbd5f582e48af2a18b02f0184a7bdd95ac78241e6749e74b152702333c56588375f806f10578eaae329c4f8dfb83e5524e2c9aa59ce7828bd1f146b2a4150fb2a8ced08e2ffac81e921e8a6f0071361a0acdbd125fb5f5e9ffe98e38508582a496afd30ca460dbfca77915a18b7b9ef6c1d6e13bc12fe43063cfecfafb05bf2339ad61533fbf3e410b403182742fa2d40c402cb83c2fef46a36f17c1abf97b0e2d114bd1472ab4207aa060f9e5d91c4a4911b1a1df47b858be141ab3386f26f561df35678489dc1b9f10eee1b2ab3dfdaedd7e06ff8a127f1743fcb32d7f80d40aebc1ea72edc348f5f9ba4bace97db948c24c679c74cd4336a7233d836082bb0e8b013bd1ee3612cd43cd2a3cb83754bb3408"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xfffffedf, 0x10, &(0x7f0000000040), 0xffffff95, 0x0, 0xffffffffffffffff, 0xd}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r7, 0x2000000, 0x93, 0x0, &(0x7f0000000600)="168e43acc18169514039c5bcdb7a44ca7b73908b0e0245bb78fefed08041a1231bdb4729d55fa1e5b413df0c757252630588a43d899a24818d78c9b4b148de20b812fd893157d5046238c9c82df5a649a4781baeac4da0bf1151b932a24f43608a48841f8083e2bf008a0c7a6415d630057bde8c3589ec5aad0876bd342598daa8affb10c0bccb023f824d8e9fdc94ab245a5d", 0x0, 0xc699, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000004000"], &(0x7f0000000000)='GPL\x00'}, 0x90) 3.342898497s ago: executing program 4 (id=3422): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x1, 0x0, 0x0, 0x3970b8090d64f40c}}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) open(&(0x7f0000000140)='./bus\x00', 0x400145042, 0x0) ftruncate(r1, 0x796c) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x8, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0xa3}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt(r2, 0x28, 0x1, 0x0, &(0x7f0000000000)) 3.28974027s ago: executing program 1 (id=3423): socket$inet(0x2, 0x2, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(0x0, 0x22) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c"], 0x1c}}, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[], 0x4) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000780), 0x208e24b) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000ac0)) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000b80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000000)={'syz', 0x2}, &(0x7f0000000240)="f20ea8accdb7d9e23df464008c0c9a271971d60c250373ece89c53ebfabe609d7b67f57ec82a4217", 0x28, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x5, 0x0, &(0x7f0000000040)) 3.283370397s ago: executing program 4 (id=3424): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffd94, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x0, 0x400, 0x9, 0x1}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_BLANKSCREEN(r4, 0x5609, &(0x7f0000000000)) r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) writev(r5, &(0x7f0000000200)=[{&(0x7f0000000800)="bfdefcc5fdebf6dd7d20a4adf6cc2b48929012ff8269e83362e6abe86e139d009aae1b54a75cb9ef0cf39c37342b45e091afd62f6bda670ea65a7ff7527bf1de442a8bf6fbf96de991309e2d708336ff35a3207f709f13fa4cc1247d83ee9ae4419fb6e3d9e4e076926e68805a529b1da9765c59a4b90bcac1a69a69663d5275c7d990f1b2726fe9a5912f50377296fa592ac700248ac341669738e1a1c6668a074ed4f7f1c4e61425a96c111e954632b68326bc5bb0aa3e2258b84f1eb53589a78d3f119b1d4d33780596c326fb425aaaff015ccc19b579d6b594328a3a99476aec686f60cbd488a0136ba8d776e393f6b1bde70849ba1efbbff91c92147ea59fd66cfc60925dffe9080b065f1cbb4efda3662855cb53400047e6e0059d29d5c3c5eff0fafcc1bcab1f64aa582670301f9f1ca2bdc935f54693c89c8be95758ea1706e561499b72ed634d2edeeeaf326f660b2693fad6c2f7425e7d6b1279af1702484b8c62b6f33eeb9a9f4661f87cdd39b98f7788641292e5bc972b9e90ba0c933a980d7336e18cf5ce2cfac5fd7f3f7abcdb675cbae03cf5be7e9d264401f7f95637893b03a056eedfdffcad713f92614a876f6893c894d3ccc2d781074b42c9cdd264139deef825eb5dccfc66f73cf4738d402942d2b638957a75b8db5383b29e77c9d6e0691bbbf2", 0x1eb}], 0x1) 2.118368663s ago: executing program 4 (id=3425): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) syz_emit_vhci(&(0x7f00000002c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x50}, @l2cap_cid_signaling={{0x4c}, [@l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0xf07, 0xffff}}, @l2cap_conf_req={{0x4, 0x8, 0x21}, {0x8, 0xe2, [@l2cap_conf_efs={0x6, 0x10, {0x2, 0x0, 0x8566, 0x8, 0x9, 0x7}}, @l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_ews={0x7, 0x2, 0x9}, @l2cap_conf_mtu={0x1, 0x2, 0x1}]}}, @l2cap_move_chan_cfm={{0x10, 0x0, 0x4}, {0xc, 0xf}}, @l2cap_disconn_req={{0x6, 0x7, 0x4}, {0x3, 0xe8}}, @l2cap_conf_req={{0x4, 0x5, 0xb}, {0x37a7, 0xbc, [@l2cap_conf_fcs={0x5, 0x1}, @l2cap_conf_ews={0x7, 0x2, 0x10}]}}]}}, 0x55) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r4, &(0x7f0000000180)={0x5, 0x10, 0xfa00, {&(0x7f0000002200), r5}}, 0x18) 2.070034695s ago: executing program 0 (id=3426): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000003c0)="386d178529a39dea18dd3f87d7a5", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.999094058s ago: executing program 1 (id=3427): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x42, 0xc9) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) timer_create(0xfffffff4, 0x0, &(0x7f0000044000)) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000002040)={0x8, 0x0, &(0x7f0000002540)=[@acquire], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000280)=[@register_looper], 0x0, 0x0, &(0x7f00000006c0)}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000580)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x0, 0x0}) name_to_handle_at(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)=ANY=[], 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000000000000000000013000000180f", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000b7020000000000007b9af8ff00000000b5090800000000007baaf0ff00000000bf9800000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYBLOB="0000000000000000b7050000080000004600000076000000bf91000000000000560800000000000085000000850000"], &(0x7f0000000980)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x2b, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010007000000000000000000000ad8000000160a03000000000000000000010000000900020073797a31000080000c0003800800014000000000ac0003801800038014000100776c616e310000000000000000000000080002400000006e08000240000000080800014015a629449a2cb612f6fe80e646c700000000680003801400010064766d727030000000000000000000001400010076657468315f746f5f626f6e64000000140001006e657464657673696d300000000000001400010073797a6b616c6c6572310000000000001400010064756d6d79300000000000000000000008000140000000000800024000000009200000000e0a01020000000000000000010000030900010073797a3000000000140000001000"], 0x120}}, 0x8014) 1.89875453s ago: executing program 0 (id=3428): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x1de) write$binfmt_script(r1, &(0x7f00000019c0)={'#! ', './file0', [{0x20, '\x06^-'}, {0x20, 'gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x10\xdfH(|\xf4:e\x84K\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t\x92\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\xc9.\x8br\xf9\xde\xd6\xe6\x14O\xc8\xff3ZA\xea\xd4\xa9]7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\xa9\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f'}]}, 0x488) close(r1) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100), &(0x7f00000012c0)=[&(0x7f0000001200)='\x00', &(0x7f0000001240)='#! ', &(0x7f0000001280)='!*\'-\x00']) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x4, &(0x7f0000000000)=ANY=[@ANYRES64=0x0], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x41000, 0x0, '\x00', 0x0, 0x15}, 0x90) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) accept4(r2, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r3], 0x3c}}, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000280)=ANY=[@ANYRES16=r0, @ANYRESOCT=r0, @ANYRESHEX=r1, @ANYRES32=r1, @ANYRES8, @ANYRESOCT=0x0, @ANYRES32=r0], 0x8) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x8, &(0x7f0000000240)=ANY=[@ANYRESHEX=r3, @ANYRES32=r6], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) setsockopt$inet6_int(r0, 0x29, 0x3a, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000004740)=[{{0x0, 0xfffffffffffffe10, 0x0}}], 0x1, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) mincore(&(0x7f0000ffd000/0x2000)=nil, 0x2000, &(0x7f0000002300)=""/133) 1.605608847s ago: executing program 2 (id=3429): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bind$alg(0xffffffffffffffff, 0x0, 0x0) setpriority(0x12a8ab22d90c3a78, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000000000)='/dev/audio#\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r3 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="b402000000000000620a02000000000006000000000000009500000000000000f1939ed848f21df93f91b07adcad0a4b07f1ef908460d383447042ac86f654d37a9196871a82232bcdd6c0cdb90c62232e3f55133e8becfa"], 0x0, 0x4, 0xd1, &(0x7f00000005c0)=""/209, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x80000000}, 0x8, 0x10, &(0x7f0000000000)={0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2f60e7da}, 0x90) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f0000000100)=@v1={0x0, @aes256, 0x0, @desc1}) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x1a) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140002001200010a0000000089d038703787fce16b19ff4d32e75d5960ec655e7b61c6effad5447302a110173f7b2a7e5b123ccc5c6cbbef2843fbad1a8a5012875160c60a51a5fb6ef89af2cba2ea96a8edc9203b66022743c7689970914ea422dfad7b1cf8ad9959857a2d162938c28365e4b9b9fc80e450af307cdfcb7d3495e45c13560483fa4a780bc2e772a4b41c77b630b27f45d7f191d3b39e2b00396596f3817abe175608ca50e77dbbecc922e8f25b8e8214b051531d61c897ea65096dc0317917437169fd8b9319230ea77059", @ANYRES64], 0x14}}, 0x0) renameat2(r3, &(0x7f0000000540)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r3, &(0x7f0000000400)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r5 = socket(0x25, 0x1, 0x0) io_setup(0x3, 0x0) io_submit(0x0, 0x1, &(0x7f00000002c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x8, 0x0, 0x0, r5, &(0x7f0000000000)='}', 0x1}]) 924.200025ms ago: executing program 4 (id=3430): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200980000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000006c0003806800008008000340000000025c000b80100001800c000100636f756e7465720048"], 0x12c}}, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{0x0}], 0x1, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x10) getpid() sched_setaffinity(0x0, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffffffffffffd]}, 0x0, 0x8) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000600)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r4}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00'}, 0x90) r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r6 = open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0) splice(r5, 0x0, r6, 0x0, 0x1f0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000900), 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r4}}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000044000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85823d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2ba9c29faa38c409d32b6b7d6cf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e933119c5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247fa62fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120bed64069dcf82d3e5e0361e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a1000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0daca8d4c1090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c607ef50a991c410f7c60e45b5c193f813a36d841165b91b5e170f6ba24558df57145eb8142a6ed87c6d5cbae3e52d569996604669a6e9ca1a3689c795970b4bcd00881faff52a6766fafa07ed7d4a49f47d34fd76a394adcb33a270b6a14e74bca7c2ea92dd845d3f774fde1bbea911c1ea76d52f7912e2597e6a33380647ed44956730b5b84662b8e659124379c0d86b1d28fdfa3cd2013103e3048c4ad4f5a4dcd133b2fc8fae3b51e4433cee7c08e67c7d7ed4432045e10f8718e5c163b1704fa2c707b61a1a9f63edfceff1a0cd7baf4a15b2fd607a09d398d73243bdcc664fbd5f582e48af2a18b02f0184a7bdd95ac78241e6749e74b152702333c56588375f806f10578eaae329c4f8dfb83e5524e2c9aa59ce7828bd1f146b2a4150fb2a8ced08e2ffac81e921e8a6f0071361a0acdbd125fb5f5e9ffe98e38508582a496afd30ca460dbfca77915a18b7b9ef6c1d6e13bc12fe43063cfecfafb05bf2339ad61533fbf3e410b403182742fa2d40c402cb83c2fef46a36f17c1abf97b0e2d114bd1472ab4207aa060f9e5d91c4a4911b1a1df47b858be141ab3386f26f561df35678489dc1b9f10eee1b2ab3dfdaedd7e06ff8a127f1743fcb32d7f80d40aebc1ea72edc348f5f9ba4bace97db948c24c679c74cd4336a7233d836082bb0e8b013bd1ee3612cd43cd2a3cb83754bb3408"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xfffffedf, 0x10, &(0x7f0000000040), 0xffffff95, 0x0, 0xffffffffffffffff, 0xd}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r7, 0x2000000, 0x93, 0x0, &(0x7f0000000600)="168e43acc18169514039c5bcdb7a44ca7b73908b0e0245bb78fefed08041a1231bdb4729d55fa1e5b413df0c757252630588a43d899a24818d78c9b4b148de20b812fd893157d5046238c9c82df5a649a4781baeac4da0bf1151b932a24f43608a48841f8083e2bf008a0c7a6415d630057bde8c3589ec5aad0876bd342598daa8affb10c0bccb023f824d8e9fdc94ab245a5d", 0x0, 0xc699, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000004000"], &(0x7f0000000000)='GPL\x00'}, 0x90) 419.705352ms ago: executing program 0 (id=3431): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2d, 0x4, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x14, 0x0, 0x0, 0x9, [0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1}, {@remote}, {@dev, 0x659}, {@broadcast}, {@multicast2, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@broadcast, 0x852b1}, {@multicast2}]}, @noop, @noop, @noop, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 417.753897ms ago: executing program 3 (id=3432): bind$alg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = getpid() r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f0000000040)={0x0, 0x0}) kcmp(r4, r6, 0x300, 0xffffffffffffffff, 0xffffffffffffffff) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_BITWISE_OP={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_MASK={0x4}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x4}}, 0xd8}}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r8, &(0x7f0000000000), 0xfffffd26) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x7a05, 0x1700) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000006c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r10 = openat$cgroup_procs(r9, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0) r11 = openat$cgroup_procs(r9, &(0x7f00000003c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r10, &(0x7f00000000c0), 0x12) preadv(r11, &(0x7f00000004c0)=[{&(0x7f0000000100)=""/240, 0xf0}], 0x1, 0x2, 0x0) 350.687646ms ago: executing program 1 (id=3433): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="14"], 0x12c}}, 0x0) getpid() process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getpid() sched_setaffinity(0x0, 0x0, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000600)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r3}}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018000000000000000000000000000000660000000000000018000000000000000000000000000000950000000000000067030000000000009500000000806f00"], &(0x7f0000000000)='GPL\x00'}, 0x90) r4 = open$dir(0x0, 0x0, 0x0) r5 = open(&(0x7f00000002c0)='./bus\x00', 0x60102, 0x0) splice(r4, 0x0, r5, 0x0, 0x1f0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000900), 0x0) write$RDMA_USER_CM_CMD_DESTROY_ID(r2, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r3}}, 0x18) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x4, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0200000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe000000008500000044000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85823d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2ba9c29faa38c409d32b6b7d6cf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e933119c5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247fa62fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120bed64069dcf82d3e5e0361e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a1000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e824d86869ec4ab392b0a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f78fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a412a9b7d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0daca8d4c1090000000000000084d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000004f9e02a3b51a97c4b1c1b411cc6bee2a56f29c55a6aac46a0cfc318fae02922a403431d4e5a4396cad2c8dd34037bc041a2ba1505ba2c4889122ca04e85881aad5f8bfc12e6741872aad21bf5301cd4c607ef50a991c410f7c60e45b5c193f813a36d841165b91b5e170f6ba24558df57145eb8142a6ed87c6d5cbae3e52d569996604669a6e9ca1a3689c795970b4bcd00881faff52a6766fafa07ed7d4a49f47d34fd76a394adcb33a270b6a14e74bca7c2ea92dd845d3f774fde1bbea911c1ea76d52f7912e2597e6a33380647ed44956730b5b84662b8e659124379c0d86b1d28fdfa3cd2013103e3048c4ad4f5a4dcd133b2fc8fae3b51e4433cee7c08e67c7d7ed4432045e10f8718e5c163b1704fa2c707b61a1a9f63edfceff1a0cd7baf4a15b2fd607a09d398d73243bdcc664fbd5f582e48af2a18b02f0184a7bdd95ac78241e6749e74b152702333c56588375f806f10578eaae329c4f8dfb83e5524e2c9aa59ce7828bd1f146b2a4150fb2a8ced08e2ffac81e921e8a6f0071361a0acdbd125fb5f5e9ffe98e38508582a496afd30ca460dbfca77915a18b7b9ef6c1d6e13bc12fe43063cfecfafb05bf2339ad61533fbf3e410b403182742fa2d40c402cb83c2fef46a36f17c1abf97b0e2d114bd1472ab4207aa060f9e5d91c4a4911b1a1df47b858be141ab3386f26f561df35678489dc1b9f10eee1b2ab3dfdaedd7e06ff8a127f1743fcb32d7f80d40aebc1ea72edc348f5f9ba4bace97db948c24c679c74cd4336a7233d836082bb0e8b013bd1ee3612cd43cd2a3cb83754bb3408"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0xfffffedf, 0x10, &(0x7f0000000040), 0xffffff95, 0x0, 0xffffffffffffffff, 0xd}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r7, 0x2000000, 0x93, 0x0, &(0x7f0000000600)="168e43acc18169514039c5bcdb7a44ca7b73908b0e0245bb78fefed08041a1231bdb4729d55fa1e5b413df0c757252630588a43d899a24818d78c9b4b148de20b812fd893157d5046238c9c82df5a649a4781baeac4da0bf1151b932a24f43608a48841f8083e2bf008a0c7a6415d630057bde8c3589ec5aad0876bd342598daa8affb10c0bccb023f824d8e9fdc94ab245a5d", 0x0, 0xc699, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000004000"], &(0x7f0000000000)='GPL\x00'}, 0x90) 350.268234ms ago: executing program 2 (id=3434): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x1, 0x0, 0x0, 0x3970b8090d64f40c}}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) ftruncate(r1, 0x796c) r2 = socket$vsock_stream(0x28, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x8, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0xa3}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt(r2, 0x28, 0x1, 0x0, &(0x7f0000000000)) 282.053962ms ago: executing program 2 (id=3435): syz_emit_vhci(0x0, 0x22) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f630664"], 0xd) syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="02c81040003c0001000a0702000002050932000400ffff040004090000070400de0c00040610090108004000000202d9ea050101010200010202d68c0142886e4db9b563d741241f8ac465672a1f9383f076b610b7657fa33d370013d56d5fb4a2b9d00439ce597e1f1c0834f7520753e3b6f76ac277b4"], 0x45) write$binfmt_script(r0, &(0x7f00000006c0)={'#! ', './file0', [], 0xa, "6a1aaa5d8ddb637af3598729c33c9eb05896c0067df1aa13702d542464be29e1c1b1fea0c94cc4cb08909377b40c54217601eda2077e38b3dc306c796a9efa9de1463fcd7aac0355ddfc684d32b5ba3d3d1684982ae5f2753d131c2f2aa883915bae2f4870a013f28fe11550ea1b20dfd325891d3e00ffae8c7825201446893311e6de47463bb629997e1afa45d462e4d7700ea8409bfe24555227b9f0ae1e33a708985a3ff32dedc4edeb6161b1e332c7c77d6c21cc3c9ed7921e57521d0000000000000000000000fc89e4410efabde18c50911e812ececec957054fa7ff506971f6432ea8f7f16cb4583a0702b8005b22324cb5f6df6c9ab3a053c3ae9c93d07a13bf6735d436c6e2fc74fca8602feabe25910050134fd3da32be6eab11146839a84e012a6a8726778c383598de7187957f1193d483749fb2f8866eb0eeded046b5eb83123aacd4f5b7d8c1df6d3375945c4405518d26eee22a8fdd6e318a5a9f603c52b13e09374957663fa0e4d7a8a80ddcc956004b478da55211e968fccf1ff15c7a899a319a9ca7f497f9d52528a131ef1a707c87ce64ebe7b6865ff4f09b9c2003ca004b"}, 0x1b3) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') lseek(r1, 0x4, 0x0) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6b38337b, 0x4, 0x7, 0xfffffffc, 0x0, 0x0, 0x1, 0x8, 0x7ff], 0x100000}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) dup(0xffffffffffffffff) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, 0x0) syz_emit_vhci(&(0x7f0000000180)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x1, 0x2, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x8, 0x4}, {0xdf1}}}}, 0x11) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f000076e000/0x4000)=nil, 0x400000, 0x0, 0x2}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) 89.841353ms ago: executing program 4 (id=3436): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x90) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000080)={0x4}) socket$rds(0x15, 0x5, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2031) lchown(&(0x7f00000002c0)='./file1\x00', 0x0, r3) stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440)={0xffffffffffffffff, 0x0, r6}, 0xc) lchown(&(0x7f0000000300)='./file1/file0\x00', 0x0, r6) getgroups(0x3, &(0x7f00000006c0)=[0xee00, 0xee01, 0xffffffffffffffff]) getresuid(&(0x7f0000000700)=0x0, &(0x7f0000000740), &(0x7f0000000a80)) r10 = syz_open_dev$vbi(&(0x7f0000000100), 0x2, 0x2) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000005c0)={{{@in6=@initdev, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@ipv4={""/10, ""/2, @loopback}}}, &(0x7f00000006c0)=0xe8) fstat(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000500)={{0x2, r11, 0x0, 0x0, r12, 0x6}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3}) fsetxattr$system_posix_acl(r10, &(0x7f0000000380)='system.posix_acl_access\x00', &(0x7f0000002240)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="000000000b0000000000000026a57caa08d4cdbd0b10999e418f2aeda4c80470516053d293e85a21bf0e55b37a6d20ed4a090100000000000000de52005ab77fcc70429891a8ac3c0428022d4fc5b59321ca4c15983428756fad1262270e45354f23ffee63e0402c6ee0486da41ad5a7d97b39dcdf9057cae45244ec59f84d7b18b34b0d6c742ea1661a3191490a2105ac5026a87118acdf79f5b697ddbea17dad4988d177", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=r12, @ANYBLOB="10000400000000002000040000000000"], 0x44, 0x3) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000340)={0x130, 0x3c, 0x20, 0x70bd2a, 0x25dfdbfd, "", [@typed={0x14, 0x37, 0x0, 0x0, @ipv6=@mcast2}, @nested={0x10b, 0x144, 0x0, 0x1, [@generic="2fbd14ed24f31ef585f82ec051c6a4c70dfeec49e358695745407d2902d06cee0700398070120a06c010487f6917611026772db5b993c489e2c85198199e7e7d99a21d9295ba87ff0d88f14f3c0cd1c7c53e2bb846b1d6e6ead33b4fa8fd56075ec99f4d6f4bfa45d943c780cf49d49343d3b68c8fb300df1cbd7a8b373b48b47ce54ffe42bdff3650051e8ddfe8c6ad087a61", @typed={0x8, 0x46, 0x0, 0x0, @pid=r0}, @generic="72a775be3c7002004846c43a4458e5fc31618ef7b13d4d18908c5c2db6a27b716e416d86c53e88a59d9241663c0bd540fe8bb24849d814d334d50d4c88d231443ffbb73ebcc4a3fbd7638a8314d1c34c976d27ace003014c3fd919cfbf6dee8c6fdc7a9c797db7e7fd337463"]}]}, 0x130}, {&(0x7f000001da40)=ANY=[@ANYBLOB="002400001400040029bd7000ffdbdf25d7ad978c987757d82398081bc4cd302b91354e3013dbd8fb511200777fb7458aa500ba735bd428a69c6b4b8c9d19ed6dd44aad7923059d61db8ea9b55be3c24e72e8937bdc1f38bcbdd767e83e6ffc3f5eec3b0f21d88fc30b921b8fb4244ac4000a7ac8fa84bb591b48d4160197eb9bb7bbaf2fcfd6a2bc187c2a0f7d12e15533578ec6f1b2e04c3aba08f33f3ba56d92f01027cc00e73be3de1157a5d417ec7b500ab4e325f7df9948897b6dec369593c7eaaacbe7fac82f74552c71bff50950c6705614fb870ab4180386a55518d046e81719a2b8888c584cee7a67f3bfe628acbe2a146a229a80c8d64cf081f7a9c47587b2dc498d5be21c6f036ba7be187032f3cadf02d5c75f369d515f9a9714002600fc000000000000000000000000000001ffc5f4bc61cb9ad201de602f2fd56f656a858772c82a12c62230f79615a9c2e3d5128b7eba5b411a4bf0026fad4ed311ab4ce75c43426dea78dc32568c6068f8ebcb944ade0d0bcd3b47e8cf48b433bf1276d3f30463abb526a0fed67b606082306f341c1d3ccf6c13adf603b2dc5ed9183ac0ee31cd891104db477451b9cd631188ee7c9850791d6a50c4967aea0a080033006bb000007b3893e0f5178e38ed9ef1e51a1ded26ee415bbe9c8bea32a6af848a238422b598d82b994477836593a7e8271416260950b617b301f68f56e507d899046c37df0bdff7968787c7cfb1cf19c11e88ab56c46582cb3152d90fd523fc9b652a0df3e372ab95af8908e17e6cee7e882233533ad84032de0c531314bce53b5eebc92e96d422dce113f24261c9acbf220b52d298f36e890a8b721c043c3c81368c561e45e5caee33ce0c17ae8390cb4ebe39e23474d7b2345be6cd212de6c0806d27684816022ea88bd74423d1a358c898f95c0728d1855decf04c5b187727fbfd52a518d5106e620306dd18281192684493d53477859899ac7c82f600553092da274ea8b5b6196eb060a97c4db88b21bc55b578c7724de8e956cade5b31e2f542e9ed0e2a253acff430bf49922bd494d86748ac77727323c0e46f9b283aaf12bee10d0419e58b082e684e4cef589f0a5a813266169410990e2c1ce8811601d9382a64df50bdcfbaacbacccfbb4ba85a903ed14db96a8aabec70cfc6a435c5cb78a32afdfe4ec7e4ba55e16ff6d9543ec9938846070615a7c115c709c1ff4a1182a5e93639afe98c6aec77675e6a9e2373c36a339e512e0b39069c1773774d2c1a590ce312d407e209ca4b37a7b45989aa80ed8b790e9844514ebb1a355c211224d914a7f82a4132acbf02f7a700d36a3e6a3d1ef40766fbc36bfec9e3bc5c71765060107b5f55e04de03b956cd44834f585dc7449b48c94cf11e3daeb82d5a85e8cc2c926be7500c5482fe3181c1f14c2cbfbf2ea71998b89c294d0d181a76de55185b2fc3c08ee0ecb4a0d0f0ce60789c5daaba15c866e9fc860d380814e030df2fc6af9f68a2728461abbda66301ec65f19a53b0e5a5ba5de607c53456f2c7d45d7aa7853af022e520476aecc49dbf182f4e115b14fbe73113be84790dec175a89f673e9d8e9c6f90c69622821ed2bdd8694eb905e13c657ac19b63fad0c83167a7dcde3400b7141b840805f2ff6f606e93e52445b313361dde081de2134552d816c2ad56efac3694b084c6f47f2c65f77108168235cca4c8c33f3429365fc05db023e8e33b3407db1a815aae0b1aab5985d5e82e93b0c71b01697b2d54b55c5ecef376785c186c1334b57d444b6da2ba93eb9bab1b62f111a3485a3f181c6768e3d00258d49d9167dabde263e9ec00ba86fc3894d5b56a91c14b623f9fc12fd76d9062baca37ce4944ae8c0ba30b59c26bc4dd47df747df22476ecbc5c7307b46e43cb75de4e8c6427f2a827da4894c5f14e1dec7670e69eed2db05ede08bcff860dc7a0ba7d26c15d2b40e79a3942a80fb5fc4e379cc98b7948ad245c56fd21b8ba0c88c08df632497de70c54600703b4614769dfed28e3e1283ecabd78138a6b9133eb2a6e69178cd5e27121dcd9db1f1dc9c2fdb0c1fd9d7183100601d24e2dabb8000e9fb81b2f22aad24daa232b904f7516ee753aa3f38ef8a7db2573b73c98aaef119d7b1253a81dd5b6ff3549e947010fbcae67272d69129f566f47b7628b15dcddc821f3094b492da95787a587d7d7695398099030be7a3ed5603d61cb015c8d752395a5262e1fab7495460b4cb744ee4f9948b223303061b401971b8b91825347a4bcadd53d920bd01e3e02a758b4640068102134f8744f94bf991977ee8a25da853b31abfd39966668cd97aa286a4d0f5a468795ddad8eeaa72c3f1309ab867660e3e34754afdd4222b616c7f3c966e4656b56ae9cc35639d1a6dead2db4f76b0e3f2c5990f487a5aefa076c804383aa9d7fa4ffd465c133978578425ebb575f6c418894c0f4a2e3c3da3c9de6b1993c73197ab6931c7a9a7e12cb086e8376ce0290bfacf980f8173b93079c61dd5d0247bb5a1b708b311a09d84c0c969df1bbf24318abf45d91ccbc66b9bf780d4ba98290e5333d74808d6ab438c86fbb129d5b7323118a6d865980b9c236b330ef3e3c3f970ea25c7461d0f315ffc32fa106bbad7c67a1747bcf57bb2a06273d9eb538b55ff6307daa28388722d3aab1890192cfebde175c5e3c957a1f16af8260db4416fd7c0e3dd857953f3b270ce23584dda38a3521e85099436a9703f0518afaf452085933110b504ad724599268a8b570c9934956c39d9ecd97982dcb192b6752ac2d590aeed39062ae81153321fd00d15fdccf3fbb00fa7640952d3fadf3f428f8bbd041e450f9e0e493f6a96f712632a663f79e9f71dba182c62c4fd86363f7e672e7eac33e702ac6ff99d04d07cb6c5e482ffde2ad0ef4e4f86ad5599ba27df0e0892f0463939e0a946477781cea619dc008dd0fc12bb19644873e86a988d8fe67b10a3249abcd38f65ae0a3418db94f923f2c771274971adc5d00d2ec506de2dbe57940cbeb160e1db61c031a66d72cbfaa405d2701afdd0efaab1304210b22ffa9595631be79f64621723df88471ea3c2c9bbab16d9ea18bf36cfb32cecd90c7ba66829d51305ff6298543982fb6a22846ec3ee22a8f4d7e7d0ef76910c691fe8bbda6585d38e60e86b7f1f4b1a383582a93a0543b5efa58a9808130584658f4b97dcda6a727b5549ed9c52353d80b3f0f7f1f2773aff6ac87bf1053d6928955ffbaf4d843817f30f4e1464371a3243f02dc7269ed6b323380dc53f7a54b105d1d95be1545946c2756252cb808e40685a07ed1e8276edaa87b1510b59004db54532457aa403d7c9eb30ab455ac1897ab60320349843fd4d558383da58849136a02ca5e921c4ce32673fbf28edf93858ecf430b0d8751cfce96c467ac9cf7bc5ffc1fc0eb91b6e7a67eb5beb160952e348917dfafb2783c2df952627b34c308f9de880f1b8160b4a04f220d02ed7c49f7682fe151f40d5b651d6623f9d1e4169858c396671ab1b121282e97f9fbdfb17015e81be2eed758fdbe0918cc39c7a1ff67676bf8ea7a9a21658cb5060efbd18d16a2cd67e912bfb844ef64c018a6e16573208b70724ad4503ff068c6c49f25d3acc35793a5da1aadfb0e0cad951dd07d49f0af03cc9bec4767a2da53c80527e09dd995b98b85299966041921e0019fd6c685cecbc80c02d152ea8637e83667d3f2f296334bc203a9ed8b6e184c928a7f95247073734b3f6da5a53f0911e7914368e4786c8601454dfbcc96940ccf740fbdd4a79fab92e534450fe0520e3ab7c53d0ce0eb9c27fa6fe4055e46895efce03ebb608b7ceb6f960d9c94ef3484554726569b83b29b3d11a1210f5d6fd0572e71a9fbcd68022b118221818ad0fea3c1d9b6ea9816f7bfabcc3c32b9041ede5bc96b1ada5ce51d7a6ffb019c3d2404cd9b2118d9978b068d8e60be84d39ec28cf3983f1e974808e83e88889377bacf2751b102b500c0c8515e3659788c559eb191521cb4cc8ce9a164ec02bd511876fb11ea45ea61c6f496c7e8d2329a20fae15d6b7f3de041d9c8732c276dfaec40af56e6ac417abfb88991623e5cc9718b668de7cad9b5cbf2f88a34cfdfbc71d28d5b088e5ddfa57ebf4af89ce5542245aed827fabd00f3289c7328859f781255148d8fbcce0d863a604956c47156ea8f0ae995b6212819c6ae7a995a0b5e210a5c124204e5ca51c0c7cf4b421c3848ee581284e9b8d096c2b10c93b0eef1f55e27727cb6821e37d0c1d6e9ce1e818d5ea0e099a17c4efe9d3e618aed934f33526873a91bcc53981217ccd1763660461de356aa3c9a3a4b2b55b09b62ab001c962bbbd5ea332bf2ae264f62815a788d5327ebe8191c67b1e1f17ff63055573ec6b499ac350a8c2489a7aa7db83c85f218dd627ce32f65fce859227defe12e6cae10842bd2694f9ffa1eb7d7ec3f14db51b3cfe2561e8c4f0ff879f92802fcef45372ae57b70b4cf78ed0697e264fd8cee1c7d0b0b5af8cbede561254c65ea7c03e2876de086432a8d8fa08d4a66a018e91b995c5a85da0f578c4bd08eada7bebd82fd80c801e42cc2b339e8b2a79ee9a0a08182b5783009be666c0e545404ca8b573c8bf170b915e3be7da328bdbe65051cfb191c6215046b16d1b73bdc5938529bacc0853ea4496e8243c0d077f24b139124d33497b8c22f1fb460c1abbab58e4339f12eef36775dcd77c0f9d27c584b08d4b6a2523657043048d1ec51591b4e2cded5813014275dad2db2b03473369a8f20b38792efaa9ff9a2ac1af66089c0b3fe7b567bbb6c8a76bae001c380f1f8a2a9c3496ab1588838a7406a64fae303a365d29857de55a06e2ed271b5589aa0d68a469a47fd9d70ddda0955337d7387ff07c3f66d20ec62b5ce3458e786e45d614e07aac1c71df200bbc8fa4452e1c74002469ed5449399e9ef892d571f33254b6ac85a7dcdd6244de708c76e187176fca80fe0951dafc9095e09f4a9774979637e3648f263e2b157e60342a1cf137a93acb8e829e84f65b56c962892c7e9433c3062e2ae576af7e81b9ecb2f98fca826d329b8fee9788afe6af77dfaf3a90ea0c823a9ff85f828696128aeeac8da7fbe848a39c18a0618da1a16f06ddfb7bb2ec57f52cf2eb165be371b45ff68c59f0d383b80da2a02c16bca19e37a3c7d6c165e3b1590c7e7c23a111d8b02e0161cb47793f7755c607fd89a299be2f24d0bee8b7fefff08c0461f645f28c9f31e4e3a83c051266c86441b5b9245da259650ea7cebf25b6909468432be15865334f5e28c2070fa61c13caad8a8080e20a495972259652a24548b12e2188c2947646b4f30e5380e4d46c42be4c96dc5fb078df408b469d9610b952b2eab6fdf257b2c01d15fbc8c1cf07152e43169e2bab92f14f0063dc33940dcb185fa43d050846b40bcf964c6da1a1d31d0cd456918399c29a889a1e908a8def60dbf4b82c47f004a2bb993631569b6a60c89e56d50cef77bd8a1ed4ec5f51dea9155f349a6315268ef4bbef6199d33a87f0892374a7b57c3e16dd3389d5a2176cc8bc59e30cac1a6078d2b4b0724b43afa0bf0085a2c1ef16a1ae62dcc6190c7a9877bf4fe4079e9c30caf0327666d74d215949bff8dae6eee0a5240d10b80e7c87589a564e5494f65d266aec8f37f0164348195774cd79ea5d68a2253e9f9e3ea430d02f22347fb6abbb0447fc4c2bae554cde4c4e73af595ca2d35abbe249e3439fdeb39830795b7fe218ac5c3c0645f8792f5c383dc7a087c2184a90ef02d1adf76bbc381fa315a8edc8257d22acb3ab352620375cfd5081676319dff67053a983c5edb8f364438891ebf98d2b13d000168c3cb3de27f8174acf645c7c19daa4e2bb580ca61a334c0cad59e2baa8980bae7ba32e96d83cad2f9156010854f464a372b33f3a22aed996cbcb127588c6d4985b8473e6b8ac9b18cb143308d1562a9f6b9e2daeaa37ca4db7034e53cabdd99f55aabba6f3f6815dcdeb58c25a58f1714fc619f9be7aa6ee57d4393774a00acf0c523d1fba78a7a632e958a2e911ef03661ac94004f319d4ce782d2c1940c8526ff4ffd11d37a5abab904c6e427190d1dc1021322beb6e6f199bcf0d97f3179142281896e8480aa5a8b930c47f322750de62ab965699b78778245e5b8c9d622ee966058191c8abfb900d6e3e50ce4c7dd9ac76ec400bb4125c478622b4ccfa75e386668833ef9a2627fca2efde0e86fe08d3ef83eb4de3e00c8e6b719a6cf1331e56eafde52aa718404167adc3084c48a373e9e2a2a7c2e98d3307e42561d8cb44f65d01c4ab38e8374648f1e654bb9cc4a37488997445c15a11bfad79a9f47164687da56c24469f3a16551cfce00d0e39b8bfe225f8a260cf67be935a4ad214f5f78b8627c547da782d7640943d6ca00b8006b5249c4299c0ff8918ecb856b6918cb194913996b1c87792440c8e6d5e0295ee120713ab73cada91d4eb18210c80827c2a53cd8a2f5ba1f7808cbd9d357e759227f120dab27a40b853201570b40269aca6c3fc9a30ce324e0b9a75384d83b0339c5989eca61b1aba18102645acbe876d0829c005f86cc9397bc6efd3b3d1a2c28428b925c677b64a4111b734631ffc2aad7d7e5338545cff46768e138e086f4dbd7404517e3d7268dac0e733240f36035d398847cef59eb8fdf9b1555d412cb346fbb0a68663b0bb8d14e1c4616cd1e6700000b0bf0535a68dc9881e9cafc9611e97d8a830f3f91cd10db5088e88a1685f981ed31833c6c0701387befe44d82521ae24f15c03a58a92ff1768d5c7e9260fb6f41b5c167099be05f27d293c8db6b786f010f458800fe85be760511e225dfaf084eebbd07136e4517cace50aa0abce9982c7fae856a561c87d84ee68042490472644eba15eeadada42c9c5d06b719325089a98c0d1c9c2ed4d62932e373ddcb7bcdde92f407ffaabfb7d77f72aeb5a4c01a40bc8233c15b1c32d99aef14212af27ee697a5bf348a7eb4d175618f5e76840ebfa882089090a0bc5574db2f4d81856cf89986cabebc4d29dec171eefc710f2f7365b7d997fee453244d9251f862da0ef73651194a43f7b58d4841ba90c7cfa6490cb83912828267951ab06b46f03b27fc0714550ba9416014121fc9b4b724fe1cca576deb49575608a434b2536f6596de99359ee8c7953c3059a6b6dbea93b39eca638204737bfe6ee8da50b5c23ab46a02e7ee51ce53bf47e9ad6e23020f9275f7b383fda3eac4ec1daf22c31f66ecaa26305ccf5f605d9e99071027c108a81a1425673871d6403b94ee94839e9dbaa174a656303599f05ea356233cc3a05bf73c7414793a61fc65809dc15f38b48923687f287099fe11edf813f8dffafd49653fba24d24236a559dcfa9390b582c5355972ee485933aca07a5495d7a0055da7fbd34c635c86aedb8a63f3f061cbda17ea363975985e6b20b7e54ebff69e1828245f93a4dca05e30f2ed52d5040d00a60cb79011f8b508ac650f17d328291cadf0e3eb9651c125373ba0ccd828e265f17c002a056fc546aff333134d68c539672db57cb4b5e6fdf0acf12fd1a3f59ea4f125cc5f9cf564c96b7feb3a334cbec4a994b4ff2d1edca7d1ff3367a5ef4115b264ba84361fd9a939a0023ca56f7bace47fda8cc0d6edba1d2c680c9602bd69811ec1489798a9d404705a0cf2a0ad002974a4dceeac9f0140c836d344128c18fe50e35a9004304c108b5aabf7643437a8d3d544f8724df76d3a5dfd525e4c047b2e67d2766ed2025f9413c6e13f2b5242760e1c1c2f5cdf83ed3260526ee3f09b03d2f623145e2d4e391897b17c0c969a1ef89591cb370510cb0678b27485afcee4931d239172d492814bc95a13cda828154720b2b40b7d87945c99599421b634baa2a8e37ba0e6a9299d3ee75756cba9569829eac2e99442442c762876bd70b846ffc0ab6b7445316782f6a04a3fab5c2b374ee2038a7f79d6c6db765a48c5d8ff9f5e408d32efc69bb4e38ca30b0b6c1f4f04db8c277dddebf471a23b4d15e28368a221fc064760d408529f4aa088cd042234c3960792ae55251c47a60aafe718c67330adf388afaeeb38e2d68883cc814d864455f14dfc324e7911e40f5a6805a235a55611e6ff7e621e05fa786029e366d8a9b7aa67f1f317b2639ce09ff899a644b60c8e0036a62af501ae652065b07c0d571f7adfca1099504c3a9f7416c28f9193a3b82f1908ab0076fbdac569f3b6d553c8ea4ece2512004b2048261a175da1535f5485d11d6cfd9eb7351d89801dff2e92572b499c19ff09c16f4101e2cb308755e3a07990042215409fe1cf4cebdc600a9c6632843d8604a1f14b62ec3c2f03ebb0ef8e91aaee04930838a8c495f12066c56d909373dcc6f195880b9725bec9223c1ab1f1385c36dba37bca5e381e881fedb3388fa5ab473eee92ad9963bf2a285f73119a8f5868056bb4439c17f3910c54c587e216902824ec3ae8870584a51efe2aeefe6ff4e98d90f3da4391620c92102e13688af921c364fa7eea2bfd71528baed74b000a52109c0a149d7695f1550ecec86c796f078ec66471480a0d12876c8a6a24bb91b580724847ec078704e09b266a7605fe5fc2ff56f3d0c52d4426cb4ae3e2ecf43f77728a9d293379d1b03ed873037dbe6b82a7d7205c7741138dc0a5656234cb7b15580a60fa785dfcbe5bf36c7f08b6979bf06dc5636a0e6dd2de2ee87e4e9799d1491a60aa0ceee40e683884eb2a048326493cf34a6c796cc04c6e972dd15b341cbc3edea3c01081b3b67e5fdd6861d2f34b5cc1ca1ee389fc641f1aba8646f687ea4bbde5e845c3b5a7d949d87506b3b1cb43b3e3fb5781c4fc1b613bc5a2333430595a378be110cd9cdc15e270113037a2727643e5b35f12d971031cba2a43c24b31fea11fef9479e43a04fd6847b15dc08422da10a643e5debd7db3a55c46901193e6bfce4f6303d569bdb89ecd75c5dbdb4ee922acdd15c79ba4cc950af9d72229395aa96ee4ee8ebd3dfb954f9020176b24446eea865fb0747e9df97f6dd1a30c879d69ce608e6c8bb5feb380051b896eccef8c0b01b4ed74fc18807fb271605a617c38bed75821ad54fb7f99b8e1f86431be4b604e3994c3ec960bb12ddb1ca45ebe21aad448666454300e64007da172d51ba8aca67fee256397a357408ae8e7d24c38fa15ec3073a4366bf4c77a99bbe97303000000bd47328cafd5188b93c9bd3bf080f554034ce84ece4e3fa7edd3b26dd1ae616dd34dc61201a9c702683254f8cb62614917f3ecf6d49456d04d1c11042039cea2b398ab659f9444cd8032caf91aec43746d622dc4672cac875b06b8b61ee04c2e3eee44db032fc5b7cd5dd2a11465581bc1709d66083e05e8602d2a2b089ad9603f952d79e1f80d010d3435145591ab7b56cd19d6af719069017864d15bd47690ec9cda57eb0117df41b2c8542b27a97ce4a2a2059040efbf112a6c958e65371c118c11073dd3af544c6296642f34525d28cc6951f93f7ca8f075aebeb89a08d006c158c1b0171b971892df9a7e13bb1452cd534c16f1efda5b310133f645e8f9fb98ab292296f84aa1e3f8dcbe74c241dc0ab5c9ba81304da850089cdfb1907708baca472b36af119b39307337ef92ea6a376ce0cd87efbe89527d12ddb4a725febfcd36ce4a9a0a811860c4e71c914f66afb30ca165367802b08c2531a5cd53410a3f42a7d83eddbefd792ff90394ac41185f47f7be5a0979198fd1433354ec95a5aaa1637086b64521b14d0518411c451d52ab2c865453911fc71bd324e00e7f2c36d68f4e3f052edc53b2bb7d8054a6b4377f24800c10b763db02aed4968d6b725fe000259080df289590d9fd4fbe7bc2008fa537521d25ef6f1d019903b3ec94571f4facc082c47ae37bae44a50a85f43654d93096cd0979ec4116b7d1926c747ba747958ba7bb539632f141a636328fd2001a0a60b308e5b6b5ed0810cf05c8a1c17ae75c4df1060e2947b4f9f7db5cebd9ac2bb351837054d920dd6f8110cecf10380e11d7a55c9fb50cf2a0d898a3f6392a95c434c66b8c680ebc374f96983c63e2baf0ca41bfec7ca527fad19f29580d91e6802bb0706b4ade5a7167fa072b60f1bfc0c23bce115b33a57c6ce0819b7e35ba41d3d35626d286d3baf4b4f083f23f7154d5865c19e10816984e70acf19e033cd59a0ce692719208abbf42ea8f3aafe937da6e8a05ef6707f057fd53a93be188b23860515a03c4afac155a80056b0791df15c1fa284b3f4f24d592a6604c2255f010d880d1cd1768c033b6340f790be737549cd227e92598295eb7c3449610d4ca5eac169f49e6ea3f66389b6e199a00f7904cc2a0c5c6c34f8500b8341d9bf1c7c3cce4630bd3ecdbf1c14e641ae50127e86c09a79096fbf5ec9c7044cd18cf23df6617be474bddd1fd135a4c62f7e41207981a495bcc2e369e028c6a71844340f81b65e1e4a23a7145dc9f66e8f8e8e07d4a15b9e0ef10dbca7b2cadb86ac8d0c4c3ec331b0eee182320a468fd255776e9568612814b87d569da58afef98764119949885168c7427b5ecd8a13286f909f2b1f3fe5b4923bcf385fca7a93cd9a4bc52125e5759b66cd0a3aca5546868dc05c9801876d7e890bb9486b6dbfa55d0e5439e4ddb06bccf797b46dedf70a26201c73c5bd37cecfe4d9f2994ef793078b734c468b8c222e7e7d97ac4d43b4726e7849b86bd4a7fedf252cdf38e6946c17954c6a61b730b695a0af5ef88f7cc8894cc45d0a5228abe6d5e35c90b627b8dcfa3c0a0da82d8a12c1f2b4345e8232fd7e84bcd743554eda003dcfb0eddde4160f99f2973a281282d7a5e77441db0f7927c8cb9ba047fa9f255aa6e762006f9b823a7b56fede1b1b3631e22e7e3008d048a2e799b29ca2667bab9e1ccdfdf48412a15738f267281a70904b1bc807ff66dca0503d0f4e6e68eaff403022346b9cc2e80055a8eeea029d3079825dff71a788fa93831de2c71618493309894d9bcb28c2699fa7fed81df2b417854df362b6bf22a31bf6e0e688ebc66d6198f5ada3c6f51414b3b83dc564ba702fd0e7f3e69643e1706e47680763a82b5a65cee7f8738df9f4a6df79447735739fa1f495c82737d12e56a98e0fc006a4211dee8dc60149d12e70de2be74a26dafd5f399cf29a1cba9c672ab3659ef63c25319b282dcee8894b35e74ba263b71f5950fd46f8e229965ef37f20629e6ae7c1236e573c376e0978ca7df716b41b9c5547847ee66c2cb374b6ae2cd4d24a8ec3bb606e0f31c4975c579fac83ac1071cd8b1f2e7e15b74703fbd5d10843374763600c17812d2abe9a50b662bc22d16dcfcea04c404e2e761f46a69b91b5581bf03eeb0bcde65c2c5461ff6509206ed9055ef0ac212399ea7e48154575c38db3011cb2150bf047740bd3495c354675d985d12994d8c306ead8b6ff7766252f2503fd7b23b907bc39671bd51462323e0d71d0e39f3490751567633feb329ce29333350f02fa021c15918a23a125b42df4ab2b440e9a49c70718fd40c305d9e375d29056b5003ee0a836ce8599310d3b337fe9a409a06777445df334c670cf42f005edcd04dc455c9b4d9fba14c111ed63773debf793f084785ba17654dd0a00bc527d00516922763a5b9240b0eec7967edd45ee6dec93eeabdab19669acb16bd15f9b7f252e08185e712c1e58b8ae3abb994e6f853f59e8c66ed25b558816d9c8cfc03e4bde7ab97564ed51b1c1c3a7768a2047bb4460cde5eef11465e0b4ce7ba7035384bed27ac2dce5703fc6161ea98b191c28e1ac5074835a41a2373496a60bca3cc657b0c35c83b790f204a6aeb183036f12bcb3ab4f4749e2eb2cbb753786bf7caeb806fa14bd564b4ddde6a477e126a7b5c21ca5280c7270ac9cec219f8da0d8f7d59f6debcac12b1627b04a0346ba843d5b442061068e369d0cd92885993ec1ac8d3e617beb2d7c794da642d2920a83952c04167ae1f71db9d4d7c60e7155cbb1f8edd1b2f939cd5daef3e50e0b9c09f2fb85dd02918655a64fe503bbb0787e1c2cc51d39e1c20d38dd63d0c5324cd26807579e6741e05c70e71395fbdef7959bbcad536190dcd97209a3a32f10543f24a80b2e3e3c130a36941c426b31fa9e46ed19082a3d8e9da80201368bf6b621c19a76198eceb2b67872fd6d720987209d561c6aead539bcfdd518925674bc167d048636e2933a5322a76cc2aef06e0f2d0908efffb146beec0b8b948a96876badd241f1686cd2abb1116b99a584a33ba3b60990b10b45deb5e302b5b760b735a1caec7a3692ba38914b56d55e00c1ee4d45077d877ceb9298cf3ae6aa668cde064cf243c8df2b08af1630498617910d7d974829a80505a8337e02cc6139c56455fbcff4eaa03a0cc3278279b79e62511a31ec2e13d1271f86a38b1873a564821e83a4096b2d16987e081053d6a2f0000000000000000000000000000681e71e6b36ee60dcd10fb3980624bac4267cf7ed0a0c5b58d1f94f254791dc98a25f15a816cadf52e37111c88c9df1b6c378d6db9fee16ac2a325948ca2c09b78308ace55604d4518910747539d21c9ca80a0e8112c6f281c4e1e71ad75539139d512d094211ff062e2d1223abe17ae46a35f47e1926bd4eedace8c023997b87b4fd11a63c051d8218701e997ada4a824afdc6d85e460ea41eec59007fc25bbb24e884541aa467e63767ba9713922b6297de74ea473b0fcc0", @ANYRES32=r0, @ANYBLOB="a50059c10b5a8471e4589d08cd3f90e2a8b2fa120687adadbb4e2dbd3e84a596dd2861775eb4fc9a2c49abadd0b6f26adb8f6c0690c6fe73ee2c9bd308f4504aee16216a2f7f4f7ce0babcff4ec24f65ee35ccf3819539dc6fedee0d5acafa0ca073b8dfa0c2a705d14de5ddd0261d7200524ce90dc2d50068e141b4cf815ea79b8c171ad7d8d629e490dfe33bc4d47ea1868516fe49b00f056c4d15fc6cf4434727d69e33b960d3717011f1a68e695baa83aacbf56df8a4c60262a85a2351f9f90000559bbcfabdb4034736195c07212afac6e625d34a207b42c6fdc00b1b267010f5ce51ff488a99fd6245af2f5e136948db2c3ded4e314b5d9e558e2f862f58ce8276e040ef8d064c0aa61186b91a613b12e2420d700262313de01e64ba81f3c954fe81596a4d91cc5be3a2304d2f9ddf297680a168b075df282cc9997fe6604c91d4a90739696b298f8b7cdf1b655c7aff0260c37beda3b703148ba15476d7f0"], 0x2400}, {&(0x7f0000000800)={0x254, 0x2c, 0x2, 0x70bd2d, 0x25dfdbfc, "", [@generic="f2e2249bae1635dd83acd2e8cd02d7d981a82139970ec38416663ba0a8908c6609ceda3e0e0180b904bd25ad8cf0904c5810de7feaf73d3badb8a423f602cdde8631cd91afd7b7bf93b9547d547030147b478267f905e89e47c8b8b58cf9682506fe4b3dbe9ca1034a083574686774e807d5e01a0adff1f9148a6066dd11a96eea42bc5ec7bd3ea8b4833dcb1ca1cbdc75b88b81c58b44905938c531418a6dde2b0459d4c4801fe2facd69ef6858ba02a3db039595342bd4d5714e61210d", @generic="88b568a4401128024e0c6f9c9d362ed9fa10a32f9a38ab83d3ea348bd6a026bfe0ebe35afdcc482c349aacc786b35bfe859e22178cd0045d8d71c736d6d73dcff8549652496a09c737c1", @nested={0x13c, 0x1a, 0x0, 0x1, [@typed={0x8, 0x52, 0x0, 0x0, @pid}, @typed={0x8, 0x125, 0x0, 0x0, @u32=0x4}, @typed={0x8, 0xe6, 0x0, 0x0, @pid}, @typed={0xc, 0x12a, 0x0, 0x0, @u64=0x8}, @generic="631b475a3b1210666fb60d50a90cb29e6f3e4c7c9c3e05a7a167a8518a1bd198877ee5", @generic="dd9edce2e78361296699cb067c36f0bdc2f7b1140e273dbf48f893a16fde8e48ac97d8f1ea7ea70ea19b24c0cb2afa847f2b1398a95595debec4d137b7fd907f20c98a26b4f256f2715d85a0a39b9f23cc8efd5b71f1e31e273ef88e79fbbb45f00161d2c32ef1cbff2f7a6915b8108107a62452841f7b82d961d0b97014f88405741cf96fd538bb", @typed={0x8, 0x15, 0x0, 0x0, @u32=0x7ff}, @generic="60739f1a54c98058d385c56f41b1ca4a7a57cb2aeb5bff620c095df1d6f5b56e0b3f25ff5fcbeb7908b46c05e01a65b8be74c55f01debdc5f6e04ca8ce0f3313db2ef2e1450cb00e8b0874bb5d00899ebcefeac878193449f41c512ac6b65b95ec"]}]}, 0x254}, {&(0x7f0000000540)=ANY=[@ANYBLOB="18000000180000032abd7000fd68dbdf0208002300e00000"], 0x18}], 0x4, &(0x7f0000000ac0)=[@cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c, 0x1, 0x2, {r0, 0x0, r3}}}, @cred={{0x1c, 0x1, 0x2, {r0, r5, r6}}}, @cred={{0x1c, 0x1, 0x2, {r4, r11, r8}}}, @cred={{0x1c, 0x1, 0x2, {r0, 0xee00, r7}}}, @cred={{0x1c, 0x1, 0x2, {r0, r9, r12}}}], 0xc0, 0x800}, 0x0) 0s ago: executing program 1 (id=3437): bpf$PROG_LOAD(0x5, 0x0, 0x0) fsopen(0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000000)={0xfffffffffffffe7a, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0022110000000837c700039e22a8610b0100120009bc6ef0ac84f7cf7bbb"], 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGREPORT(r3, 0x400c4807, &(0x7f0000000040)={0x2}) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000340)=ANY=[@ANYBLOB="2294d328336209110b982a756c99c054fefe846a6039fc09b4", @ANYRES16=r0, @ANYRES32=r4, @ANYRES32=r4, @ANYBLOB="0a000600080211000001000030005080110001004abee339084eeef16f162471f4000000080007000000000005000200000000000800030006ac0f00"], 0x58}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x2, &(0x7f00000001c0)=0x7ff, 0x4) syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd6000000000083a00fe040000000000000000000000000001ff02000000000000000000001a0000018000907800000000"], 0x0) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x8000002, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0xffffffffffffffbb) sendto$inet6(r7, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) splice(r7, 0x0, r6, 0x0, 0x406f413, 0x0) r8 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r8, &(0x7f0000000480)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r8, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x0, 0x0, 0x9}, [@TCA_NETEM_RATE64={0xc, 0x8, 0x2cf44237d582c0a}]}}}]}, 0x58}}, 0x0) write$binfmt_elf64(r8, &(0x7f0000000200)=ANY=[], 0xc63b9e35) kernel console output (not intermixed with test programs): +0x241/0x360 [ 1180.143069][T18323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1180.148289][T18323] ? __pfx__printk+0x10/0x10 [ 1180.152882][T18323] ? snprintf+0xda/0x120 [ 1180.157121][T18323] should_fail_ex+0x3b0/0x4e0 [ 1180.161806][T18323] _copy_to_user+0x2f/0xb0 [ 1180.166221][T18323] simple_read_from_buffer+0xca/0x150 [ 1180.171600][T18323] proc_fail_nth_read+0x1e9/0x250 [ 1180.176625][T18323] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1180.182168][T18323] ? rw_verify_area+0x520/0x6b0 [ 1180.187016][T18323] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1180.192557][T18323] vfs_read+0x204/0xbc0 [ 1180.196707][T18323] ? __pfx_lock_release+0x10/0x10 [ 1180.201728][T18323] ? __pfx_vfs_read+0x10/0x10 [ 1180.206403][T18323] ? __fget_files+0x29/0x470 [ 1180.210985][T18323] ? __fget_files+0x3f6/0x470 [ 1180.215665][T18323] ksys_read+0x1a0/0x2c0 [ 1180.219909][T18323] ? __pfx_ksys_read+0x10/0x10 [ 1180.224666][T18323] ? do_syscall_64+0x100/0x230 [ 1180.229419][T18323] ? do_syscall_64+0xb6/0x230 [ 1180.234087][T18323] do_syscall_64+0xf3/0x230 [ 1180.238582][T18323] ? clear_bhb_loop+0x35/0x90 [ 1180.243259][T18323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1180.249163][T18323] RIP: 0033:0x7f2792f746bc [ 1180.253571][T18323] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 1180.273170][T18323] RSP: 002b:00007f2793cae040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1180.281575][T18323] RAX: ffffffffffffffda RBX: 00007f2793103f60 RCX: 00007f2792f746bc [ 1180.289533][T18323] RDX: 000000000000000f RSI: 00007f2793cae0b0 RDI: 0000000000000005 [ 1180.297493][T18323] RBP: 00007f2793cae0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1180.305452][T18323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1180.313412][T18323] R13: 000000000000000b R14: 00007f2793103f60 R15: 00007ffc5f5ffd58 [ 1180.321382][T18323] [ 1180.412834][ T5135] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 1180.423893][ T5132] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 1180.473296][T18330] FAULT_INJECTION: forcing a failure. [ 1180.473296][T18330] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1180.492781][T18330] CPU: 0 PID: 18330 Comm: syz.1.2867 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1180.502966][T18330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1180.513034][T18330] Call Trace: [ 1180.516327][T18330] [ 1180.519265][T18330] dump_stack_lvl+0x241/0x360 [ 1180.523968][T18330] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1180.529187][T18330] ? __pfx__printk+0x10/0x10 [ 1180.533801][T18330] ? __pfx_lock_release+0x10/0x10 [ 1180.538847][T18330] should_fail_ex+0x3b0/0x4e0 [ 1180.543553][T18330] _copy_from_iter+0x1f6/0x1960 [ 1180.548423][T18330] ? __virt_addr_valid+0x183/0x530 [ 1180.553182][ T5131] vhci_hcd: vhci_device speed not set [ 1180.553534][T18330] ? __pfx_lock_release+0x10/0x10 [ 1180.563928][T18330] ? __alloc_skb+0x28f/0x440 [ 1180.568537][T18330] ? __pfx__copy_from_iter+0x10/0x10 [ 1180.573843][T18330] ? __virt_addr_valid+0x183/0x530 [ 1180.578971][T18330] ? __virt_addr_valid+0x183/0x530 [ 1180.584098][T18330] ? __virt_addr_valid+0x45f/0x530 [ 1180.589230][T18330] ? __check_object_size+0x49c/0x900 [ 1180.594527][T18330] netlink_sendmsg+0x743/0xcb0 [ 1180.599298][T18330] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1180.604582][T18330] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1180.609854][T18330] ? security_socket_sendmsg+0x87/0xb0 [ 1180.615308][T18330] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1180.620586][T18330] __sock_sendmsg+0x221/0x270 [ 1180.625256][T18330] __sys_sendto+0x3a4/0x4f0 [ 1180.629763][T18330] ? __pfx___sys_sendto+0x10/0x10 [ 1180.634810][T18330] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1180.640783][T18330] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1180.647105][T18330] __x64_sys_sendto+0xde/0x100 [ 1180.651865][T18330] do_syscall_64+0xf3/0x230 [ 1180.656361][T18330] ? clear_bhb_loop+0x35/0x90 [ 1180.661030][T18330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1180.666920][T18330] RIP: 0033:0x7f2792f75bd9 [ 1180.671325][T18330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1180.690918][T18330] RSP: 002b:00007f2793c8d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1180.699324][T18330] RAX: ffffffffffffffda RBX: 00007f2793104038 RCX: 00007f2792f75bd9 [ 1180.707287][T18330] RDX: 000000000000004c RSI: 0000000020000080 RDI: 0000000000000004 [ 1180.715250][T18330] RBP: 00007f2793c8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1180.723211][T18330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1180.731171][T18330] R13: 000000000000006e R14: 00007f2793104038 R15: 00007ffc5f5ffd58 [ 1180.739142][T18330] [ 1180.753956][ T5132] usb 1-1: Using ep0 maxpacket: 8 [ 1180.771080][ T5132] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1180.780637][ T5132] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1180.792168][ T5132] usb 1-1: Product: syz [ 1180.800366][ T5132] usb 1-1: Manufacturer: syz [ 1180.818437][ T5132] usb 1-1: SerialNumber: syz [ 1180.828842][ T5132] usb 1-1: config 0 descriptor?? [ 1180.841264][ T5132] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1180.869937][ T5135] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1180.880438][ T5135] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1180.905286][ T5135] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1180.925236][ T5135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1180.960934][ T5135] usb 4-1: config 0 descriptor?? [ 1181.015718][T18338] netlink: 'syz.4.2869': attribute type 3 has an invalid length. [ 1181.031717][T18338] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2869'. [ 1181.144980][T18342] FAULT_INJECTION: forcing a failure. [ 1181.144980][T18342] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1181.162648][T18342] CPU: 1 PID: 18342 Comm: syz.4.2872 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1181.172848][T18342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1181.182923][T18342] Call Trace: [ 1181.186211][T18342] [ 1181.189143][T18342] dump_stack_lvl+0x241/0x360 [ 1181.193817][T18342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1181.199007][T18342] ? __pfx__printk+0x10/0x10 [ 1181.203602][T18342] ? __pfx_lock_release+0x10/0x10 [ 1181.208612][T18342] ? __local_bh_enable_ip+0x168/0x200 [ 1181.213987][T18342] should_fail_ex+0x3b0/0x4e0 [ 1181.218700][T18342] _copy_from_user+0x2f/0xe0 [ 1181.223352][T18342] get_user_ifreq+0xc3/0x200 [ 1181.227954][T18342] sock_do_ioctl+0x1a5/0x460 [ 1181.232554][T18342] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1181.237663][T18342] ? __asan_memset+0x23/0x50 [ 1181.242246][T18342] ? smack_file_ioctl+0x2a1/0x3a0 [ 1181.247261][T18342] sock_ioctl+0x629/0x8e0 [ 1181.251594][T18342] ? __pfx_sock_ioctl+0x10/0x10 [ 1181.256468][T18342] ? __fget_files+0x3f6/0x470 [ 1181.261163][T18342] ? __fget_files+0x29/0x470 [ 1181.265777][T18342] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1181.270727][T18342] ? security_file_ioctl+0x87/0xb0 [ 1181.275837][T18342] ? __pfx_sock_ioctl+0x10/0x10 [ 1181.280684][T18342] __se_sys_ioctl+0xfc/0x170 [ 1181.285273][T18342] do_syscall_64+0xf3/0x230 [ 1181.289766][T18342] ? clear_bhb_loop+0x35/0x90 [ 1181.294433][T18342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1181.300317][T18342] RIP: 0033:0x7f0fd7b75bd9 [ 1181.304726][T18342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1181.324325][T18342] RSP: 002b:00007f0fd8a20048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1181.332733][T18342] RAX: ffffffffffffffda RBX: 00007f0fd7d03f60 RCX: 00007f0fd7b75bd9 [ 1181.340692][T18342] RDX: 0000000020000180 RSI: 0000000000008922 RDI: 0000000000000004 [ 1181.348655][T18342] RBP: 00007f0fd8a200a0 R08: 0000000000000000 R09: 0000000000000000 [ 1181.356613][T18342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1181.364576][T18342] R13: 000000000000000b R14: 00007f0fd7d03f60 R15: 00007ffee52a5c98 [ 1181.372551][T18342] [ 1181.384105][T13875] Bluetooth: hci0: command tx timeout [ 1181.416196][T18318] bridge0: port 2(bridge_slave_1) entered disabled state [ 1181.423961][T18318] bridge0: port 1(bridge_slave_0) entered disabled state [ 1181.472477][T18318] bridge0: port 2(bridge_slave_1) entered blocking state [ 1181.480062][T18318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1181.488754][T18318] bridge0: port 1(bridge_slave_0) entered blocking state [ 1181.496016][T18318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1181.553202][ T5132] gspca_sq930x: ucbus_write failed -110 [ 1181.581094][T18318] team0: Port device bridge0 added [ 1181.686652][T18356] tmpfs: Bad value for 'mpol' [ 1181.707207][T18318] bridge_slave_1: left allmulticast mode [ 1181.721168][T18318] bridge_slave_1: left promiscuous mode [ 1181.743653][T18318] bridge0: port 2(bridge_slave_1) entered disabled state [ 1181.876046][ T5132] gspca_sq930x: Sensor ov9630 not yet treated [ 1181.882676][ T5132] sq930x 1-1:0.0: probe with driver sq930x failed with error -22 [ 1181.934301][T18318] bridge_slave_0: left allmulticast mode [ 1181.940994][T18318] bridge_slave_0: left promiscuous mode [ 1182.008117][T18318] bridge0: port 1(bridge_slave_0) entered disabled state [ 1182.848301][T18318] team0: Port device bridge0 removed [ 1182.866357][T18363] netlink: 'syz.4.2876': attribute type 11 has an invalid length. [ 1182.893310][T18363] __nla_validate_parse: 1 callbacks suppressed [ 1182.893328][T18363] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2876'. [ 1182.940354][ T5135] usb 4-1: USB disconnect, device number 80 [ 1182.997392][T18345] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2863'. [ 1183.013549][T18345] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2863'. [ 1183.042220][T18345] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2863'. [ 1183.057513][T18370] FAULT_INJECTION: forcing a failure. [ 1183.057513][T18370] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1183.111381][T18370] CPU: 1 PID: 18370 Comm: syz.3.2879 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1183.121588][T18370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1183.131654][T18370] Call Trace: [ 1183.134949][T18370] [ 1183.137895][T18370] dump_stack_lvl+0x241/0x360 [ 1183.142605][T18370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1183.147834][T18370] ? __pfx__printk+0x10/0x10 [ 1183.152534][T18370] ? __pfx_lock_release+0x10/0x10 [ 1183.153290][ T9] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 1183.157572][T18370] should_fail_ex+0x3b0/0x4e0 [ 1183.157611][T18370] _copy_from_user+0x2f/0xe0 [ 1183.174402][T18370] copy_msghdr_from_user+0xae/0x680 [ 1183.179625][T18370] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1183.185466][T18370] __sys_sendmsg+0x23d/0x3a0 [ 1183.190080][T18370] ? __pfx___sys_sendmsg+0x10/0x10 [ 1183.195205][T18370] ? vfs_write+0x7c4/0xc90 [ 1183.199657][T18370] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1183.205985][T18370] ? do_syscall_64+0x100/0x230 [ 1183.210744][T18370] ? do_syscall_64+0xb6/0x230 [ 1183.215414][T18370] do_syscall_64+0xf3/0x230 [ 1183.219912][T18370] ? clear_bhb_loop+0x35/0x90 [ 1183.224584][T18370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1183.230471][T18370] RIP: 0033:0x7f18eeb75bd9 [ 1183.234877][T18370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1183.254474][T18370] RSP: 002b:00007f18ef9b5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1183.262881][T18370] RAX: ffffffffffffffda RBX: 00007f18eed03f60 RCX: 00007f18eeb75bd9 [ 1183.270928][T18370] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1183.278888][T18370] RBP: 00007f18ef9b50a0 R08: 0000000000000000 R09: 0000000000000000 [ 1183.286847][T18370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1183.294807][T18370] R13: 000000000000000b R14: 00007f18eed03f60 R15: 00007ffc7a06d1e8 [ 1183.302786][T18370] [ 1183.412887][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1183.421377][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 1183.446445][ T9] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1183.470883][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1183.513984][ T9] usb 2-1: config 0 descriptor?? [ 1183.746276][T18364] netlink: 'syz.1.2877': attribute type 1 has an invalid length. [ 1183.975863][T18364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1183.980930][ T9] hid (null): report_id 0 is invalid [ 1183.995574][T18364] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1184.044986][ T9] hid (null): unknown global tag 0xc [ 1184.081417][ T9] hid-generic 0003:0158:0100.0005: unknown main item tag 0x1 [ 1184.105834][ T9] hid-generic 0003:0158:0100.0005: unexpected long global item [ 1184.135918][ T9] hid-generic 0003:0158:0100.0005: probe with driver hid-generic failed with error -22 [ 1184.177746][ T5132] usb 2-1: USB disconnect, device number 86 [ 1184.458569][T18402] tmpfs: Bad value for 'mpol' [ 1185.458721][ T9] usb 1-1: USB disconnect, device number 58 [ 1185.513265][T18414] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2893'. [ 1185.522354][T18414] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2893'. [ 1185.651772][T18416] netlink: 'syz.2.2891': attribute type 11 has an invalid length. [ 1185.665087][T18416] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2891'. [ 1185.706280][T18418] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check. [ 1185.757314][T18423] warning: `syz.1.2895' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1186.334651][T18443] binder: BINDER_SET_CONTEXT_MGR already set [ 1186.341221][T18443] binder: 18439:18443 ioctl 4018620d 20000000 returned -16 [ 1186.352012][T18445] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2902'. [ 1186.372225][T18445] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2902'. [ 1186.771271][T18452] 9pnet_fd: Insufficient options for proto=fd [ 1187.615332][T18461] netlink: 'syz.3.2907': attribute type 11 has an invalid length. [ 1187.760486][T18467] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check. [ 1187.824754][T13875] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 1188.699895][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2914'. [ 1189.561392][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2914'. [ 1189.663982][T13875] Bluetooth: Unexpected continuation frame (len 64) [ 1189.693005][T18496] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2917'. [ 1189.723032][T18496] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2917'. [ 1189.806518][T18499] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2917'. [ 1189.866706][T18501] netlink: 'syz.1.2919': attribute type 11 has an invalid length. [ 1189.993112][T13875] Bluetooth: hci1: command tx timeout [ 1191.065396][T18519] tmpfs: Bad value for 'mpol' [ 1191.515630][ T9] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 1191.629092][T18532] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2928'. [ 1191.684496][T13875] Bluetooth: hci3: command tx timeout [ 1191.722908][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 1191.829945][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice=13.13 [ 1192.053335][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1192.077304][T18532] vxcan3: entered promiscuous mode [ 1192.084352][ T9] usb 3-1: config 0 descriptor?? [ 1192.097451][ T9] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input20 [ 1192.205856][T18528] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2928'. [ 1192.489043][T18542] netlink: 'syz.3.2930': attribute type 11 has an invalid length. [ 1192.495377][T18549] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2931'. [ 1192.507742][T18549] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2931'. [ 1192.605132][T18550] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2933'. [ 1192.766905][ T4519] bcm5974 3-1:0.0: could not read from device [ 1192.915398][ T9] usb 3-1: USB disconnect, device number 58 [ 1193.830122][T18579] binder: BINDER_SET_CONTEXT_MGR already set [ 1193.839792][T18579] binder: 18575:18579 ioctl 4018620d 20000000 returned -16 [ 1193.869349][T18582] sctp: [Deprecated]: syz.4.2942 (pid 18582) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1193.869349][T18582] Use struct sctp_sack_info instead [ 1193.980055][T18585] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2943'. [ 1194.127637][T18588] netlink: 'syz.2.2944': attribute type 11 has an invalid length. [ 1194.373922][T14648] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1194.448019][T18594] FAULT_INJECTION: forcing a failure. [ 1194.448019][T18594] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1194.503130][T18594] CPU: 0 PID: 18594 Comm: syz.2.2947 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1194.513316][T18594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1194.523390][T18594] Call Trace: [ 1194.526683][T18594] [ 1194.529625][T18594] dump_stack_lvl+0x241/0x360 [ 1194.534334][T18594] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1194.539561][T18594] ? __pfx__printk+0x10/0x10 [ 1194.544183][T18594] ? snprintf+0xda/0x120 [ 1194.548436][T18594] should_fail_ex+0x3b0/0x4e0 [ 1194.553111][T18594] _copy_to_user+0x2f/0xb0 [ 1194.557517][T18594] simple_read_from_buffer+0xca/0x150 [ 1194.562899][T18594] proc_fail_nth_read+0x1e9/0x250 [ 1194.567938][T18594] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1194.573480][T18594] ? rw_verify_area+0x520/0x6b0 [ 1194.578322][T18594] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1194.583858][T18594] vfs_read+0x204/0xbc0 [ 1194.588007][T18594] ? __pfx_lock_release+0x10/0x10 [ 1194.593026][T18594] ? __pfx_vfs_read+0x10/0x10 [ 1194.597702][T18594] ? __fget_files+0x29/0x470 [ 1194.602284][T18594] ? __fget_files+0x3f6/0x470 [ 1194.606963][T18594] ksys_read+0x1a0/0x2c0 [ 1194.611205][T18594] ? __pfx_ksys_read+0x10/0x10 [ 1194.615964][T18594] ? do_syscall_64+0x100/0x230 [ 1194.620718][T18594] ? do_syscall_64+0xb6/0x230 [ 1194.625387][T18594] do_syscall_64+0xf3/0x230 [ 1194.629882][T18594] ? clear_bhb_loop+0x35/0x90 [ 1194.634548][T18594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.640434][T18594] RIP: 0033:0x7fe754b746bc [ 1194.644838][T18594] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 1194.664432][T18594] RSP: 002b:00007fe755989040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1194.672842][T18594] RAX: ffffffffffffffda RBX: 00007fe754d03f60 RCX: 00007fe754b746bc [ 1194.680815][T18594] RDX: 000000000000000f RSI: 00007fe7559890b0 RDI: 0000000000000004 [ 1194.688778][T18594] RBP: 00007fe7559890a0 R08: 0000000000000000 R09: 0000000000000000 [ 1194.696760][T18594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1194.704729][T18594] R13: 000000000000000b R14: 00007fe754d03f60 R15: 00007ffe196a3988 [ 1194.712723][T18594] [ 1194.716417][T14648] usb 5-1: Using ep0 maxpacket: 8 [ 1194.741532][T14648] usb 5-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1194.750940][T14648] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1194.764187][T14648] usb 5-1: Product: syz [ 1194.768349][T14648] usb 5-1: Manufacturer: syz [ 1194.779032][T14648] usb 5-1: SerialNumber: syz [ 1194.795532][T14648] usb 5-1: config 0 descriptor?? [ 1194.827315][T14648] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1194.913072][T18600] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2948'. [ 1195.344717][T14648] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1195.351999][T14648] sq905 5-1:0.0: probe with driver sq905 failed with error -71 [ 1195.390618][T14648] usb 5-1: USB disconnect, device number 78 [ 1195.825583][T18619] netlink: 'syz.0.2955': attribute type 11 has an invalid length. [ 1195.834616][ T53] Bluetooth: hci2: ACL packet for unknown connection handle 712 [ 1195.867075][ T53] Bluetooth: hci2: ISO packet for unknown connection handle 2560 [ 1196.022983][T14648] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 1196.222835][T14648] usb 4-1: Using ep0 maxpacket: 8 [ 1196.243094][ T5135] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 1196.244560][T14648] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1196.272199][T14648] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1196.286453][T14648] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 255 [ 1196.296896][T14648] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1196.325719][T14648] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1196.336672][T14648] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1196.482768][ T5135] usb 3-1: Using ep0 maxpacket: 8 [ 1196.507214][ T5135] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice=13.13 [ 1196.543209][ T5135] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1196.570157][ T5135] usb 3-1: config 0 descriptor?? [ 1196.581522][T14648] usb 4-1: GET_CAPABILITIES returned 0 [ 1196.603122][ T5135] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input22 [ 1196.609026][T14648] usbtmc 4-1:16.0: can't read capabilities [ 1196.802472][T18617] FAULT_INJECTION: forcing a failure. [ 1196.802472][T18617] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1196.848911][ T783] usb 4-1: USB disconnect, device number 81 [ 1196.913665][T18617] CPU: 0 PID: 18617 Comm: syz.3.2954 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1196.923839][T18617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1196.933899][T18617] Call Trace: [ 1196.937167][T18617] [ 1196.940084][T18617] dump_stack_lvl+0x241/0x360 [ 1196.944755][T18617] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1196.949942][T18617] ? __pfx__printk+0x10/0x10 [ 1196.954519][T18617] ? __pfx_lock_release+0x10/0x10 [ 1196.959533][T18617] should_fail_ex+0x3b0/0x4e0 [ 1196.964204][T18617] _copy_from_user+0x2f/0xe0 [ 1196.968777][T18617] core_sys_select+0x639/0x910 [ 1196.973531][T18617] ? __pfx_core_sys_select+0x10/0x10 [ 1196.978796][T18617] ? ksys_write+0x23e/0x2c0 [ 1196.983300][T18617] ? __pfx_set_user_sigmask+0x10/0x10 [ 1196.988653][T18617] ? __fget_files+0x3f6/0x470 [ 1196.993336][T18617] __se_sys_pselect6+0x319/0x3f0 [ 1196.998290][T18617] ? __pfx___se_sys_pselect6+0x10/0x10 [ 1197.003739][T18617] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1197.010054][T18617] ? do_syscall_64+0x100/0x230 [ 1197.014803][T18617] ? __x64_sys_pselect6+0x21/0xf0 [ 1197.019819][T18617] do_syscall_64+0xf3/0x230 [ 1197.024308][T18617] ? clear_bhb_loop+0x35/0x90 [ 1197.028981][T18617] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.034887][T18617] RIP: 0033:0x7f18eeb75bd9 [ 1197.039284][T18617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1197.058872][T18617] RSP: 002b:00007f18ef9b5048 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 1197.067269][T18617] RAX: ffffffffffffffda RBX: 00007f18eed03f60 RCX: 00007f18eeb75bd9 [ 1197.075248][T18617] RDX: 0000000000000000 RSI: 00000000200045c0 RDI: 0000000000000040 [ 1197.083204][T18617] RBP: 00007f18ef9b50a0 R08: 0000000000000000 R09: 0000000000000000 [ 1197.091160][T18617] R10: 0000000020004640 R11: 0000000000000246 R12: 0000000000000001 [ 1197.099111][T18617] R13: 000000000000000b R14: 00007f18eed03f60 R15: 00007ffc7a06d1e8 [ 1197.107078][T18617] [ 1197.834378][ T53] Bluetooth: hci2: command tx timeout [ 1198.403360][T18662] netlink: 'syz.3.2967': attribute type 11 has an invalid length. [ 1198.601442][T18670] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2970'. [ 1198.741702][T18672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2971'. [ 1199.493173][T14648] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1199.545729][ T4519] bcm5974 3-1:0.0: could not read from device [ 1199.579526][ T4519] bcm5974 3-1:0.0: could not read from device [ 1199.625709][ T4519] bcm5974 3-1:0.0: could not read from device [ 1199.672001][ T5135] usb 3-1: USB disconnect, device number 59 [ 1199.721265][T14648] usb 2-1: Using ep0 maxpacket: 8 [ 1199.758692][T14648] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1199.785766][T14648] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1199.808465][T14648] usb 2-1: Product: syz [ 1199.820338][T14648] usb 2-1: Manufacturer: syz [ 1199.825798][T14648] usb 2-1: SerialNumber: syz [ 1199.833128][ T53] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1199.842919][ T53] Bluetooth: hci2: Injecting HCI hardware error event [ 1199.851528][ T53] Bluetooth: hci2: hardware error 0x00 [ 1199.869895][T14648] usb 2-1: config 0 descriptor?? [ 1199.886119][T14648] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1200.268677][T14648] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1200.282114][T14648] sq905 2-1:0.0: probe with driver sq905 failed with error -71 [ 1200.333192][T14648] usb 2-1: USB disconnect, device number 87 [ 1200.393765][T13875] Bluetooth: hci3: ACL packet for unknown connection handle 712 [ 1200.427913][T13875] Bluetooth: hci3: ISO packet for unknown connection handle 2560 [ 1200.709386][T18700] netlink: 'syz.3.2979': attribute type 11 has an invalid length. [ 1201.187530][T14648] IPVS: starting estimator thread 0... [ 1201.273896][ T783] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 1201.289204][T18717] IPVS: using max 18 ests per chain, 43200 per kthread [ 1201.483025][ T783] usb 1-1: Using ep0 maxpacket: 16 [ 1201.494240][ T783] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 1201.522407][ T783] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1201.549493][ T783] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1201.566362][ T783] usb 1-1: config 0 descriptor?? [ 1201.698139][ T29] audit: type=1326 audit(2000000520.860:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18724 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe754b75bd9 code=0x7ffc0000 [ 1201.737035][ T29] audit: type=1326 audit(2000000520.860:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18724 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe754b75bd9 code=0x7ffc0000 [ 1201.775333][ T29] audit: type=1326 audit(2000000520.860:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18724 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe754b75bd9 code=0x7ffc0000 [ 1201.807597][ T5135] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 1201.862880][ T29] audit: type=1326 audit(2000000520.860:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18724 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe754b75bd9 code=0x7ffc0000 [ 1201.895435][ T29] audit: type=1326 audit(2000000520.860:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18724 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe754b75bd9 code=0x7ffc0000 [ 1201.929560][ T29] audit: type=1326 audit(2000000520.860:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18724 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7fe754b75bd9 code=0x7ffc0000 [ 1201.960796][ T29] audit: type=1326 audit(2000000520.860:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18724 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe754b75bd9 code=0x7ffc0000 [ 1201.987489][ T29] audit: type=1326 audit(2000000520.860:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18724 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fe754b75bd9 code=0x7ffc0000 [ 1202.025495][ T5135] usb 4-1: device descriptor read/64, error -71 [ 1202.033723][T18706] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1202.042327][ T53] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1202.053087][T18706] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1202.158109][ T29] audit: type=1326 audit(2000000520.860:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18724 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe754b75bd9 code=0x7ffc0000 [ 1202.162561][ T783] hid-generic 0003:0158:0100.0006: unknown main item tag 0x1 [ 1202.192347][ T783] hid-generic 0003:0158:0100.0006: unexpected long global item [ 1202.213355][ T783] hid-generic 0003:0158:0100.0006: probe with driver hid-generic failed with error -22 [ 1202.272984][ T29] audit: type=1326 audit(2000000520.860:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18724 comm="syz.2.2990" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe754b75bd9 code=0x7ffc0000 [ 1202.334121][ T5135] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 1202.392956][ T53] Bluetooth: hci3: command tx timeout [ 1202.506585][T18732] netlink: 'syz.2.2991': attribute type 11 has an invalid length. [ 1202.542908][ T5135] usb 4-1: device descriptor read/64, error -71 [ 1202.663412][ T5135] usb usb4-port1: attempt power cycle [ 1202.757033][T18745] FAULT_INJECTION: forcing a failure. [ 1202.757033][T18745] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1202.758267][T18744] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2996'. [ 1202.772284][T18745] CPU: 0 PID: 18745 Comm: syz.4.2995 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1202.790586][T18745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1202.800648][T18745] Call Trace: [ 1202.803922][T18745] [ 1202.806847][T18745] dump_stack_lvl+0x241/0x360 [ 1202.811525][T18745] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1202.816719][T18745] ? __pfx__printk+0x10/0x10 [ 1202.821328][T18745] ? __lock_acquire+0x1346/0x1fd0 [ 1202.826364][T18745] should_fail_ex+0x3b0/0x4e0 [ 1202.831054][T18745] strncpy_from_user+0x36/0x2f0 [ 1202.835914][T18745] setxattr+0xcf/0x2f0 [ 1202.839986][T18745] ? __pfx_setxattr+0x10/0x10 [ 1202.844682][T18745] ? mnt_get_write_access+0x226/0x2b0 [ 1202.850060][T18745] path_setxattr+0x1c0/0x2a0 [ 1202.854648][T18745] ? __pfx_path_setxattr+0x10/0x10 [ 1202.859751][T18745] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1202.866077][T18745] ? do_syscall_64+0x100/0x230 [ 1202.870848][T18745] __x64_sys_lsetxattr+0xb8/0xd0 [ 1202.875788][T18745] do_syscall_64+0xf3/0x230 [ 1202.880281][T18745] ? clear_bhb_loop+0x35/0x90 [ 1202.884949][T18745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1202.890839][T18745] RIP: 0033:0x7f0fd7b75bd9 [ 1202.895243][T18745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1202.914838][T18745] RSP: 002b:00007f0fd8a20048 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 1202.923243][T18745] RAX: ffffffffffffffda RBX: 00007f0fd7d03f60 RCX: 00007f0fd7b75bd9 [ 1202.931203][T18745] RDX: 00000000200001c0 RSI: 0000000020000180 RDI: 0000000020000140 [ 1202.939160][T18745] RBP: 00007f0fd8a200a0 R08: 0000000000000000 R09: 0000000000000000 [ 1202.947120][T18745] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 1202.955081][T18745] R13: 000000000000000b R14: 00007f0fd7d03f60 R15: 00007ffee52a5c98 [ 1202.963067][T18745] [ 1203.000568][ T5085] usb 1-1: USB disconnect, device number 59 [ 1203.262985][ T5135] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 1203.303985][ T5135] usb 4-1: device descriptor read/8, error -71 [ 1203.423385][ T783] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 1203.496590][T18764] netlink: 'syz.2.3002': attribute type 11 has an invalid length. [ 1203.518496][T18765] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3001'. [ 1203.596221][ T5135] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 1203.633870][ T783] usb 2-1: Using ep0 maxpacket: 8 [ 1203.644222][ T5135] usb 4-1: device descriptor read/8, error -71 [ 1203.659708][ T783] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1203.688714][ T783] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1203.714113][ T783] usb 2-1: Product: syz [ 1203.734131][ T783] usb 2-1: Manufacturer: syz [ 1203.750403][ T783] usb 2-1: SerialNumber: syz [ 1203.783241][ T783] usb 2-1: config 0 descriptor?? [ 1203.793720][ T5135] usb usb4-port1: unable to enumerate USB device [ 1203.835540][ T783] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1203.892847][T12231] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 1204.040776][ T783] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1204.098634][ T783] sq905 2-1:0.0: probe with driver sq905 failed with error -71 [ 1204.128494][T12231] usb 3-1: Using ep0 maxpacket: 32 [ 1204.156632][ T783] usb 2-1: USB disconnect, device number 88 [ 1204.177714][T12231] usb 3-1: New USB device found, idVendor=1d6f, idProduct=0010, bcdDevice= a.a7 [ 1204.228940][T12231] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1204.258308][T12231] usb 3-1: Product: syz [ 1204.268115][T12231] usb 3-1: Manufacturer: syz [ 1204.290173][T12231] usb 3-1: SerialNumber: syz [ 1204.303660][T12231] usb 3-1: config 0 descriptor?? [ 1204.315265][T12231] usb 3-1: bad CDC descriptors [ 1204.320828][T12231] cp210x 3-1:0.0: cp210x converter detected [ 1204.403195][ T53] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1204.413987][ T53] Bluetooth: hci3: Injecting HCI hardware error event [ 1204.422258][T13875] Bluetooth: hci3: hardware error 0x00 [ 1204.610436][T18777] netlink: 'syz.4.3007': attribute type 5 has an invalid length. [ 1205.782503][T18793] 9pnet_fd: p9_fd_create_unix (18793): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 1205.785787][T18793] blktrace: Concurrent blktraces are not allowed on loop3 [ 1205.950924][T18793] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3009'. [ 1206.042867][ T45] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 1206.165556][T18798] netlink: 'syz.0.3013': attribute type 11 has an invalid length. [ 1206.175142][T18798] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3013'. [ 1206.241068][ T45] usb 2-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=e6.af [ 1206.302982][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1206.341948][ T45] usb 2-1: config 0 descriptor?? [ 1206.370818][ T45] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 1206.390009][T18804] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3015'. [ 1206.473342][T13875] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1206.596454][T18795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1206.639899][T12231] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1206.641209][T18795] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1206.657437][T12231] cp210x 3-1:0.0: querying part number failed [ 1206.698866][T12231] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1206.745787][T12231] usb 3-1: USB disconnect, device number 60 [ 1206.826199][T12231] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1206.873701][T12231] cp210x 3-1:0.0: device disconnected [ 1206.989516][ T45] gspca_sonixj: reg_w1 err -110 [ 1206.994650][ T45] sonixj 2-1:0.0: probe with driver sonixj failed with error -110 [ 1207.619183][T18819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3018'. [ 1207.652109][T18819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3018'. [ 1208.109769][T18832] netlink: 'syz.0.3024': attribute type 11 has an invalid length. [ 1208.142640][T18832] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3024'. [ 1208.346655][ T53] Bluetooth: hci0: ACL packet for unknown connection handle 712 [ 1208.433529][ T53] Bluetooth: hci0: ISO packet for unknown connection handle 2560 [ 1208.643604][T18846] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3028'. [ 1208.858559][ T5085] usb 2-1: USB disconnect, device number 89 [ 1210.392929][ T53] Bluetooth: hci0: command tx timeout [ 1210.570312][T18858] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3032'. [ 1210.592273][T18858] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3032'. [ 1210.969339][T18867] 9pnet_fd: p9_fd_create_unix (18867): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 1211.052105][T18860] blktrace: Concurrent blktraces are not allowed on loop3 [ 1211.321689][T18860] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3025'. [ 1211.388114][T18874] netlink: 'syz.1.3037': attribute type 11 has an invalid length. [ 1211.396619][T18874] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3037'. [ 1211.408147][T18879] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3035'. [ 1211.424553][T18879] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3035'. [ 1211.660278][T18883] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3039'. [ 1211.708116][ T53] Bluetooth: Unexpected continuation frame (len 64) [ 1211.744758][T18886] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3041'. [ 1212.262911][T12231] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 1212.392960][ T53] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 1212.401655][ T53] Bluetooth: hci0: Injecting HCI hardware error event [ 1212.411334][T13875] Bluetooth: hci0: hardware error 0x00 [ 1212.462853][T12231] usb 4-1: Using ep0 maxpacket: 8 [ 1212.471939][T12231] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1212.495928][T12231] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1212.535031][T12231] usb 4-1: Product: syz [ 1212.550777][T12231] usb 4-1: Manufacturer: syz [ 1212.566677][T12231] usb 4-1: SerialNumber: syz [ 1212.597160][T12231] usb 4-1: config 0 descriptor?? [ 1212.610202][T12231] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1212.821232][T12231] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1212.865815][T12231] sq905 4-1:0.0: probe with driver sq905 failed with error -71 [ 1212.879996][T18910] netlink: 'syz.4.3045': attribute type 10 has an invalid length. [ 1212.903350][T12231] usb 4-1: USB disconnect, device number 86 [ 1213.044109][T18910] team0: Port device netdevsim0 added [ 1215.040641][ T53] Bluetooth: hci4: command tx timeout [ 1215.053124][T13875] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 1216.011159][T18947] __nla_validate_parse: 1 callbacks suppressed [ 1216.011180][T18947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3058'. [ 1216.089457][T18947] vxcan3: entered promiscuous mode [ 1216.107516][T18948] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3058'. [ 1216.204867][T18947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3058'. [ 1217.007428][T18960] 9pnet_fd: p9_fd_create_unix (18960): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 1217.082963][ T45] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 1217.094772][T18958] blktrace: Concurrent blktraces are not allowed on loop3 [ 1217.173972][ C1] vkms_vblank_simulate: vblank timer overrun [ 1219.322853][ T45] usb 5-1: Using ep0 maxpacket: 32 [ 1219.443282][ T45] usb 5-1: New USB device found, idVendor=1d6f, idProduct=0010, bcdDevice= a.a7 [ 1219.452402][ T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1219.503036][T18973] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3063'. [ 1219.675620][ T45] usb 5-1: Product: syz [ 1219.689606][ T45] usb 5-1: Manufacturer: syz [ 1219.695070][ T45] usb 5-1: SerialNumber: syz [ 1219.702577][ T45] usb 5-1: config 0 descriptor?? [ 1219.715065][ T45] usb 5-1: bad CDC descriptors [ 1220.543427][ T45] cp210x 5-1:0.0: cp210x converter detected [ 1220.596520][ T45] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1220.633397][ T45] cp210x 5-1:0.0: querying part number failed [ 1220.671754][ T45] usb 5-1: cp210x converter now attached to ttyUSB0 [ 1220.694505][ T45] usb 5-1: USB disconnect, device number 79 [ 1220.710701][ T45] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1220.733859][ T45] cp210x 5-1:0.0: device disconnected [ 1220.825554][T18990] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3071'. [ 1220.840194][ T5085] IPVS: starting estimator thread 0... [ 1220.851595][T18990] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3071'. [ 1220.885987][T18993] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3072'. [ 1220.903025][T12231] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 1220.942858][T18991] IPVS: using max 21 ests per chain, 50400 per kthread [ 1221.002866][ T5085] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 1221.076791][T18925] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1221.113943][T12231] usb 4-1: Using ep0 maxpacket: 8 [ 1221.134974][T12231] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1221.182621][T12231] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1221.234139][T12231] usb 4-1: Product: syz [ 1221.258541][T12231] usb 4-1: Manufacturer: syz [ 1221.279869][T12231] usb 4-1: SerialNumber: syz [ 1221.314766][T12231] usb 4-1: config 0 descriptor?? [ 1221.350030][T12231] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1221.562531][T12231] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1221.595034][T12231] sq905 4-1:0.0: probe with driver sq905 failed with error -71 [ 1221.627919][T12231] usb 4-1: USB disconnect, device number 87 [ 1221.643314][ T5085] usb 2-1: Using ep0 maxpacket: 8 [ 1221.666809][ T5085] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1221.693176][ T5085] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1221.718433][ T5085] usb 2-1: Product: syz [ 1221.730612][ T5085] usb 2-1: Manufacturer: syz [ 1221.741576][ T5085] usb 2-1: SerialNumber: syz [ 1221.763882][ T5085] usb 2-1: config 0 descriptor?? [ 1221.781763][ T5085] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1222.204415][T18987] bridge0: port 2(bridge_slave_1) entered disabled state [ 1222.212318][T18987] bridge0: port 1(bridge_slave_0) entered disabled state [ 1222.249324][T18987] bridge0: port 2(bridge_slave_1) entered blocking state [ 1222.256884][T18987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1222.265476][T18987] bridge0: port 1(bridge_slave_0) entered blocking state [ 1222.273470][T18987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1222.450586][T18987] team0: Port device bridge0 added [ 1222.471943][T19011] bridge_slave_1: left allmulticast mode [ 1222.488288][T19011] bridge_slave_1: left promiscuous mode [ 1222.495735][T19011] bridge0: port 2(bridge_slave_1) entered disabled state [ 1222.505541][ T5085] gspca_sq930x: ucbus_write failed -110 [ 1222.551621][T19011] bridge_slave_0: left allmulticast mode [ 1222.569763][T19011] bridge_slave_0: left promiscuous mode [ 1222.583158][T19011] bridge0: port 1(bridge_slave_0) entered disabled state [ 1222.651411][T19011] team0: Port device bridge0 removed [ 1222.672829][ T5132] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 1222.719158][T18987] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3069'. [ 1222.728583][T18987] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3069'. [ 1222.742832][ T5085] gspca_sq930x: Sensor ov9630 not yet treated [ 1222.749110][ T5085] sq930x 2-1:0.0: probe with driver sq930x failed with error -22 [ 1222.752089][T18987] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3069'. [ 1222.849855][ T5086] Bluetooth: Unexpected continuation frame (len 64) [ 1222.854714][ T5132] usb 4-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=e6.af [ 1222.913462][ T5132] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1222.981091][ T5132] usb 4-1: config 0 descriptor?? [ 1222.997914][ T5132] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 1223.215886][T19016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1223.238222][T19016] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1223.533033][ T5132] gspca_sonixj: reg_w1 err -110 [ 1223.550913][ T5132] sonixj 4-1:0.0: probe with driver sonixj failed with error -110 [ 1223.597980][ T5135] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 1223.814744][ T5135] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1223.833433][ T5135] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1223.844687][ T5135] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 1223.859680][ T5135] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1223.869639][ T5135] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1223.886398][ T5135] usb 3-1: config 0 descriptor?? [ 1223.930734][ T5086] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1224.157352][ T5135] usb 2-1: USB disconnect, device number 90 [ 1224.345502][T19045] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3088'. [ 1224.799261][T19049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3089'. [ 1224.872993][T18925] Bluetooth: hci4: command tx timeout [ 1224.954548][ T5135] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 1225.172771][ T5135] usb 2-1: Using ep0 maxpacket: 8 [ 1225.177948][ T783] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 1225.195054][ T5135] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1225.204471][ T5135] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1225.212540][ T5135] usb 2-1: Product: syz [ 1225.216971][ T5135] usb 2-1: Manufacturer: syz [ 1225.221603][ T5135] usb 2-1: SerialNumber: syz [ 1225.228776][ T5135] usb 2-1: config 0 descriptor?? [ 1225.236405][ T5135] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1225.363893][ T783] usb 1-1: Using ep0 maxpacket: 8 [ 1225.376233][ T783] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1225.385576][ T783] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1225.397614][ T783] usb 1-1: Product: syz [ 1225.401814][ T783] usb 1-1: Manufacturer: syz [ 1225.407046][ T783] usb 1-1: SerialNumber: syz [ 1225.414017][ T783] usb 1-1: config 0 descriptor?? [ 1225.421682][ T783] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1225.506693][ T5135] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1225.523541][ T5135] sq905 2-1:0.0: probe with driver sq905 failed with error -71 [ 1225.534544][ T5135] usb 2-1: USB disconnect, device number 91 [ 1225.630555][ T783] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1225.639254][ T783] sq905 1-1:0.0: probe with driver sq905 failed with error -71 [ 1225.655584][ T783] usb 1-1: USB disconnect, device number 60 [ 1225.805402][T12231] usb 4-1: USB disconnect, device number 88 [ 1226.122065][T12231] IPVS: starting estimator thread 0... [ 1226.184443][T12231] usb 3-1: USB disconnect, device number 61 [ 1226.237318][T19065] IPVS: using max 22 ests per chain, 52800 per kthread [ 1226.682873][ T45] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 1226.882971][ T45] usb 1-1: Using ep0 maxpacket: 8 [ 1226.912361][ T45] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1226.945008][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1226.969576][ T45] usb 1-1: Product: syz [ 1226.984870][ T45] usb 1-1: Manufacturer: syz [ 1226.996795][ T45] usb 1-1: SerialNumber: syz [ 1227.023821][ T45] usb 1-1: config 0 descriptor?? [ 1227.052468][ T45] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1227.457222][ T5086] Bluetooth: Unexpected continuation frame (len 18) [ 1227.698315][T19075] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3098'. [ 1227.745597][T19075] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3098'. [ 1227.769863][ T45] gspca_sq930x: ucbus_write failed -110 [ 1227.809065][T19075] netlink: 96 bytes leftover after parsing attributes in process `syz.0.3098'. [ 1227.849921][T19112] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3108'. [ 1227.993602][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 1227.993621][ T29] audit: type=1326 audit(2000000547.050:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19108 comm="syz.1.3107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2792f75bd9 code=0x7ffc0000 [ 1228.733374][ T29] audit: type=1326 audit(2000000547.050:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19108 comm="syz.1.3107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2792f75bd9 code=0x7ffc0000 [ 1228.786696][ T45] gspca_sq930x: Sensor ov9630 not yet treated [ 1228.792747][ T29] audit: type=1326 audit(2000000547.050:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19108 comm="syz.1.3107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2792f75bd9 code=0x7ffc0000 [ 1228.839967][ T29] audit: type=1326 audit(2000000547.050:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19108 comm="syz.1.3107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2792f75bd9 code=0x7ffc0000 [ 1228.839991][ T45] sq930x 1-1:0.0: probe with driver sq930x failed with error -22 [ 1228.886203][ T29] audit: type=1326 audit(2000000547.050:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19108 comm="syz.1.3107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2792f75bd9 code=0x7ffc0000 [ 1228.938485][T17797] udevd[17797]: failed to send result of seq 40318 to main daemon: Connection refused [ 1228.951201][ T29] audit: type=1326 audit(2000000547.050:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19108 comm="syz.1.3107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2792f75bd9 code=0x7ffc0000 [ 1229.011659][ T29] audit: type=1326 audit(2000000547.050:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19108 comm="syz.1.3107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2792f75bd9 code=0x7ffc0000 [ 1229.063069][ T5135] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 1229.087626][ T29] audit: type=1326 audit(2000000547.050:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19108 comm="syz.1.3107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2792f6cc27 code=0x7ffc0000 [ 1229.146303][ T29] audit: type=1326 audit(2000000547.050:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19108 comm="syz.1.3107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2792f115d9 code=0x7ffc0000 [ 1229.170101][ T29] audit: type=1326 audit(2000000547.050:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19108 comm="syz.1.3107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2792f6cc27 code=0x7ffc0000 [ 1229.262744][ T5135] usb 5-1: Using ep0 maxpacket: 8 [ 1229.272615][ T5135] usb 5-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1229.307089][ T5135] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1229.353116][ T5086] Bluetooth: hci4: command tx timeout [ 1229.365291][ T5135] usb 5-1: Product: syz [ 1229.370967][ T5135] usb 5-1: Manufacturer: syz [ 1229.375839][ T5135] usb 5-1: SerialNumber: syz [ 1229.394708][ T5135] usb 5-1: config 0 descriptor?? [ 1229.409657][ T5135] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1229.619295][ T5135] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1229.637586][ T5135] sq905 5-1:0.0: probe with driver sq905 failed with error -71 [ 1229.663437][ T5135] usb 5-1: USB disconnect, device number 80 [ 1229.790714][ T45] usb 1-1: USB disconnect, device number 61 [ 1230.049341][T19140] random: crng reseeded on system resumption [ 1230.142815][T14648] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 1230.169028][T19147] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3118'. [ 1230.211923][T19147] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3118'. [ 1230.323004][T14648] usb 2-1: Using ep0 maxpacket: 32 [ 1230.332930][T14648] usb 2-1: New USB device found, idVendor=1d6f, idProduct=0010, bcdDevice= a.a7 [ 1230.352282][T14648] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1230.385865][T14648] usb 2-1: Product: syz [ 1230.401256][T14648] usb 2-1: Manufacturer: syz [ 1230.427070][T14648] usb 2-1: SerialNumber: syz [ 1230.448432][T14648] usb 2-1: config 0 descriptor?? [ 1230.456642][T14648] usb 2-1: bad CDC descriptors [ 1230.461783][T14648] cp210x 2-1:0.0: cp210x converter detected [ 1230.913237][T19155] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3122'. [ 1230.966239][T19156] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3122'. [ 1231.043170][T19155] vxcan5: entered promiscuous mode [ 1231.168947][T19155] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3122'. [ 1231.439904][T19166] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3125'. [ 1231.475963][T19166] vxcan7: entered promiscuous mode [ 1231.591511][T19166] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3125'. [ 1231.653001][ T5135] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1231.872789][ T5135] usb 4-1: Using ep0 maxpacket: 8 [ 1231.908875][ T5135] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1231.964209][ T5135] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1232.026350][ T5135] usb 4-1: Product: syz [ 1232.053697][ T5135] usb 4-1: Manufacturer: syz [ 1232.080291][ T5135] usb 4-1: SerialNumber: syz [ 1232.102044][ T5135] usb 4-1: config 0 descriptor?? [ 1232.118176][ T5135] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1232.536621][T19164] bridge0: port 2(bridge_slave_1) entered disabled state [ 1232.544446][T19164] bridge0: port 1(bridge_slave_0) entered disabled state [ 1232.690430][T19164] bridge0: port 2(bridge_slave_1) entered blocking state [ 1232.698051][T19164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1232.706566][T19164] bridge0: port 1(bridge_slave_0) entered blocking state [ 1232.713785][T19164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1232.830276][T19164] team0: Port device bridge0 added [ 1232.850303][ T5135] gspca_sq930x: ucbus_write failed -110 [ 1232.856158][T19180] bridge_slave_1: left allmulticast mode [ 1232.894048][T19180] bridge_slave_1: left promiscuous mode [ 1232.910849][T19180] bridge0: port 2(bridge_slave_1) entered disabled state [ 1233.122962][ T5135] gspca_sq930x: Sensor ov9630 not yet treated [ 1233.166399][ T5135] sq930x 4-1:0.0: probe with driver sq930x failed with error -22 [ 1233.742503][T14648] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1233.757535][T14648] cp210x 2-1:0.0: querying part number failed [ 1233.768191][T14648] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1233.776925][T14648] usb 2-1: USB disconnect, device number 92 [ 1233.783217][T19180] bridge_slave_0: left allmulticast mode [ 1233.791220][T14648] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1233.799553][T14648] cp210x 2-1:0.0: device disconnected [ 1233.823303][T19180] bridge_slave_0: left promiscuous mode [ 1233.829100][T19180] bridge0: port 1(bridge_slave_0) entered disabled state [ 1233.938063][T19190] __nla_validate_parse: 1 callbacks suppressed [ 1233.938076][T19190] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3131'. [ 1234.010288][T19180] team0: Port device bridge0 removed [ 1234.057653][T19164] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3126'. [ 1234.073159][T19164] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3126'. [ 1234.102195][T19164] netlink: 96 bytes leftover after parsing attributes in process `syz.3.3126'. [ 1234.222819][T19194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3133'. [ 1234.231848][T19194] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3133'. [ 1234.293199][T12231] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 1234.442865][ T783] usb 1-1: new high-speed USB device number 62 using dummy_hcd [ 1234.512763][T12231] usb 5-1: Using ep0 maxpacket: 8 [ 1234.528242][T19213] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3139'. [ 1234.529453][T12231] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1234.570145][T12231] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1234.593155][T12231] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1234.621660][T12231] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1234.637751][T12231] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1234.651946][T12231] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1234.661124][ T783] usb 1-1: Using ep0 maxpacket: 8 [ 1234.666558][T12231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1234.680276][ T783] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1234.690959][ T783] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1234.700053][T12231] usbtmc 5-1:16.0: bulk endpoints not found [ 1234.708298][ T783] usb 1-1: Product: syz [ 1234.715490][ T783] usb 1-1: Manufacturer: syz [ 1234.720098][ T783] usb 1-1: SerialNumber: syz [ 1234.731205][ T783] usb 1-1: config 0 descriptor?? [ 1234.740580][ T783] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1234.765424][T19217] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3138'. [ 1234.932842][ T5132] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 1234.954205][ T783] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1234.961520][ T783] sq905 1-1:0.0: probe with driver sq905 failed with error -71 [ 1234.976744][ T783] usb 1-1: USB disconnect, device number 62 [ 1235.123053][ T5132] usb 3-1: Using ep0 maxpacket: 8 [ 1235.131977][ T5132] usb 3-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1235.141234][ T5132] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1235.149296][ T5132] usb 3-1: Product: syz [ 1235.153653][ T5132] usb 3-1: Manufacturer: syz [ 1235.158256][ T5132] usb 3-1: SerialNumber: syz [ 1235.164859][ T5132] usb 3-1: config 0 descriptor?? [ 1235.171883][ T5132] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1235.285755][T12231] usb 4-1: USB disconnect, device number 89 [ 1235.377149][ T5132] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1235.401520][ T5132] sq905 3-1:0.0: probe with driver sq905 failed with error -71 [ 1235.431919][ T5132] usb 3-1: USB disconnect, device number 62 [ 1235.692148][ T5086] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 1235.822992][ T5085] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 1235.908972][T19236] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 1235.957636][T19233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3146'. [ 1235.968196][T19233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3146'. [ 1236.043735][ T5085] usb 2-1: Using ep0 maxpacket: 32 [ 1236.062798][ T5085] usb 2-1: New USB device found, idVendor=1d6f, idProduct=0010, bcdDevice= a.a7 [ 1236.078539][ T5085] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1236.092574][ T5085] usb 2-1: Product: syz [ 1236.102223][ T5085] usb 2-1: Manufacturer: syz [ 1236.107390][ T5085] usb 2-1: SerialNumber: syz [ 1236.120869][ T5085] usb 2-1: config 0 descriptor?? [ 1236.139542][ T5085] usb 2-1: bad CDC descriptors [ 1236.146627][ T5085] cp210x 2-1:0.0: cp210x converter detected [ 1236.202895][ T5132] usb 1-1: new high-speed USB device number 63 using dummy_hcd [ 1236.362826][T12231] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 1236.382760][ T5132] usb 1-1: Using ep0 maxpacket: 32 [ 1236.390774][ T5132] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 1236.399611][ T5132] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1236.408496][ T5132] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1236.419240][ T5132] usb 1-1: config 1 has no interface number 0 [ 1236.426213][ T5132] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1236.437459][ T5132] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1236.461292][ T5132] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1236.472046][ T5132] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1236.505401][ T5132] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 1236.563243][T12231] usb 3-1: Using ep0 maxpacket: 8 [ 1236.576564][T12231] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1236.585881][T12231] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1236.594839][T12231] usb 3-1: Product: syz [ 1236.599084][T12231] usb 3-1: Manufacturer: syz [ 1236.604660][T12231] usb 3-1: SerialNumber: syz [ 1236.614041][T12231] usb 3-1: config 0 descriptor?? [ 1236.621987][T12231] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1236.983270][T14648] usb 5-1: USB disconnect, device number 81 [ 1237.065407][ T5132] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 1237.252798][ T783] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 1237.333036][T12231] gspca_sq930x: ucbus_write failed -110 [ 1237.442964][ T783] usb 4-1: Using ep0 maxpacket: 8 [ 1237.457337][ T783] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1237.467249][ T783] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1237.520578][ T783] usb 4-1: Product: syz [ 1237.537927][ T783] usb 4-1: Manufacturer: syz [ 1237.554286][ T783] usb 4-1: SerialNumber: syz [ 1237.583172][T12231] gspca_sq930x: Sensor ov9630 not yet treated [ 1237.602041][ T783] usb 4-1: config 0 descriptor?? [ 1237.615313][T12231] sq930x 3-1:0.0: probe with driver sq930x failed with error -22 [ 1237.652235][ T783] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1238.365106][ T5132] snd_usb_pod 1-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 1238.676827][ T5085] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1238.701080][ T5085] cp210x 2-1:0.0: querying part number failed [ 1238.722084][ T5085] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1238.739793][ T5085] usb 2-1: USB disconnect, device number 93 [ 1238.755222][ T5085] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1238.768480][ T5085] cp210x 2-1:0.0: device disconnected [ 1238.840157][ T783] gspca_sq930x: ucbus_write failed -71 [ 1238.925607][ T5135] usb 1-1: USB disconnect, device number 63 [ 1238.950169][ T5135] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 1238.983192][ T5086] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 1239.042296][ T1237] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.056753][ T1237] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.082800][ T783] gspca_sq930x: Sensor ov9630 not yet treated [ 1239.089009][ T783] sq930x 4-1:0.0: probe with driver sq930x failed with error -22 [ 1239.101155][ T783] usb 4-1: USB disconnect, device number 90 [ 1239.497013][ T5085] usb 3-1: USB disconnect, device number 63 [ 1239.838096][ T5086] Bluetooth: hci1: command 0x0406 tx timeout [ 1241.466190][T14648] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 1241.960336][ T5085] IPVS: starting estimator thread 0... [ 1241.983156][T14648] usb 5-1: Using ep0 maxpacket: 32 [ 1242.037512][T14648] usb 5-1: New USB device found, idVendor=1d6f, idProduct=0010, bcdDevice= a.a7 [ 1242.060262][T14648] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1242.069715][ T5086] Bluetooth: Unexpected continuation frame (len 18) [ 1242.102808][T14648] usb 5-1: Product: syz [ 1242.107025][T14648] usb 5-1: Manufacturer: syz [ 1242.111642][T14648] usb 5-1: SerialNumber: syz [ 1242.122914][T19316] IPVS: using max 20 ests per chain, 48000 per kthread [ 1242.170203][T14648] usb 5-1: config 0 descriptor?? [ 1242.208820][T14648] usb 5-1: bad CDC descriptors [ 1242.231451][T14648] cp210x 5-1:0.0: cp210x converter detected [ 1242.502204][T19334] FAULT_INJECTION: forcing a failure. [ 1242.502204][T19334] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1242.522855][T19334] CPU: 0 PID: 19334 Comm: syz.3.3175 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1242.533038][T19334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1242.543110][T19334] Call Trace: [ 1242.546394][T19334] [ 1242.549325][T19334] dump_stack_lvl+0x241/0x360 [ 1242.554027][T19334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1242.559240][T19334] ? __pfx__printk+0x10/0x10 [ 1242.563856][T19334] ? __pfx_lock_release+0x10/0x10 [ 1242.568909][T19334] should_fail_ex+0x3b0/0x4e0 [ 1242.573609][T19334] _copy_from_user+0x2f/0xe0 [ 1242.578208][T19334] do_sys_poll+0x23a/0x1300 [ 1242.582717][T19334] ? __lock_acquire+0x1346/0x1fd0 [ 1242.587762][T19334] ? __pfx_validate_chain+0x10/0x10 [ 1242.592977][T19334] ? _parse_integer_limit+0x1b5/0x200 [ 1242.598359][T19334] ? mark_lock+0x9a/0x350 [ 1242.602690][T19334] ? __pfx_do_sys_poll+0x10/0x10 [ 1242.607644][T19334] ? mark_lock+0x9a/0x350 [ 1242.612053][T19334] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 1242.618312][T19334] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 1242.624905][T19334] ? ktime_get_ts64+0xa8/0x2b0 [ 1242.629660][T19334] ? lockdep_hardirqs_on+0x99/0x150 [ 1242.634881][T19334] ? __pfx_set_user_sigmask+0x10/0x10 [ 1242.640245][T19334] ? __local_bh_enable_ip+0x168/0x200 [ 1242.645612][T19334] __se_sys_ppoll+0x2a0/0x330 [ 1242.650292][T19334] ? __pfx___se_sys_ppoll+0x10/0x10 [ 1242.655485][T19334] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1242.661807][T19334] ? do_syscall_64+0x100/0x230 [ 1242.666563][T19334] ? __x64_sys_ppoll+0x20/0xc0 [ 1242.671320][T19334] do_syscall_64+0xf3/0x230 [ 1242.675812][T19334] ? clear_bhb_loop+0x35/0x90 [ 1242.680483][T19334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1242.686376][T19334] RIP: 0033:0x7f18eeb75bd9 [ 1242.690779][T19334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1242.710379][T19334] RSP: 002b:00007f18ef9b5048 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 1242.718791][T19334] RAX: ffffffffffffffda RBX: 00007f18eed03f60 RCX: 00007f18eeb75bd9 [ 1242.726753][T19334] RDX: 0000000020000280 RSI: 0000000000000001 RDI: 0000000020000240 [ 1242.734715][T19334] RBP: 00007f18ef9b50a0 R08: 0000000000000000 R09: 0000000000000000 [ 1242.742680][T19334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1242.750663][T19334] R13: 000000000000000b R14: 00007f18eed03f60 R15: 00007ffc7a06d1e8 [ 1242.758648][T19334] [ 1243.749772][T19341] FAULT_INJECTION: forcing a failure. [ 1243.749772][T19341] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1243.772935][T19341] CPU: 1 PID: 19341 Comm: syz.0.3177 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1243.783124][T19341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1243.793170][T19341] Call Trace: [ 1243.796437][T19341] [ 1243.799358][T19341] dump_stack_lvl+0x241/0x360 [ 1243.804042][T19341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1243.809247][T19341] ? __pfx__printk+0x10/0x10 [ 1243.813842][T19341] should_fail_ex+0x3b0/0x4e0 [ 1243.818517][T19341] _copy_from_user+0x2f/0xe0 [ 1243.823102][T19341] move_addr_to_kernel+0x82/0x150 [ 1243.828127][T19341] copy_msghdr_from_user+0x43e/0x680 [ 1243.833427][T19341] ? _parse_integer_limit+0x1b5/0x200 [ 1243.838805][T19341] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1243.844612][T19341] __sys_sendmmsg+0x374/0x740 [ 1243.849289][T19341] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1243.854504][T19341] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1243.860389][T19341] ? ksys_write+0x23e/0x2c0 [ 1243.864892][T19341] ? __pfx_lock_release+0x10/0x10 [ 1243.869913][T19341] ? vfs_write+0x7c4/0xc90 [ 1243.874328][T19341] ? __mutex_unlock_slowpath+0x21d/0x750 [ 1243.879952][T19341] ? __pfx_vfs_write+0x10/0x10 [ 1243.884726][T19341] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1243.890696][T19341] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1243.897014][T19341] ? do_syscall_64+0x100/0x230 [ 1243.901770][T19341] __x64_sys_sendmmsg+0xa0/0xb0 [ 1243.906617][T19341] do_syscall_64+0xf3/0x230 [ 1243.911107][T19341] ? clear_bhb_loop+0x35/0x90 [ 1243.915774][T19341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1243.921662][T19341] RIP: 0033:0x7f71c9375bd9 [ 1243.926070][T19341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1243.945667][T19341] RSP: 002b:00007f71ca1f1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1243.954073][T19341] RAX: ffffffffffffffda RBX: 00007f71c9503f60 RCX: 00007f71c9375bd9 [ 1243.962032][T19341] RDX: 0000000000000001 RSI: 0000000020002980 RDI: 0000000000000003 [ 1243.970013][T19341] RBP: 00007f71ca1f10a0 R08: 0000000000000000 R09: 0000000000000000 [ 1243.977984][T19341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1243.985954][T19341] R13: 000000000000000b R14: 00007f71c9503f60 R15: 00007ffe900a78c8 [ 1243.993938][T19341] [ 1244.010420][ T5086] Bluetooth: hci1: command 0x0406 tx timeout [ 1244.091541][T14648] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1244.099223][T14648] cp210x 5-1:0.0: querying part number failed [ 1244.208974][T14648] usb 5-1: cp210x converter now attached to ttyUSB0 [ 1244.471291][T14648] usb 5-1: USB disconnect, device number 82 [ 1244.808244][T14648] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1244.883169][T14648] cp210x 5-1:0.0: device disconnected [ 1245.902805][T14648] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 1246.106392][T14648] usb 5-1: Using ep0 maxpacket: 16 [ 1246.116903][T14648] usb 5-1: config 0 has an invalid descriptor of length 123, skipping remainder of the config [ 1246.160801][T14648] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1246.201004][T14648] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1246.223775][T14648] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1246.264228][T14648] usb 5-1: config 0 descriptor?? [ 1246.297446][ T5086] Bluetooth: hci1: ACL packet for unknown connection handle 712 [ 1246.312890][ T5086] Bluetooth: hci1: ISO packet for unknown connection handle 2560 [ 1246.786276][T14648] usb 5-1: string descriptor 0 read error: -71 [ 1246.792904][ T5085] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1246.824717][T14648] usb 5-1: USB disconnect, device number 83 [ 1247.022804][ T5085] usb 4-1: Using ep0 maxpacket: 32 [ 1247.034793][ T5085] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1247.056377][ T5085] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1247.082884][ T5085] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1247.133981][ T5085] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1247.158090][ T5085] hub 4-1:4.0: USB hub found [ 1248.059322][ T5085] hub 4-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 1248.223070][T15752] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 1248.322888][T18925] Bluetooth: hci1: command 0x0406 tx timeout [ 1248.401373][ T5135] usb 4-1: USB disconnect, device number 91 [ 1248.422791][T15752] usb 2-1: Using ep0 maxpacket: 32 [ 1248.439117][T15752] usb 2-1: New USB device found, idVendor=1d6f, idProduct=0010, bcdDevice= a.a7 [ 1248.462719][T15752] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1248.470786][T15752] usb 2-1: Product: syz [ 1248.480849][T15752] usb 2-1: Manufacturer: syz [ 1248.492741][T15752] usb 2-1: SerialNumber: syz [ 1248.513482][T15752] usb 2-1: config 0 descriptor?? [ 1248.529051][T15752] usb 2-1: bad CDC descriptors [ 1248.563093][T15752] cp210x 2-1:0.0: cp210x converter detected [ 1248.713869][T19410] FAULT_INJECTION: forcing a failure. [ 1248.713869][T19410] name failslab, interval 1, probability 0, space 0, times 0 [ 1248.759865][T19410] CPU: 0 PID: 19410 Comm: syz.2.3200 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1248.770071][T19410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1248.780145][T19410] Call Trace: [ 1248.783441][T19410] [ 1248.786385][T19410] dump_stack_lvl+0x241/0x360 [ 1248.791091][T19410] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1248.796315][T19410] ? __pfx__printk+0x10/0x10 [ 1248.800934][T19410] ? netlink_insert+0x10b7/0x14b0 [ 1248.805983][T19410] should_fail_ex+0x3b0/0x4e0 [ 1248.810680][T19410] ? __alloc_skb+0x1c3/0x440 [ 1248.815283][T19410] should_failslab+0x9/0x20 [ 1248.819786][T19410] kmem_cache_alloc_node_noprof+0x71/0x320 [ 1248.825609][T19410] __alloc_skb+0x1c3/0x440 [ 1248.830045][T19410] ? __pfx___alloc_skb+0x10/0x10 [ 1248.834994][T19410] ? netlink_autobind+0xd6/0x2f0 [ 1248.840017][T19410] ? netlink_autobind+0x2b0/0x2f0 [ 1248.845051][T19410] netlink_sendmsg+0x631/0xcb0 [ 1248.849827][T19410] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1248.855113][T19410] ? __import_iovec+0x536/0x820 [ 1248.859961][T19410] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1248.865239][T19410] ? security_socket_sendmsg+0x87/0xb0 [ 1248.870704][T19410] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1248.875984][T19410] __sock_sendmsg+0x221/0x270 [ 1248.880655][T19410] ____sys_sendmsg+0x525/0x7d0 [ 1248.885426][T19410] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1248.890722][T19410] __sys_sendmsg+0x2b0/0x3a0 [ 1248.895326][T19410] ? __pfx___sys_sendmsg+0x10/0x10 [ 1248.900444][T19410] ? vfs_write+0x7c4/0xc90 [ 1248.904908][T19410] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1248.911232][T19410] ? do_syscall_64+0x100/0x230 [ 1248.915996][T19410] ? do_syscall_64+0xb6/0x230 [ 1248.920666][T19410] do_syscall_64+0xf3/0x230 [ 1248.925164][T19410] ? clear_bhb_loop+0x35/0x90 [ 1248.929836][T19410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1248.935730][T19410] RIP: 0033:0x7fe754b75bd9 [ 1248.940140][T19410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1248.959750][T19410] RSP: 002b:00007fe755989048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1248.968160][T19410] RAX: ffffffffffffffda RBX: 00007fe754d03f60 RCX: 00007fe754b75bd9 [ 1248.976121][T19410] RDX: 0000000000000000 RSI: 00000000200006c0 RDI: 0000000000000003 [ 1248.984081][T19410] RBP: 00007fe7559890a0 R08: 0000000000000000 R09: 0000000000000000 [ 1248.992043][T19410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1249.000002][T19410] R13: 000000000000000b R14: 00007fe754d03f60 R15: 00007ffe196a3988 [ 1249.007977][T19410] [ 1249.145597][T19415] __nla_validate_parse: 6 callbacks suppressed [ 1249.145622][T19415] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3201'. [ 1249.213983][T19417] cgroup: noprefix used incorrectly [ 1249.522981][T14648] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 1249.743012][T14648] usb 3-1: Using ep0 maxpacket: 8 [ 1249.787442][T14648] usb 3-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1249.826615][T14648] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1249.837275][T14648] usb 3-1: Product: syz [ 1249.842787][T14648] usb 3-1: Manufacturer: syz [ 1249.842867][T12231] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 1249.847588][T14648] usb 3-1: SerialNumber: syz [ 1249.883867][T14648] usb 3-1: config 0 descriptor?? [ 1249.913619][T14648] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1250.083155][T12231] usb 1-1: Using ep0 maxpacket: 8 [ 1250.093129][T12231] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 1250.118426][T12231] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1250.180057][T12231] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1250.241685][T14648] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1250.258846][T14648] sq905 3-1:0.0: probe with driver sq905 failed with error -71 [ 1250.269680][T14648] usb 3-1: USB disconnect, device number 64 [ 1250.290304][T12231] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1250.301756][T12231] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1250.318707][T12231] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1250.334625][T18925] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1250.341661][T12231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1250.344911][T18925] Bluetooth: hci1: Injecting HCI hardware error event [ 1250.360489][T18925] Bluetooth: hci1: hardware error 0x00 [ 1251.318045][T12231] usb 1-1: usb_control_msg returned -32 [ 1251.344501][T12231] usbtmc 1-1:16.0: can't read capabilities [ 1251.416481][T15752] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1251.465041][T15752] cp210x 2-1:0.0: querying part number failed [ 1251.483234][T15752] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1251.500357][T15752] usb 2-1: USB disconnect, device number 94 [ 1251.518299][T15752] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1251.532985][T15752] cp210x 2-1:0.0: device disconnected [ 1251.694642][T19441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1251.705162][T19441] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1251.969678][T19447] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3212'. [ 1252.142777][T12231] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1252.376310][T19456] cgroup: noprefix used incorrectly [ 1252.393109][T18925] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1252.449073][T12231] usb 4-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=e6.af [ 1252.462887][T12231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1252.482975][T12231] usb 4-1: config 0 descriptor?? [ 1252.502647][T19460] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3215'. [ 1252.505155][T12231] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 1252.812758][T14648] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 1253.047009][T12231] gspca_sonixj: reg_w1 err -110 [ 1253.705566][T12231] sonixj 4-1:0.0: probe with driver sonixj failed with error -110 [ 1253.826625][T15752] usb 1-1: USB disconnect, device number 64 [ 1253.873154][T14648] usb 5-1: device descriptor read/64, error -71 [ 1253.994956][T19471] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3219'. [ 1254.203296][T14648] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 1254.453630][T14648] usb 5-1: device descriptor read/64, error -71 [ 1254.655713][T14648] usb usb5-port1: attempt power cycle [ 1254.847774][ T9] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 1254.856156][T12231] usb 4-1: USB disconnect, device number 92 [ 1255.056560][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 1255.079849][ T9] usb 2-1: New USB device found, idVendor=1d6f, idProduct=0010, bcdDevice= a.a7 [ 1255.092849][T14648] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 1255.134548][T14648] usb 5-1: device descriptor read/8, error -71 [ 1255.151890][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1255.183279][ T9] usb 2-1: Product: syz [ 1255.207985][ T9] usb 2-1: Manufacturer: syz [ 1255.260364][ T9] usb 2-1: SerialNumber: syz [ 1255.274058][ T9] usb 2-1: config 0 descriptor?? [ 1255.281073][ T9] usb 2-1: bad CDC descriptors [ 1255.289788][ T9] cp210x 2-1:0.0: cp210x converter detected [ 1255.462770][T14648] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 1256.160896][T19494] cgroup: noprefix used incorrectly [ 1256.205705][T14648] usb 5-1: device descriptor read/8, error -71 [ 1256.414441][T14648] usb usb5-port1: unable to enumerate USB device [ 1256.450247][T19500] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3229'. [ 1256.952885][ T5134] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 1257.143894][ T5134] usb 5-1: Using ep0 maxpacket: 8 [ 1257.158313][ T5134] usb 5-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1257.168970][ T5134] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1257.179527][ T5134] usb 5-1: Product: syz [ 1257.189614][ T5134] usb 5-1: Manufacturer: syz [ 1257.194874][ T5134] usb 5-1: SerialNumber: syz [ 1257.203004][ T5134] usb 5-1: config 0 descriptor?? [ 1257.212019][ T5134] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1258.157966][ T9] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1258.167568][ T5134] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1258.177160][T12231] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 1258.185012][ T9] cp210x 2-1:0.0: querying part number failed [ 1258.192794][ T5134] sq905 5-1:0.0: probe with driver sq905 failed with error -71 [ 1258.202928][ T9] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1258.210992][ T5134] usb 5-1: USB disconnect, device number 88 [ 1258.223421][ T9] usb 2-1: USB disconnect, device number 95 [ 1258.232336][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1258.241087][ T9] cp210x 2-1:0.0: device disconnected [ 1258.384669][T12231] usb 3-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=e6.af [ 1258.418849][T12231] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1258.450102][T12231] usb 3-1: config 0 descriptor?? [ 1258.461569][T12231] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 1258.921395][T19528] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3239'. [ 1258.931548][T19528] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3239'. [ 1259.857931][T12231] gspca_sonixj: reg_w1 err -110 [ 1259.877675][T12231] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 1260.415231][ T5134] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 1260.603426][ T5134] usb 4-1: Using ep0 maxpacket: 32 [ 1260.623871][ T5134] usb 4-1: New USB device found, idVendor=1d6f, idProduct=0010, bcdDevice= a.a7 [ 1260.633816][ T5134] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1260.642004][ T5134] usb 4-1: Product: syz [ 1260.648331][ T5134] usb 4-1: Manufacturer: syz [ 1260.653624][ T5134] usb 4-1: SerialNumber: syz [ 1260.669031][ T5134] usb 4-1: config 0 descriptor?? [ 1260.678893][ T5134] usb 4-1: bad CDC descriptors [ 1260.685447][ T5134] cp210x 4-1:0.0: cp210x converter detected [ 1261.006254][ T9] usb 3-1: USB disconnect, device number 65 [ 1261.943131][ T5086] Bluetooth: hci4: command 0x0406 tx timeout [ 1263.461516][ T5134] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1263.477869][ T5134] cp210x 4-1:0.0: querying part number failed [ 1263.493664][ T5134] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1263.505245][ T5134] usb 4-1: USB disconnect, device number 93 [ 1263.514478][ T5134] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1263.522545][ T5134] cp210x 4-1:0.0: device disconnected [ 1263.726280][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1263.849838][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1263.853326][T19584] binder: 19580:19584 ioctl c0306201 0 returned -14 [ 1263.921114][T19585] vlan2: entered promiscuous mode [ 1263.930198][T19585] syz_tun: entered promiscuous mode [ 1263.946848][T19587] FAULT_INJECTION: forcing a failure. [ 1263.946848][T19587] name failslab, interval 1, probability 0, space 0, times 0 [ 1263.992218][T19587] CPU: 0 PID: 19587 Comm: syz.1.3255 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1264.002422][T19587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1264.012495][T19587] Call Trace: [ 1264.015790][T19587] [ 1264.018739][T19587] dump_stack_lvl+0x241/0x360 [ 1264.023441][T19587] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1264.028812][T19587] ? __pfx__printk+0x10/0x10 [ 1264.033410][T19587] ? __pfx___might_resched+0x10/0x10 [ 1264.038695][T19587] ? prepend_path+0x2f/0xbe0 [ 1264.043283][T19587] should_fail_ex+0x3b0/0x4e0 [ 1264.047961][T19587] ? tomoyo_encode+0x26f/0x540 [ 1264.052721][T19587] should_failslab+0x9/0x20 [ 1264.057223][T19587] __kmalloc_noprof+0xd8/0x400 [ 1264.061988][T19587] tomoyo_encode+0x26f/0x540 [ 1264.066583][T19587] tomoyo_realpath_from_path+0x59e/0x5e0 [ 1264.072222][T19587] tomoyo_path_number_perm+0x23a/0x880 [ 1264.077686][T19587] ? tomoyo_path_number_perm+0x208/0x880 [ 1264.083321][T19587] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1264.089328][T19587] ? __fget_files+0x29/0x470 [ 1264.093913][T19587] ? __fget_files+0x3f6/0x470 [ 1264.098578][T19587] ? __fget_files+0x29/0x470 [ 1264.103184][T19587] security_file_ioctl+0x75/0xb0 [ 1264.108129][T19587] __se_sys_ioctl+0x47/0x170 [ 1264.112719][T19587] do_syscall_64+0xf3/0x230 [ 1264.117212][T19587] ? clear_bhb_loop+0x35/0x90 [ 1264.121880][T19587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1264.127767][T19587] RIP: 0033:0x7f2792f75bd9 [ 1264.132171][T19587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1264.151766][T19587] RSP: 002b:00007f2793c8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1264.160171][T19587] RAX: ffffffffffffffda RBX: 00007f2793104038 RCX: 00007f2792f75bd9 [ 1264.168132][T19587] RDX: 0000000020000480 RSI: 00000000c0306201 RDI: 0000000000000004 [ 1264.176092][T19587] RBP: 00007f2793c8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1264.184052][T19587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1264.192015][T19587] R13: 000000000000006e R14: 00007f2793104038 R15: 00007ffc5f5ffd58 [ 1264.199987][T19587] [ 1264.228797][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1264.261686][T19587] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1264.358166][ T5086] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1264.369202][ T5086] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1264.384931][ T5086] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1264.393923][ T5086] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1264.404445][ T5086] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1264.415474][ T5086] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1264.463614][ T12] team0: Port device netdevsim0 removed [ 1264.497638][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1264.618948][T19599] input: syz1 as /devices/virtual/input/input23 [ 1266.049597][T19612] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3263'. [ 1266.482845][ T5086] Bluetooth: hci4: command tx timeout [ 1266.519002][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1266.535733][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1266.549768][ T12] bond0 (unregistering): Released all slaves [ 1266.582637][T19616] netlink: 830 bytes leftover after parsing attributes in process `syz.3.3264'. [ 1266.598006][T19627] lo speed is unknown, defaulting to 1000 [ 1266.665485][ T5134] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 1266.708567][T19627] lo speed is unknown, defaulting to 1000 [ 1266.772768][T19627] lo speed is unknown, defaulting to 1000 [ 1266.811765][T19627] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1266.839195][T19627] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1266.882209][ T5134] usb 1-1: Using ep0 maxpacket: 8 [ 1266.897005][ T5134] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1266.922048][ T5134] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1266.934234][T19627] lo speed is unknown, defaulting to 1000 [ 1266.941164][T19627] lo speed is unknown, defaulting to 1000 [ 1266.953227][ T5134] usb 1-1: Product: syz [ 1266.969919][ T5134] usb 1-1: Manufacturer: syz [ 1266.978299][ T5134] usb 1-1: SerialNumber: syz [ 1266.989844][T19592] chnl_net:caif_netlink_parms(): no params data found [ 1266.998176][ T5134] usb 1-1: config 0 descriptor?? [ 1267.017441][ T5134] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1267.044564][T19627] lo speed is unknown, defaulting to 1000 [ 1267.051285][T19627] lo speed is unknown, defaulting to 1000 [ 1267.134369][T19627] lo speed is unknown, defaulting to 1000 [ 1267.210383][T19627] lo speed is unknown, defaulting to 1000 [ 1267.261639][ T12] hsr_slave_0: left promiscuous mode [ 1267.273482][ T12] hsr_slave_1: left promiscuous mode [ 1267.280329][ T5134] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 1267.294914][ T5134] sq905 1-1:0.0: probe with driver sq905 failed with error -71 [ 1267.307200][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1267.317581][ T5134] usb 1-1: USB disconnect, device number 65 [ 1267.323686][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1267.341132][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1267.400754][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1267.567285][ T12] veth1_macvtap: left promiscuous mode [ 1267.583036][ T12] veth0_macvtap: left promiscuous mode [ 1267.589598][ T12] veth1_vlan: left promiscuous mode [ 1267.599701][ T12] veth0_vlan: left promiscuous mode [ 1267.811585][T19646] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3270'. [ 1267.821387][T19646] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3270'. [ 1268.072342][T19651] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3269'. [ 1268.553416][ T5086] Bluetooth: hci4: command tx timeout [ 1269.496588][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1269.577654][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1269.590749][T19677] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1270.029488][T19648] netlink: 'syz.2.3269': attribute type 10 has an invalid length. [ 1270.062091][T19648] team0: Port device netdevsim0 added [ 1270.104386][T19592] bridge0: port 1(bridge_slave_0) entered blocking state [ 1270.118273][T19592] bridge0: port 1(bridge_slave_0) entered disabled state [ 1270.126179][T19592] bridge_slave_0: entered allmulticast mode [ 1270.134131][T19592] bridge_slave_0: entered promiscuous mode [ 1270.203106][T19592] bridge0: port 2(bridge_slave_1) entered blocking state [ 1270.210279][T19592] bridge0: port 2(bridge_slave_1) entered disabled state [ 1270.230158][T19592] bridge_slave_1: entered allmulticast mode [ 1270.254148][T19592] bridge_slave_1: entered promiscuous mode [ 1270.479260][T19592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1270.542301][T19592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1270.632916][ T5086] Bluetooth: hci4: command tx timeout [ 1270.691192][T19592] team0: Port device team_slave_0 added [ 1270.704604][T19592] team0: Port device team_slave_1 added [ 1270.747829][T19704] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.3289'. [ 1270.806141][T19592] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1270.819987][T19592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1270.870525][T19592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1270.897403][T19592] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1270.904710][ T12] IPVS: stop unused estimator thread 0... [ 1270.922535][T19592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1270.955348][T19592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1271.168559][T19592] hsr_slave_0: entered promiscuous mode [ 1271.188325][T19592] hsr_slave_1: entered promiscuous mode [ 1271.214921][T19592] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1271.222612][T19592] Cannot create hsr debugfs directory [ 1272.787049][ T5086] Bluetooth: hci4: command tx timeout [ 1273.318675][T19746] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3304'. [ 1274.137505][T19592] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1274.295679][T19592] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1274.343058][T19592] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1274.372459][T19592] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1274.530239][T19760] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3298'. [ 1274.704661][T19757] netlink: 'syz.3.3298': attribute type 10 has an invalid length. [ 1275.165919][T19757] team0: Port device netdevsim0 added [ 1276.224795][T19592] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1276.279933][T19592] 8021q: adding VLAN 0 to HW filter on device team0 [ 1276.311038][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 1276.318291][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1276.385308][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 1276.392531][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1276.509225][T19592] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1276.559161][T19782] FAULT_INJECTION: forcing a failure. [ 1276.559161][T19782] name failslab, interval 1, probability 0, space 0, times 0 [ 1276.599135][T19782] CPU: 1 PID: 19782 Comm: syz.2.3313 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1276.609350][T19782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1276.619429][T19782] Call Trace: [ 1276.622726][T19782] [ 1276.625672][T19782] dump_stack_lvl+0x241/0x360 [ 1276.630385][T19782] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1276.635613][T19782] ? __pfx__printk+0x10/0x10 [ 1276.640245][T19782] should_fail_ex+0x3b0/0x4e0 [ 1276.644947][T19782] ? __alloc_skb+0x1c3/0x440 [ 1276.649551][T19782] should_failslab+0x9/0x20 [ 1276.654056][T19782] kmem_cache_alloc_node_noprof+0x71/0x320 [ 1276.659865][T19782] __alloc_skb+0x1c3/0x440 [ 1276.664277][T19782] ? get_pid_task+0x23/0x1f0 [ 1276.668862][T19782] ? __pfx___alloc_skb+0x10/0x10 [ 1276.673794][T19782] ? __lock_acquire+0x1346/0x1fd0 [ 1276.678814][T19782] capi_write+0xc5/0x750 [ 1276.683059][T19782] vfs_writev+0x5af/0xbb0 [ 1276.687390][T19782] ? __pfx_capi_write+0x10/0x10 [ 1276.692234][T19782] ? __pfx_vfs_writev+0x10/0x10 [ 1276.697077][T19782] ? vfs_write+0x7c4/0xc90 [ 1276.701498][T19782] ? __fget_files+0x29/0x470 [ 1276.706093][T19782] do_writev+0x1b1/0x350 [ 1276.710333][T19782] ? __pfx_do_writev+0x10/0x10 [ 1276.715096][T19782] ? do_syscall_64+0x100/0x230 [ 1276.719864][T19782] ? do_syscall_64+0xb6/0x230 [ 1276.724532][T19782] do_syscall_64+0xf3/0x230 [ 1276.729022][T19782] ? clear_bhb_loop+0x35/0x90 [ 1276.733695][T19782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1276.739589][T19782] RIP: 0033:0x7fe754b75bd9 [ 1276.743997][T19782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1276.763592][T19782] RSP: 002b:00007fe755989048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1276.771995][T19782] RAX: ffffffffffffffda RBX: 00007fe754d03f60 RCX: 00007fe754b75bd9 [ 1276.779958][T19782] RDX: 0000000000000001 RSI: 0000000020000200 RDI: 0000000000000003 [ 1276.787922][T19782] RBP: 00007fe7559890a0 R08: 0000000000000000 R09: 0000000000000000 [ 1276.795883][T19782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1276.803848][T19782] R13: 000000000000000b R14: 00007fe754d03f60 R15: 00007ffe196a3988 [ 1276.811820][T19782] [ 1276.814928][ C1] vkms_vblank_simulate: vblank timer overrun [ 1276.882863][ T5085] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 1277.048251][T19592] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1277.052946][ T5085] usb 1-1: device descriptor read/64, error -71 [ 1277.335539][ T5085] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 1277.573109][ T5135] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 1278.170111][ T5135] usb 3-1: Using ep0 maxpacket: 8 [ 1278.188871][ T5135] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1278.195072][ T5085] usb 1-1: device descriptor read/64, error -71 [ 1278.198121][ T5135] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1278.212351][ T5135] usb 3-1: Product: syz [ 1278.216555][ T5135] usb 3-1: Manufacturer: syz [ 1278.221499][ T5135] usb 3-1: SerialNumber: syz [ 1278.230159][ T5135] usb 3-1: config 0 descriptor?? [ 1278.251249][ T5135] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1278.363735][ T5085] usb usb1-port1: attempt power cycle [ 1278.590125][T19592] veth0_vlan: entered promiscuous mode [ 1278.660908][T19592] veth1_vlan: entered promiscuous mode [ 1278.781140][T19592] veth0_macvtap: entered promiscuous mode [ 1278.830479][T19592] veth1_macvtap: entered promiscuous mode [ 1278.914421][T19820] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3317'. [ 1278.940218][T19820] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3317'. [ 1278.961963][T19820] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3317'. [ 1278.976710][ T5135] gspca_sq930x: ucbus_write failed -110 [ 1279.014951][T19592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1279.044684][T19592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.065057][T19592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1279.075743][T19592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.085713][T19592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1279.106481][T19592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.136185][T19592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1279.169336][T19592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1279.191516][T19592] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1279.211657][T19592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1279.223339][ T5135] gspca_sq930x: Sensor ov9630 not yet treated [ 1279.229460][ T5135] sq930x 3-1:0.0: probe with driver sq930x failed with error -22 [ 1280.081504][T19592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1280.092452][T19592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1280.104633][T19592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1280.115020][T19592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1280.126047][T19592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1280.136498][T19592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1280.147613][T19592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1280.168615][T19592] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1280.221076][T19592] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1280.231659][T19592] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1280.248807][T19592] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1280.257918][T19592] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1280.478803][ T2416] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1280.497599][ T2416] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1280.600015][ T2430] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1280.638524][ T2430] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1281.035283][T19839] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3253'. [ 1281.056184][T19839] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3253'. [ 1281.234751][T19849] FAULT_INJECTION: forcing a failure. [ 1281.234751][T19849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1281.252825][T19849] CPU: 0 PID: 19849 Comm: syz.4.3329 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1281.263018][T19849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1281.273086][T19849] Call Trace: [ 1281.276376][T19849] [ 1281.279316][T19849] dump_stack_lvl+0x241/0x360 [ 1281.284021][T19849] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1281.289241][T19849] ? __pfx__printk+0x10/0x10 [ 1281.293856][T19849] ? snprintf+0xda/0x120 [ 1281.298118][T19849] should_fail_ex+0x3b0/0x4e0 [ 1281.302821][T19849] _copy_to_user+0x2f/0xb0 [ 1281.307261][T19849] simple_read_from_buffer+0xca/0x150 [ 1281.312662][T19849] proc_fail_nth_read+0x1e9/0x250 [ 1281.317709][T19849] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1281.323282][T19849] ? rw_verify_area+0x520/0x6b0 [ 1281.328156][T19849] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1281.333720][T19849] vfs_read+0x204/0xbc0 [ 1281.337900][T19849] ? do_sock_setsockopt+0x3e2/0x720 [ 1281.343120][T19849] ? __pfx_vfs_read+0x10/0x10 [ 1281.347809][T19849] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 1281.353368][T19849] ? __pfx_packet_setsockopt+0x10/0x10 [ 1281.358837][T19849] ? do_sock_setsockopt+0x3e2/0x720 [ 1281.364073][T19849] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1281.369640][T19849] ksys_read+0x1a0/0x2c0 [ 1281.373913][T19849] ? __pfx_ksys_read+0x10/0x10 [ 1281.378705][T19849] ? do_syscall_64+0x100/0x230 [ 1281.383492][T19849] ? do_syscall_64+0xb6/0x230 [ 1281.388182][T19849] do_syscall_64+0xf3/0x230 [ 1281.392697][T19849] ? clear_bhb_loop+0x35/0x90 [ 1281.397392][T19849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1281.403306][T19849] RIP: 0033:0x7f686c3746bc [ 1281.407736][T19849] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 1281.427356][T19849] RSP: 002b:00007f686d09c040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1281.435789][T19849] RAX: ffffffffffffffda RBX: 00007f686c503f60 RCX: 00007f686c3746bc [ 1281.443771][T19849] RDX: 000000000000000f RSI: 00007f686d09c0b0 RDI: 0000000000000004 [ 1281.451756][T19849] RBP: 00007f686d09c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1281.459740][T19849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1281.467813][T19849] R13: 000000000000000b R14: 00007f686c503f60 R15: 00007ffdd03aa2c8 [ 1281.475812][T19849] [ 1281.528596][ T5135] usb 3-1: USB disconnect, device number 66 [ 1281.643731][T19856] netlink: 'syz.3.3328': attribute type 10 has an invalid length. [ 1281.743439][T19861] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3328'. [ 1282.911189][T19878] FAULT_INJECTION: forcing a failure. [ 1282.911189][T19878] name failslab, interval 1, probability 0, space 0, times 0 [ 1282.962986][T19878] CPU: 1 PID: 19878 Comm: syz.4.3338 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1282.963191][T12231] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 1282.973156][T19878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1282.973212][T19878] Call Trace: [ 1282.973223][T19878] [ 1282.973232][T19878] dump_stack_lvl+0x241/0x360 [ 1282.973268][T19878] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1282.973295][T19878] ? __pfx__printk+0x10/0x10 [ 1283.011411][T19878] ? __pfx___might_resched+0x10/0x10 [ 1283.016698][T19878] should_fail_ex+0x3b0/0x4e0 [ 1283.021374][T19878] ? sock_kmalloc+0xd7/0x160 [ 1283.025956][T19878] should_failslab+0x9/0x20 [ 1283.030451][T19878] __kmalloc_noprof+0xd8/0x400 [ 1283.035207][T19878] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1283.040402][T19878] sock_kmalloc+0xd7/0x160 [ 1283.044818][T19878] hash_sendmsg+0x80a/0x1110 [ 1283.049417][T19878] ? __pfx_hash_sendmsg+0x10/0x10 [ 1283.054435][T19878] __sock_sendmsg+0x221/0x270 [ 1283.059109][T19878] ____sys_sendmsg+0x525/0x7d0 [ 1283.063873][T19878] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1283.069163][T19878] __sys_sendmmsg+0x3b2/0x740 [ 1283.073840][T19878] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1283.079061][T19878] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1283.084949][T19878] ? ksys_write+0x23e/0x2c0 [ 1283.089450][T19878] ? __pfx_lock_release+0x10/0x10 [ 1283.094471][T19878] ? vfs_write+0x7c4/0xc90 [ 1283.098885][T19878] ? __mutex_unlock_slowpath+0x21d/0x750 [ 1283.104510][T19878] ? __pfx_vfs_write+0x10/0x10 [ 1283.109288][T19878] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1283.115259][T19878] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1283.121580][T19878] ? do_syscall_64+0x100/0x230 [ 1283.126335][T19878] __x64_sys_sendmmsg+0xa0/0xb0 [ 1283.131180][T19878] do_syscall_64+0xf3/0x230 [ 1283.135672][T19878] ? clear_bhb_loop+0x35/0x90 [ 1283.140337][T19878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1283.146224][T19878] RIP: 0033:0x7f686c375bd9 [ 1283.150632][T19878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1283.170315][T19878] RSP: 002b:00007f686d09c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1283.178722][T19878] RAX: ffffffffffffffda RBX: 00007f686c503f60 RCX: 00007f686c375bd9 [ 1283.186687][T19878] RDX: 0000000000000001 RSI: 0000000020002c40 RDI: 0000000000000004 [ 1283.194648][T19878] RBP: 00007f686d09c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1283.202606][T19878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1283.210565][T19878] R13: 000000000000000b R14: 00007f686c503f60 R15: 00007ffdd03aa2c8 [ 1283.218536][T19878] [ 1283.372797][T12231] usb 1-1: device descriptor read/64, error -71 [ 1283.492374][T19888] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3340'. [ 1283.501592][T19888] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3340'. [ 1283.780120][T12231] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 1284.012852][T12231] usb 1-1: device descriptor read/64, error -71 [ 1284.134696][T12231] usb usb1-port1: attempt power cycle [ 1284.638968][T19900] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3344'. [ 1284.671224][T19900] FAULT_INJECTION: forcing a failure. [ 1284.671224][T19900] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1284.721751][T19900] CPU: 0 PID: 19900 Comm: syz.4.3344 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1284.731942][T19900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1284.742015][T19900] Call Trace: [ 1284.745311][T19900] [ 1284.748257][T19900] dump_stack_lvl+0x241/0x360 [ 1284.752970][T19900] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1284.758192][T19900] ? __pfx__printk+0x10/0x10 [ 1284.762812][T19900] ? __pfx_lock_release+0x10/0x10 [ 1284.767872][T19900] should_fail_ex+0x3b0/0x4e0 [ 1284.772571][T19900] _copy_from_user+0x2f/0xe0 [ 1284.777156][T19900] copy_msghdr_from_user+0xae/0x680 [ 1284.782340][T19900] ? __pfx___might_resched+0x10/0x10 [ 1284.787625][T19900] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1284.793427][T19900] ? __might_fault+0xaa/0x120 [ 1284.798095][T19900] do_recvmmsg+0x40f/0xae0 [ 1284.802505][T19900] ? __pfx_lock_release+0x10/0x10 [ 1284.807518][T19900] ? __pfx_do_recvmmsg+0x10/0x10 [ 1284.812456][T19900] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1284.818336][T19900] ? ksys_write+0x23e/0x2c0 [ 1284.822857][T19900] ? __pfx_lock_release+0x10/0x10 [ 1284.827887][T19900] ? vfs_write+0x7c4/0xc90 [ 1284.832291][T19900] ? __mutex_unlock_slowpath+0x21d/0x750 [ 1284.837914][T19900] ? __fget_files+0x3f6/0x470 [ 1284.842585][T19900] __x64_sys_recvmmsg+0x199/0x250 [ 1284.847601][T19900] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1284.853148][T19900] ? do_syscall_64+0x100/0x230 [ 1284.857895][T19900] ? do_syscall_64+0xb6/0x230 [ 1284.862553][T19900] do_syscall_64+0xf3/0x230 [ 1284.867039][T19900] ? clear_bhb_loop+0x35/0x90 [ 1284.871696][T19900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1284.877579][T19900] RIP: 0033:0x7f686c375bd9 [ 1284.881979][T19900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1284.901572][T19900] RSP: 002b:00007f686d09c048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1284.909980][T19900] RAX: ffffffffffffffda RBX: 00007f686c503f60 RCX: 00007f686c375bd9 [ 1284.917962][T19900] RDX: 040000000000024a RSI: 0000000020000800 RDI: 0000000000000003 [ 1284.925931][T19900] RBP: 00007f686d09c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1284.933916][T19900] R10: 0000000040002002 R11: 0000000000000246 R12: 0000000000000001 [ 1284.941876][T19900] R13: 000000000000000b R14: 00007f686c503f60 R15: 00007ffdd03aa2c8 [ 1284.949858][T19900] [ 1285.083125][T12231] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 1285.875253][T12231] usb 1-1: device not accepting address 71, error -71 [ 1285.950038][T19903] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3343'. [ 1285.979717][T19903] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3343'. [ 1287.360644][T19942] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3353'. [ 1287.399057][T19942] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3353'. [ 1287.571833][ T45] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1288.432944][T14648] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 1288.440695][ T5085] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 1288.477677][ T45] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1288.496313][ T45] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 1288.510829][ T45] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1288.586444][ T45] usb 3-1: config 0 descriptor?? [ 1288.634776][ T5085] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1288.706651][T14648] usb 1-1: device descriptor read/64, error -71 [ 1288.726137][ T5085] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1288.746935][ T5085] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1288.757585][ T5085] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1288.774123][ T5085] usb 4-1: config 0 descriptor?? [ 1289.536627][ T5085] usb 4-1: string descriptor 0 read error: -71 [ 1289.556417][ T5085] usb 4-1: USB disconnect, device number 94 [ 1289.585013][T19980] FAULT_INJECTION: forcing a failure. [ 1289.585013][T19980] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1289.602286][T19980] CPU: 1 PID: 19980 Comm: syz.1.3367 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1289.612462][T19980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1289.622512][T19980] Call Trace: [ 1289.625803][T19980] [ 1289.628747][T19980] dump_stack_lvl+0x241/0x360 [ 1289.633427][T19980] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1289.638624][T19980] ? __pfx__printk+0x10/0x10 [ 1289.643212][T19980] ? snprintf+0xda/0x120 [ 1289.647447][T19980] should_fail_ex+0x3b0/0x4e0 [ 1289.652119][T19980] _copy_to_user+0x2f/0xb0 [ 1289.656533][T19980] simple_read_from_buffer+0xca/0x150 [ 1289.661904][T19980] proc_fail_nth_read+0x1e9/0x250 [ 1289.666935][T19980] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1289.672508][T19980] ? rw_verify_area+0x520/0x6b0 [ 1289.677375][T19980] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1289.682931][T19980] vfs_read+0x204/0xbc0 [ 1289.687103][T19980] ? do_sock_setsockopt+0x3e2/0x720 [ 1289.692296][T19980] ? __pfx_vfs_read+0x10/0x10 [ 1289.696964][T19980] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 1289.702505][T19980] ? __pfx_packet_setsockopt+0x10/0x10 [ 1289.707959][T19980] ? do_sock_setsockopt+0x3e2/0x720 [ 1289.713159][T19980] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1289.718705][T19980] ksys_read+0x1a0/0x2c0 [ 1289.722954][T19980] ? __pfx_ksys_read+0x10/0x10 [ 1289.727721][T19980] ? do_syscall_64+0x100/0x230 [ 1289.732480][T19980] ? do_syscall_64+0xb6/0x230 [ 1289.737161][T19980] do_syscall_64+0xf3/0x230 [ 1289.741663][T19980] ? clear_bhb_loop+0x35/0x90 [ 1289.746336][T19980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1289.752233][T19980] RIP: 0033:0x7f2792f746bc [ 1289.756648][T19980] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 1289.776249][T19980] RSP: 002b:00007f2793cae040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1289.784661][T19980] RAX: ffffffffffffffda RBX: 00007f2793103f60 RCX: 00007f2792f746bc [ 1289.792625][T19980] RDX: 000000000000000f RSI: 00007f2793cae0b0 RDI: 0000000000000004 [ 1289.800595][T19980] RBP: 00007f2793cae0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1289.808568][T19980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1289.816539][T19980] R13: 000000000000000b R14: 00007f2793103f60 R15: 00007ffc5f5ffd58 [ 1289.824519][T19980] [ 1289.827611][ C1] vkms_vblank_simulate: vblank timer overrun [ 1289.839645][ T5135] usb 3-1: USB disconnect, device number 67 [ 1289.913240][T14648] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 1290.072804][T14648] usb 1-1: device descriptor read/64, error -71 [ 1290.883168][ T45] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 1290.893784][T14648] usb usb1-port1: attempt power cycle [ 1291.291078][ T45] usb 2-1: Using ep0 maxpacket: 8 [ 1292.247559][ T45] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1292.274314][T19995] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3371'. [ 1292.275334][ T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1292.292605][ T45] usb 2-1: Product: syz [ 1292.296951][ T45] usb 2-1: Manufacturer: syz [ 1292.302833][ T45] usb 2-1: SerialNumber: syz [ 1292.313942][ T45] usb 2-1: config 0 descriptor?? [ 1292.322277][ T45] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1292.325620][T19995] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3371'. [ 1292.347857][T20011] FAULT_INJECTION: forcing a failure. [ 1292.347857][T20011] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1292.435303][T20011] CPU: 0 PID: 20011 Comm: syz.4.3373 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1292.445511][T20011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1292.455585][T20011] Call Trace: [ 1292.458882][T20011] [ 1292.461833][T20011] dump_stack_lvl+0x241/0x360 [ 1292.466546][T20011] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1292.471778][T20011] ? __pfx__printk+0x10/0x10 [ 1292.476392][T20011] ? __pfx_lock_release+0x10/0x10 [ 1292.481417][T20011] ? __local_bh_enable_ip+0x168/0x200 [ 1292.486786][T20011] ? copy_fpstate_to_sigframe+0x175/0xd90 [ 1292.492508][T20011] should_fail_ex+0x3b0/0x4e0 [ 1292.497280][T20011] copy_fpstate_to_sigframe+0xa87/0xd90 [ 1292.502825][T20011] ? stack_depot_save_flags+0x29/0x830 [ 1292.508294][T20011] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 1292.514360][T20011] ? get_signal+0xbbc/0x1740 [ 1292.518963][T20011] ? fpu__alloc_mathframe+0xab/0x130 [ 1292.524251][T20011] get_sigframe+0x55d/0x700 [ 1292.528755][T20011] ? __pfx_get_sigframe+0x10/0x10 [ 1292.533776][T20011] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1292.539756][T20011] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1292.546086][T20011] x64_setup_rt_frame+0x180/0xcc0 [ 1292.551109][T20011] ? lockdep_hardirqs_on+0x99/0x150 [ 1292.556310][T20011] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1292.561521][T20011] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 1292.567072][T20011] ? __pfx_force_sig_fault+0x10/0x10 [ 1292.572374][T20011] arch_do_signal_or_restart+0x458/0x860 [ 1292.578012][T20011] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1292.584187][T20011] ? irqentry_exit_to_user_mode+0x53/0x270 [ 1292.589996][T20011] irqentry_exit_to_user_mode+0x79/0x270 [ 1292.595639][T20011] exc_page_fault+0x590/0x8c0 [ 1292.600328][T20011] asm_exc_page_fault+0x26/0x30 [ 1292.605180][T20011] RIP: 0033:0x7f686c2466e7 [ 1292.609591][T20011] Code: c4 0f 85 83 03 00 00 48 8b 04 24 89 5c 24 14 c6 80 d0 00 00 00 01 80 3d 02 f0 de 00 00 74 12 48 8b 04 24 48 8b 80 a8 00 00 00 <48> c7 00 00 00 00 00 48 8b 1c 24 48 c7 83 88 00 00 00 ff ff ff ff [ 1292.629193][T20011] RSP: 002b:00007f686bdde070 EFLAGS: 00010202 [ 1292.635263][T20011] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000000 [ 1292.643230][T20011] RDX: 00007f686bdde0a0 RSI: 00007f686bdde0a0 RDI: 00007f686bdde0a0 [ 1292.651195][T20011] RBP: 00007f686bdde0a0 R08: 0000000000000000 R09: 00007f686bddde07 [ 1292.659171][T20011] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1292.667141][T20011] R13: 000000000000006e R14: 00007f686c5041e8 R15: 00007ffdd03aa2c8 [ 1292.675126][T20011] [ 1293.122927][ T5131] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1293.230805][T20037] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3369'. [ 1293.230938][T20037] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3369'. [ 1293.230951][T20037] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3369'. [ 1293.305292][ T5131] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1293.349458][ T5131] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1293.349480][ T5131] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1293.349492][ T5131] usb 3-1: SerialNumber: syz [ 1293.352624][ T5131] cdc_ether 3-1:1.0: skipping garbage [ 1293.353469][ T5131] usb 3-1: bad CDC descriptors [ 1293.613378][T14648] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 1293.651539][ T45] gspca_sq930x: ucbus_write failed -71 [ 1293.769214][T12231] usb 3-1: USB disconnect, device number 68 [ 1293.795049][T14648] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1293.823179][T14648] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 1293.844128][T14648] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1293.865124][T14648] usb 1-1: config 0 descriptor?? [ 1293.882809][ T45] gspca_sq930x: Sensor ov9630 not yet treated [ 1293.889146][ T45] sq930x 2-1:0.0: probe with driver sq930x failed with error -22 [ 1293.916865][ T45] usb 2-1: USB disconnect, device number 96 [ 1294.177001][T14648] usb 1-1: USB disconnect, device number 76 [ 1296.531780][T20068] netlink: 'syz.4.3387': attribute type 3 has an invalid length. [ 1296.549198][T20068] netlink: 'syz.4.3387': attribute type 1 has an invalid length. [ 1296.558069][T20068] netlink: 199800 bytes leftover after parsing attributes in process `syz.4.3387'. [ 1300.489291][ T1237] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.495804][ T1237] ieee802154 phy1 wpan1: encryption failed: -22 [ 1305.263819][T14648] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 1305.605191][T14648] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1305.638458][T14648] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1305.669464][T14648] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1305.699636][T14648] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1305.727463][T14648] usb 1-1: config 0 descriptor?? [ 1306.245046][T14648] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x2 [ 1306.292869][T14648] plantronics 0003:047F:FFFF.0007: item fetching failed at offset 14/15 [ 1306.330190][T14648] plantronics 0003:047F:FFFF.0007: parse failed [ 1306.364751][T14648] plantronics 0003:047F:FFFF.0007: probe with driver plantronics failed with error -22 [ 1307.752758][T18925] Bluetooth: hci4: command tx timeout [ 1307.899650][T20180] netlink: 'syz.1.3419': attribute type 3 has an invalid length. [ 1307.941421][T20180] netlink: 'syz.1.3419': attribute type 1 has an invalid length. [ 1307.955637][T20180] netlink: 199800 bytes leftover after parsing attributes in process `syz.1.3419'. [ 1309.480867][ T5135] usb 1-1: USB disconnect, device number 77 [ 1309.800735][T18925] Bluetooth: hci4: link tx timeout [ 1309.808356][T18925] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 1311.193265][T20220] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3430'. [ 1311.222774][T20220] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3430'. [ 1313.125677][T18925] Bluetooth: hci4: command 0x0406 tx timeout [ 1313.173791][T20243] [ 1313.176159][T20243] ====================================================== [ 1313.183173][T20243] WARNING: possible circular locking dependency detected [ 1313.190182][T20243] 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 Not tainted [ 1313.197288][T20243] ------------------------------------------------------ [ 1313.204299][T20243] syz.3.3432/20243 is trying to acquire lock: [ 1313.210360][T20243] ffff88802f5dc488 (&of->mutex){+.+.}-{3:3}, at: kernfs_seq_start+0x53/0x3b0 [ 1313.219168][T20243] [ 1313.219168][T20243] but task is already holding lock: [ 1313.226531][T20243] ffff88805b006b08 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60 [ 1313.234908][T20243] [ 1313.234908][T20243] which lock already depends on the new lock. [ 1313.234908][T20243] [ 1313.245304][T20243] [ 1313.245304][T20243] the existing dependency chain (in reverse order) is: [ 1313.254316][T20243] [ 1313.254316][T20243] -> #4 (&p->lock){+.+.}-{3:3}: [ 1313.261364][T20243] lock_acquire+0x1ed/0x550 [ 1313.266396][T20243] __mutex_lock+0x136/0xd70 [ 1313.271422][T20243] seq_read_iter+0xb7/0xd60 [ 1313.276453][T20243] copy_splice_read+0x662/0xb60 [ 1313.281833][T20243] splice_file_to_pipe+0x299/0x500 [ 1313.287475][T20243] do_sendfile+0x515/0xe20 [ 1313.292416][T20243] __se_sys_sendfile64+0x17c/0x1e0 [ 1313.298051][T20243] do_syscall_64+0xf3/0x230 [ 1313.303070][T20243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.309466][T20243] [ 1313.309466][T20243] -> #3 (&pipe->mutex){+.+.}-{3:3}: [ 1313.316826][T20243] lock_acquire+0x1ed/0x550 [ 1313.321829][T20243] __mutex_lock+0x136/0xd70 [ 1313.326833][T20243] iter_file_splice_write+0x335/0x14e0 [ 1313.332795][T20243] do_splice+0xd77/0x1900 [ 1313.337624][T20243] __se_sys_splice+0x331/0x4a0 [ 1313.342890][T20243] do_syscall_64+0xf3/0x230 [ 1313.347892][T20243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.354296][T20243] [ 1313.354296][T20243] -> #2 (sb_writers#5){.+.+}-{0:0}: [ 1313.361685][T20243] lock_acquire+0x1ed/0x550 [ 1313.366689][T20243] sb_start_write+0x4d/0x1c0 [ 1313.371778][T20243] mnt_want_write+0x3f/0x90 [ 1313.376779][T20243] ovl_create_object+0x13b/0x370 [ 1313.382216][T20243] path_openat+0x1a84/0x35f0 [ 1313.387308][T20243] do_filp_open+0x235/0x490 [ 1313.392310][T20243] do_sys_openat2+0x13e/0x1d0 [ 1313.397489][T20243] __x64_sys_openat+0x247/0x2a0 [ 1313.402839][T20243] do_syscall_64+0xf3/0x230 [ 1313.407876][T20243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.414276][T20243] [ 1313.414276][T20243] -> #1 (&ovl_i_mutex_dir_key[depth]){++++}-{3:3}: [ 1313.422957][T20243] lock_acquire+0x1ed/0x550 [ 1313.427958][T20243] down_read+0xb1/0xa40 [ 1313.432614][T20243] lookup_slow+0x45/0x70 [ 1313.437362][T20243] walk_component+0x2e1/0x410 [ 1313.442536][T20243] path_lookupat+0x16f/0x450 [ 1313.447646][T20243] filename_lookup+0x256/0x610 [ 1313.452912][T20243] kern_path+0x35/0x50 [ 1313.457489][T20243] lookup_bdev+0xc5/0x290 [ 1313.462338][T20243] resume_store+0x1a0/0x710 [ 1313.467346][T20243] kernfs_fop_write_iter+0x3a1/0x500 [ 1313.473135][T20243] vfs_write+0xa72/0xc90 [ 1313.477879][T20243] ksys_write+0x1a0/0x2c0 [ 1313.482710][T20243] do_syscall_64+0xf3/0x230 [ 1313.487707][T20243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.494101][T20243] [ 1313.494101][T20243] -> #0 (&of->mutex){+.+.}-{3:3}: [ 1313.501285][T20243] validate_chain+0x18e0/0x5900 [ 1313.506638][T20243] __lock_acquire+0x1346/0x1fd0 [ 1313.512007][T20243] lock_acquire+0x1ed/0x550 [ 1313.517010][T20243] __mutex_lock+0x136/0xd70 [ 1313.522012][T20243] kernfs_seq_start+0x53/0x3b0 [ 1313.527274][T20243] traverse+0x14f/0x550 [ 1313.531930][T20243] seq_read_iter+0xc5e/0xd60 [ 1313.537021][T20243] do_iter_readv_writev+0x5a4/0x800 [ 1313.542736][T20243] vfs_readv+0x2b6/0xa90 [ 1313.547479][T20243] __x64_sys_preadv+0x1c7/0x2d0 [ 1313.552828][T20243] do_syscall_64+0xf3/0x230 [ 1313.557831][T20243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.564232][T20243] [ 1313.564232][T20243] other info that might help us debug this: [ 1313.564232][T20243] [ 1313.574437][T20243] Chain exists of: [ 1313.574437][T20243] &of->mutex --> &pipe->mutex --> &p->lock [ 1313.574437][T20243] [ 1313.586141][T20243] Possible unsafe locking scenario: [ 1313.586141][T20243] [ 1313.593567][T20243] CPU0 CPU1 [ 1313.598909][T20243] ---- ---- [ 1313.604250][T20243] lock(&p->lock); [ 1313.608034][T20243] lock(&pipe->mutex); [ 1313.614683][T20243] lock(&p->lock); [ 1313.621002][T20243] lock(&of->mutex); [ 1313.624966][T20243] [ 1313.624966][T20243] *** DEADLOCK *** [ 1313.624966][T20243] [ 1313.633087][T20243] 1 lock held by syz.3.3432/20243: [ 1313.638170][T20243] #0: ffff88805b006b08 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb7/0xd60 [ 1313.646936][T20243] [ 1313.646936][T20243] stack backtrace: [ 1313.652800][T20243] CPU: 0 PID: 20243 Comm: syz.3.3432 Not tainted 6.10.0-rc7-syzkaller-00231-ge091caf99f3a #0 [ 1313.662931][T20243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 1313.672968][T20243] Call Trace: [ 1313.676229][T20243] [ 1313.679139][T20243] dump_stack_lvl+0x241/0x360 [ 1313.683806][T20243] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1313.688992][T20243] ? print_circular_bug+0x130/0x1a0 [ 1313.694171][T20243] check_noncircular+0x36a/0x4a0 [ 1313.699091][T20243] ? __pfx_validate_chain+0x10/0x10 [ 1313.704268][T20243] ? __pfx_check_noncircular+0x10/0x10 [ 1313.709705][T20243] ? lockdep_lock+0x123/0x2b0 [ 1313.714360][T20243] ? __lock_acquire+0x1346/0x1fd0 [ 1313.719363][T20243] validate_chain+0x18e0/0x5900 [ 1313.724199][T20243] ? __lock_acquire+0x1346/0x1fd0 [ 1313.729199][T20243] ? __pfx_validate_chain+0x10/0x10 [ 1313.734396][T20243] ? look_up_lock_class+0x77/0x160 [ 1313.739504][T20243] ? register_lock_class+0x102/0x980 [ 1313.744777][T20243] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1313.750744][T20243] ? __pfx_register_lock_class+0x10/0x10 [ 1313.756358][T20243] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1313.762676][T20243] ? mark_lock+0x9a/0x350 [ 1313.767007][T20243] __lock_acquire+0x1346/0x1fd0 [ 1313.771844][T20243] lock_acquire+0x1ed/0x550 [ 1313.776327][T20243] ? kernfs_seq_start+0x53/0x3b0 [ 1313.781265][T20243] ? __pfx_lock_acquire+0x10/0x10 [ 1313.786268][T20243] ? do_syscall_64+0xf3/0x230 [ 1313.790943][T20243] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.796995][T20243] ? __pfx___might_resched+0x10/0x10 [ 1313.802265][T20243] __mutex_lock+0x136/0xd70 [ 1313.806776][T20243] ? kernfs_seq_start+0x53/0x3b0 [ 1313.811700][T20243] ? kernfs_seq_start+0x53/0x3b0 [ 1313.816614][T20243] ? __pfx___mutex_lock+0x10/0x10 [ 1313.821624][T20243] ? rcu_is_watching+0x15/0xb0 [ 1313.826370][T20243] ? trace_kmalloc+0x1f/0xd0 [ 1313.830938][T20243] ? __kmalloc_node_noprof+0x247/0x440 [ 1313.836377][T20243] kernfs_seq_start+0x53/0x3b0 [ 1313.841119][T20243] traverse+0x14f/0x550 [ 1313.845256][T20243] ? plist_check_list+0x2cb/0x300 [ 1313.850260][T20243] seq_read_iter+0xc5e/0xd60 [ 1313.854829][T20243] ? futex_wait_queue+0x27/0x1d0 [ 1313.859745][T20243] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1313.865706][T20243] ? kernfs_fop_read_iter+0x143/0x640 [ 1313.871064][T20243] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1313.877378][T20243] do_iter_readv_writev+0x5a4/0x800 [ 1313.882557][T20243] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1313.888254][T20243] ? __pfx_bpf_lsm_file_permission+0x10/0x10 [ 1313.894214][T20243] ? rw_verify_area+0x2fd/0x6b0 [ 1313.899046][T20243] ? rw_verify_area+0x520/0x6b0 [ 1313.903878][T20243] vfs_readv+0x2b6/0xa90 [ 1313.908104][T20243] ? __pfx_vfs_readv+0x10/0x10 [ 1313.912872][T20243] ? __fget_files+0x29/0x470 [ 1313.917471][T20243] __x64_sys_preadv+0x1c7/0x2d0 [ 1313.922307][T20243] ? __pfx___x64_sys_preadv+0x10/0x10 [ 1313.927669][T20243] ? do_syscall_64+0x100/0x230 [ 1313.932424][T20243] ? do_syscall_64+0xb6/0x230 [ 1313.937087][T20243] do_syscall_64+0xf3/0x230 [ 1313.941573][T20243] ? clear_bhb_loop+0x35/0x90 [ 1313.946232][T20243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.952109][T20243] RIP: 0033:0x7f18eeb75bd9 [ 1313.956507][T20243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1313.976100][T20243] RSP: 002b:00007f18ef931048 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1313.984497][T20243] RAX: ffffffffffffffda RBX: 00007f18eed042c0 RCX: 00007f18eeb75bd9 [ 1313.992445][T20243] RDX: 0000000000000001 RSI: 00000000200004c0 RDI: 000000000000000c [ 1314.000393][T20243] RBP: 00007f18eebe4e60 R08: 0000000000000000 R09: 0000000000000000 [ 1314.008342][T20243] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1314.016291][T20243] R13: 000000000000006e R14: 00007f18eed042c0 R15: 00007ffc7a06d1e8 [ 1314.024248][T20243] [ 1314.505535][ T5135] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 1314.727131][ T5135] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1314.738075][ T5135] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1314.750971][ T5135] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1314.760003][ T5135] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1314.769116][ T5135] usb 2-1: config 0 descriptor?? [ 1315.181197][ T5135] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x2 [ 1315.188716][ T5135] plantronics 0003:047F:FFFF.0008: item fetching failed at offset 14/15 [ 1315.201651][ T5135] plantronics 0003:047F:FFFF.0008: parse failed [ 1315.208147][ T5135] plantronics 0003:047F:FFFF.0008: probe with driver plantronics failed with error -22 [ 1317.127338][ T5131] usb 2-1: USB disconnect, device number 97