last executing test programs: 7m53.011322906s ago: executing program 2 (id=31): setsockopt$WPAN_WANTLQI(0xffffffffffffffff, 0x0, 0x3, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xf, 0xffffffffffffff6e}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102384, 0x18ff0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00e3ff070000000200ff7dd4a3a10bd75e94f7", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000380)={r3, &(0x7f0000000300), &(0x7f0000000340)=""/55}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000a80)={r3, &(0x7f0000000940)="18", &(0x7f0000000980)=""/235}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000002c0)={0x0, &(0x7f0000000700)=""/181, &(0x7f00000005c0)="e2c291e16387b48ac77287ceb4aaea8340d2805a1374bc99723b3a847e2a32bb532c3265055f0493cc93a6655416631439", &(0x7f0000000280)="037797b91c70", 0x2, r3}, 0x38) r4 = socket$tipc(0x1e, 0x2, 0x0) connect$tipc(r4, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x5}}, 0x10) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x3, 0x3}, 0x6) sendmmsg$inet(r4, &(0x7f0000006740)=[{{0x0, 0x0, &(0x7f00000056c0)=[{&(0x7f0000001240)="80349c0d9e8fcc9f44658138dc4a3c4ad42f918348474a5bc38ff0e0571fc22c8eb5cb22fdf30ced1a4c1ccb5e5b35fed7db48c1a8a7132adc5623d146ddfe2254dd2579b4284b53d1cea6206864473d31bdb00c9d1462458b678827e80c94d88099e7471a58b1463086f9cdd1ccc19fa2fc4a9dd5a56fe782d15e66648c7630f1aaa7e9820460c46e292dbb8fa6f6701048ff17f46097b1ee0750ed038f18b81b2ba014bf866062c9a6f88b5d07e13b7eddd968ba9c7a53609c7b61471a51fd85bceebc0a92b2cd7c45a7f4571e693abebc3c5ff16c8128d92476", 0xdb}, {&(0x7f00000004c0)="5b4ea50f20d7212327afde5e7a457cde2dff791c69fbc3", 0x17}, {&(0x7f00000002c0)="851d8a90d516f218f839a7c48edfe734b2490c90a2fbf5be3383f1c9f5be8e55148723ac0258ef4f8af1f5e0b0a86885f018523d60072c7d9c1568700b3abe208fbd5dad2daf18b5150a530d816bf4cc6e43da4f2793611b38009e8c0970268cf5836926fd1223f4f8bec6a4a68b2aaff7af151a661793a04cd9b936da8f53eae22356781c580df817f3168269eaeeae014fa9b1878bd89e2acb4853ffd7b9a06d7f5ff090c605f5d343e6d93c80d747365d21acea325c44fbb87f6271a2d9333e9b9dd1d36dfea61641d34fd54cd2970ac14acdadd04357bdd44bc926d0adef887b2e25c2f435ce79bac1d1f473c3a49a12aa5c5cfa4bfa4fd2470308ed259e62c218aee67006a3ca187c22940537b1cb1fd2389f417ea92c6e77a09a9d09a98c4e2f0912d36b47588ff991aa98c3c650055bacb669aaf68dd4f8a7b43569c9af62e7cee6ba05278fe8642feafa5c436cb13fa45b3cdf750f8956c493acf7c561b12259331a363c74fb5f2947652ced415b0986b673680e8ad7bad823ff84c30681cbe45114510d9aa6f423f212bcdf1c244178ae31474d9f176707e9c481057f72d489372f7daeba51e3ea86895c8eed109566ad19f3957d0df21a671fce2d674c207d8643c85a018834f4e8e3992e6991d81500"/480, 0x1e0}, {&(0x7f0000003080)="f0e266805aba28ca0c0d67b3479e1c7cb90d64b8ba8093c11696a92981d4fdd1f40043ce52efdea3f8d7b9ba23840df17c5a35207d6fc677263be310a063adb7b1528b8a04ec5b50d2cfa0df73c57f16a94941e8fb22f429a1f34b5b01514fefc4bd79a2cb936cf2eae82bd7b628431ae2d7b61059b35abc6ee24fd40e3c1bd6106af177bc4670395df7238a420fecf1e6ed3fe8906c3a2843215618fcb72ae77c6d36feefb4d45157e5d35fb4bf297d15ca042520f08e85ad2d7c5045fc7c4a2a8b6e149fc755d70437b3835083ee9fc662afbf840ab97f0adcdde20099bb22e909b937696e9d950ca0a361dfa8f5453454696927ae5a2401340264bdcdcd86941c18b536bdccb964461679d1b62855dadee9b66e5d494183283808c706247cdf83b45c44178775fc957483923b717724549dbe2f9a092fa07e93a7772d16bfbff9a0dd14d48d30b1e4f8206f92cf2fe08a7702f73404b79e77dec1b694e8a7c588a7bb2d770122291b10b456c4419dda49da0433a0aa5f0be221d29b45082b4f9521c2a1fbae507aa2652123619b78f340f01523bf9e6089e8e8186af2b85476d7059226f07467a6e036bf8808f2e9070b2a94ac1c64ec066def276c362a1d4a830edf754783f0a1e52e1adc4f6ca2d7200fd73b9cda79ccfcf57a27f60e184ebe12c4daeb214c2057b69719db280e0dcc2d10b085c7ab8e2394bae44893e3f335a3121bae3a33c32b004ab7bca48726029b77a6c784d2af3789fd520e37009d103c0a63598fa5857ee1b86a38a9feaf1d1f512d1884861c13d647d26888430e2f15e78cdd6a4c875e52de709dfdc4af4775ce03d7c8c3ff2b9fbae82dbabf11460bd1bc1ffe10c5062a265fd211a2b52a41613cc03917b8d34591885396369d1d172df31244a236c49d4457a936848684b59e326872d58c5db20684d1194ccb7ecbf5017f0f702f29c75cdeea09619db8bf00b41b1a165af13b3810d7f7b6a681aef628190f4fd53244a650b0500df500946792d003f2d2f0ba3c57f8257c0cc897cb1dabd63870ef86378a14e7f5068ea6a2311414656d766fb24e43c2a57b44cb1dc584d71e91628348790dc6a9adf85bc403a934e7603f7b45473407cf1395163b3efc9e880963bbd98140adfd624ccfc1141cd899826261e152265b9307695488c0cbad9027bf74b6f0c7adbc9878983d96e6026c818ac30fac3e2392e1c8fdab8ccf902d0915a471701083949efafc7a2e05608139fd0ef22d834ff02569878579c43635ad2d56d7cdfacaba8a3adc47c7fd42e521ca6b14726e68f67e2662c972bf9824ba847e22985400fad74280c22a0636aee80eeb7ef0c691cee94573ec78b53d43316ba691fd5274d1ff8085e297d2781a31f704dfeb58db9fa216c3356341207e953712de9ef27018bdfdddba8abc0c5f205908f12a42685ecc0c20cd92a57bba45a435f7bb412ccab1a6d877392971de8b808af07ea32b102dbcd7d00c869ad5cd8f5a5895b3d6dfef226d51d819756a85ffdde3d08f59fbbb7510a9ac3568f8f039fa7abc7b34685f3579050e88773cb4bb7958ff83aba1f23c8ab4ecd019c59781d47bcc50c64a957c3fa37311a240649313f77fa81020a5da0560d3bdabe6001ab6792ad782fe0e44bbb59efd4a524984742940563dd9e9a0226925324ac94373a9dcb16f32183ef3f465a13b83974f593e664f53131241e2133ce22917fbb412354a51026847f92aa7afadb1cdf51677fc2fe5938812ef17ae79f4db75afdfce3c5b8822dd612457b5f59dd616acdc473e97afb83f3c9789f3df399a2c3c89e8b5e6db33a306168b0cd4e8acbbd6ac81dd46cfb2f7d24b609d009049784611d027daa0cfb12111c1236aa010796cc687cbb151ba30e3a786ee8bfdae51e65a0c3667f7b8856089621742bdc19ad66f60eb48bd7f20b0ac2a523e89e6a7089e3704f266c52c58994e018e5d20b77a0413c71cafd420d9e0abb77e9f1199aca31f6d94372ca5736c749c197cac572e4962fc089f866a896763cd7b804c8e7211bd3a64f1ed12d65182deb850279ecb530683551bd50214e03b9f813431688dadf4caaf77d2e8b20d3e5c424243ab50f9c20462cea0f38eb080b02074e3e77a236d4ec929b04d134dcc5f767736c096794be3aec9f1195b87862128b436fbd0305a6ad6ebb0b2167e184c1de57048144b7567a6ad6c028c4b8a78858925f0ed415313da984484f753d14234d30964aa3d15af13337b6e5338d4f787abc18e0ea4d9656aa3c1d3eee0854078470a0e724062fd61a95f17516ca92faae8397ce07ba558a689ea49d25685a28c68fbc533892827829692d65a15711f0d14f7f685095f6c5dd085b30ffc4dfd9097157c1fab80023d24912861e87d1e484fe5a4476743dcb983d3eecabfe168db03f888432d8b1639e89c8f0513dc36ca8969ec364d28814fa6e21f979020df1292d772cd20c0eb4a5888f38d8d129e30ffee29ab6baf3b2f3a509e02d26b354f1ebe3531fe97968f1f678937b36f3684a8c100030a2328941dfc09574f7cebc26337cd4b2a6fc0b92affc3f3f892542e46fd6cfc2780c0b8a916b3fbb7f33a2537571b06643d82f86e2156740e024b360f48b844797971383610dc93abedc9945ec26d6a56e2701522e3fd6b77d4647a137346985af549d8944c652ddd797e1856a30f296258eb275981bc9432f38532d6e141d603b002c75247b3e71b39dbc01e8e64bc0cd510bd1700685a95ead8fb3fe8fbd72be2e8f9f5a9f1b2c400bfdc0aeabb14a7538c9a38a4839bf41120f2c2aa00277a327d7dff15f52854146a94ea41e4f14a15443124c6bcff43489e7e242c8315ed8d542377fefb6002292c1adc571c730d67b8dab5a4da06659fe7b69bac3147ef39fc877c323edbb9912886ab468c530a8d7844692010ea93effd20f4ccc47b3ff51f378c12b1d03155d49772f14d65bf2ce38f589ca4647b6713ae081fd13e74b307aba8bc34a4406d78c26ccfdf328f5c273b294f6c6419cc157eca59939ec4c0b95cc6d5f97c83c3f14aeb5b88910ec29cf64496d9b1b855fe073d4791507c7533846cdd7810667427583b3a8b7febb2c43643c09bebbb12c08781ac9d0995723fb47febef49e0d6631f054e5b3b3a284391590cfb5d5cf4aaa71586cb37b9fffa15848176da20969e88ed87dd8a4fa2b5140fd56f0a9973217f8ce0c6ee50b67214b6d7d6b84d41d83694a14b2e96f0cb79b49f5fe4dd21727c00819e83b6ea203bada46e9ae8ce7bebaf24f05fd20672e4230b3851b8f05bb2f0977dda7c8cdd1f2689b7a10a72018ff76699e53b2a3f77bf7fa03fe3cf85d4859c9db915fa5c1ddff79e77d0b1b6316d3e50d0d60a42271332f3e81376f120836cd3ea55b7f1453833a7bce0058f79b698a4bd0e857ae35b8ac8f20ed8f238475757af11ce7b450cf89191a4f27a365f594ef68efe6ea1a5c3518712b1aa37a1f47e05f85debfa461f5346d985a71e49ef17f4eb068862977d56671d445176934be6b5318300d7debf3ad8d7da0c014b25af2d8fa52753974116a8cea6c974692f5de03b526a075cc3bc8a4375333f0ef09dd3c361738a151f326ba3253c171f8f7876107eeac122a65124e59dfe7c66bb9546d6428559df314063ac08c03d96b04b6a91508371fa18348c65238546f3d489c7efc1bd01e6e389fbeaa8f125bc7b7c8673904eb676bbdfa3680fea612ba20fab20cdd411c2bafe0417b76852de9e863f09d291bf59510ead793cfd9d6710c0de77cefb5b65481d3aabde2683457b13e3b32ebc06f60d5afa47e36f652a95bd16dcf55dd3e1b05d0df9b8a183553097c2aa95aa175eda6792f58a74170781260e6120981549b3836d13ef037178dd8ddcb5a5624f3790f9d92b0f8f3cd11bddf478cd79456db871f32dd6e24948dd762ba2c22a94300f527c1df5ff05aef5ae4893ff88adc8f7af779d03fcb4ecabfa32460315f27505681242064541657acbb29f531043ce1d04ad189045140232f24f46d0580ada560c61fa4a90aec4743a9a0d466493476923cdff87a21127bac3da7d61d674d8bc9bd63cc3df85c707a912773e090256d5a0bdc5da8ceae2ca25c596410982b63055e6d292a31776cefe58457cb6b5cb92a2c69ed5eeed35e4ea3d6b54ee22e41dea28adac6e1eeadf604f0ef3a67c86974c3ecacdb7f502c74ed31138123dcb80282dbfb0ea0fc2a6016dccecbcbe4952c27b09e7abf784db6b7cc55366d048f16f6473a268b90a1c9b9c612f88bed9008308b11e47d79329cbefc3f313863eff4a16e6a70c41a296d3042a1164d0578297642ec82da1f92dfaa6a67ff9cfcd1b3e88fc442246a303a0e539ce65ad6fcb6d8657937cd88d4c30fd369f2bef0308f5db8824919139b25f82f56e24ef4cf1feda07c3bef9dd215575ed774dc05603f4664332c7b002c48d873bf1ebec930a273efc78dafe153f7eba9161002ca9a8fa855bc357f3a67810fc081b9ae9b4f69401ef93d039c7c1398fa8c9eeb1ce001e08e9231ce2c2beacdafe2955d4056e18d4d09ed22a996666d4df5ca91c37663bb54eb42fe39712736fa0e64ad4f8ca843fe52702c9ae48e60a3f5eac160f58ff3cb80684120845b9e34bc1aecb19662b1a429926ae351d004eca1d367fcb34facbeb2184716c5140a7e420c7f4379b0c43ce872b62723a587d9ad528c2aabf158cefa2df3422203b5cc73e9443825089527700b69a2331e0558a9b1e9d3e69a59896e6cf4df46b41a8cbb0e598a874fc23b16a6eda6eafde02451f0255ff9e6d1bd007c86dee8b6ae875752415b8057b916a3fe7b35cfcf7d38a50e461f1fc1d6a4541ba4079e1f21d0ea2a5ce4aad561215a1d75a2599c757cd6025753fc0578e4b7f4195ad025c46d50c5c351af1ce1e8f8c35439c8598293cd59d2e90a1445497b0249a314379dd13e95f00f2d8240190da9e12adbdd809b1a96900054db156d2893f7998aca02c86f61478a9b21e9e11a6f4b9f7f382243739e492e9048ed9c7b0b8118d966c0f41709abd171873c498a3168639bb2451e0f65e93755fc9cbf3b996ed0873a8256a579372146c3a1e749a9a640f8e9c01af2d0fdd34f2b5fcf4e0bac0b7becd41851359f89dc17156b6ddbd6377c05a059cde362397f28ae2cbbdac107142b40913aaf059d897039ce3fda8c29ae93210676e44f131f78e78d68d858bb7fde230a2f0fd542c5e8374fdc11a488da9de28bc3992a8d74089de36a732110c841bbdc5f24f71663d9a5f5209791fb7027749be23cdb3380f581151563d3707290cd31b28c13139b8e041cd72af3ad9b0fd0b3f131608a8ec5d80c4e7cd458abebae0244c921ef69a4ea0e9a2c2073bd13b49f574a7e278c7ba08c22d89b678a3cd814e8d0dea0101d95f789ada5178f46a4c6beb8dd12352cec179c886ae98ac2bc4382acb565df99eaff3f6824536ef7de884176ea3ca14a9f225f8ada2aac871e7c35df92943600cf7961b8eefdeb70d985fbc93252c978c5c773b4f2ab4b7683e2563d36ebfa4355969f6201e4bcac04ede3c6c9a18ed23f23ec331cbe2d645fa4ffcb2c742ba4905788c27a9bc97536dcbc08d3cbdd2f7195acc0f0eb3cf52aad9a1d23a1dd3633a49a482a1c1eb8761dcc7474f0fd4596a661b7668ab22ebecbfe33886b9b4a0c250380a9a34fefd9724ff89b32e5622258287b3281bcccd0bade4e260b6fefe73219c41f2de521587404ac1d2de4e2999202b3870099718115552aac2d446e649", 0x1000}, {&(0x7f0000002440)="253c10cd0a56ebbb9e8b465670109c340c95f1d27d36cbeb7fa948545e9b18da346b70b5dc6ea12ad1a30e4f7038336f1af1d61b04de988f1755e9b3ba9919b2a4952ceda920a7f0e22dd239d4a74f2d1c854bc64f09f979aa3e9f5c25ff8ec189e5d809483583f648cd8870291200e428", 0x71}, {&(0x7f00000024c0)="2ba671ae597ed8f40600000000000000e6324ddf688ad9d88125012afd2ef10e8417d6036af9baf8a97228aed9183086ce0dd42ef8f5b5f3e475f49b0bcd201fe612703d680fdd1151dd32535b04d4697d472c7750d6c4c197162e9f8722536f82b1ca20e79dcf40d1faf78a453f8db9a048bb281079ae7ba3994aef7380e1d6342305e2d12c57379fd12e784f48e4e832171df4576c8724e3bfd70ebc92fc11914cd45ffdff9f86381676a7eb0f5972b742", 0xb2}, {&(0x7f00000025c0)="96cb9dfd0c61d5ed863c5a35109d427201da53416c37631f95451a170fdb734214157996b04630903a7ad20aca669b5120871c47c6ef4e5975222b9676223895144ae5c2898ba0e94642e43e374bf9515c7e840e62021f25181401bda4c4d2d77867390c0a05af019adabfe896d7824f0dcb1724c64da40478808059ea83fa60145e108809ca25edf6ab820f23a5ce2b1779aa8c037a26d99df56f39ff5beca1c1e0cbfd69e415971a02f5115f6da0ba6da9be9772efa870aa6b62774ce009e7bcca4b4a7a910aab97e7f3da899eaaf573ac8a926a7be9b5875b3bb707ae9124ead39e70948bcf654b6b4342043f756323494e4ec559866c5a480c3b156c0427f1cc1d373b77424ea38e3697e36dcefd261575e5516bfcedc7baa8cbebed0ce49dd27e6291dd6f968eaf37f13313ba0bd22b6a63496be04a42df10fef87386434103b5ef819a969e8792a7765dc52c310fbe89851eaf8b2eabcf27bd487f817d48a54b0c7e8b151f0941a6f4adcf6a4486f96f8d18a2928829db333ec08bffe029f4840fdc0433d75157e80b33c3041f193e5c3fb1b7c13d1d7d7a8fe3122ddef181a6534232731c8f91dae42d9a66b9c2e0c6de6da74c24752b53d344b3c9a48ed62705c3e93f7e346c0379a6ec672b3a73dcfc159a79a77bd7b9edd013e3e9832d4dca6f9f973d63d5d235c7e22822e012e4181e102e68b03bdec323db739968061a7ba6fcf9589bd2975520fe9f1b44e52489bf5f5b0125b14bc894f4ff1ad2ba817dad6ab1654a2cacce1cc5160ea4bf3d7011cbf16ad0389b6511448c4186da0a7a55be54031a6d2773ac33aab5d533e7bb213309193f2ca3970e8fffc2fdacbc96e6f49c116b0505385a8bf282589be6b844e2aaaa652459b5d021127f59009020d34932cd03fbe5fea45bdc1f68463c4afe2b5ea8f97dee5e2e6b58196aff00e5ca51a0087f02bcb1dbdd638a5c7590095561578c30904f7ea80072de21fcedd0e41da8e7fe3514eaabc603d770a6fbed5367edb7feb5c5edfda04c7b8a4bfce5c73b876f52fde7dc929f3ffa632eb9514596793533d20fd191b484e902ab104dfc34a8486ba64d3e31c495e043279d8d6b4e6ca3c3fd4ae43529e55be690309e1bc90af2e9188cd5673eea73c75d4decf8972039c086e4b47caee900e1422fd2fbe0303dd5147a9fa487a7b08ad529d0d3db2bae4b26a83de0b15b9b82f26b23336481aca875c48605dc8d25d872920d01e2e163cc13d1f026666f8f54d6fe7895b47939599d168dc98a2de4aac463d98cb39375ac13fadd722b9f1e221d35bde594c9e53aa0f34b235a9d68d8f4841f9455804cd8a7bf05315c5bab2fa8820e956a8161cdd685fc4e1344f9d89189057376a5d1c23273d475aaa72ccbf4b5d8f2863f3f0fe7c0f8b001c065bae68aad9d8878a5edcd8dcbeec07d317c0a81fc84b8b208c60db73c6cf86d46cac98a7df449581d74be7991f1fa6924b76a2d6077aacca10fc777f0d09c5420cfc38c4638957086c9a2065ce94a286da01527bd8b8fd5830f93bcab97a4d0ca13c55b4ee32a49e078b4d79e7b17200fb6a550cfcccd33c681e37bc83c7fcda081a67c2a828e65a75df33e587a05f75fe05aef4078b3482c9078e2edb63c74134f92461044871e4a71f40228d156cbb3beb53eb898e0b6ade2d486a7111ce074510ad957f0eeae0812dd3802db231d9a15948a6b133167eb51dde0199023dfb3471661c7f13f14e786278c551d60929ef969b15d4ea544a9cda830183052ca1072083fb304502f38bcfd46ef64091a2a64bacc55ff3e91f8a7a97f69a9524bdaa60c14d75ddb44e399158c603cded78f42b79a6e9b9c30575289a92558f4d1d9cbb35780c86462cb56d5b474901c17df6ccba95481c004c384b17f99fb29458c9c59666c5305c508561e654d5f1b8ed375231358828b73b487c5f3096211f863375333bb1d3970f7c4cbc7b0f122dbb330b24498f38d804ec0e9c8a5976578bfbc2e46e8d898ec08b3742d5f9ba03d56567f6541f075c4f45eec94a6af78065689e8851294c48f02d48b1266586db86266bd2d0cbb729b567ed7643edf6849f50ca7a28b4ef59433ff22ce0680ffb3348a458ff77b6a796e849cb456df4b443d625d423d10e21bf0bcc785a243cf70ed2ea7c52548cd366ad9af486a4a0171f21ee9d961aa808a69a066aeb0c605fe7a83291ba942df3d11ba1e12da7381d7af20ccbd0de5416ef389c65d1fd0ff209dce808c490707a371b317ce65765082d1c5f67846ddfa65f291117d6e5a795ac2961d56eb24060d8b160d5bd146cd61589c00a108a1dba9e8730157e403cc35b0cd64b3aa66eada80be3bbb974d4642aa76bdf87c2d63134af1c646b1f0bfd218d4e4ebd277ad1cfc9b6f20c4036c6a511cb1ce486c3a563ca9368b10bed088bcfcdab752e0c78a10e550544ee6250d3908e3e7b09b2119f94abc2fdf43d7c82a4ffce81a3f962124ace1108443f41202c6d055d37e99b4eb6287c485acabff03f3a115db1ec790fdc5436e97bf2443c2f707ffb513f6d6494812b2238d679c8787a854ec92126bdc4681803ed4a5b84590e4f00ce956c6c3394773303b0620d118d2290cb229ea3b9bb9de8d719a0f92a50d34909a363f5f6ff906326f917be78c914c78846ef30c9b107b26c0a55401ceabf5b3c669eaa7a1a36d97b01d5da410366e3da5d232fb711d26afd9d4a5016425e47c0ec9b6305673af4cb46526af752011793c322797fb706042da364b6e723b513fd73db6721b00bd80e0923fe075300951d4dfefdd029c3fed21b734bf102f96d58b50bf4edcad014670c2d93eeb4d7bda3d1b70d9e21262c644bb96855895e4c0b32c9ed599d940ac24814b69812c124648428e13d7f72d74feb30288eb78b4a99fadc96589d8a9c7047787aa802514ba28af4d5520ac50928cd75ca92e2934a2e126456bfe1587003e87d9428b1fdb6b7662c44a5fee9d537b7f43822e5b103aeece1aa603215c215de2873e3a6b327c5ed0a0190fb7645034e1839ad165f3f7f80fd793734ac1412bbe20d82aea543792047ba5c5b37ee11988cd7e71cd43547e13c6bbc1ce3cf6aff9727381f06feb83b23b694724d9259d3736eba6ee66ee73a224b8a978debbbc35f8e28cc8267646e5c8cd8076d2044d41eadce01738ab2c7dc763de5a8042b957680223c4d9fdbf65d17e8998444e8db36c50fbe3c9a83e506661a029c4538617d46b6a43675c6dcf283a45b99e44188fd2681a50747e819e7f37496207ec448670fe62a3cb94712abeafb5dd2690ec12b18f8d67d5b0db41a897124f8b94695501aba517447338034bf14d0f99cbf5518aa013e1f35a052b4d27d1247349ff7a83362444372f017fcbdfe972b91c46a0a57f4639204673341ae92bc2dbf2b8d1680b432552850964eb1e14f38995e7e404b1bd1bf63d8d58c7b4ec38e3b9e73959e6509ad9f67d684f62759f5cae90bf8c1781b5800922c312aa634e5748b6181fc37df267eb5c66afc0c9249f9f601136c78d817beddf308c6970ee0e8221abe6fa124f55de7e5e78398004095a175f58cc270840e8c6759627f139e4f9b3b362e2700c5d06da66e862d1016c9f89d18646a6bb823f992342433b03397ed7586f489824a1495d707c81d3885029a47845802ef97856e530789a5cb7239752c6509cdd094212cb4b1b8baa7416cf5000db59418ad7f7a0d7d8e4cb8ebbbe4c40ba0ccc25283b9c933e251fff9871fc01026fafd8eed7ddcbe454b79339be93cd4b25a55af449f5c0893a957c5468c9147a973478c834ac4ecfea339cf3", 0xa9b}], 0x7}}], 0x1, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)={'#! ', './file0', [{0x20, 'aXbly\r\x1a\xc5#9\x00\xc1\xa8`\x04\xb0\x98j<\r\xbf\xe4!\xf47\xc1\xdb\x16`\x89B\x1fx\xd0i\xe1/F\x00\xd3\xd8\xcd2'}]}, 0x37) 7m50.680437743s ago: executing program 2 (id=38): socket$can_raw(0x1d, 0x3, 0x1) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000003c0)={'vcan0\x00', 0x0}) bind$can_raw(r1, &(0x7f0000000480)={0x1d, r2}, 0x10) syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x41, 0x0, 0x94, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x8, 0x7, 0x8d}, {0x6, 0x24, 0x1a, 0xfffa, 0x10}}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x2, 0x3, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0x0, 0x5, 0xf6}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x7, 0x1}}}}}}}]}}, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='pmap_register\x00', r4, 0x0, 0x1}, 0x18) openat$fuse(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r5], 0x448}}, 0x0) sendmsg$can_bcm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0) sendmmsg$inet(r5, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@getchain={0x24, 0x11, 0x1, 0x0, 0x3, {0x0, 0x0, 0x0, r2, {0xe, 0xb5d54cde5c199d9f}}}, 0x24}}, 0x40044) 7m46.177624053s ago: executing program 2 (id=48): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8931, &(0x7f0000000040)={'macsec0\x00', @random="000000201600"}) (fail_nth: 1) 7m45.716010727s ago: executing program 2 (id=50): r0 = socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x88) mkdir(0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') splice(r0, 0x0, r0, 0x0, 0x0, 0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000280)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x2000, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0) memfd_create(0x0, 0x6) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6) write(r2, &(0x7f00000000c0)="4b0003000000", 0x6) 7m44.12630156s ago: executing program 2 (id=51): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x4) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x33) r1 = socket$inet6(0xa, 0x3, 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r3 = memfd_create(&(0x7f0000000500)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc00xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) mount$afs(0x0, 0x0, 0x0, 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r5) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, &(0x7f0000000040)={0x1, 0xff, 0x1f}) 7m11.895262634s ago: executing program 3 (id=122): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000a00)=ANY=[], 0x12c}, 0x1, 0x0, 0x0, 0x20000020}, 0x0) 7m11.7545927s ago: executing program 3 (id=123): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x161090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x21adc51, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x5) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x1e, r2, 0xfffffffffffffffe, r2, 0x0) capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000140)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x12) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00') r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000bc0)={0x2, 0x10, 0x9, 0x9, 0xc, 0x0, 0x70bd2d, 0x25dfdbfe, [@sadb_x_policy={0x8, 0x12, 0x4, 0x1, 0x0, 0x6e6bb6, 0x6, {0x6, 0x33, 0x7, 0x1, 0x0, 0xfffffff7, 0x0, @in=@multicast2, @in6=@local}}, @sadb_key={0x2, 0x8, 0x28, 0x0, "fad5321379"}]}, 0x60}}, 0x4) pread64(r3, &(0x7f0000000180)=""/15, 0xfffffe9c, 0xb6) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000080)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r3, 0xc02864c3, &(0x7f0000000100)={&(0x7f00000000c0)=[r5], 0xf47, 0x1}) 7m9.305084874s ago: executing program 3 (id=130): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000240)) r1 = syz_open_dev$video4linux(0x0, 0x5, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e65779f64650761756c742075685c723a73797a20303030303030303030303030305930303430393300"], 0x2a, 0x0) r5 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000380)={0x0, 0x80000}) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r1, 0xf504, 0x0) keyctl$read(0xb, r5, &(0x7f0000000240)=""/112, 0x349b7f55) ioctl$VIDIOC_QUERY_EXT_CTRL(r1, 0xc0e85667, &(0x7f0000000340)={0x40000000, 0x2, "5bfd7de7e674797165f1cf14bd84c7ad902af3b491355d630a28899b15e3576c", 0x0, 0xfffffffffffffffa, 0x2, 0x4, 0x3, 0x1ac, 0x1, 0x1ff, [0x1, 0x5, 0xf1, 0xc]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f00000002c0)={0x2, 0x0, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xfffffffffffffffd}, 0x0, 0x0) setsockopt$sock_int(r3, 0x1, 0x2e, &(0x7f0000000000)=0x4, 0x4) 7m7.435578819s ago: executing program 3 (id=133): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1], 0x12c}, 0x1, 0x0, 0x0, 0x20000020}, 0x0) 7m6.395199273s ago: executing program 33 (id=133): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1], 0x12c}, 0x1, 0x0, 0x0, 0x20000020}, 0x0) 2m7.908521074s ago: executing program 6 (id=1013): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xf01d}]}}]}, 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x20008844) 2m7.696380627s ago: executing program 6 (id=1016): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008a}, 0x0) syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) epoll_create1(0x80000) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_IOVA_RANGES(r1, 0x3b84, &(0x7f0000000100)={0x20, r2, 0x2, 0x0, &(0x7f0000000140)=[{}, {}]}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000180)={0x20, r2, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]}) ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000200)={0x28, 0x7, r2, 0x0, 0x0, 0x0, 0x1c}) ioctl$IOMMU_IOAS_UNMAP$ALL(r1, 0x3b86, &(0x7f0000000280)={0x18, r2}) ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f00000002c0)={0x28, 0x7, r2, 0x0, &(0x7f0000000300)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1c, 0x2}) ioctl$IOMMU_IOAS_UNMAP(r1, 0x3b86, &(0x7f0000000340)={0x18, r2, 0x2, 0x1c}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000380)={0x28, 0x7, r2, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000}) ioctl$IOMMU_IOAS_UNMAP$ALL(r1, 0x3b86, &(0x7f00000003c0)={0x18, r2}) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000400)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000440)={0x28, 0x7, r2, 0x0, &(0x7f0000000480)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1c, 0x2}) ioctl$IOMMU_IOAS_COPY(r1, 0x3b83, &(0x7f00000004c0)={0x28, 0x7, r3, r2, 0x1c, 0x3, 0x2}) ioctl$IOMMU_IOAS_UNMAP(r1, 0x3b86, &(0x7f0000000500)={0x18, r3, 0x3, 0x1c}) ioctl$IOMMU_DESTROY$ioas(r1, 0x3b80, &(0x7f0000000540)={0x8, r3}) ioctl$IOMMU_IOAS_UNMAP$ALL(r1, 0x3b86, &(0x7f0000000580)={0x18, r2}) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r1, 0x3b87, &(0x7f00000005c0)={0x18, 0x0, 0x1}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r1, 0x3b87, &(0x7f0000000600)={0x18, 0x1, 0x1, 0x0, r2}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000640)={0x20, r2, 0x0, 0x0, &(0x7f0000000680)}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f00000006c0)={0x48, 0x1, r2, 0x0, 0x1000, 0x2000}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r2}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r2, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1004000}) 2m6.592040352s ago: executing program 6 (id=1021): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan1\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = inotify_init1(0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}]}, 0x48}}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r6, 0x107, 0x16, 0x0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000440)={@local, @link_local, @val={@val={0x88a8, 0x4, 0x0, 0x1}, {0x8100, 0x7}}, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "98d2f5", 0x10, 0x21, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, {[], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "114f84", 0x0, "8e269c"}}}}}}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x47ba, 0xdcc1, 0x4a, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) splice(r4, &(0x7f00000001c0)=0x1, r4, &(0x7f0000000280)=0x1, 0x99, 0x5) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000018140100000000000300000008000100000000000800030001"], 0x20}, 0x1, 0xf00, 0x0, 0x40}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xd, 0x3, 0x0, &(0x7f0000000180)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2m4.95384154s ago: executing program 6 (id=1025): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000002400)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_RESTART_COUNT={0x5, 0x6, 0x8}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0x9}]}}}]}, 0x40}}, 0x0) 2m3.920925038s ago: executing program 6 (id=1030): socket$nl_xfrm(0x10, 0x3, 0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000940)={{0x6}, 'syz0\x00', 0x40}) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f00000001c0)={{@any, 0xffffffff}, @host, 0x0, 0xabc, 0x2449, 0x0, 0x51}) r3 = getpgrp(0xffffffffffffffff) ptrace(0x10, r3) mount$fuse(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000380), 0xa04000, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) syz_usb_connect$uac1(0x2, 0x0, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000000000", @ANYRES32=0x0, @ANYBLOB="0a043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) sysinfo(0x0) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffba, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0b00000005000000000400000900000001000000", @ANYRES32, @ANYBLOB="0000f0ff000000000800"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) 1m58.79328988s ago: executing program 6 (id=1049): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r0, 0x0, 0xb9b}, 0x18) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r2, 0x0, 0xb9b}, 0x18) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 1m43.72358492s ago: executing program 34 (id=1049): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r0, 0x0, 0xb9b}, 0x18) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_clnt_new\x00', r2, 0x0, 0xb9b}, 0x18) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 7.081920779s ago: executing program 1 (id=1777): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) r2 = syz_genetlink_get_family_id$nl80211(0x0, r0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r5, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r3], 0x3c}}, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f00000009c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000980)={&(0x7f00000007c0)={0xc4, r2, 0x100, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x917e, 0x76}}}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, @NL80211_PKTPAT_MASK={0x4}}]}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0xb}, @NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x80, 0x3, 0x0, 0x1, [{0x7c, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x75, 0x2, "ef401111730f2039f095ac7abc147c3dd9b3739d5936c8780379934e4899e69d490932ddeb3123650804060827634d2c4dd9a6653ce03a6b8ee00f744327f9bca76a9f25a97d69067f2ea3b272e403e88b75d428c012bc8e49ee23ca0d2937d41f794e2993dc57774391206a1964208228"}}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x40804}, 0x40000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_drr={0x8}, @TCA_RATE={0x6, 0x5, {0x9, 0x10}}]}, 0x34}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1900f5ffffffc6a8d1da10000000000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r7, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x3}, 0x20) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, &(0x7f00000000c0)=0x5) r8 = dup2(r6, r6) r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, r7, 0xa, '\x00', r1, 0xffffffffffffffff, 0x1, 0x3, 0x3, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x33, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x9}, [@exit, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @ldst={0x2, 0x1, 0x4, 0x6, 0xa, 0xfffffffffffffffc}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0x8}, @initr0={0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}]}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41100, 0x8, '\x00', r1, 0x0, r8, 0x8, &(0x7f0000000100)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x3, 0xda7c, 0x3, 0x10000}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000240)=[r7, r7, r9], &(0x7f0000000640)=[{0x1, 0x3, 0xd, 0x2}, {0x0, 0x5, 0xf, 0x6}, {0x5, 0x5, 0xa, 0x8}, {0x0, 0x2, 0x5, 0xb}, {0x1, 0x1, 0xb}, {0x5, 0x4, 0x2, 0x9}, {0x4, 0x4, 0xe, 0x6}], 0x10, 0x8, @void, @value}, 0x94) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x7c7, 0x1, 0x3, 0xd59f80, 0x4, 0x5, 0x800000b, 0x8, 0x5, 0x722, 0xe70, 0x7, 0x8, 0x38, 0x13, {0xffff945a, 0x1}, 0x3, 0xed}}) 6.588049927s ago: executing program 1 (id=1783): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) close(r0) 5.651965294s ago: executing program 1 (id=1787): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan1\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = inotify_init1(0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}]}, 0x48}}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000440)={@local, @link_local, @val={@val={0x88a8, 0x4, 0x0, 0x1}, {0x8100, 0x7}}, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "98d2f5", 0x10, 0x21, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, @mcast2, {[], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "114f84", 0x0, "8e269c"}}}}}}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x47ba, 0xdcc1, 0x4a, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) splice(r4, &(0x7f00000001c0)=0x1, r4, &(0x7f0000000280)=0x1, 0x99, 0x5) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[], 0x20}, 0x1, 0xf00, 0x0, 0x40}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xd, 0x3, 0x0, &(0x7f0000000180)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 4.730699355s ago: executing program 0 (id=1788): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000500)={0x24, &(0x7f0000000200)={0x40, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.635095356s ago: executing program 1 (id=1789): bind$netlink(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000340)) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300)) write$binfmt_aout(r1, &(0x7f0000000100)=ANY=[], 0xfce1) 3.400967945s ago: executing program 1 (id=1795): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r1, 0x541c, &(0x7f0000000240)) r2 = syz_open_dev$video4linux(0x0, 0x5, 0x40000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e65779f64650761756c742075685c723a73797a20303030303030303030303030305930303430393300"], 0x2a, 0x0) r6 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000380)={0x0, 0x80000}) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r2, 0xf504, 0x0) keyctl$read(0xb, r6, &(0x7f0000000240)=""/112, 0x349b7f55) ioctl$VIDIOC_QUERY_EXT_CTRL(r2, 0xc0e85667, &(0x7f0000000340)={0x40000000, 0x2, "5bfd7de7e674797165f1cf14bd84c7ad902af3b491355d630a28899b15e3576c", 0x0, 0xfffffffffffffffa, 0x2, 0x4, 0x3, 0x1ac, 0x1, 0x1ff, [0x1, 0x5, 0xf1, 0xc]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f00000002c0)={0x2, 0x0, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xfffffffffffffffd}, 0x0, 0x0) setsockopt$sock_int(r4, 0x1, 0x2e, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x86783, 0x0) 1.960168177s ago: executing program 7 (id=1799): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000008005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x2000000}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}], {0x14}}, 0x64}}, 0x0) 1.94904394s ago: executing program 1 (id=1800): r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)={0x20, 0x3, 0x2, "b23b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000900)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={0x20, 0x82, 0x2, 'kH'}, 0x0, 0x0, 0x0}) 1.88472157s ago: executing program 7 (id=1801): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x0, 0x0}, 0x8) r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=r0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1c, 0x0, 0x0, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r0, r1, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x87ffd, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_io_uring_setup(0x55de, &(0x7f0000000000)={0x0, 0x0, 0x40}, &(0x7f00000001c0), &(0x7f00000000c0)) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fsetxattr(r2, &(0x7f0000000080)=@known='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) fanotify_init(0x10, 0x20000) ioctl$TIOCL_GETSHIFTSTATE(r2, 0x541c, &(0x7f0000000480)={0x6, 0x4}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000080)={'team_slave_0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x26}}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x2c, 0x9, 0x6, 0x5, 0xa, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}}, 0x0) 1.79204981s ago: executing program 7 (id=1802): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000300)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000280)={0x0, 0x7}, 0x8) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='\x00', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x79, &(0x7f0000000280)=ANY=[], 0x8) 1.791857843s ago: executing program 7 (id=1803): r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000340), 0xf2, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000000c0)={r0, r0, r0}, 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={'sha224-generic\x00'}}) 1.744156635s ago: executing program 7 (id=1804): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)={0x58, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x2c, 0xc, 0x0, 0x1, [{0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}]}, {0x4}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd79f}]}]}]}, 0x58}}, 0x0) 1.710934528s ago: executing program 7 (id=1805): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_connect$printer(0x4, 0x0, 0x0, 0x0) 1.396019504s ago: executing program 0 (id=1810): socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) socket$key(0xf, 0x3, 0x2) socket(0x2a, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) syz_io_uring_setup(0x24fd, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000200), 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x29, 0x6a, 0x0, 0x1000000, 0x2c, @private2, @mcast2, 0x7800, 0x80, 0x0, 0x270}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[@ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_MADVISE={0x19, 0x48, 0x0, 0x0, 0x0, &(0x7f0000903000/0x2000)=nil, 0x2000, 0x15, 0x1}) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.353533505s ago: executing program 0 (id=1812): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x5f, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) syz_open_procfs(0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x10}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.32130079s ago: executing program 4 (id=1814): r0 = socket$inet(0x2, 0x3, 0x5) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000000)="0a0000000100", 0x6) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0) ioctl$HCIINQUIRY(r2, 0x400448ca, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, 0x0) 1.231794419s ago: executing program 4 (id=1815): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000008005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x2000000}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}], {0x14}}, 0x64}}, 0x0) 1.183331004s ago: executing program 0 (id=1816): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast}) close(r0) 1.172912095s ago: executing program 4 (id=1817): bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) socket$can_j1939(0x1d, 0x2, 0x7) socket$inet6(0x10, 0x80000, 0x0) socket$inet_sctp(0x2, 0x400000000001, 0x84) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 1.016954011s ago: executing program 0 (id=1818): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f00)={0x14, r1, 0x1, 0x0, 0xfffffffe}, 0x14}, 0x1, 0x0, 0x0, 0x48008}, 0x20044000) 666.719321ms ago: executing program 0 (id=1820): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000040)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000011"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000500)={0x24, &(0x7f0000000200)={0x40, 0xa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 400.152329ms ago: executing program 5 (id=1825): r0 = socket$inet(0x2, 0x3, 0x5) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r1, &(0x7f0000000000)="0a000000010001", 0x7) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) set_mempolicy(0x6, 0x0, 0xe0) ioctl$HCIINQUIRY(r2, 0x400448ca, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, 0x0) 399.834303ms ago: executing program 5 (id=1826): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0) epoll_create(0x207ffd) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x3, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0]}}, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="2c000000000000000000000000e5ffff9400000000000000"], &(0x7f0000000000)='syzkaller\x00', 0xee7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) r7 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0x0, &(0x7f0000000800)=0x0) socket$key(0xf, 0x3, 0x2) socket(0x2a, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) syz_io_uring_setup(0x24fd, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000200), 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f0000000180)={'ip6_vti0\x00', 0x0, 0x29, 0x6a, 0x0, 0x1000000, 0x2c, @private2, @mcast2, 0x7800, 0x80, 0x0, 0x270}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MADVISE={0x19, 0x48, 0x0, 0x0, 0x0, &(0x7f0000903000/0x2000)=nil, 0x2000, 0x15, 0x1}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): 266.913630][ T5866] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 266.925713][ T5866] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 266.935897][ T5866] usb 6-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 266.945185][ T5866] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.955094][ T5866] usb 6-1: config 0 descriptor?? [ 266.960226][ T5907] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 267.277479][ T5906] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 267.300085][ T5907] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 267.312416][ T5907] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 267.323061][ T5907] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 267.333606][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.345764][ T7977] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 267.362332][ T5907] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 267.381282][ T5866] bigben 0003:146B:0902.0004: unexpected rdesc, please submit for review [ 267.431386][ T5866] bigben 0003:146B:0902.0004: item fetching failed at offset 3/5 [ 267.481756][ T5906] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 267.537419][ T5866] bigben 0003:146B:0902.0004: parse failed [ 267.638517][ T5906] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 267.702020][ T5866] bigben 0003:146B:0902.0004: probe with driver bigben failed with error -22 [ 267.825888][ T5906] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 267.836573][ T7975] netlink: 'syz.5.552': attribute type 3 has an invalid length. [ 268.167542][ T7975] netlink: 'syz.5.552': attribute type 3 has an invalid length. [ 268.221784][ T7986] bridge_slave_0: left allmulticast mode [ 268.248821][ T7986] bridge_slave_0: left promiscuous mode [ 268.251329][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.266831][ T7981] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 268.276903][ T5906] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 268.315026][ T7986] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.628130][ T7986] bridge_slave_1: left allmulticast mode [ 268.628733][ T974] usb 7-1: cp210x converter now attached to ttyUSB0 [ 268.678290][ T7986] bridge_slave_1: left promiscuous mode [ 268.700950][ T7986] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.955939][ T974] usb 7-1: USB disconnect, device number 4 [ 269.046312][ T7986] bond0: (slave bond_slave_0): Releasing backup interface [ 269.168450][ T974] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 269.235431][ T974] cp210x 7-1:0.0: device disconnected [ 269.238105][ T7986] bond0: (slave bond_slave_1): Releasing backup interface [ 269.461842][ T7986] team0: Port device team_slave_0 removed [ 269.493337][ T7986] team0: Port device team_slave_1 removed [ 269.509000][ T7986] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 269.535163][ T5906] usb 2-1: USB disconnect, device number 10 [ 269.612489][ T7986] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 269.630404][ T7993] kvm: emulating exchange as write [ 269.665941][ T5907] usb 6-1: USB disconnect, device number 11 [ 269.682614][ T5866] usb 1-1: USB disconnect, device number 13 [ 270.007106][ T8007] bridge0: port 3(vlan2) entered blocking state [ 270.013782][ T8007] bridge0: port 3(vlan2) entered disabled state [ 270.021756][ T8007] vlan2: entered allmulticast mode [ 270.065083][ T8007] vlan2: left allmulticast mode [ 271.662818][ T8021] FAULT_INJECTION: forcing a failure. [ 271.662818][ T8021] name failslab, interval 1, probability 0, space 0, times 0 [ 271.676020][ T8021] CPU: 1 UID: 0 PID: 8021 Comm: syz.4.563 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 271.686284][ T8021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 271.696357][ T8021] Call Trace: [ 271.699646][ T8021] [ 271.702588][ T8021] dump_stack_lvl+0x241/0x360 [ 271.707287][ T8021] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.712496][ T8021] ? __pfx__printk+0x10/0x10 [ 271.717104][ T8021] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 271.723101][ T8021] should_fail_ex+0x3b0/0x4e0 [ 271.727796][ T8021] should_failslab+0xac/0x100 [ 271.732487][ T8021] __kmalloc_cache_noprof+0x70/0x390 [ 271.737781][ T8021] ? tipc_conn_alloc+0x58/0x4a0 [ 271.742652][ T8021] tipc_conn_alloc+0x58/0x4a0 [ 271.747345][ T8021] tipc_topsrv_kern_subscr+0x19a/0x3b0 [ 271.752819][ T8021] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 271.758822][ T8021] ? tipc_own_addr+0x45/0x2a0 [ 271.763517][ T8021] tipc_group_create+0x368/0x500 [ 271.768476][ T8021] tipc_sk_join+0x211/0x8a0 [ 271.772989][ T8021] ? __local_bh_enable_ip+0x168/0x200 [ 271.778377][ T8021] ? lockdep_hardirqs_on+0x99/0x150 [ 271.783601][ T8021] ? __pfx_tipc_sk_join+0x10/0x10 [ 271.788647][ T8021] tipc_setsockopt+0x831/0xc00 [ 271.793432][ T8021] ? __pfx_tipc_setsockopt+0x10/0x10 [ 271.798745][ T8021] ? rcu_read_unlock_special+0x497/0x570 [ 271.804391][ T8021] ? __pfx_lock_acquire+0x10/0x10 [ 271.809427][ T8021] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 271.815421][ T8021] ? __pfx_tipc_setsockopt+0x10/0x10 [ 271.820718][ T8021] do_sock_setsockopt+0x3af/0x720 [ 271.825765][ T8021] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 271.831325][ T8021] ? __rcu_read_unlock+0xa1/0x110 [ 271.836368][ T8021] ? __fget_files+0x395/0x410 [ 271.841057][ T8021] ? __fget_files+0x2a/0x410 [ 271.845663][ T8021] __x64_sys_setsockopt+0x1ee/0x280 [ 271.850885][ T8021] do_syscall_64+0xf3/0x230 [ 271.855413][ T8021] ? clear_bhb_loop+0x35/0x90 [ 271.860108][ T8021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.866012][ T8021] RIP: 0033:0x7f06c0785d29 [ 271.870440][ T8021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 271.890060][ T8021] RSP: 002b:00007f06c1637038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 271.898490][ T8021] RAX: ffffffffffffffda RBX: 00007f06c0976160 RCX: 00007f06c0785d29 [ 271.906469][ T8021] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000005 [ 271.914449][ T8021] RBP: 00007f06c1637090 R08: 0000000000000010 R09: 0000000000000000 [ 271.922430][ T8021] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001 [ 271.930411][ T8021] R13: 0000000000000000 R14: 00007f06c0976160 R15: 00007ffc08f0d928 [ 271.938407][ T8021] [ 272.653289][ T8034] kvm: apic: phys broadcast and lowest prio [ 273.625781][ T8] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 273.666608][ T8043] trusted_key: encrypted_key: insufficient parameters specified [ 274.726553][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 275.310308][ T8] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 251, using maximum allowed: 30 [ 275.333997][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 275.345037][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 275.360855][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 251 [ 275.384473][ T8] usb 5-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 275.412027][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.467317][ T8] usb 5-1: config 0 descriptor?? [ 275.498488][ T8] usb 5-1: can't set config #0, error -71 [ 275.553011][ T8] usb 5-1: USB disconnect, device number 11 [ 275.704283][ T8049] bridge0: port 1(vlan2) entered blocking state [ 275.710982][ T8049] bridge0: port 1(vlan2) entered disabled state [ 275.717958][ T8049] vlan2: entered allmulticast mode [ 275.759497][ T8049] vlan2: left allmulticast mode [ 276.082294][ T8056] delete_channel: no stack [ 279.175576][ T5866] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 280.376273][ T5866] usb 7-1: Using ep0 maxpacket: 32 [ 280.391256][ T5866] usb 7-1: config 0 has an invalid interface number: 67 but max is 0 [ 280.401399][ T5866] usb 7-1: config 0 has no interface number 0 [ 280.419103][ T5866] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 280.429608][ T5866] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.445002][ T8085] trusted_key: encrypted_key: insufficient parameters specified [ 280.464829][ T5866] usb 7-1: Product: syz [ 280.469562][ T5866] usb 7-1: Manufacturer: syz [ 280.474974][ T5866] usb 7-1: SerialNumber: syz [ 281.020451][ T5866] usb 7-1: config 0 descriptor?? [ 281.095848][ T5866] smsc95xx v2.0.0 [ 281.119890][ T8089] FAULT_INJECTION: forcing a failure. [ 281.119890][ T8089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 281.170510][ T8089] CPU: 0 UID: 0 PID: 8089 Comm: syz.1.585 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 281.180810][ T8089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 281.190900][ T8089] Call Trace: [ 281.194210][ T8089] [ 281.197159][ T8089] dump_stack_lvl+0x241/0x360 [ 281.201869][ T8089] ? __pfx_dump_stack_lvl+0x10/0x10 [ 281.207095][ T8089] ? __pfx__printk+0x10/0x10 [ 281.211719][ T8089] ? snprintf+0xda/0x120 [ 281.215982][ T8089] should_fail_ex+0x3b0/0x4e0 [ 281.220691][ T8089] _copy_to_user+0x31/0xb0 [ 281.225142][ T8089] simple_read_from_buffer+0xca/0x150 [ 281.230559][ T8089] proc_fail_nth_read+0x1e9/0x250 [ 281.235622][ T8089] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 281.241209][ T8089] ? rw_verify_area+0x55e/0x6f0 [ 281.246086][ T8089] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 281.251655][ T8089] vfs_read+0x1fc/0xb70 [ 281.255841][ T8089] ? __pfx___mutex_lock+0x10/0x10 [ 281.260893][ T8089] ? __pfx_vfs_read+0x10/0x10 [ 281.265604][ T8089] ? __asan_memset+0x23/0x50 [ 281.270232][ T8089] ? __fget_files+0x2a/0x410 [ 281.274852][ T8089] ? __fget_files+0x395/0x410 [ 281.279555][ T8089] ? __fget_files+0x2a/0x410 [ 281.284179][ T8089] ksys_read+0x18f/0x2b0 [ 281.284744][ T8097] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 281.288431][ T8089] ? __pfx_ksys_read+0x10/0x10 [ 281.288477][ T8089] ? do_syscall_64+0x100/0x230 [ 281.288501][ T8089] ? do_syscall_64+0xb6/0x230 [ 281.288522][ T8089] do_syscall_64+0xf3/0x230 [ 281.288541][ T8089] ? clear_bhb_loop+0x35/0x90 [ 281.288567][ T8089] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.324555][ T8089] RIP: 0033:0x7f903578473c [ 281.328990][ T8089] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 281.348602][ T8089] RSP: 002b:00007f90335f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 281.357018][ T8089] RAX: ffffffffffffffda RBX: 00007f9035975fa0 RCX: 00007f903578473c [ 281.364989][ T8089] RDX: 000000000000000f RSI: 00007f90335f60a0 RDI: 0000000000000003 [ 281.372960][ T8089] RBP: 00007f90335f6090 R08: 0000000000000000 R09: 0000000000000000 [ 281.380931][ T8089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 281.388903][ T8089] R13: 0000000000000000 R14: 00007f9035975fa0 R15: 00007ffe809c8bf8 [ 281.396890][ T8089] [ 281.481810][ T29] audit: type=1326 audit(1737422660.091:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8070 comm="syz.6.581" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9f1f185d29 code=0x0 [ 281.778644][ T8108] fuse: Unknown parameter '0xffffffffffffffff' [ 281.788890][ T8108] netlink: 'syz.0.590': attribute type 27 has an invalid length. [ 282.326910][ T8109] netlink: 4 bytes leftover after parsing attributes in process `syz.5.591'. [ 284.303890][ T8128] trusted_key: encrypted_key: insufficient parameters specified [ 284.346493][ T5866] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 284.359405][ T5866] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 284.372935][ T5866] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 284.453810][ T8136] bridge0: port 1(vlan2) entered blocking state [ 284.460370][ T8136] bridge0: port 1(vlan2) entered disabled state [ 284.467218][ T8136] vlan2: entered allmulticast mode [ 284.579214][ T8136] vlan2: left allmulticast mode [ 284.883145][ T5866] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71 [ 284.894406][ T5866] usb 7-1: USB disconnect, device number 5 [ 285.685093][ T8143] bridge0: port 1(vlan2) entered blocking state [ 285.691552][ T8143] bridge0: port 1(vlan2) entered disabled state [ 285.697978][ T8143] vlan2: entered allmulticast mode [ 285.708017][ T8143] vlan2: left allmulticast mode [ 288.347995][ T8168] bridge0: port 1(vlan2) entered blocking state [ 288.356330][ T8168] bridge0: port 1(vlan2) entered disabled state [ 288.362788][ T8168] vlan2: entered allmulticast mode [ 288.397134][ T8168] vlan2: left allmulticast mode [ 288.777930][ T5906] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 289.613844][ T8177] bridge0: port 1(vlan2) entered blocking state [ 289.620281][ T8177] bridge0: port 1(vlan2) entered disabled state [ 289.626767][ T8177] vlan2: entered allmulticast mode [ 289.692454][ T8177] vlan2: left allmulticast mode [ 289.937505][ T5906] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 289.956131][ T5906] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 289.966492][ T5906] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 289.986270][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.018681][ T8188] netlink: 'syz.5.614': attribute type 19 has an invalid length. [ 290.041970][ T8188] netlink: 'syz.5.614': attribute type 19 has an invalid length. [ 290.084890][ T8170] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 290.165570][ T5906] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 290.252032][ T8191] FAULT_INJECTION: forcing a failure. [ 290.252032][ T8191] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 290.265449][ T8191] CPU: 1 UID: 0 PID: 8191 Comm: syz.4.615 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 290.275711][ T8191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 290.285787][ T8191] Call Trace: [ 290.289073][ T8191] [ 290.292022][ T8191] dump_stack_lvl+0x241/0x360 [ 290.296722][ T8191] ? __pfx_dump_stack_lvl+0x10/0x10 [ 290.301933][ T8191] ? __pfx__printk+0x10/0x10 [ 290.306540][ T8191] ? __pfx_lock_release+0x10/0x10 [ 290.311595][ T8191] should_fail_ex+0x3b0/0x4e0 [ 290.316292][ T8191] _copy_from_user+0x2d/0xb0 [ 290.320914][ T8191] vt_ioctl+0xb81/0x2090 [ 290.325168][ T8191] ? vt_ioctl+0x131/0x2090 [ 290.329596][ T8191] ? __pfx_vt_ioctl+0x10/0x10 [ 290.334282][ T8191] ? __asan_memset+0x23/0x50 [ 290.338885][ T8191] ? smack_file_ioctl+0x29e/0x3a0 [ 290.343939][ T8191] ? tty_jobctrl_ioctl+0x36e/0xba0 [ 290.349062][ T8191] ? security_file_ioctl+0x18/0x2a0 [ 290.354278][ T8191] tty_ioctl+0x90f/0xdc0 [ 290.358538][ T8191] ? __pfx_tty_ioctl+0x10/0x10 [ 290.363314][ T8191] __se_sys_ioctl+0xf5/0x170 [ 290.367923][ T8191] do_syscall_64+0xf3/0x230 [ 290.372444][ T8191] ? clear_bhb_loop+0x35/0x90 [ 290.377139][ T8191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.383045][ T8191] RIP: 0033:0x7f06c0785d29 [ 290.387467][ T8191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.407086][ T8191] RSP: 002b:00007f06c1637038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 290.415516][ T8191] RAX: ffffffffffffffda RBX: 00007f06c0976160 RCX: 00007f06c0785d29 [ 290.423497][ T8191] RDX: 0000000020000000 RSI: 0000000000004b72 RDI: 0000000000000005 [ 290.431475][ T8191] RBP: 00007f06c1637090 R08: 0000000000000000 R09: 0000000000000000 [ 290.439452][ T8191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 290.447428][ T8191] R13: 0000000000000000 R14: 00007f06c0976160 R15: 00007ffc08f0d928 [ 290.455425][ T8191] [ 291.353895][ T974] usb 2-1: USB disconnect, device number 11 [ 293.551559][ T8216] netlink: 12 bytes leftover after parsing attributes in process `syz.0.623'. [ 293.830097][ T8216] syz.0.623: attempt to access beyond end of device [ 293.830097][ T8216] loop0: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 293.905906][ T8223] trusted_key: encrypted_key: insufficient parameters specified [ 294.140548][ T8216] hfsplus: unable to find HFS+ superblock [ 294.498466][ T5929] Bluetooth: hci5: Frame reassembly failed (-84) [ 294.507481][ T8226] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 296.526306][ T5832] Bluetooth: hci5: command 0x1003 tx timeout [ 296.536163][ T5823] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 297.585012][ T8253] bridge0: port 3(vlan2) entered blocking state [ 297.620826][ T8253] bridge0: port 3(vlan2) entered disabled state [ 298.050622][ T8253] vlan2: entered allmulticast mode [ 298.164383][ T8253] vlan2: left allmulticast mode [ 298.457433][ T8259] trusted_key: encrypted_key: insufficient parameters specified [ 298.851302][ T8266] afs: Unknown parameter 'dyn' [ 298.873092][ T8266] afs: Unknown parameter ' SNqeIo}&4zKz"Ҵ0] &r/p-+L:H7 `GYx5+}BQ1浐".f!g/PÏz Wcy' [ 300.420478][ T8275] fuse: Unknown parameter '0x0000000000000003' [ 300.455934][ T8275] netlink: 'syz.6.639': attribute type 27 has an invalid length. [ 300.607876][ T8278] bridge0: port 3(vlan2) entered blocking state [ 300.614611][ T8278] bridge0: port 3(vlan2) entered disabled state [ 300.636376][ T8278] vlan2: entered allmulticast mode [ 300.687437][ T8278] vlan2: left allmulticast mode [ 301.266136][ T974] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 301.387156][ T8291] netlink: 4 bytes leftover after parsing attributes in process `syz.5.644'. [ 301.396421][ T8291] netlink: 8 bytes leftover after parsing attributes in process `syz.5.644'. [ 301.456133][ T974] usb 2-1: Using ep0 maxpacket: 8 [ 301.462946][ T974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.475004][ T974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 301.489841][ T974] usb 2-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 301.499333][ T974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.557190][ T974] usb 2-1: config 0 descriptor?? [ 301.877250][ T8307] trusted_key: encrypted_key: insufficient parameters specified [ 302.735750][ T974] logitech 0003:046D:C24F.0005: unknown main item tag 0x0 [ 302.743768][ T974] logitech 0003:046D:C24F.0005: unknown main item tag 0x0 [ 302.751630][ T974] logitech 0003:046D:C24F.0005: unknown main item tag 0x0 [ 302.761242][ T974] logitech 0003:046D:C24F.0005: unknown main item tag 0x0 [ 302.910158][ T974] logitech 0003:046D:C24F.0005: unknown main item tag 0x0 [ 303.299319][ T974] logitech 0003:046D:C24F.0005: hidraw0: USB HID v0.00 Device [HID 046d:c24f] on usb-dummy_hcd.1-1/input0 [ 303.330181][ T974] logitech 0003:046D:C24F.0005: no inputs found [ 303.344837][ T974] usb 2-1: USB disconnect, device number 12 [ 304.812446][ T8328] bridge0: port 3(vlan2) entered blocking state [ 304.819138][ T8328] bridge0: port 3(vlan2) entered disabled state [ 304.826899][ T8328] vlan2: entered allmulticast mode [ 304.899791][ T8328] vlan2: left allmulticast mode [ 305.181009][ T8313] netlink: 'syz.0.650': attribute type 30 has an invalid length. [ 306.359617][ T8340] netlink: 'syz.4.657': attribute type 27 has an invalid length. [ 306.827070][ T8348] bridge0: port 1(vlan2) entered blocking state [ 306.833780][ T8348] bridge0: port 1(vlan2) entered disabled state [ 306.841549][ T8348] vlan2: entered allmulticast mode [ 306.932984][ T8348] vlan2: left allmulticast mode [ 307.588894][ T8365] bridge0: port 3(vlan2) entered blocking state [ 307.595580][ T8365] bridge0: port 3(vlan2) entered disabled state [ 307.603426][ T8365] vlan2: entered allmulticast mode [ 307.964149][ T8365] vlan2: left allmulticast mode [ 307.994441][ T5906] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 308.336142][ T5906] usb 7-1: Using ep0 maxpacket: 8 [ 308.347921][ T5906] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 308.366247][ T5906] usb 7-1: config 179 has no interface number 0 [ 308.386179][ T5906] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 308.421017][ T5906] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 308.451856][ T5906] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 308.480881][ T5906] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 308.506283][ T5906] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 308.521236][ T8376] evm: overlay not supported [ 308.532381][ T5906] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 309.690750][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.716584][ T8377] netlink: 'syz.5.671': attribute type 30 has an invalid length. [ 309.887307][ T8355] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 310.164068][ T8388] netlink: 20 bytes leftover after parsing attributes in process `syz.5.674'. [ 310.270278][ T29] audit: type=1326 audit(1737422688.911:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8354 comm="syz.6.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f1f185d29 code=0x7fc00000 [ 310.302863][ T974] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 310.341580][ T8395] FAULT_INJECTION: forcing a failure. [ 310.341580][ T8395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.362210][ T8395] CPU: 0 UID: 0 PID: 8395 Comm: syz.5.677 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 310.372496][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 310.382568][ T8395] Call Trace: [ 310.385863][ T8395] [ 310.388813][ T8395] dump_stack_lvl+0x241/0x360 [ 310.393529][ T8395] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.398749][ T8395] ? __pfx__printk+0x10/0x10 [ 310.403370][ T8395] ? __pfx_lock_release+0x10/0x10 [ 310.408429][ T8395] should_fail_ex+0x3b0/0x4e0 [ 310.413133][ T8395] _copy_from_user+0x2d/0xb0 [ 310.417878][ T8395] copy_msghdr_from_user+0xae/0x680 [ 310.423101][ T8395] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 310.428928][ T8395] ? __fget_files+0x2a/0x410 [ 310.433535][ T8395] ? __fget_files+0x2a/0x410 [ 310.438153][ T8395] __sys_sendmsg+0x209/0x350 [ 310.442760][ T8395] ? __pfx_lock_release+0x10/0x10 [ 310.447816][ T8395] ? __pfx___sys_sendmsg+0x10/0x10 [ 310.452969][ T8395] ? __pfx_vfs_write+0x10/0x10 [ 310.457774][ T8395] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 310.464111][ T8395] ? do_syscall_64+0x100/0x230 [ 310.468895][ T8395] ? do_syscall_64+0xb6/0x230 [ 310.473584][ T8395] do_syscall_64+0xf3/0x230 [ 310.478113][ T8395] ? clear_bhb_loop+0x35/0x90 [ 310.482822][ T8395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.488750][ T8395] RIP: 0033:0x7f8ff8985d29 [ 310.493176][ T8395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.512807][ T8395] RSP: 002b:00007f8ff976d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 310.521245][ T8395] RAX: ffffffffffffffda RBX: 00007f8ff8b75fa0 RCX: 00007f8ff8985d29 [ 310.529242][ T8395] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 310.537236][ T8395] RBP: 00007f8ff976d090 R08: 0000000000000000 R09: 0000000000000000 [ 310.545237][ T8395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.553223][ T8395] R13: 0000000000000000 R14: 00007f8ff8b75fa0 R15: 00007ffcccf96d28 [ 310.561231][ T8395] [ 310.569816][ T5906] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 310.656050][ T974] usb 1-1: config 0 has no interfaces? [ 310.657402][ T8399] bridge0: port 3(vlan2) entered blocking state [ 310.668634][ T8399] bridge0: port 3(vlan2) entered disabled state [ 310.676722][ T8399] vlan2: entered allmulticast mode [ 310.711223][ T974] usb 1-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice=e5.83 [ 310.732922][ T8399] vlan2: left allmulticast mode [ 310.733898][ T974] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.770773][ T974] usb 1-1: Product: syz [ 310.779432][ T974] usb 1-1: Manufacturer: syz [ 310.784620][ T974] usb 1-1: SerialNumber: syz [ 310.793388][ T974] usb 1-1: config 0 descriptor?? [ 311.327541][ T29] audit: type=1326 audit(1737422689.971:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8354 comm="syz.6.662" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f9f1f185d29 code=0x7fc00000 [ 311.407683][ T8] usb 7-1: USB disconnect, device number 6 [ 311.407733][ C1] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 311.426081][ C1] dummy_hcd dummy_hcd.6: timer fired with no URBs pending? [ 311.511044][ T5906] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 311.522313][ T5906] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 311.532261][ T5906] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 311.541395][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.552976][ T8396] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 311.591084][ T5906] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 311.658186][ T8408] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 313.327947][ T5866] usb 1-1: USB disconnect, device number 14 [ 313.362378][ T5906] usb 5-1: USB disconnect, device number 12 [ 313.542200][ T8427] bridge0: port 3(vlan2) entered blocking state [ 313.548914][ T8427] bridge0: port 3(vlan2) entered disabled state [ 313.556586][ T8427] vlan2: entered allmulticast mode [ 313.910909][ T8427] vlan2: left allmulticast mode [ 314.209387][ T29] audit: type=1326 audit(1737422692.851:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8413 comm="syz.1.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035785d29 code=0x7fc00000 [ 315.204283][ T8433] bridge0: port 3(vlan2) entered blocking state [ 315.210655][ T8433] bridge0: port 3(vlan2) entered disabled state [ 315.217069][ T8433] vlan2: entered allmulticast mode [ 315.330130][ T8433] vlan2: left allmulticast mode [ 315.674650][ T8438] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 315.694220][ T8438] VFS: Can't find a romfs filesystem on dev nullb0. [ 315.694220][ T8438] [ 315.718495][ T29] audit: type=1326 audit(1737422692.851:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8413 comm="syz.1.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9035785d29 code=0x7fc00000 [ 315.812423][ T29] audit: type=1326 audit(1737422692.851:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8413 comm="syz.1.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035785d29 code=0x7fc00000 [ 315.834987][ T29] audit: type=1326 audit(1737422692.851:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8413 comm="syz.1.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035785d29 code=0x7fc00000 [ 315.868252][ T8438] Process accounting resumed [ 316.000464][ T29] audit: type=1326 audit(1737422692.851:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8413 comm="syz.1.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9035785d29 code=0x7fc00000 [ 316.202345][ T8450] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 316.209158][ T8450] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 316.245836][ T8454] bridge0: port 3(vlan2) entered blocking state [ 316.245972][ T8450] vhci_hcd vhci_hcd.0: Device attached [ 316.252352][ T8454] bridge0: port 3(vlan2) entered disabled state [ 316.252606][ T8454] vlan2: entered allmulticast mode [ 316.279454][ T8454] vlan2: left allmulticast mode [ 316.415916][ T8] vhci_hcd: vhci_device speed not set [ 316.539499][ T8] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 316.661603][ T8450] netlink: 'syz.5.693': attribute type 1 has an invalid length. [ 316.746191][ T8450] netlink: 122408 bytes leftover after parsing attributes in process `syz.5.693'. [ 317.592414][ T8466] bridge0: port 3(vlan2) entered blocking state [ 317.598861][ T8466] bridge0: port 3(vlan2) entered disabled state [ 317.605288][ T8466] vlan2: entered allmulticast mode [ 317.627347][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.634161][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.046892][ T8466] vlan2: left allmulticast mode [ 318.250232][ T8452] vhci_hcd: connection reset by peer [ 318.305295][ T5929] vhci_hcd: stop threads [ 318.318684][ T5929] vhci_hcd: release socket [ 318.338185][ T8475] netlink: 12 bytes leftover after parsing attributes in process `syz.0.699'. [ 318.347108][ T5929] vhci_hcd: disconnect device [ 318.788843][ T974] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 319.600139][ T974] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 319.773378][ T974] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 319.876608][ T8491] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 319.909661][ T974] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 319.924938][ T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.366479][ T8477] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 320.389435][ T974] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 321.108178][ T8502] o2cb: This node has not been configured. [ 321.300169][ T8502] o2cb: Cluster check failed. Fix errors before retrying. [ 321.548676][ T8502] (syz.5.706,8502,0):user_dlm_register:674 ERROR: status = -22 [ 321.614004][ T8502] (syz.5.706,8502,0):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "bus" [ 321.746479][ T8] vhci_hcd: vhci_device speed not set [ 323.076458][ T5906] usb 5-1: USB disconnect, device number 13 [ 323.142012][ T8513] netlink: 4 bytes leftover after parsing attributes in process `syz.1.710'. [ 323.488469][ T8525] fuse: Unknown parameter '0xffffffffffffffff' [ 323.576092][ T8529] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 324.296115][ T974] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 324.337191][ T8520] netlink: 'syz.6.712': attribute type 27 has an invalid length. [ 324.538131][ T974] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 324.655753][ T8538] FAULT_INJECTION: forcing a failure. [ 324.655753][ T8538] name failslab, interval 1, probability 0, space 0, times 0 [ 324.715787][ T8538] CPU: 1 UID: 0 PID: 8538 Comm: syz.4.717 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 324.718607][ T974] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 324.726064][ T8538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 324.726095][ T8538] Call Trace: [ 324.726105][ T8538] [ 324.726113][ T8538] dump_stack_lvl+0x241/0x360 [ 324.726144][ T8538] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.738225][ T974] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 324.745973][ T8538] ? __pfx__printk+0x10/0x10 [ 324.749764][ T974] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.752169][ T8538] ? fs_reclaim_acquire+0x93/0x130 [ 324.752199][ T8538] ? __pfx___might_resched+0x10/0x10 [ 324.752220][ T8538] should_fail_ex+0x3b0/0x4e0 [ 324.752245][ T8538] should_failslab+0xac/0x100 [ 324.752264][ T8538] __kmalloc_noprof+0xdd/0x4c0 [ 324.752282][ T8538] ? tomoyo_encode+0x26f/0x540 [ 324.752302][ T8538] tomoyo_encode+0x26f/0x540 [ 324.752324][ T8538] tomoyo_realpath_from_path+0x59e/0x5e0 [ 324.752353][ T8538] tomoyo_path_number_perm+0x236/0x860 [ 324.752375][ T8538] ? __lock_acquire+0x1397/0x2100 [ 324.779985][ T8526] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 324.783760][ T8538] ? tomoyo_path_number_perm+0x206/0x860 [ 324.801603][ T974] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 324.803454][ T8538] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 324.859410][ T8538] ? __fget_files+0x2a/0x410 [ 324.864037][ T8538] ? __fget_files+0x2a/0x410 [ 324.868654][ T8538] security_file_ioctl+0xc6/0x2a0 [ 324.873707][ T8538] __se_sys_ioctl+0x46/0x170 [ 324.878331][ T8538] do_syscall_64+0xf3/0x230 [ 324.882865][ T8538] ? clear_bhb_loop+0x35/0x90 [ 324.887569][ T8538] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.893486][ T8538] RIP: 0033:0x7f06c0785d29 [ 324.897916][ T8538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 324.917546][ T8538] RSP: 002b:00007f06c1679038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 324.925988][ T8538] RAX: ffffffffffffffda RBX: 00007f06c0975fa0 RCX: 00007f06c0785d29 [ 324.933973][ T8538] RDX: 0000000020000600 RSI: 00000000c0205648 RDI: 0000000000000003 [ 324.941953][ T8538] RBP: 00007f06c1679090 R08: 0000000000000000 R09: 0000000000000000 [ 324.949948][ T8538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 324.957942][ T8538] R13: 0000000000000000 R14: 00007f06c0975fa0 R15: 00007ffc08f0d928 [ 324.965953][ T8538] [ 324.984366][ T8524] trusted_key: encrypted_key: insufficient parameters specified [ 325.023360][ T8538] ERROR: Out of memory at tomoyo_realpath_from_path. [ 325.366821][ T974] usb 1-1: USB disconnect, device number 15 [ 325.761641][ T8551] bridge0: port 3(vlan2) entered blocking state [ 325.768407][ T8551] bridge0: port 3(vlan2) entered disabled state [ 325.776118][ T8551] vlan2: entered allmulticast mode [ 325.820420][ T8551] vlan2: left allmulticast mode [ 327.707196][ T8565] netlink: 4 bytes leftover after parsing attributes in process `syz.0.725'. [ 328.114682][ T8570] trusted_key: encrypted_key: master key parameter 'uh\r' is invalid [ 328.923620][ T8575] netlink: 4 bytes leftover after parsing attributes in process `syz.4.728'. [ 330.107942][ T8585] FAULT_INJECTION: forcing a failure. [ 330.107942][ T8585] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 330.146460][ T8585] CPU: 0 UID: 0 PID: 8585 Comm: syz.4.729 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 330.156755][ T8585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 330.166832][ T8585] Call Trace: [ 330.170130][ T8585] [ 330.173076][ T8585] dump_stack_lvl+0x241/0x360 [ 330.177789][ T8585] ? __pfx_dump_stack_lvl+0x10/0x10 [ 330.183013][ T8585] ? __pfx__printk+0x10/0x10 [ 330.187636][ T8585] ? __pfx_lock_release+0x10/0x10 [ 330.192687][ T8585] ? preempt_count_add+0x93/0x190 [ 330.197743][ T8585] should_fail_ex+0x3b0/0x4e0 [ 330.202451][ T8585] _copy_from_user+0x2d/0xb0 [ 330.207065][ T8585] userfaultfd_ioctl+0xd99/0x67f0 [ 330.212111][ T8585] ? __kernel_text_address+0xd/0x40 [ 330.217331][ T8585] ? unwind_get_return_address+0x4d/0x90 [ 330.222987][ T8585] ? arch_stack_walk+0xfd/0x150 [ 330.227873][ T8585] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 330.233353][ T8585] ? stack_trace_save+0x118/0x1d0 [ 330.238416][ T8585] ? __pfx_stack_trace_save+0x10/0x10 [ 330.243820][ T8585] ? stack_depot_save_flags+0x37/0x940 [ 330.249319][ T8585] ? kasan_save_track+0x51/0x80 [ 330.254199][ T8585] ? kasan_save_track+0x3f/0x80 [ 330.259083][ T8585] ? kasan_save_free_info+0x40/0x50 [ 330.264309][ T8585] ? __kasan_slab_free+0x59/0x70 [ 330.269276][ T8585] ? kfree+0x196/0x430 [ 330.273373][ T8585] ? tomoyo_path_number_perm+0x679/0x860 [ 330.279040][ T8585] ? security_file_ioctl+0xc6/0x2a0 [ 330.284270][ T8585] ? __se_sys_ioctl+0x46/0x170 [ 330.289060][ T8585] ? do_syscall_64+0xf3/0x230 [ 330.293766][ T8585] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.299865][ T8585] ? do_vfs_ioctl+0xf07/0x2e40 [ 330.304667][ T8585] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 330.309723][ T8585] ? mark_lock+0x9a/0x360 [ 330.314096][ T8585] ? tomoyo_path_number_perm+0x206/0x860 [ 330.319765][ T8585] ? __pfx_lock_release+0x10/0x10 [ 330.324819][ T8585] ? tomoyo_path_number_perm+0x679/0x860 [ 330.330480][ T8585] ? tomoyo_path_number_perm+0x679/0x860 [ 330.336127][ T8585] ? tomoyo_path_number_perm+0x6f9/0x860 [ 330.341856][ T8585] ? __lock_acquire+0x1397/0x2100 [ 330.346886][ T8585] ? tomoyo_path_number_perm+0x206/0x860 [ 330.352517][ T8585] ? smack_log+0x123/0x540 [ 330.356929][ T8585] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 330.362907][ T8585] ? __pfx_smack_log+0x10/0x10 [ 330.367663][ T8585] ? smk_access+0x4ab/0x4e0 [ 330.372167][ T8585] ? smk_tskacc+0x300/0x370 [ 330.376668][ T8585] ? smack_file_ioctl+0x2f7/0x3a0 [ 330.381691][ T8585] ? __pfx_smack_file_ioctl+0x10/0x10 [ 330.387085][ T8585] ? __fget_files+0x2a/0x410 [ 330.391700][ T8585] ? __fget_files+0x2a/0x410 [ 330.396299][ T8585] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 330.401768][ T8585] __se_sys_ioctl+0xf5/0x170 [ 330.406367][ T8585] do_syscall_64+0xf3/0x230 [ 330.410881][ T8585] ? clear_bhb_loop+0x35/0x90 [ 330.415570][ T8585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.421462][ T8585] RIP: 0033:0x7f06c0785d29 [ 330.425871][ T8585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.445474][ T8585] RSP: 002b:00007f06c1658038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 330.453890][ T8585] RAX: ffffffffffffffda RBX: 00007f06c0976080 RCX: 00007f06c0785d29 [ 330.461864][ T8585] RDX: 0000000020000400 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 330.469839][ T8585] RBP: 00007f06c1658090 R08: 0000000000000000 R09: 0000000000000000 [ 330.477804][ T8585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 330.485766][ T8585] R13: 0000000000000001 R14: 00007f06c0976080 R15: 00007ffc08f0d928 [ 330.493763][ T8585] [ 330.644626][ T974] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 330.799887][ T8582] trusted_key: encrypted_key: insufficient parameters specified [ 330.802135][ T8591] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 330.875701][ T974] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 331.117626][ T8] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 331.125496][ T974] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 331.136967][ T974] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 331.147212][ T974] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.164188][ T8581] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 331.189994][ T974] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 331.310508][ T8] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 331.766403][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 331.798628][ T8] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 331.849701][ T8] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 331.892428][ T8] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 331.908560][ T8] usb 6-1: Manufacturer: syz [ 332.057389][ T8] usb 6-1: config 0 descriptor?? [ 332.068777][ T8] igorplugusb 6-1:0.0: endpoint incorrect [ 332.539387][ T8590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 333.096514][ T8590] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 333.145114][ T8590] netlink: 'syz.5.724': attribute type 4 has an invalid length. [ 333.296214][ T8614] netlink: 4 bytes leftover after parsing attributes in process `syz.1.737'. [ 333.478258][ T8617] trusted_key: encrypted_key: master key parameter 'uh\r' is invalid [ 333.711487][ T5906] usb 6-1: USB disconnect, device number 12 [ 334.085273][ T974] usb 7-1: USB disconnect, device number 7 [ 334.190200][ T8621] fuse: Unknown parameter '0x0000000000000004' [ 335.822512][ T8642] bridge0: port 1(vlan2) entered blocking state [ 335.826969][ T8643] qrtr: Invalid version 36 [ 335.828965][ T8642] bridge0: port 1(vlan2) entered disabled state [ 335.840723][ T8642] vlan2: entered allmulticast mode [ 335.925961][ T8642] vlan2: left allmulticast mode [ 337.312706][ T8647] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 338.408298][ T8660] trusted_key: encrypted_key: master key parameter 'uh\r:sy' is invalid [ 341.457292][ T8678] bridge0: port 3(vlan2) entered blocking state [ 341.464106][ T8678] bridge0: port 3(vlan2) entered disabled state [ 341.471562][ T8678] vlan2: entered allmulticast mode [ 341.552030][ T8678] vlan2: left allmulticast mode [ 342.796749][ T5832] Bluetooth: hci4: command 0x0405 tx timeout [ 344.742220][ T8708] trusted_key: encrypted_key: master key parameter 'uh\r:sy' is invalid [ 345.487428][ T2909] Bluetooth: hci5: Frame reassembly failed (-84) [ 345.666163][ T974] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 346.027820][ T974] usb 7-1: Using ep0 maxpacket: 8 [ 346.138347][ T974] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 346.347493][ T8722] capability: warning: `syz.0.769' uses 32-bit capabilities (legacy support in use) [ 346.365525][ T974] usb 7-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 346.384239][ T974] usb 7-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 346.402184][ T974] usb 7-1: Product: syz [ 346.408830][ T974] usb 7-1: Manufacturer: syz [ 346.416470][ T974] usb 7-1: SerialNumber: syz [ 346.631586][ T8715] tipc: Enabling of bearer rejected, failed to enable media [ 346.643053][ T974] usb 7-1: Invalid connection information received from device [ 346.761209][ T8731] xt_ecn: cannot match TCP bits for non-tcp packets [ 347.071566][ T5906] usb 7-1: USB disconnect, device number 8 [ 347.173132][ T8737] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 347.486391][ T5823] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 348.151733][ T8745] vlan2: entered promiscuous mode [ 348.216129][ T5906] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 349.135787][ T5906] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 349.163964][ T5906] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 349.204068][ T5906] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 349.241494][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.267674][ T8742] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 349.300775][ T5906] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 349.376272][ T974] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 349.396246][ T8] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 349.546350][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 349.554317][ T974] usb 7-1: Using ep0 maxpacket: 32 [ 349.570600][ T8] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 349.581189][ T974] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 251, using maximum allowed: 30 [ 349.654113][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.689076][ T974] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.745684][ T8] usb 1-1: Product: syz [ 349.776336][ T8] usb 1-1: Manufacturer: syz [ 349.806128][ T974] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 349.815955][ T8] usb 1-1: SerialNumber: syz [ 349.830871][ T974] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 251 [ 349.865180][ T8] usb 1-1: config 0 descriptor?? [ 349.882297][ T8] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 349.888900][ T974] usb 7-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 349.946638][ T974] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.278906][ T5865] usb 5-1: USB disconnect, device number 14 [ 350.288607][ T974] usb 7-1: config 0 descriptor?? [ 350.559363][ T8] usb 1-1: clie_3_5_startup: get config number failed: -71 [ 350.583597][ T8] visor 1-1:0.0: probe with driver visor failed with error -71 [ 350.605276][ T8] usb 1-1: USB disconnect, device number 16 [ 352.109844][ T2909] Bluetooth: hci6: Frame reassembly failed (-84) [ 353.535543][ T974] usbhid 7-1:0.0: can't add hid device: -71 [ 353.550492][ T974] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 353.560124][ T974] usb 7-1: USB disconnect, device number 9 [ 353.641146][ T8784] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 354.127062][ T5832] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 354.138495][ T5823] Bluetooth: hci6: command 0x1003 tx timeout [ 354.486619][ T8789] netlink: 12 bytes leftover after parsing attributes in process `syz.0.788'. [ 354.691146][ T8795] fuse: Unknown parameter '0xffffffffffffffff' [ 354.754761][ T8795] netlink: 'syz.5.790': attribute type 27 has an invalid length. [ 355.146557][ T5906] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 355.233277][ T8804] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 355.690591][ T5906] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 355.720888][ T5906] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 355.751720][ T5906] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 355.782052][ T5906] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.811018][ T8800] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 355.837781][ T5906] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 356.186250][ T974] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 356.220743][ T8814] netlink: 12 bytes leftover after parsing attributes in process `syz.0.794'. [ 357.196747][ T8] usb 7-1: USB disconnect, device number 10 [ 357.278652][ T974] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 357.401178][ T974] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 357.438983][ T974] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 357.473974][ T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.523677][ T8812] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 357.590916][ T974] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 357.740157][ T8825] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 359.253891][ T3497] Bluetooth: hci5: Frame reassembly failed (-84) [ 360.509716][ T974] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 360.542683][ T5906] usb 5-1: USB disconnect, device number 15 [ 360.734745][ T974] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 360.762367][ T974] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 360.802588][ T974] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 360.831564][ T974] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.096938][ T5906] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 361.336768][ T5832] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 361.558798][ T8839] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 361.569075][ T974] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 361.631708][ T5906] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 361.656147][ T5906] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 361.666160][ T5906] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 361.675220][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.713023][ T8846] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 361.779941][ T5906] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 361.819087][ T974] usb 1-1: USB disconnect, device number 17 [ 363.405497][ T5906] usb 5-1: USB disconnect, device number 16 [ 364.695768][ T8874] qrtr: Invalid version 36 [ 366.185242][ T8888] bridge0: port 3(vlan2) entered blocking state [ 366.191691][ T8888] bridge0: port 3(vlan2) entered disabled state [ 366.198188][ T8888] vlan2: entered allmulticast mode [ 366.220659][ T8888] vlan2: left allmulticast mode [ 366.272043][ T8891] bridge0: port 3(vlan2) entered blocking state [ 366.278521][ T8891] bridge0: port 3(vlan2) entered disabled state [ 366.284999][ T8891] vlan2: entered allmulticast mode [ 366.293091][ T8891] vlan2: left allmulticast mode [ 366.510895][ T8898] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 367.777019][ T974] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 368.486517][ T974] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 368.516315][ T974] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 368.572508][ T974] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 369.334445][ T974] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.365489][ T8907] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 369.395691][ T974] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 369.923130][ T29] audit: type=1326 audit(1737422748.551:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8916 comm="syz.0.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2492785d29 code=0x7fc00000 [ 370.198386][ T974] usb 6-1: USB disconnect, device number 13 [ 370.237766][ T29] audit: type=1326 audit(1737422748.551:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8916 comm="syz.0.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2492785d29 code=0x7fc00000 [ 370.310604][ T29] audit: type=1326 audit(1737422748.551:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8916 comm="syz.0.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2492785d29 code=0x7fc00000 [ 370.359444][ T29] audit: type=1326 audit(1737422748.561:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8916 comm="syz.0.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2492785d29 code=0x7fc00000 [ 371.228603][ T5866] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 371.406541][ T5866] usb 7-1: Using ep0 maxpacket: 16 [ 371.418527][ T5866] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 371.432061][ T5866] usb 7-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 371.455815][ T5866] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.477650][ T5866] usb 7-1: config 0 descriptor?? [ 371.636312][ T5906] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 371.656330][ T5907] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 373.508325][ T5906] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 373.522336][ T5906] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 373.533856][ T5906] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 373.543232][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.551874][ T5907] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 373.562457][ T8955] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 373.570776][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 373.596200][ T5907] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 373.606740][ T5906] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 373.628222][ T5907] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 373.649735][ T5907] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 373.670447][ T5907] usb 6-1: Manufacturer: syz [ 373.679111][ T5907] usb 6-1: config 0 descriptor?? [ 373.691965][ T5907] igorplugusb 6-1:0.0: endpoint incorrect [ 374.066483][ T5907] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 374.075388][ T8956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 374.095741][ T8956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 374.125199][ T8956] netlink: 'syz.5.832': attribute type 4 has an invalid length. [ 374.239601][ T5907] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 374.253906][ T5907] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 374.311372][ T5907] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 374.351289][ T974] usb 1-1: USB disconnect, device number 18 [ 374.379961][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.540505][ T5866] usbhid 7-1:0.0: can't add hid device: -71 [ 374.562003][ T5866] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 374.578868][ T8977] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 374.580340][ T5866] usb 7-1: USB disconnect, device number 11 [ 374.706770][ T974] usb 6-1: USB disconnect, device number 14 [ 374.709066][ T5907] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 374.987454][ T8998] bridge0: port 3(vlan2) entered blocking state [ 374.993984][ T8998] bridge0: port 3(vlan2) entered disabled state [ 375.001835][ T8998] vlan2: entered allmulticast mode [ 375.080194][ T8998] vlan2: left allmulticast mode [ 376.351912][ T9012] overlayfs: failed to resolve './file1': -2 [ 377.268389][ T5866] usb 5-1: USB disconnect, device number 17 [ 378.927873][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.934220][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.790152][ T9044] loop7: detected capacity change from 0 to 16384 [ 380.574632][ T9052] bridge0: port 1(vlan2) entered blocking state [ 380.581562][ T9052] bridge0: port 1(vlan2) entered disabled state [ 380.589139][ T9052] vlan2: entered allmulticast mode [ 380.603028][ T9052] vlan2: left allmulticast mode [ 381.176109][ T5866] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 381.398693][ T5866] usb 5-1: Using ep0 maxpacket: 8 [ 381.416235][ T5866] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 381.436396][ T5866] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 381.448824][ T5866] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 381.781153][ T5866] usb 5-1: Product: syz [ 381.789044][ T9064] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 381.796770][ T5866] usb 5-1: Manufacturer: syz [ 381.964067][ T5866] usb 5-1: SerialNumber: syz [ 383.062608][ T9055] tipc: Started in network mode [ 383.081397][ T9055] tipc: Node identity fe8000000000000000000000000000aa, cluster identity 4711 [ 383.112723][ T9055] tipc: Enabling of bearer rejected, failed to enable media [ 383.133552][ T5866] usb 5-1: palm_os_3_probe - error -71 getting connection information [ 383.144485][ T5866] visor 5-1:1.0: probe with driver visor failed with error -71 [ 383.184017][ T5866] usb 5-1: USB disconnect, device number 18 [ 384.164975][ T5832] Bluetooth: hci1: unexpected event for opcode 0x0401 [ 384.490278][ T9100] FAULT_INJECTION: forcing a failure. [ 384.490278][ T9100] name failslab, interval 1, probability 0, space 0, times 0 [ 384.517443][ T9100] CPU: 0 UID: 0 PID: 9100 Comm: syz.0.872 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 384.527753][ T9100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 384.537829][ T9100] Call Trace: [ 384.541121][ T9100] [ 384.544060][ T9100] dump_stack_lvl+0x241/0x360 [ 384.548778][ T9100] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.554009][ T9100] ? __pfx__printk+0x10/0x10 [ 384.558625][ T9100] ? __kmalloc_cache_noprof+0x48/0x390 [ 384.564110][ T9100] ? __pfx___might_resched+0x10/0x10 [ 384.569414][ T9100] should_fail_ex+0x3b0/0x4e0 [ 384.574114][ T9100] should_failslab+0xac/0x100 [ 384.578809][ T9100] __kmalloc_cache_noprof+0x70/0x390 [ 384.584110][ T9100] ? syslog_print_all+0x12a/0x7e0 [ 384.589179][ T9100] syslog_print_all+0x12a/0x7e0 [ 384.594081][ T9100] ? __pfx_syslog_print_all+0x10/0x10 [ 384.599477][ T9100] ? smack_privileged_cred+0xb9/0x380 [ 384.604873][ T9100] ? __pfx_lock_release+0x10/0x10 [ 384.609928][ T9100] ? smack_privileged_cred+0xb9/0x380 [ 384.615318][ T9100] ? smack_privileged_cred+0x341/0x380 [ 384.620798][ T9100] ? smack_syslog+0x96/0xf0 [ 384.625316][ T9100] do_syslog+0x463/0x820 [ 384.629591][ T9100] ? __pfx_do_syslog+0x10/0x10 [ 384.634655][ T9100] ? __pfx___might_resched+0x10/0x10 [ 384.639982][ T9100] ? __might_fault+0xaa/0x120 [ 384.644697][ T9100] ? rcu_is_watching+0x15/0xb0 [ 384.649488][ T9100] __x64_sys_syslog+0x7c/0x90 [ 384.654193][ T9100] do_syscall_64+0xf3/0x230 [ 384.658717][ T9100] ? clear_bhb_loop+0x35/0x90 [ 384.663418][ T9100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.669322][ T9100] RIP: 0033:0x7f2492785d29 [ 384.673747][ T9100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.693372][ T9100] RSP: 002b:00007f24934d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000067 [ 384.701803][ T9100] RAX: ffffffffffffffda RBX: 00007f2492975fa0 RCX: 00007f2492785d29 [ 384.709800][ T9100] RDX: 0000000000000048 RSI: 00000000200001c0 RDI: 0000000000000004 [ 384.717783][ T9100] RBP: 00007f24934d2090 R08: 0000000000000000 R09: 0000000000000000 [ 384.725765][ T9100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.733763][ T9100] R13: 0000000000000000 R14: 00007f2492975fa0 R15: 00007ffc50c46f98 [ 384.741773][ T9100] [ 386.295660][ T9123] netlink: 4 bytes leftover after parsing attributes in process `syz.4.880'. [ 388.363632][ T974] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 388.467121][ T5832] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 388.477789][ T5832] Bluetooth: hci1: Injecting HCI hardware error event [ 388.487805][ T5832] Bluetooth: hci1: hardware error 0x00 [ 388.533330][ T974] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 388.546125][ T974] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 388.555497][ T974] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.565661][ T974] usb 6-1: config 0 descriptor?? [ 388.573766][ T974] pwc: Askey VC010 type 2 USB webcam detected. [ 389.021496][ T9151] bridge0: port 3(vlan2) entered blocking state [ 389.028000][ T9151] bridge0: port 3(vlan2) entered disabled state [ 389.034473][ T9151] vlan2: entered allmulticast mode [ 389.050218][ T9151] vlan2: left allmulticast mode [ 390.326193][ T5907] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 390.386367][ T5866] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 390.424285][ T9164] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 390.526291][ T5832] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 390.528062][ T5907] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 390.568299][ T5866] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 390.643290][ T5907] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 390.653862][ T5866] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 390.681947][ T5866] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 390.691389][ T5907] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 390.717337][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.726123][ T5866] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.760813][ T9158] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 390.771957][ T9160] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 390.790662][ T5866] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 390.817992][ T5907] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 391.156119][ T974] pwc: send_video_command error -71 [ 391.178173][ T974] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 391.215222][ T974] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71 [ 391.356900][ T8] usb 1-1: USB disconnect, device number 19 [ 391.700197][ T974] usb 6-1: USB disconnect, device number 15 [ 392.784609][ T8] usb 7-1: USB disconnect, device number 12 [ 392.972828][ T9185] overlayfs: workdir and upperdir must be separate subtrees [ 393.102548][ T9196] netlink: 'syz.4.896': attribute type 4 has an invalid length. [ 394.739143][ T9222] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 395.657454][ T9225] FAULT_INJECTION: forcing a failure. [ 395.657454][ T9225] name failslab, interval 1, probability 0, space 0, times 0 [ 395.746624][ T9225] CPU: 1 UID: 0 PID: 9225 Comm: syz.4.906 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 395.756921][ T9225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 395.767002][ T9225] Call Trace: [ 395.770291][ T9225] [ 395.773233][ T9225] dump_stack_lvl+0x241/0x360 [ 395.777937][ T9225] ? __pfx_dump_stack_lvl+0x10/0x10 [ 395.783175][ T9225] ? __pfx__printk+0x10/0x10 [ 395.787832][ T9225] ? kmem_cache_alloc_noprof+0x48/0x380 [ 395.793409][ T9225] ? __pfx___might_resched+0x10/0x10 [ 395.798691][ T9225] should_fail_ex+0x3b0/0x4e0 [ 395.803360][ T9225] should_failslab+0xac/0x100 [ 395.808027][ T9225] ? getname_flags+0xb7/0x540 [ 395.812696][ T9225] kmem_cache_alloc_noprof+0x70/0x380 [ 395.818054][ T9225] getname_flags+0xb7/0x540 [ 395.822544][ T9225] __x64_sys_rename+0x6a/0x90 [ 395.827211][ T9225] do_syscall_64+0xf3/0x230 [ 395.831704][ T9225] ? clear_bhb_loop+0x35/0x90 [ 395.836368][ T9225] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.842250][ T9225] RIP: 0033:0x7f06c0785d29 [ 395.846653][ T9225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 395.866252][ T9225] RSP: 002b:00007f06c1658038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 395.874654][ T9225] RAX: ffffffffffffffda RBX: 00007f06c0976080 RCX: 00007f06c0785d29 [ 395.882611][ T9225] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000020000100 [ 395.890568][ T9225] RBP: 00007f06c1658090 R08: 0000000000000000 R09: 0000000000000000 [ 395.898524][ T9225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 395.906490][ T9225] R13: 0000000000000000 R14: 00007f06c0976080 R15: 00007ffc08f0d928 [ 395.914452][ T9225] [ 396.072255][ T5907] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 396.367196][ T9231] netlink: 4 bytes leftover after parsing attributes in process `syz.5.907'. [ 396.387944][ T5907] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 396.411131][ T5907] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 396.444849][ T5907] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 396.497888][ T5907] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 396.593798][ T5907] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 396.602285][ T5907] usb 7-1: Manufacturer: syz [ 396.650231][ T5907] usb 7-1: config 0 descriptor?? [ 396.799152][ T5907] igorplugusb 7-1:0.0: endpoint incorrect [ 397.065228][ T9220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 397.186395][ T9220] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 397.205504][ T9220] netlink: 'syz.6.904': attribute type 4 has an invalid length. [ 397.308661][ T8] usb 7-1: USB disconnect, device number 13 [ 399.391358][ T9270] fuse: Unknown parameter '0x0000000000000004' [ 399.402115][ T9270] netlink: 'syz.1.920': attribute type 27 has an invalid length. [ 399.436214][ T5907] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 399.634667][ T5907] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 400.105028][ T5907] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 400.115292][ T5907] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 400.134791][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.145878][ T9261] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 400.164068][ T5907] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 400.770152][ T8] usb 5-1: USB disconnect, device number 19 [ 402.519582][ T9311] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 404.006571][ T9326] loop7: detected capacity change from 0 to 16384 [ 405.042328][ T9335] netlink: 76 bytes leftover after parsing attributes in process `syz.5.936'. [ 406.752967][ T5907] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 406.898290][ T9364] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 406.964465][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 407.601204][ T5907] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice= 9.75 [ 407.610570][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 407.625045][ T5907] usb 5-1: Product: syz [ 407.633961][ T5907] usb 5-1: Manufacturer: syz [ 407.677066][ T5907] usb 5-1: SerialNumber: syz [ 408.142273][ T5907] usb 5-1: config 0 descriptor?? [ 408.265525][ T5907] viperboard 5-1:0.0: version 0.00 found at bus 005 address 020 [ 408.301346][ T9372] loop7: detected capacity change from 0 to 16384 [ 408.751624][ T5907] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 408.760590][ T5907] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 410.135252][ T9388] netlink: 4 bytes leftover after parsing attributes in process `syz.5.949'. [ 410.371980][ T9400] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 412.022328][ T9413] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 413.069000][ T8] usb 5-1: USB disconnect, device number 20 [ 413.222528][ T9421] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 413.927913][ T9425] loop7: detected capacity change from 0 to 16384 [ 414.750445][ T8] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 415.696398][ T5865] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 415.737631][ T8] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 415.751935][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 415.762781][ T8] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 415.779711][ T8] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 415.792602][ T8] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 415.805115][ T8] usb 5-1: Manufacturer: syz [ 415.817284][ T8] usb 5-1: config 0 descriptor?? [ 415.831894][ T8] igorplugusb 5-1:0.0: endpoint incorrect [ 415.880870][ T5865] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 415.892464][ T5865] usb 6-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice= 9.75 [ 415.901682][ T5865] usb 6-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 415.913213][ T5865] usb 6-1: Product: syz [ 415.915324][ T9449] netlink: 16 bytes leftover after parsing attributes in process `syz.6.967'. [ 415.917443][ T5865] usb 6-1: Manufacturer: syz [ 415.917462][ T5865] usb 6-1: SerialNumber: syz [ 415.921389][ T5865] usb 6-1: config 0 descriptor?? [ 415.940916][ T974] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 415.965859][ T9449] netlink: 16 bytes leftover after parsing attributes in process `syz.6.967'. [ 416.079624][ T9429] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.094706][ T5865] viperboard 6-1:0.0: version 0.00 found at bus 006 address 016 [ 416.108304][ T9429] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 416.127985][ T5865] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 416.143833][ T974] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 416.152597][ T974] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 416.180630][ T5865] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 416.188421][ T9429] netlink: 'syz.4.960': attribute type 4 has an invalid length. [ 416.193218][ T974] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 416.214815][ T974] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 416.224250][ T974] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 416.238251][ T974] usb 1-1: Manufacturer: syz [ 416.245156][ T974] usb 1-1: config 0 descriptor?? [ 416.255837][ T974] igorplugusb 1-1:0.0: endpoint incorrect [ 416.724028][ T5866] usb 5-1: USB disconnect, device number 21 [ 417.411923][ T9447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.457406][ T9447] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.862944][ T9447] netlink: 'syz.0.966': attribute type 4 has an invalid length. [ 418.567957][ T9470] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 418.589770][ T5865] usb 1-1: USB disconnect, device number 20 [ 418.927339][ T9475] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 418.960989][ T5865] usb 6-1: USB disconnect, device number 16 [ 418.998538][ T3497] Bluetooth: hci5: Frame reassembly failed (-84) [ 419.085359][ T5866] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 419.188993][ T9478] loop7: detected capacity change from 0 to 16384 [ 419.252694][ T5866] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 419.956749][ T5866] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 420.181251][ T5866] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 0 [ 420.499033][ T5866] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 420.539651][ T5866] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 420.558429][ T5866] usb 7-1: Manufacturer: syz [ 420.576696][ T5866] usb 7-1: config 0 descriptor?? [ 420.636781][ T5866] igorplugusb 7-1:0.0: endpoint incorrect [ 421.055947][ T5832] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 421.438012][ T9482] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 421.497383][ T9473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 421.516400][ T9473] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 421.553029][ T9473] netlink: 'syz.6.972': attribute type 4 has an invalid length. [ 421.764166][ T5865] usb 7-1: USB disconnect, device number 14 [ 423.309014][ T9531] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 424.415911][ T9538] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 424.926188][ T5866] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 425.136091][ T5866] usb 1-1: Using ep0 maxpacket: 8 [ 425.143623][ T9554] loop7: detected capacity change from 0 to 16384 [ 425.173808][ T5866] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 425.213643][ T5866] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 425.232029][ T5866] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 425.262217][ T5866] usb 1-1: Product: syz [ 425.274369][ T5866] usb 1-1: Manufacturer: syz [ 425.287160][ T5866] usb 1-1: SerialNumber: syz [ 425.531613][ T9542] tipc: Started in network mode [ 425.564992][ T9542] tipc: Node identity fe8000000000000000000000000000aa, cluster identity 4711 [ 425.594259][ T9542] tipc: Enabling of bearer rejected, failed to enable media [ 425.633515][ T5866] usb 1-1: Invalid connection information received from device [ 425.866784][ T5866] usb 1-1: USB disconnect, device number 21 [ 428.788699][ T9588] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 428.813667][ T9583] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1002'. [ 429.826119][ T5866] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 429.835017][ T9603] fuse: Unknown parameter '0x0000000000000004' [ 429.844127][ T9603] netlink: 'syz.1.1003': attribute type 27 has an invalid length. [ 430.196246][ T5866] usb 1-1: Using ep0 maxpacket: 16 [ 430.212668][ T9611] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 430.912369][ T5866] usb 1-1: New USB device found, idVendor=1943, idProduct=2257, bcdDevice=91.ed [ 430.922439][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.931795][ T5866] usb 1-1: Product: syz [ 430.936105][ T5866] usb 1-1: Manufacturer: syz [ 430.940777][ T5866] usb 1-1: SerialNumber: syz [ 430.957101][ T5866] usb 1-1: config 0 descriptor?? [ 430.964413][ T5866] s2255 1-1:0.0: Could not find bulk-in endpoint [ 430.971342][ T5866] Sensoray 2255 driver load failed: 0xfffffff4 [ 430.978368][ T5866] s2255 1-1:0.0: probe with driver s2255 failed with error -12 [ 431.138697][ T9620] netlink: 280 bytes leftover after parsing attributes in process `syz.4.1009'. [ 431.165305][ T5866] usb 1-1: USB disconnect, device number 22 [ 432.072203][ T9631] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1013'. [ 432.084223][ T9631] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1013'. [ 432.244483][ T9634] fuse: Unknown parameter '0x0000000000000004' [ 432.433912][ T9641] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 432.756106][ T9639] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1017'. [ 432.862033][ T9645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1018'. [ 435.371879][ T9677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1028'. [ 435.385661][ T9677] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1028'. [ 435.469247][ T9679] fuse: Unknown parameter '0x0000000000000004' [ 435.549876][ T9679] netlink: 'syz.0.1029': attribute type 27 has an invalid length. [ 435.737722][ T5865] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 436.343174][ T5865] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 436.354301][ T5865] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 436.372556][ T5865] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 436.422625][ T974] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 436.643918][ T9685] fuse: Unknown parameter '0x0000000000000004' [ 436.650423][ T5865] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.662755][ T9676] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 436.672060][ T5865] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 436.686074][ T9685] netlink: 'syz.6.1030': attribute type 27 has an invalid length. [ 436.786356][ T974] usb 5-1: Using ep0 maxpacket: 16 [ 436.795138][ T974] usb 5-1: New USB device found, idVendor=1943, idProduct=2257, bcdDevice=91.ed [ 436.806836][ T974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.823850][ T974] usb 5-1: Product: syz [ 436.830340][ T974] usb 5-1: Manufacturer: syz [ 436.835295][ T974] usb 5-1: SerialNumber: syz [ 436.851239][ T974] usb 5-1: config 0 descriptor?? [ 436.865728][ T974] s2255 5-1:0.0: Could not find bulk-in endpoint [ 436.873769][ T974] Sensoray 2255 driver load failed: 0xfffffff4 [ 436.886243][ T974] s2255 5-1:0.0: probe with driver s2255 failed with error -12 [ 437.380670][ T974] usb 5-1: USB disconnect, device number 22 [ 437.936436][ T5866] usb 6-1: USB disconnect, device number 17 [ 440.558019][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.564355][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.646992][ T9751] ipt_rpfilter: unknown options [ 441.696234][ T5866] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 441.781529][ T29] audit: type=1326 audit(1737422820.421:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9753 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2492785d29 code=0x7ffc0000 [ 441.832663][ T29] audit: type=1326 audit(1737422820.421:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9753 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7f2492785d29 code=0x7ffc0000 [ 441.855827][ T29] audit: type=1326 audit(1737422820.421:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9753 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2492785d29 code=0x7ffc0000 [ 441.884068][ T29] audit: type=1326 audit(1737422820.421:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9753 comm="syz.0.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2492785d29 code=0x7ffc0000 [ 441.906734][ T5866] usb 6-1: Using ep0 maxpacket: 16 [ 441.939679][ T5866] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 441.954994][ T5866] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 441.964480][ T5866] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.973252][ T5866] usb 6-1: Product: syz [ 441.978005][ T5866] usb 6-1: Manufacturer: syz [ 441.982705][ T5866] usb 6-1: SerialNumber: syz [ 441.994868][ T5866] usb 6-1: config 0 descriptor?? [ 442.008708][ T5866] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 442.018224][ T5866] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 442.230726][ T9763] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1060'. [ 442.279113][ T5866] em28xx 6-1:0.0: unknown em28xx chip ID (0) [ 442.333925][ T5907] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 442.350472][ T5907] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz0] on syz0 [ 442.365394][ T5866] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 442.385230][ T5866] em28xx 6-1:0.0: board has no eeprom [ 442.456127][ T5866] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 442.464012][ T5866] em28xx 6-1:0.0: dvb set to bulk mode. [ 442.480441][ T5907] em28xx 6-1:0.0: Binding DVB extension [ 442.504091][ T5866] usb 6-1: USB disconnect, device number 18 [ 442.516576][ T5866] em28xx 6-1:0.0: Disconnecting em28xx [ 442.548566][ T9778] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1067'. [ 442.560847][ T5907] em28xx 6-1:0.0: Registering input extension [ 442.567664][ T5866] em28xx 6-1:0.0: Closing input extension [ 442.591704][ T5866] em28xx 6-1:0.0: Freeing device [ 442.766137][ T5906] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 442.810220][ T9780] batadv_slave_1: entered promiscuous mode [ 442.816820][ T9780] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1068'. [ 442.844594][ T9780] batadv_slave_1 (unregistering): left promiscuous mode [ 442.926182][ T5906] usb 1-1: Using ep0 maxpacket: 16 [ 442.933342][ T5906] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 442.943148][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.953549][ T5906] usb 1-1: config 0 descriptor?? [ 442.960996][ T5906] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 443.164860][ T5906] usb 1-1: Detected FT232A [ 443.170765][ T5906] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 443.368180][ T5865] usb 1-1: USB disconnect, device number 23 [ 443.377737][ T5865] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 443.387369][ T5865] ftdi_sio 1-1:0.0: device disconnected [ 443.406599][ T974] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 443.556100][ T974] usb 5-1: Using ep0 maxpacket: 16 [ 443.562793][ T974] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 443.573179][ T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 443.584182][ T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 443.593925][ T974] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 443.604127][ T974] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 443.618441][ T974] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 443.627805][ T974] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 443.635828][ T974] usb 5-1: Manufacturer: syz [ 443.642896][ T974] usb 5-1: config 0 descriptor?? [ 443.957645][ T974] rc_core: IR keymap rc-hauppauge not found [ 443.971615][ T974] Registered IR keymap rc-empty [ 443.982137][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.026480][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.058040][ T974] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 444.074135][ T974] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input9 [ 444.100283][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.108187][ T9808] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 444.137216][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.196404][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.240039][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.262136][ T9819] syz.0.1082[9819] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 444.262237][ T9819] syz.0.1082[9819] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 444.274171][ T9819] syz.0.1082[9819] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 444.293633][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.346297][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.366846][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.397734][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.440116][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.471941][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 444.497318][ T974] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 444.513002][ T974] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 444.524105][ T974] usb 5-1: USB disconnect, device number 23 [ 444.566706][ T9831] macsec1: entered promiscuous mode [ 444.571928][ T9831] team0: entered promiscuous mode [ 444.577100][ T9831] team_slave_0: entered promiscuous mode [ 444.583418][ T9831] team_slave_1: entered promiscuous mode [ 444.589462][ T9831] macsec1: entered allmulticast mode [ 444.594804][ T9831] team0: entered allmulticast mode [ 444.600337][ T9831] team_slave_0: entered allmulticast mode [ 444.606237][ T9831] team_slave_1: entered allmulticast mode [ 444.681539][ T9834] macsec1: entered promiscuous mode [ 444.687117][ T9834] dummy0: entered promiscuous mode [ 444.692386][ T9834] macsec1: entered allmulticast mode [ 444.698821][ T9834] dummy0: entered allmulticast mode [ 444.713129][ T9834] dummy0: left allmulticast mode [ 444.718301][ T9834] dummy0: left promiscuous mode [ 444.963353][ T9847] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1097'. [ 445.026776][ T9851] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1099'. [ 446.143326][ T9881] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1112'. [ 446.289900][ T29] audit: type=1326 audit(1737422824.911:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9887 comm="syz.5.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ff8985d29 code=0x7ffc0000 [ 446.346130][ T29] audit: type=1326 audit(1737422824.911:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9887 comm="syz.5.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ff8985d29 code=0x7ffc0000 [ 446.381168][ T29] audit: type=1326 audit(1737422824.911:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9887 comm="syz.5.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f8ff8985d29 code=0x7ffc0000 [ 446.411402][ T29] audit: type=1326 audit(1737422824.941:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9887 comm="syz.5.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ff8985d29 code=0x7ffc0000 [ 446.440936][ T29] audit: type=1326 audit(1737422824.941:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9887 comm="syz.5.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ff8985d29 code=0x7ffc0000 [ 447.356151][ T5906] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 447.518750][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 447.530400][ T5906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 447.540690][ T5906] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 447.549950][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.565461][ T5906] usb 5-1: config 0 descriptor?? [ 447.607302][ T9939] Trying to write to read-only block-device nullb0 [ 447.652350][ T9941] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1137'. [ 447.998977][ T5906] steelseries 0003:1038:12B6.0007: item fetching failed at offset 5/7 [ 448.008104][ T5906] steelseries 0003:1038:12B6.0007: probe with driver steelseries failed with error -22 [ 448.231847][ T5906] usb 5-1: USB disconnect, device number 24 [ 448.388683][ T9979] netlink: 'syz.0.1149': attribute type 4 has an invalid length. [ 448.454598][ T9982] netem: incorrect gi model size [ 448.460338][ T9982] netem: change failed [ 448.797889][ T9984] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 448.804447][ T9984] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 448.812142][ T9984] vhci_hcd vhci_hcd.0: Device attached [ 448.823494][ T9984] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(5) [ 448.830029][ T9984] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 448.838208][ T9984] vhci_hcd vhci_hcd.0: Device attached [ 448.844642][ T9984] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 448.862113][ T9984] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(9) [ 448.868664][ T9984] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 448.876579][ T9984] vhci_hcd vhci_hcd.0: Device attached [ 448.882929][ T9984] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 448.893950][ T9984] vhci_hcd vhci_hcd.0: pdev(4) rhport(5) sockfd(13) [ 448.900550][ T9984] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 448.908331][ T9984] vhci_hcd vhci_hcd.0: Device attached [ 448.915289][ T9991] vhci_hcd: connection closed [ 448.915624][ T9989] vhci_hcd: connection closed [ 448.916171][ T3433] vhci_hcd: stop threads [ 448.920428][ T9987] vhci_hcd: connection closed [ 448.925506][ T3433] vhci_hcd: release socket [ 448.929831][ T9985] vhci_hcd: connection closed [ 448.934127][ T3433] vhci_hcd: disconnect device [ 448.962533][ T3433] vhci_hcd: stop threads [ 448.968191][ T3433] vhci_hcd: release socket [ 448.976205][ T3433] vhci_hcd: disconnect device [ 448.983007][ T3433] vhci_hcd: stop threads [ 448.987605][ T3433] vhci_hcd: release socket [ 448.993267][ T3433] vhci_hcd: disconnect device [ 448.996136][ T5906] vhci_hcd: vhci_device speed not set [ 448.998752][ T3433] vhci_hcd: stop threads [ 449.017333][ T3433] vhci_hcd: release socket [ 449.021896][ T3433] vhci_hcd: disconnect device [ 449.078147][ T5906] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 449.085702][ T5906] usb 41-1: enqueue for inactive port 0 [ 449.176210][ T5906] vhci_hcd: vhci_device speed not set [ 449.386306][T10012] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1162'. [ 450.902737][T10089] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan0, syncid = 0, id = 0 [ 451.143206][T10105] kvm: apic: phys broadcast and lowest prio [ 452.452069][T10157] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1228'. [ 452.970706][T10170] syzkaller0: entered promiscuous mode [ 452.977489][T10170] syzkaller0: entered allmulticast mode [ 453.281416][ T974] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 453.452277][ T974] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 453.462826][ T974] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 453.472355][ T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.503324][ T974] usb 5-1: config 0 descriptor?? [ 453.519803][ T974] pwc: Askey VC010 type 2 USB webcam detected. [ 453.939885][ T974] pwc: recv_control_msg error -32 req 02 val 2b00 [ 453.948125][ T974] pwc: recv_control_msg error -32 req 02 val 2700 [ 453.956587][ T974] pwc: recv_control_msg error -32 req 02 val 2c00 [ 453.964277][ T974] pwc: recv_control_msg error -32 req 04 val 1000 [ 453.973189][ T974] pwc: recv_control_msg error -32 req 04 val 1300 [ 453.981146][ T974] pwc: recv_control_msg error -32 req 04 val 1400 [ 453.990442][ T974] pwc: recv_control_msg error -32 req 02 val 2000 [ 454.200897][ T974] pwc: recv_control_msg error -71 req 04 val 1500 [ 454.232248][ T974] pwc: recv_control_msg error -71 req 02 val 2500 [ 454.249344][ T974] pwc: recv_control_msg error -71 req 02 val 2400 [ 454.256364][ T974] pwc: recv_control_msg error -71 req 02 val 2600 [ 454.283164][ T974] pwc: recv_control_msg error -71 req 02 val 2900 [ 454.296334][ T974] pwc: recv_control_msg error -71 req 02 val 2800 [ 454.315031][ T974] pwc: recv_control_msg error -71 req 04 val 1100 [ 454.334947][ T974] pwc: recv_control_msg error -71 req 04 val 1200 [ 454.410308][ T974] pwc: Registered as video103. [ 454.418559][ T974] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input10 [ 454.458471][ T974] usb 5-1: USB disconnect, device number 25 [ 456.033868][T10194] hsr_slave_0: left promiscuous mode [ 456.042411][T10194] hsr_slave_1: left promiscuous mode [ 456.690240][T10249] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1267'. [ 456.706791][T10249] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1267'. [ 457.714016][ T5823] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 457.725291][ T5823] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 457.735449][ T5823] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 457.746898][ T5823] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 457.755059][ T5823] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 457.762530][ T5823] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 457.825157][T10270] macsec1: entered promiscuous mode [ 457.832987][T10270] team0: entered promiscuous mode [ 457.838239][T10270] team_slave_0: entered promiscuous mode [ 457.844121][T10270] team_slave_1: entered promiscuous mode [ 457.850245][T10270] macsec1: entered allmulticast mode [ 457.855600][T10270] team0: entered allmulticast mode [ 457.860802][T10270] team_slave_0: entered allmulticast mode [ 457.866781][T10270] team_slave_1: entered allmulticast mode [ 457.873082][T10270] team0: Device macsec1 is already an upper device of the team interface [ 457.884622][T10270] team0: left allmulticast mode [ 457.889595][T10270] team_slave_0: left allmulticast mode [ 457.895067][T10270] team_slave_1: left allmulticast mode [ 457.900645][T10270] team0: left promiscuous mode [ 457.905424][T10270] team_slave_0: left promiscuous mode [ 457.911013][T10270] team_slave_1: left promiscuous mode [ 458.039711][T10265] chnl_net:caif_netlink_parms(): no params data found [ 458.047174][ T5865] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 458.094322][T10265] bridge0: port 1(bridge_slave_0) entered blocking state [ 458.101586][T10265] bridge0: port 1(bridge_slave_0) entered disabled state [ 458.108826][T10265] bridge_slave_0: entered allmulticast mode [ 458.115469][T10265] bridge_slave_0: entered promiscuous mode [ 458.123536][T10265] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.130799][T10265] bridge0: port 2(bridge_slave_1) entered disabled state [ 458.138670][T10265] bridge_slave_1: entered allmulticast mode [ 458.145394][T10265] bridge_slave_1: entered promiscuous mode [ 458.188442][T10265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 458.200281][T10265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 458.217030][ T5865] usb 5-1: Using ep0 maxpacket: 32 [ 458.227378][ T5865] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 458.244109][ T5865] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 458.250436][T10265] team0: Port device team_slave_0 added [ 458.255382][ T5865] usb 5-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 458.275486][ T5865] usb 5-1: config 0 interface 0 has no altsetting 0 [ 458.282240][ T5865] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 458.295863][T10265] team0: Port device team_slave_1 added [ 458.308681][ T5865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.321020][ T5865] usb 5-1: config 0 descriptor?? [ 458.364879][T10265] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 458.372566][T10265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.399096][T10265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 458.413093][T10265] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 458.420345][T10265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.446976][T10265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 458.519071][T10265] hsr_slave_0: entered promiscuous mode [ 458.525675][T10265] hsr_slave_1: entered promiscuous mode [ 458.532691][T10265] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 458.546049][T10265] Cannot create hsr debugfs directory [ 458.744032][ T5865] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0 [ 458.774970][ T5865] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0 [ 458.809836][ T5865] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0 [ 458.824475][ T5865] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0 [ 458.842892][ T5865] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0 [ 458.894474][ T5865] hid-thrustmaster 0003:044F:B65D.0008: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.4-1/input0 [ 458.905416][T10265] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 458.928919][T10265] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 458.954495][T10265] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 458.973808][T10265] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 459.117225][T10265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 459.135007][T10298] bond0: entered promiscuous mode [ 459.148037][ T5865] hid-thrustmaster 0003:044F:B65D.0008: setup data couldn't be sent [ 459.156645][ C0] hid-thrustmaster 0003:044F:B65D.0008: URB to get model id failed with error -71 [ 459.168809][T10265] 8021q: adding VLAN 0 to HW filter on device team0 [ 459.184794][ T5865] usb 5-1: USB disconnect, device number 26 [ 459.197908][ T3433] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.205071][ T3433] bridge0: port 1(bridge_slave_0) entered forwarding state [ 459.222435][ T3433] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.229663][ T3433] bridge0: port 2(bridge_slave_1) entered forwarding state [ 459.477879][T10312] overlayfs: failed to resolve './file0': -2 [ 459.495201][T10265] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 459.644976][T10265] veth0_vlan: entered promiscuous mode [ 459.656906][T10265] veth1_vlan: entered promiscuous mode [ 459.707782][T10265] veth0_macvtap: entered promiscuous mode [ 459.716966][T10265] veth1_macvtap: entered promiscuous mode [ 459.737110][T10265] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 459.767588][T10265] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 459.780959][T10265] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.804066][T10265] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.806343][ T5832] Bluetooth: hci5: command tx timeout [ 459.813035][T10265] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.827373][T10265] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.921949][ T6113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 459.943068][ T6113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 459.981176][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 459.995060][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 460.790178][T10354] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 460.796723][T10354] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 460.814776][T10354] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 460.820894][T10354] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 460.839139][T10354] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 460.845073][T10354] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 460.864950][T10354] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 460.876550][T10354] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 461.527614][T10373] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1308'. [ 461.588218][T10375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1309'. [ 461.606217][T10375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1309'. [ 461.615300][T10375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1309'. [ 462.026167][ T5906] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 462.179429][ T5906] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 462.189672][ T5906] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 462.206669][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.226897][ T5906] usb 5-1: config 0 descriptor?? [ 462.234002][ T5906] pwc: Askey VC010 type 2 USB webcam detected. [ 462.792994][ T5906] pwc: recv_control_msg error -32 req 02 val 2b00 [ 462.902325][ T5906] pwc: recv_control_msg error -32 req 02 val 2700 [ 462.934926][T10398] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 463.046283][ T5906] pwc: recv_control_msg error -32 req 02 val 2c00 [ 463.176746][ T5906] pwc: recv_control_msg error -32 req 04 val 1000 [ 463.184166][ T5906] pwc: recv_control_msg error -32 req 04 val 1300 [ 463.196751][ T5906] pwc: recv_control_msg error -32 req 04 val 1400 [ 463.377282][ T5906] pwc: recv_control_msg error -32 req 02 val 2000 [ 463.384589][ T5906] pwc: recv_control_msg error -32 req 02 val 2100 [ 463.392310][T10407] FAULT_INJECTION: forcing a failure. [ 463.392310][T10407] name failslab, interval 1, probability 0, space 0, times 0 [ 463.396755][ T5906] pwc: recv_control_msg error -32 req 04 val 1500 [ 463.416906][ T5906] pwc: recv_control_msg error -32 req 02 val 2500 [ 463.436228][T10407] CPU: 0 UID: 0 PID: 10407 Comm: syz.0.1320 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 463.446706][T10407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 463.456783][T10407] Call Trace: [ 463.460078][T10407] [ 463.463019][T10407] dump_stack_lvl+0x241/0x360 [ 463.467727][T10407] ? __pfx_dump_stack_lvl+0x10/0x10 [ 463.472949][T10407] ? __wake_up_klogd+0xcc/0x110 [ 463.477994][T10407] should_fail_ex+0x3b0/0x4e0 [ 463.482703][T10407] should_failslab+0xac/0x100 [ 463.487405][T10407] __kmalloc_noprof+0xdd/0x4c0 [ 463.492203][T10407] ? kstrtouint_from_user+0x128/0x190 [ 463.497618][T10407] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 463.503371][T10407] tomoyo_realpath_from_path+0xcf/0x5e0 [ 463.508955][T10407] tomoyo_path_number_perm+0x236/0x860 [ 463.514438][T10407] ? __lock_acquire+0x1397/0x2100 [ 463.519492][T10407] ? tomoyo_path_number_perm+0x206/0x860 [ 463.525159][T10407] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 463.531197][T10407] ? __fget_files+0x2a/0x410 [ 463.535824][T10407] ? __fget_files+0x2a/0x410 [ 463.540448][T10407] security_file_ioctl+0xc6/0x2a0 [ 463.545503][T10407] __se_sys_ioctl+0x46/0x170 [ 463.550125][T10407] do_syscall_64+0xf3/0x230 [ 463.554664][T10407] ? clear_bhb_loop+0x35/0x90 [ 463.559382][T10407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.565309][T10407] RIP: 0033:0x7f2492785d29 [ 463.569750][T10407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.589382][T10407] RSP: 002b:00007f24934d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 463.597827][T10407] RAX: ffffffffffffffda RBX: 00007f2492975fa0 RCX: 00007f2492785d29 [ 463.605822][T10407] RDX: 0000000020000000 RSI: 0000000000005414 RDI: 0000000000000004 [ 463.613818][T10407] RBP: 00007f24934d2090 R08: 0000000000000000 R09: 0000000000000000 [ 463.621818][T10407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 463.624806][ T5906] pwc: recv_control_msg error -32 req 02 val 2600 [ 463.629805][T10407] R13: 0000000000000000 R14: 00007f2492975fa0 R15: 00007ffc50c46f98 [ 463.629838][T10407] [ 463.661314][T10407] ERROR: Out of memory at tomoyo_realpath_from_path. [ 463.682957][ T5906] pwc: recv_control_msg error -32 req 02 val 2900 [ 463.690768][ T5906] pwc: recv_control_msg error -32 req 02 val 2800 [ 463.704414][ T5906] pwc: recv_control_msg error -71 req 04 val 1100 [ 463.716477][ T5906] pwc: recv_control_msg error -71 req 04 val 1200 [ 463.744082][T10410] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 463.776332][ T5906] pwc: Registered as video103. [ 463.782271][ T5906] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input11 [ 463.820964][ T5906] usb 5-1: USB disconnect, device number 27 [ 464.204820][T10418] input: syz0 as /devices/virtual/input/input12 [ 465.063051][T10449] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1336'. [ 465.156366][ T974] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 465.332828][ T974] usb 5-1: Using ep0 maxpacket: 16 [ 465.347632][ T974] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 465.358640][ T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 465.372589][ T974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 465.382746][ T974] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 465.392987][ T974] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 465.407766][ T974] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 465.421713][ T974] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 465.433421][ T974] usb 5-1: Manufacturer: syz [ 465.442438][ T974] usb 5-1: config 0 descriptor?? [ 465.628577][T10473] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 465.832059][T10475] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1348'. [ 466.130738][T10482] TCP: tcp_parse_options: Illegal window scaling value 254 > 14 received [ 466.159296][T10482] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1351'. [ 466.941969][T10512] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1364'. [ 468.036202][ T974] rc_core: IR keymap rc-hauppauge not found [ 468.053651][ T974] Registered IR keymap rc-empty [ 468.063734][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.096260][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.120128][ T974] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 468.144241][ T974] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input13 [ 468.167185][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.186853][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.206425][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.226204][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.246166][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.266242][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.286237][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.319825][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.346286][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.381101][ T974] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 468.409566][ T974] mceusb 5-1:0.0: Registered with mce emulator interface version 1 [ 468.427855][T10545] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1376'. [ 468.431516][ T974] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 468.480316][ T974] usb 5-1: USB disconnect, device number 28 [ 468.943728][T10568] devtmpfs: Bad value for 'size' [ 468.983833][T10570] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1388'. [ 469.155416][T10576] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 469.235894][T10578] block device autoloading is deprecated and will be removed. [ 469.528261][T10593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1399'. [ 470.321858][T10637] tipc: Enabled bearer , priority 0 [ 470.369094][T10637] syzkaller0: entered promiscuous mode [ 470.374631][T10637] syzkaller0: entered allmulticast mode [ 470.384043][T10637] tipc: Resetting bearer [ 470.408693][T10636] tipc: Resetting bearer [ 471.400609][ T5866] tipc: Node number set to 4269801642 [ 472.647065][T10662] loop7: detected capacity change from 0 to 16384 [ 473.964097][T10686] loop7: detected capacity change from 0 to 16384 [ 474.027355][T10686] loop7: detected capacity change from 16384 to 16383 [ 474.038935][T10686] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.048849][T10686] Buffer I/O error on dev loop7, logical block 0, async page read [ 474.057818][T10686] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.067172][T10686] Buffer I/O error on dev loop7, logical block 0, async page read [ 474.079833][T10686] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.089126][T10686] Buffer I/O error on dev loop7, logical block 0, async page read [ 474.097711][T10686] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.107055][T10686] Buffer I/O error on dev loop7, logical block 0, async page read [ 474.115691][T10686] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.125152][T10686] Buffer I/O error on dev loop7, logical block 0, async page read [ 474.143451][T10686] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.152766][T10686] Buffer I/O error on dev loop7, logical block 0, async page read [ 474.161511][T10686] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.170895][T10686] Buffer I/O error on dev loop7, logical block 0, async page read [ 474.180096][T10686] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.189438][T10686] Buffer I/O error on dev loop7, logical block 0, async page read [ 474.197748][T10686] ldm_validate_partition_table(): Disk read failed. [ 474.204763][T10686] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.214111][T10686] Buffer I/O error on dev loop7, logical block 0, async page read [ 474.222851][T10686] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 474.232189][T10686] Buffer I/O error on dev loop7, logical block 0, async page read [ 474.241759][T10686] Dev loop7: unable to read RDB block 0 [ 474.248067][T10686] loop7: unable to read partition table [ 474.254864][T10686] loop_reread_partitions: partition scan of loop7 (R%0T$7)]W?18;9C?-z׌ 97d) failed (rc=-5) [ 474.834332][T10636] tipc: Disabling bearer [ 474.875795][T10669] tipc: Started in network mode [ 474.880939][T10669] tipc: Node identity f4f5, cluster identity 4711 [ 474.888162][T10669] tipc: Enabling of bearer rejected, failed to enable media [ 475.143362][T10693] loop7: detected capacity change from 0 to 16384 [ 476.707895][T10718] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 477.467773][T10724] loop7: detected capacity change from 0 to 16384 [ 477.516277][T10724] loop7: detected capacity change from 16384 to 16383 [ 477.838255][T10727] tipc: Started in network mode [ 477.865473][T10727] tipc: Node identity f4f5, cluster identity 4711 [ 477.892760][T10727] tipc: Enabling of bearer rejected, failed to enable media [ 477.938727][T10731] fuse: Unknown parameter '0x0000000000000004' [ 478.070649][T10733] fuse: Unknown parameter '0x0000000000000004' [ 478.077943][T10733] netlink: 'syz.4.1449': attribute type 27 has an invalid length. [ 478.197690][T10737] loop7: detected capacity change from 0 to 16384 [ 479.490546][T10749] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1457'. [ 479.515351][T10749] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1457'. [ 479.986475][T10767] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 481.615100][T10795] loop7: detected capacity change from 0 to 16384 [ 481.676201][T10795] loop7: detected capacity change from 16384 to 16383 [ 481.686108][T10795] blk_print_req_error: 7 callbacks suppressed [ 481.686159][T10795] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 481.701699][T10795] buffer_io_error: 7 callbacks suppressed [ 481.701738][T10795] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.716184][T10795] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 481.725428][T10795] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.734186][T10795] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 481.743431][T10795] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.752245][T10795] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 481.761527][T10795] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.770311][T10795] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 481.779560][T10795] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.788361][T10795] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 481.797633][T10795] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.806345][T10795] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 481.815555][T10795] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.824379][T10795] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 481.833644][T10795] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.841952][T10795] ldm_validate_partition_table(): Disk read failed. [ 481.849005][T10795] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 481.858248][T10795] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.867129][T10795] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 481.876459][T10795] Buffer I/O error on dev loop7, logical block 0, async page read [ 481.886015][T10795] Dev loop7: unable to read RDB block 0 [ 481.894675][T10795] loop7: unable to read partition table [ 481.901537][T10795] loop_reread_partitions: partition scan of loop7 (R%0T$7)]W?18;9C?-z׌ 97d) failed (rc=-5) [ 483.719928][T10822] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 484.075018][T10825] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 484.566657][T10831] loop7: detected capacity change from 0 to 16384 [ 488.746981][T10873] loop7: detected capacity change from 0 to 16384 [ 489.015460][T10876] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 489.346403][T10882] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 491.479129][T10906] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 493.057480][T10921] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 494.386479][T10954] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 495.304595][T10967] netlink: 'syz.4.1530': attribute type 30 has an invalid length. [ 495.510337][T10980] loop7: detected capacity change from 0 to 16384 [ 497.106511][T11008] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 497.847352][T11012] loop7: detected capacity change from 0 to 16384 [ 498.433973][T11017] fuse: Unknown parameter '0x0000000000000004' [ 499.720335][T11018] netlink: 'syz.7.1547': attribute type 30 has an invalid length. [ 500.912010][T11044] fuse: Unknown parameter '0x0000000000000004' [ 501.058993][T11049] 9pnet_fd: Insufficient options for proto=fd [ 501.414235][T11060] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 501.896850][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.903651][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.476979][T11062] netlink: 'syz.1.1565': attribute type 30 has an invalid length. [ 503.101375][T11084] fuse: Unknown parameter '0x0000000000000004' [ 503.667810][T11091] fuse: Unknown parameter '0x0000000000000004' [ 504.163030][T11094] 9pnet_fd: Insufficient options for proto=fd [ 504.573210][T11104] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 505.267647][T11103] fuse: Unknown parameter '0x0000000000000004' [ 505.274717][T11103] netlink: 'syz.5.1579': attribute type 27 has an invalid length. [ 505.282635][T11103] bond0: left promiscuous mode [ 505.710372][T11113] netlink: 'syz.0.1582': attribute type 30 has an invalid length. [ 505.953201][T11124] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 506.912145][T11133] 9pnet_fd: Insufficient options for proto=fd [ 508.358731][T11155] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 509.575345][T11165] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 510.083840][T11164] netlink: 'syz.4.1599': attribute type 30 has an invalid length. [ 511.001038][T11186] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 511.869559][T11207] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1612'. [ 511.916081][ T5907] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 511.952329][T11206] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 512.090122][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 512.186346][ T5907] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice= 9.75 [ 512.216086][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 512.224220][ T5907] usb 5-1: Product: syz [ 512.249374][ T5907] usb 5-1: Manufacturer: syz [ 512.254029][ T5907] usb 5-1: SerialNumber: syz [ 512.279990][ T5907] usb 5-1: config 0 descriptor?? [ 512.464731][ T5907] viperboard 5-1:0.0: version 0.00 found at bus 005 address 029 [ 512.660113][ T5907] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 512.828136][ T5907] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 513.352950][T11215] netlink: 'syz.5.1616': attribute type 30 has an invalid length. [ 513.799923][T11233] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1618'. [ 515.410069][ T5866] usb 5-1: USB disconnect, device number 29 [ 516.726131][T11264] fuse: Unknown parameter '0x0000000000000004' [ 517.280294][T11270] netlink: 'syz.5.1630': attribute type 30 has an invalid length. [ 517.538431][T11283] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 518.783433][T11294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1637'. [ 518.783449][T11294] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1637'. [ 519.075249][T11303] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 520.364342][T11321] fuse: Unknown parameter '0xffffffffffffffff' [ 520.473140][T11325] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 521.631771][T11328] netlink: 'syz.5.1648': attribute type 30 has an invalid length. [ 523.874804][T11376] loop7: detected capacity change from 0 to 16384 [ 527.134222][T11422] fuse: Unknown parameter '0xffffffffffffffff' [ 527.559935][T11427] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 528.074864][ T29] audit: type=1326 audit(1737422906.701:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11426 comm="syz.7.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d70b85d29 code=0x7ffc0000 [ 528.164098][ T29] audit: type=1326 audit(1737422906.701:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11426 comm="syz.7.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d70b85d29 code=0x7ffc0000 [ 528.280317][ T29] audit: type=1326 audit(1737422906.701:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11426 comm="syz.7.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f0d70b85d29 code=0x7ffc0000 [ 528.616014][ T29] audit: type=1326 audit(1737422906.701:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11426 comm="syz.7.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d70b85d29 code=0x7ffc0000 [ 528.784153][ T29] audit: type=1326 audit(1737422906.751:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11426 comm="syz.7.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0d70b85d29 code=0x7ffc0000 [ 528.918323][ T29] audit: type=1326 audit(1737422906.751:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11426 comm="syz.7.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d70b85d29 code=0x7ffc0000 [ 528.918510][ T29] audit: type=1326 audit(1737422906.751:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11426 comm="syz.7.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d70b85d29 code=0x7ffc0000 [ 528.918663][ T29] audit: type=1326 audit(1737422906.761:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11426 comm="syz.7.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0d70b85d29 code=0x7ffc0000 [ 528.918813][ T29] audit: type=1326 audit(1737422906.761:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11426 comm="syz.7.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d70b85d29 code=0x7ffc0000 [ 528.918965][ T29] audit: type=1326 audit(1737422906.761:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11426 comm="syz.7.1676" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d70b85d29 code=0x7ffc0000 [ 530.614830][T11470] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 533.815611][T11531] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 534.904836][T11539] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1712'. [ 535.123366][T11555] loop7: detected capacity change from 0 to 16384 [ 537.300123][T11579] syzkaller0: entered promiscuous mode [ 537.306389][T11579] syzkaller0: entered allmulticast mode [ 537.778962][T11570] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 537.849151][T11581] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 538.673336][T11597] fuse: Unknown parameter '0x0000000000000004' [ 538.691219][T11597] netlink: 'syz.5.1729': attribute type 27 has an invalid length. [ 540.293542][T11601] loop7: detected capacity change from 0 to 16384 [ 540.905765][T11603] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1733'. [ 541.923329][T11615] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 542.743541][T11628] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 544.067257][T11635] bridge0: port 3(vlan2) entered blocking state [ 544.073925][T11635] bridge0: port 3(vlan2) entered disabled state [ 544.081471][T11635] vlan2: entered allmulticast mode [ 544.417699][T11635] vlan2: left allmulticast mode [ 544.565023][T11647] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1744'. [ 545.936068][ T5865] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 545.956503][T11655] fuse: Unknown parameter '0x0000000000000003' [ 546.100492][ T5865] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 546.118924][ T5865] usb 5-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice= 9.75 [ 546.130055][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 546.147220][ T5865] usb 5-1: Product: syz [ 546.151780][ T5865] usb 5-1: Manufacturer: syz [ 546.161952][ T5865] usb 5-1: SerialNumber: syz [ 546.199235][ T5865] usb 5-1: config 0 descriptor?? [ 546.326750][ T5865] viperboard 5-1:0.0: version 0.00 found at bus 005 address 030 [ 546.395011][T11677] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 547.058030][ T5865] viperboard-i2c viperboard-i2c.2.auto: failure setting i2c_bus_freq to 100 [ 547.068992][ T5865] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5 [ 547.149988][T11681] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1755'. [ 547.877436][T11692] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1757'. [ 548.137994][T11699] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 549.292443][ T8] usb 5-1: USB disconnect, device number 30 [ 550.068028][T11717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1766'. [ 550.210499][T11725] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 551.007345][T11730] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1770'. [ 552.688801][T11745] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 552.696638][T11745] 9pnet: Unknown protocol version 9p200 [ 553.363847][T11770] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 554.031193][T11766] fuse: Unknown parameter '0x0000000000000003' [ 554.452642][T11786] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 555.236805][T11781] netlink: 'syz.7.1794': attribute type 30 has an invalid length. [ 555.259732][T11790] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1786'. [ 556.815716][T11816] trusted_key: encrypted_key: master key parameter 'uh\r:syz' is invalid [ 558.003570][T11828] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1799'. [ 558.351043][T11842] overlayfs: failed to clone upperpath [ 558.708788][T11860] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1815'. [ 559.617202][T11891] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1828'. [ 664.925881][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 664.932903][ C0] rcu: 1-...!: (1 GPs behind) idle=203c/1/0x4000000000000000 softirq=37070/37071 fqs=0 [ 664.944217][ C0] rcu: (detected by 0, t=10505 jiffies, g=45193, q=92 ncpus=2) [ 664.951874][ C0] Sending NMI from CPU 0 to CPUs 1: [ 664.951914][ C1] NMI backtrace for cpu 1 [ 664.951927][ C1] CPU: 1 UID: 0 PID: 11900 Comm: syz.5.1832 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 664.951943][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 664.951953][ C1] RIP: 0010:kasan_check_range+0x24/0x290 [ 664.951981][ C1] Code: 90 90 90 90 90 90 66 0f 1f 00 55 41 57 41 56 41 54 53 b0 01 48 85 f6 0f 84 a0 01 00 00 4c 8d 04 37 49 39 f8 0f 82 56 02 00 00 <48> 89 fd 48 c1 ed 2f 81 fd fe ff 01 00 0f 86 43 02 00 00 48 89 fb [ 664.951994][ C1] RSP: 0018:ffffc90000a18c50 EFLAGS: 00000006 [ 664.952009][ C1] RAX: ffffffff8bbdfa01 RBX: 0000000000000018 RCX: ffffffff8bbdfa70 [ 664.952020][ C1] RDX: 0000000000000001 RSI: 0000000000000018 RDI: ffff88807b5b0340 [ 664.952030][ C1] RBP: ffff88807b5b0340 R08: ffff88807b5b0358 R09: 1ffffffff2031a9e [ 664.952040][ C1] R10: dffffc0000000000 R11: fffffbfff2031a9f R12: ffff8880b872cad0 [ 664.952051][ C1] R13: ffff8880b872cad0 R14: 0000000000000000 R15: ffff88807b5b0340 [ 664.952062][ C1] FS: 00007f8ff976d6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 664.952074][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 664.952085][ C1] CR2: 00007f8ff976cf98 CR3: 000000005bc18000 CR4: 00000000003526f0 [ 664.952098][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 664.952107][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 664.952116][ C1] Call Trace: [ 664.952124][ C1] [ 664.952132][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 664.952156][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 664.952174][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 664.952193][ C1] ? nmi_handle+0x2a/0x5a0 [ 664.952216][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 664.952235][ C1] ? nmi_handle+0x14f/0x5a0 [ 664.952251][ C1] ? nmi_handle+0x2a/0x5a0 [ 664.952267][ C1] ? kasan_check_range+0x24/0x290 [ 664.952286][ C1] ? default_do_nmi+0x63/0x160 [ 664.952307][ C1] ? exc_nmi+0x123/0x1f0 [ 664.952331][ C1] ? end_repeat_nmi+0xf/0x53 [ 664.952352][ C1] ? timerqueue_add+0x191/0x290 [ 664.952370][ C1] ? timerqueue_add+0x200/0x290 [ 664.952389][ C1] ? kasan_check_range+0x24/0x290 [ 664.952409][ C1] ? kasan_check_range+0x24/0x290 [ 664.952429][ C1] ? kasan_check_range+0x24/0x290 [ 664.952449][ C1] [ 664.952454][ C1] [ 664.952460][ C1] __asan_memset+0x23/0x50 [ 664.952478][ C1] timerqueue_add+0x200/0x290 [ 664.952496][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 664.952513][ C1] enqueue_hrtimer+0x1b2/0x3c0 [ 664.952534][ C1] __hrtimer_run_queues+0x6cb/0xd30 [ 664.952561][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 664.952578][ C1] ? handle_softirqs+0x7e0/0x9b0 [ 664.952597][ C1] ? read_tsc+0x9/0x20 [ 664.952615][ C1] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 664.952634][ C1] hrtimer_interrupt+0x403/0xa40 [ 664.952662][ C1] __sysvec_apic_timer_interrupt+0x110/0x420 [ 664.952680][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 664.952696][ C1] [ 664.952701][ C1] [ 664.952706][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 664.952725][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 664.952739][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 1e 73 3e f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 03 a5 a8 f5 65 8b 05 f4 f2 3e 74 85 c0 74 43 48 c7 04 24 0e 36 [ 664.952751][ C1] RSP: 0018:ffffc9001254fba0 EFLAGS: 00000206 [ 664.952763][ C1] RAX: 7e32382b2a8ba000 RBX: 1ffff920024a9f78 RCX: ffffffff817b1e0a [ 664.952774][ C1] RDX: dffffc0000000000 RSI: ffffffff8c0a9940 RDI: 0000000000000001 [ 664.952784][ C1] RBP: ffffc9001254fc30 R08: ffffffff94280887 R09: 1ffffffff2850110 [ 664.952795][ C1] R10: dffffc0000000000 R11: fffffbfff2850111 R12: dffffc0000000000 [ 664.952806][ C1] R13: 1ffff920024a9f74 R14: ffffc9001254fbc0 R15: 0000000000000246 [ 664.952820][ C1] ? mark_lock+0x9a/0x360 [ 664.952838][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 664.952869][ C1] ? read_tsc+0x9/0x20 [ 664.952890][ C1] clock_was_set+0x686/0x810 [ 664.952907][ C1] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 664.952924][ C1] ? __pfx_clock_was_set+0x10/0x10 [ 664.952941][ C1] ? do_settimeofday64+0x328/0x5e0 [ 664.952955][ C1] ? timekeeping_update_from_shadow+0x308/0x3b0 [ 664.952972][ C1] do_settimeofday64+0x343/0x5e0 [ 664.952985][ C1] ? cap_capable+0x1b4/0x250 [ 664.953006][ C1] ? __pfx_do_settimeofday64+0x10/0x10 [ 664.953020][ C1] ? mlx4_ib_poll_cq+0xb2f/0x3c70 [ 664.953039][ C1] ? capable+0x89/0xe0 [ 664.953058][ C1] ? security_settime64+0x74/0x280 [ 664.953074][ C1] __x64_sys_clock_settime+0x23a/0x280 [ 664.953093][ C1] ? __pfx___x64_sys_clock_settime+0x10/0x10 [ 664.953109][ C1] ? do_syscall_64+0x100/0x230 [ 664.953127][ C1] ? do_syscall_64+0xb6/0x230 [ 664.953144][ C1] do_syscall_64+0xf3/0x230 [ 664.953160][ C1] ? clear_bhb_loop+0x35/0x90 [ 664.953178][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.953195][ C1] RIP: 0033:0x7f8ff8985d29 [ 664.953209][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 664.953221][ C1] RSP: 002b:00007f8ff976d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3 [ 664.953235][ C1] RAX: ffffffffffffffda RBX: 00007f8ff8b75fa0 RCX: 00007f8ff8985d29 [ 664.953246][ C1] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000000 [ 664.953255][ C1] RBP: 00007f8ff8a01b08 R08: 0000000000000000 R09: 0000000000000000 [ 664.953264][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.953273][ C1] R13: 0000000000000000 R14: 00007f8ff8b75fa0 R15: 00007ffcccf96d28 [ 664.953290][ C1] [ 664.953905][ C0] rcu: rcu_preempt kthread starved for 10505 jiffies! g45193 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 665.522975][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 665.533001][ C0] rcu: RCU grace-period kthread stack dump: [ 665.538901][ C0] task:rcu_preempt state:R running task stack:26264 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 665.550667][ C0] Call Trace: [ 665.553966][ C0] [ 665.556907][ C0] __schedule+0x17fb/0x4be0 [ 665.561453][ C0] ? __pfx___schedule+0x10/0x10 [ 665.566317][ C0] ? __pfx_lock_release+0x10/0x10 [ 665.571358][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 665.577701][ C0] ? schedule+0x90/0x320 [ 665.581954][ C0] schedule+0x14b/0x320 [ 665.586126][ C0] schedule_timeout+0x15a/0x290 [ 665.590991][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 665.596377][ C0] ? __pfx_process_timeout+0x10/0x10 [ 665.601684][ C0] ? prepare_to_swait_event+0x330/0x350 [ 665.607246][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 665.612105][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 665.617313][ C0] ? rcu_gp_init+0x1256/0x1630 [ 665.622092][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 665.627036][ C0] ? __pfx_rcu_watching_snap_save+0x10/0x10 [ 665.632951][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 665.638247][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 665.644177][ C0] ? finish_swait+0xd4/0x1e0 [ 665.648799][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 665.653418][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 665.658631][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 665.664543][ C0] ? __kthread_parkme+0x169/0x1d0 [ 665.669578][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 665.674795][ C0] kthread+0x2f0/0x390 [ 665.678878][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 665.684089][ C0] ? __pfx_kthread+0x10/0x10 [ 665.688690][ C0] ret_from_fork+0x4b/0x80 [ 665.693143][ C0] ? __pfx_kthread+0x10/0x10 [ 665.697745][ C0] ret_from_fork_asm+0x1a/0x30 [ 665.702542][ C0] [ 665.705564][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 665.711899][ C0] CPU: 0 UID: 0 PID: 11902 Comm: syz.4.1833 Not tainted 6.13.0-syzkaller-00164-g100ceb4817a2 #0 [ 665.722329][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 665.732388][ C0] RIP: 0010:smp_call_function_many_cond+0x19f3/0x2c60 [ 665.739165][ C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 46 ed 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 f1 e8 0b 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 d5 e8 [ 665.758782][ C0] RSP: 0018:ffffc9001258f980 EFLAGS: 00000246 [ 665.764859][ C0] RAX: ffffffff81938bdb RBX: 1ffff110170e88c1 RCX: 0000000000080000 [ 665.772840][ C0] RDX: ffffc9000cd92000 RSI: 000000000007ffff RDI: 0000000000080000 [ 665.780827][ C0] RBP: ffffc9001258fb80 R08: ffffffff81938baa R09: 1ffffffff2850110 [ 665.788827][ C0] R10: dffffc0000000000 R11: fffffbfff2850111 R12: dffffc0000000000 [ 665.796815][ C0] R13: ffff8880b8744608 R14: ffff8880b863f980 R15: 0000000000000001 [ 665.804793][ C0] FS: 00007f06c16796c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 665.813732][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 665.820324][ C0] CR2: 0000000020000144 CR3: 0000000069c6e000 CR4: 00000000003526f0 [ 665.828302][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 665.836282][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 665.844262][ C0] Call Trace: [ 665.847545][ C0] [ 665.850395][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 665.856748][ C0] ? print_other_cpu_stall+0x1481/0x15c0 [ 665.862400][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 665.868215][ C0] ? cgroup_rstat_updated+0x13b/0xc30 [ 665.873606][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 665.879860][ C0] ? rcu_sched_clock_irq+0xa26/0x10e0 [ 665.885262][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 665.890921][ C0] ? update_process_times+0x242/0x2f0 [ 665.896304][ C0] ? tick_nohz_handler+0x37c/0x500 [ 665.901423][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 665.906889][ C0] ? __hrtimer_run_queues+0x551/0xd30 [ 665.912296][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 665.918033][ C0] ? sched_clock+0x4a/0x70 [ 665.922466][ C0] ? read_tsc+0x9/0x20 [ 665.926545][ C0] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 665.932627][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 665.937773][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 665.943943][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 665.949759][ C0] [ 665.952697][ C0] [ 665.955632][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 665.961802][ C0] ? smp_call_function_many_cond+0x19da/0x2c60 [ 665.967966][ C0] ? smp_call_function_many_cond+0x1a0b/0x2c60 [ 665.974222][ C0] ? smp_call_function_many_cond+0x19f3/0x2c60 [ 665.980412][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 665.985542][ C0] ? __pfx___text_poke+0x10/0x10 [ 665.990494][ C0] ? __pfx___might_resched+0x10/0x10 [ 665.995786][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 666.002210][ C0] ? __pfx___might_resched+0x10/0x10 [ 666.007510][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 666.012549][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 666.017674][ C0] text_poke_bp_batch+0x352/0xb30 [ 666.022708][ C0] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 666.028702][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 666.033734][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 666.039296][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 666.045550][ C0] ? __jump_label_update+0x379/0x3a0 [ 666.050850][ C0] text_poke_finish+0x30/0x50 [ 666.055541][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 666.061534][ C0] static_key_slow_inc_cpuslocked+0x80/0xf0 [ 666.067440][ C0] static_key_slow_inc+0x1a/0x30 [ 666.072391][ C0] io_uring_create+0xf2/0xc00 [ 666.077074][ C0] ? __might_fault+0xc6/0x120 [ 666.081766][ C0] __se_sys_io_uring_setup+0x2ba/0x330 [ 666.087238][ C0] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 666.093242][ C0] ? do_syscall_64+0x100/0x230 [ 666.098022][ C0] ? do_syscall_64+0xb6/0x230 [ 666.102709][ C0] do_syscall_64+0xf3/0x230 [ 666.107222][ C0] ? clear_bhb_loop+0x35/0x90 [ 666.111917][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.117817][ C0] RIP: 0033:0x7f06c0785d29 [ 666.122241][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.141863][ C0] RSP: 002b:00007f06c1678fc8 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 666.150293][ C0] RAX: ffffffffffffffda RBX: 00007f06c0975fa0 RCX: 00007f06c0785d29 [ 666.158270][ C0] RDX: 0000000020000800 RSI: 0000000020000140 RDI: 0000000000000110 [ 666.166244][ C0] RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000020000800 [ 666.174218][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.182191][ C0] R13: 00000000200007c0 R14: 0000000000000110 R15: 0000000020000800 [ 666.190183][ C0]