last executing test programs: 25m17.781673573s ago: executing program 1 (id=356): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1802000005"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x7a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xa, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0) socket$inet(0x2, 0x5, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x1a5102, 0x0) syz_open_dev$vim2m(&(0x7f00000000c0), 0x8, 0x2) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @remote}) sendmsg(r4, &(0x7f0000000c00)={&(0x7f0000000440)=@xdp={0x2c, 0xc, 0x0, 0x3a}, 0x80, &(0x7f0000000b40)=[{&(0x7f00000004c0)="ef0624c98facd2981357ceeca4081c5c4134688e24347580c280553deac81fb1798e8afc0e170ba65b97b3786ea7f80a372399960b980e33411c91da0ebd4613b93b62dca0510c52695589884b3eac2fcc45cba191ec010345e64ba17c2558ce8aa9cdb9517f57d46db6fe6344ef1c995e8efa0dd4ca15a0eba9432912a59e869574074e8f656a62477e3834474853a04f2e2cef3556960946a6e69baf76aa831bc0bc8ba3438cfd70c5e5e60e333992f79a70182246fc7c435d2e10bc72ed3dd135a008066914af615fe4458e5a9e530af2f06a6612e027ddbeed2a17a3a868759c16c49f3069a9dda3491d01116b45b0", 0xf1}, {&(0x7f00000005c0)="9231b7fb0efd81a5fba4c005db75f3a1fe9ffe26a07eacb074760f92c9b614a82ca8d0e773e4e93d100c3bdab7581ff469653ed98c829c23dc24c18ffda0741718522c89900c2269d3c8d2b5a2aa46b47b1227adb293e3fe201594c61d3b60e67ac50810dbeeccc27705d0ed9ebf0fa378d4679b6354fe857017eb32a21f684ebcf28f883b4e848dfcd19551e470637b767e9293dd003cf29b1f9346757a13ff01c936ff24845352784122dc869ef79d8e143ba84ecda005ed64cdad7f99a8f95cef6e69a1633aea364ac3809d7f2dd751d5fdaa18a28e73825bf1", 0xdb}, {&(0x7f00000006c0)="a67e2ce043c4b5414071c8831d595a016135b1ff5fd8cdd3e1d45f53b0c8c877362ff1f43f07c9d4767d35443b9e132c5efbd62af404b9fac46885c461f87296b1da9f4a507a42621edcfc3b8e0d4e1d2f1ce0501343d4db418bed9bcc12fa46cb3763dd8614d6a4c8b0ac9d65d5f8c6aa3a07235de60dfeaef32290636f797531b21ebb6519b43201be4cb50783cd4204f0934c5d1b68aada70cb94621122064d33d8ed55291bb992e94e8fc964c0", 0xaf}, {&(0x7f0000000780)="c898eb20eec7f234f5dbcd747e066f1384b1d3af6eda4bafe2324d81d757b4510e1ba054ae0c9f902571ef225240898a8f18808e996e1d2b463257564d53fa78b4c4db1fa0c67fd952e3210f988d01a16676e8545ccba01820e1877112fe36e396428a42ee", 0x65}, {&(0x7f0000000a40)="1b246c8886f1968b4708a67eb46f904b0ad6cb888502d9737ef2b0ccaebb85b06ed6323984458041d3a73862e70b81db7202322d129eb843b3fab1d926a8ac369a8e98ff3e88952fc077f102c205592f950342af100a6b67cd8763b81fc1c9c117e216d060a23c6cbf1e6ce38ea4aa97e2953fe46c1630511de1059860e276345b48d03ae2ea31986334d10052e8eb7d066e1a6941fbb69917c7e2abb8dc6e0e0f1fc705344535c9925228f842589abb07ab7e78", 0xb4}, {0x0}, {&(0x7f0000000940)="5fc9a1e794130799f2cf73ef74b1665b96563e7dc0daf05b8dddcc6f0de2d490cb988777b0f21997703054f4e99a617439948f9945c4e39665acdf5dccb9e53ffc60a7d451382f9cf60efcb6f6432e5b796760c3d866a8f7296ef8db07d59646b67ba1982367b63cdeb1c36996ee6affcb81aba708ad41ddd5864a", 0x7b}, {&(0x7f00000009c0)}, {&(0x7f0000000c80)="3107a9c2c3dcfe4af3f9e72f5938630f1abaea161b35d1133acb1bfd4c09ae10c2477ef1e23ce5a327700fa3b82bf7138dbc0735da867245b295fe0d3e68fcfdcc27d11ca69174adbf54e11fe10a7461db12ba9e68a1518b54c17c708cf7ff819d3517fa3474e26f82abe651bcbfb37a5257a0fff4b44d64e52fef7a89af9d4c0f9825c0712ad29c", 0x88}, {&(0x7f0000000b00)="19744e8a697552714a", 0x9}], 0xa, &(0x7f0000001ac0)=ANY=[], 0x11d0}, 0x10) r5 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00') ioctl$NS_GET_OWNER_UID(r5, 0xb704, &(0x7f0000000080)) pread64(r5, &(0x7f0000002300)=""/171, 0xab, 0x20000000000007) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x80}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000040)="3700000013000318680907070000000f0000ff3f13000000170a001700000000040037000d00030001362564aa58b9a6c011f6bbf44dc4", 0x37}], 0x1) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000030000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r8}, 0x4) 25m7.894009137s ago: executing program 1 (id=377): r0 = io_uring_setup(0x1293, &(0x7f0000000400)={0x0, 0x631d, 0x1000, 0x1, 0x2dc}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r0, 0x1e, &(0x7f0000000040)={0xac, 0x0, &(0x7f0000000000)=[0xffffffffffffffff]}, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1806000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="000000000000007d3403000000000000850000000c000000b7070000000000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r6, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000001040)={'icmp6\x00'}, &(0x7f0000001080)=0x1e) r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1}) r8 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r8, 0xc00c643c, &(0x7f0000000300)) 25m6.651868116s ago: executing program 1 (id=378): openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x14dc02, 0x0) r0 = syz_io_uring_setup(0x231, &(0x7f0000001240)={0x0, 0x8cc8, 0x10100, 0x2, 0x3a9}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r6, 0x40044160, 0x0) ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffff86}) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x5}, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r7, &(0x7f0000000040)=0x1f00, 0x12) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0xfffffffffffffc76) 25m5.513785893s ago: executing program 1 (id=379): r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%(:.', 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000e80)=ANY=[@ANYRES32=0x0, @ANYBLOB="05"], 0x9) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x38, 0x1412, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8, 0x4b, 0x7ffff}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8}]}, 0x38}}, 0x0) sendto$inet6(r1, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000340)={0x0, 0x5}, 0x8) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x82) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x16}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x1001402, 0x0) 25m5.111908091s ago: executing program 1 (id=381): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x4, 0x6, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40841, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="00001b1de4356c052e79aaaaaaaaaaaa88a800008100000086dd6017785c00182f0000000000000000000000000000000000fe80000000000000000000000000000e800086dd"], 0xfdef) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000500)='workqueue_queue_work\x00', r2}, 0x10) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) r5 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) mkdir(&(0x7f0000000400)='./file1/file0\x00', 0x0) chdir(&(0x7f00000001c0)='./bus\x00') setregid(0x0, r6) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000100000000000080020"], 0x24, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{0x0, 0x3, 0x0, 0x3}, 'syz0\x00', 0x2}) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xee) ioctl$UI_DEV_CREATE(r0, 0x5501) 25m4.777577818s ago: executing program 1 (id=385): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000084000040"]) 25m4.53325135s ago: executing program 32 (id=385): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000084000040"]) 24m46.773290046s ago: executing program 2 (id=432): close(0xffffffffffffffff) r0 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0x1}], 0x1}, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x34, r3, 0x1, 0x0, 0x0, {0xb}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x3) 24m45.394955765s ago: executing program 2 (id=437): r0 = io_uring_setup(0x25f5, &(0x7f0000000340)={0x0, 0x97b1, 0x1a8b482faa816a84, 0x0, 0x257}) io_uring_enter(r0, 0x2000000, 0x2, 0xf, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x40203, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000340)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-256-generic\x00'}, 0x58) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000240)={0xa, @sliced={0x7, [0x80, 0x9, 0x3, 0x7d, 0x4, 0x5, 0x0, 0x86, 0x6, 0x5101, 0xf74b, 0x7ff, 0xfffd, 0xbef0, 0xffff, 0x70, 0x5, 0x100, 0x7, 0xe, 0x6, 0x7, 0x754, 0x3, 0x4, 0x2, 0xebf3, 0x0, 0x7, 0x0, 0x0, 0x4, 0x9, 0xb, 0x7, 0x50e3, 0xd597, 0xffff, 0x3ff, 0x8, 0x1, 0x80, 0x7, 0x6, 0x8, 0x4, 0xfffd, 0x4], 0xd}}) semget$private(0x0, 0x4, 0x0) unshare(0x56010980) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a300000000068000000090a010400000000000000000100000008000a4000000000200011800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30000000000900020073797a3200000000080005400000001f0c000980080001400037"], 0xb0}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r7, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="20000000010a0103"], 0x20}}, 0xa291dae356942430) syz_open_dev$vim2m(&(0x7f0000000080), 0x9, 0x2) lseek(r1, 0x400000000000000, 0x3) bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="140000002a000b6c8cff00f90429fc60010f5ddf", 0x14}], 0x1}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 24m35.601333073s ago: executing program 2 (id=454): setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, 0x0}, 0x0) syz_emit_ethernet(0x99, &(0x7f0000000200)={@local, @empty, @void, {@llc={0x4, {@llc={0x8e, 0xf4, "4d11", "e3ec96c4649f38cc6bbc028d8ff24126ab6893c4cc4a7e152a30c7a6c530763065c96b7fa8b36e20518b5d68e2b58c11337f7543745afd48d6c0eb668bf083d26cae3fe74eca76924bfc704457cca99bc11afe98030541f071344df6c0eb1f3398ae38fa04014032f29cebdbd7407ced543923000ffc58d07cfd5a1915d08d47fad53ade467a68"}}}}}, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x4, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000500), r0) sendmsg$NLBL_CIPSOV4_C_LIST(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}}, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = fsopen(&(0x7f0000000100)='squashfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000004c0)=@nat={'nat\x00', 0x8, 0x5, 0x380, 0x0, 0x188, 0xffffffff, 0x230, 0x188, 0x2e8, 0x2e8, 0xffffffff, 0x2e8, 0x2e8, 0x5, 0x0, {[{{@uncond, 0xae01, 0x98, 0xd0, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x0, 0x1}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x15, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @gre_key=0xc3, @port=0x4}}}}, {{@ip={@broadcast, @private, 0xffffff00, 0xff000000, 'vlan1\x00', 'geneve1\x00', {}, {}, 0x4}, 0x3f5, 0x70, 0xb8}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv4, @ipv6=@local, @icmp_id, @gre_key=0x7}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0x19}, @rand_addr=0x64010102, 0x0, 0xff, 'team0\x00', 'lo\x00', {}, {0xff}, 0x16, 0x3, 0x8}, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @dev={0xac, 0x14, 0x14, 0x19}, @multicast1, @icmp_id}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, 0xff000000, 'syzkaller0\x00', 'gretap0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x15, @ipv6=@private0, @ipv6=@mcast1, @port=0x4e22, @gre_key=0x9}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3e0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) 24m33.478850537s ago: executing program 2 (id=463): ioctl$FS_IOC_GET_ENCRYPTION_NONCE(0xffffffffffffffff, 0x8010661b, &(0x7f0000000080)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xc}}}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 24m32.050125497s ago: executing program 2 (id=469): syz_open_dev$video4linux(&(0x7f0000000080), 0x200000000000, 0x80000) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000c00)={0x14, 0x0, 0x680822d7e3b5f37d}, 0x14}}, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x26, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x400000000000000, 0x0, 0x0}, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r5, 0x0, 0x0, 0x0, 0x0}) r7 = signalfd(0xffffffffffffffff, &(0x7f0000000040)={[0xffffffff7fffffff]}, 0x8) fcntl$lock(r7, 0x7, &(0x7f0000000000)={0x1, 0x0, 0x100000000000, 0x0, 0xffffffffffffffff}) syz_clone3(&(0x7f00000006c0)={0x380020100, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, &(0x7f0000000400)=""/9, 0x0, 0x0, {r7}}, 0x58) ioctl$IOMMU_HWPT_ALLOC$NONE(r4, 0x3b89, &(0x7f00000001c0)={0x28, 0x0, r6, r5, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000180)={0x28, 0x4, r5, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7}) ioctl$IOMMU_IOAS_UNMAP$ALL(r4, 0x3b86, &(0x7f0000000080)={0x18, r5}) 24m30.806830981s ago: executing program 2 (id=471): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x10, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYRES32, @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7f) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x400000000000000, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="020300090a0000000000000000000200030006000000000002000000ac1414bb00000000000000000200010000000000fd000504feffff4b030005000000000002"], 0x50}}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x40300, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) write$P9_RFLUSH(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000080)={0x0, 0x8, 0x2, {0x2, @sliced={0x0, [0x3, 0x0, 0x0, 0x5, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5]}}}) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000300)={0x2, @vbi={0xfffffffd, 0x6, 0x8, 0x3234564e, [0x800, 0x4], [0x527, 0x2]}}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) sched_setscheduler(0x0, 0x4, &(0x7f0000000300)=0x3) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[], 0x50) socket$nl_xfrm(0x10, 0x3, 0x6) r6 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000500)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r6, 0x1c303911) keyctl$read(0xb, r6, &(0x7f0000000340)=""/172, 0xfffffffffffffe69) 24m15.085815317s ago: executing program 33 (id=471): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x10, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYRES32, @ANYRES32], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7f) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) socket$nl_netfilter(0x10, 0x3, 0xc) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x400000000000000, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="020300090a0000000000000000000200030006000000000002000000ac1414bb00000000000000000200010000000000fd000504feffff4b030005000000000002"], 0x50}}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x40300, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) write$P9_RFLUSH(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000080)={0x0, 0x8, 0x2, {0x2, @sliced={0x0, [0x3, 0x0, 0x0, 0x5, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5]}}}) ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000300)={0x2, @vbi={0xfffffffd, 0x6, 0x8, 0x3234564e, [0x800, 0x4], [0x527, 0x2]}}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) sched_setscheduler(0x0, 0x4, &(0x7f0000000300)=0x3) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[], 0x50) socket$nl_xfrm(0x10, 0x3, 0x6) r6 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000500)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r6, 0x1c303911) keyctl$read(0xb, r6, &(0x7f0000000340)=""/172, 0xfffffffffffffe69) 23m34.876444661s ago: executing program 4 (id=599): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='limits\x00') bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r1, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000100)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, &(0x7f0000000180)=[0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x57, &(0x7f0000000480)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0x89, 0x8, 0x8, &(0x7f0000000540)}}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xc, 0xe, &(0x7f0000001600)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea018512babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7acbf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000005d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd353646000000000000000000002b0000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c30180000000000000c03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3e16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e2e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54ae54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db55474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1386f5800"], &(0x7f0000000340)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x350, 0xa8, 0x0, 0xfbffffff, 0x0, 0x140, 0x2b8, 0x2b8, 0xffffffff, 0x2b8, 0x2b8, 0x5, 0x0, {[{{@ip={@broadcast, @local, 0x0, 0x0, 'geneve1\x00', 'geneve0\x00'}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x2, {0x3, @empty, @local, @port, @icmp_id}}}}, {{@uncond, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xa8}}, {{@uncond, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @multicast}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="07000000040000000800000004"], 0x50) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000080)={r6}, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setgid(0xee00) setresuid(0x0, 0xee00, 0xee00) r7 = shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmmsg(r8, &(0x7f0000002080)=[{{0x0, 0x0, 0x0}, 0xeb}], 0x1, 0x12000, 0x0) shmat(r7, &(0x7f0000ffd000/0x3000)=nil, 0x7000) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r10) sendmsg$IEEE802154_LLSEC_SETPARAMS(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, r11, 0x1, 0x70bd2a, 0x25dfdc00}, 0x14}, 0x1, 0x0, 0x0, 0x4008001}, 0x20000800) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f00000001c0)={0x400, 0x300, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, {}, {0x0, 0x0, 0x1}, {0xffffffff}, {0x0, 0x1}, 0x0, 0x3f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20800003, 0xb, 0x4000, 0x0, 0x7, 0x2, 0x0, 0xb}) syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0), r1) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0x77, 0x0, &(0x7f00000002c0)="b9ff030711a5268c019e14f088a847e0ffff001240000e00000000000000e000030a94029f000000810000000000000000000000553eb891a390419480a97615e63ba9793d3f9af2e2efc58ec8aca7c628cc92b2fca1ebd282dc14769e20a6a1e373a576f593ba57a5436f1a693ad7a54d5502633a5438", 0x0, 0x0, 0x60000000, 0x48, 0x0, 0x0, 0x0}, 0x50) setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000700)=0x7, 0x4) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a2400010000000900010073797a30000000000400060014000000060a0104000000000000000001000000140000001100010000000000000000000000000a00"/96], 0x60}}, 0x0) 23m30.232510942s ago: executing program 4 (id=614): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r5}, 0x10) r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8) close(r7) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x700, 0x0}, 0x10) 23m29.996236387s ago: executing program 4 (id=616): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18000100000039e3"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) userfaultfd(0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000001ec0)=[{{&(0x7f00000003c0)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x10}}, {{0x0, 0x0, &(0x7f0000001c40), 0x0, 0x0, 0x0, 0x4000}}, {{&(0x7f0000001d00)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001e80)=[{&(0x7f0000001d80)}], 0x1, 0x0, 0x0, 0x24000004}}], 0x3, 0x4000) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r7, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffe, 0x0, 0x0, @buffer={0x0, 0x18, &(0x7f0000000140)=""/24}, &(0x7f0000000380), 0x0, 0xfffffffb, 0x39, 0x0, 0x0}) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e22, 0xfffffffe, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x5}, 0x1c) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x2000008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000006c0)=@bpf_lsm={0xd, 0x5, &(0x7f00000000c0)=@framed={{0x76, 0xa, 0x0, 0x0, 0xfffffffc, 0x61, 0x11, 0x68}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001280)=ANY=[@ANYBLOB="840100001800010000000000000000001d0109004d000f"], 0x184}}, 0x0) r8 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r8, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020500020a0000000000000000000000030006000000000002000000ac1e0001000000000000000002000100000000000000060300000020030005000000000002"], 0x50}, 0x1, 0x7}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 23m28.779018994s ago: executing program 4 (id=622): syz_usb_connect(0x2, 0x0, 0x0, 0x0) mkdir(&(0x7f00000007c0)='./file0\x00', 0x20) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x8, 0x0, "700c1e0ac74f001f631b3214561afe200900"}) mount$bind(&(0x7f0000000300)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8) sendto$inet6(r1, &(0x7f00000004c0)='W', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0x8}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x1001402, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 23m27.132981914s ago: executing program 4 (id=631): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000780)=@base={0xa, 0x16, 0x800, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) prctl$PR_SET_MM(0x23, 0xb, &(0x7f0000ffb000/0x2000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) io_setup(0x2, &(0x7f0000000200)=0x0) r4 = eventfd2(0x0, 0x0) io_getevents(r3, 0x1, 0x1, &(0x7f0000000080)=[{}], 0x0) io_submit(r3, 0x1, &(0x7f0000000680)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x3, r4}]) setpriority(0x1, 0xffffffffffffffff, 0xb) r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) r6 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r5, 0x0, 0x8f) socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x8, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @generic={0x61, 0x0, 0x0, 0xa00}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@x, {0x3, 0x0}, {}, {}, {}, {0x5, 0x0, 0xb, 0x2}}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) 23m26.273230069s ago: executing program 4 (id=634): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$DRM_IOCTL_GET_CAP(r1, 0xc010640c, &(0x7f0000000080)={0x7}) r2 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0) fcntl$setlease(r2, 0x400, 0x1) fcntl$getflags(r2, 0x401) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000600000000000000000ec87e97343836b", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc0908000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000000000000dbaaf0ff50000000bf8620000000000007080000f8ffffffbfa400000000000007040000f0ffffff770000000800000018220000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_open_dev$loop(&(0x7f00000001c0), 0x5749, 0x408882) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)={0x0, 0x0, 0x27f}) ioctl$sock_bt_hci(r7, 0x800448d3, 0x0) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r8, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000040)={0x0, 0x0, r2}) 23m24.920212973s ago: executing program 34 (id=634): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0) ioctl$DRM_IOCTL_GET_CAP(r1, 0xc010640c, &(0x7f0000000080)={0x7}) r2 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0) fcntl$setlease(r2, 0x400, 0x1) fcntl$getflags(r2, 0x401) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000600000000000000000ec87e97343836b", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bc0908000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000000000000dbaaf0ff50000000bf8620000000000007080000f8ffffffbfa400000000000007040000f0ffffff770000000800000018220000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_open_dev$loop(&(0x7f00000001c0), 0x5749, 0x408882) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)={0x0, 0x0, 0x27f}) ioctl$sock_bt_hci(r7, 0x800448d3, 0x0) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r8, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000040)={0x0, 0x0, r2}) 19.156714258s ago: executing program 5 (id=4331): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001000000b0a0fa1ca682f8989dfe5c1850326101effb4c8b50d81a3c6778eaa132faecc4bde467fe5c34860495937949a3de9b41dc5753c5e6c4da6f1badf3ac917b", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0], 0x48) fsopen(0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x2c, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e24, 0x68, @loopback, 0xc2}]}, &(0x7f0000000180)=0x10) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB="000000000000000000000033d593cada2e7dbc00", @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) write(r6, &(0x7f0000000280), 0x0) ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000000)={0x7, @pix_mp={0x6, 0x401, 0x47504a4d, 0x2, 0x8, [{0x9, 0x2}, {0x7, 0x200008}, {0x4, 0xf533}, {0x54b, 0x80000001}, {0x7, 0x8}, {0x3, 0x401}, {0x8, 0x8b9}, {0x6, 0x3}], 0x5, 0x8, 0x0, 0x1}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='mm_page_free\x00', r5}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000002000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r7, 0x2000012, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9}, 0x50) socket$nl_route(0x10, 0x3, 0x0) 16.873702462s ago: executing program 5 (id=4339): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r1 = dup(0xffffffffffffffff) write$FUSE_DIRENTPLUS(r1, 0x0, 0xb0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85000000750000000400000007"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) getrlimit(0x2, &(0x7f0000000000)) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0) mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB="2373793a73797a302e6261516bfa3788b600"], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) 15.229295361s ago: executing program 5 (id=4343): ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x0, 'veth1_to_bridge\x00', {0x2}, 0x3}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020025797a31000000000900010073797a3000000000080005400000001c"], 0xe8}}, 0x40000) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000340)=ANY=[@ANYRES16=r1], 0x8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r1, &(0x7f00000000c0)="832a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000300)) dup(r2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x84, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x58, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xac}}, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x0, 0x0, 0x34324152, 0x2, 0xb, [{0x4}, {}, {}, {0xfffffffd}, {}, {0x20a, 0x1000000}]}}) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='iocharset', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x3, &(0x7f0000001300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) 11.130705839s ago: executing program 7 (id=4353): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r1 = dup(0xffffffffffffffff) write$FUSE_DIRENTPLUS(r1, 0x0, 0xb0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85000000750000000400000007"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) getrlimit(0x2, &(0x7f0000000000)) sendto(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0) mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB="2373793a73797a302e6261516bfa3788b600"], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) 9.397143721s ago: executing program 7 (id=4356): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c0002800500010000000000240002801400018008000100000000000800"], 0x64}, 0x1, 0x0, 0x0, 0x11}, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x11, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f00000003c0)={'wlan1\x00', {0x2, 0x0, @empty=0xcf050000}}) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="06001500070000000c0016"], 0x38}}, 0x10) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.throttle.io_serviced\x00', 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94) creat(&(0x7f00000001c0)='./file0\x00', 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0000000000000000000002000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000380)={{r6}, &(0x7f0000000280), &(0x7f00000002c0)='%pB \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r5, 0x0, 0x1}, 0x18) openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000001180)=0x2000001) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r7, 0x0) r8 = epoll_create1(0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r9, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r10, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4008031, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000180)) ioctl$SNDCTL_DSP_GETOPTR(r7, 0x5008, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r7, 0x8010500c, &(0x7f00000000c0)) r11 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r11, 0x83, 0x10, &(0x7f0000000000)=@ready={0x0, 0x0, 0x8, 'BBBB'}) 9.386060661s ago: executing program 3 (id=4357): shmget(0x1, 0x4000, 0x100, &(0x7f0000ffa000/0x4000)=nil) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001000000b0a0fa1ca682f8989dfe5c1850326101effb4c8b50d81a3c6778eaa132faecc4bde467fe5c34860495937949a3de9b41dc5753c5e6c4da6f1badf3ac917b25420cf565eabac8e0285301a3126a53491c4d245fe40d29fc92909a10813d1c12a126e4b2a032c1b1ddf41acc075c9e8e9cf1dcfb8222616bee3389363dfc6b1ddbab54f8ace9cfaddd0c91ec122b5565338b99cdd7410da130c694a191fcd1497b9c1e8c20019b220b1197f54388e5fd6a0049fd7d2316", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x2c, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e24, 0x68, @loopback, 0xc2}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000000)={r3}, &(0x7f0000000080)=0x10) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB="000000000000000000000033d593cada2e7dbc00", @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write(0xffffffffffffffff, &(0x7f0000000280), 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000000)={0x7, @pix_mp={0x6, 0x401, 0x47504a4d, 0x2, 0x8, [{0x9, 0x2}, {0x7, 0x200008}, {0x4, 0xf533}, {0x54b, 0x80000001}, {0x7, 0x8}, {0x3, 0x401}, {0x8, 0x8b9}, {0x6, 0x3}], 0x5, 0x8, 0x0, 0x1}}) 9.074405639s ago: executing program 3 (id=4359): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() syz_emit_vhci(&(0x7f00000015c0)=ANY=[@ANYBLOB], 0x102) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r5, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000100)={r6, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x4], [0x0, 0x0, 0x0, 0x40000], [0x0, 0x0, 0x1]}) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000300)={r6}) ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f00000002c0)={r7}) r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r9 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r10, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r9, 0xc06864ce, &(0x7f0000000100)={r11, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x4], [0x0, 0x0, 0x0, 0x40000], [0x0, 0x0, 0x1]}) ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000300)={r11}) ioctl$DRM_IOCTL_GEM_FLINK(r8, 0xc008640a, &(0x7f00000002c0)={r12}) 7.596673221s ago: executing program 3 (id=4360): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, 0x0, 0x0) close(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40042, 0x1fe) close(r3) execveat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x10800) 7.297436096s ago: executing program 6 (id=4361): r0 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x6, 0x101400) ioctl$VIDIOC_G_CTRL(r0, 0xc008561b, &(0x7f0000000000)={0x9a0001, 0x1f2}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x3) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10) sendto$inet(r3, &(0x7f0000000040)="a6", 0x100b20, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f00000001c0)=@ccm_128={{0x304}, "180b3b9f0998b9f3", "3b93de3621fc00d800", "0524bd2a", "bacf471a2442012b"}, 0x28) 7.264015976s ago: executing program 0 (id=4362): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty, 0x4}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x3, @mcast2}}, {{0xa, 0x0, 0x2, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0xa4ffffff, @rand_addr=' \x01\x00'}}}, 0x15a) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) mknodat(r2, &(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) unshare(0x20000600) unshare(0x2a020480) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@workdir={'workdir', 0x3d, './bus'}}]}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) 6.49104468s ago: executing program 3 (id=4363): timer_create(0x0, 0x0, &(0x7f0000044000)=0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) futimesat(0xffffffffffffffff, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) timer_settime(r2, 0x0, 0x0, 0x0) timer_delete(r0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xa0090199) r3 = socket$tipc(0x1e, 0x1, 0x0) bind$tipc(r3, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r3, 0x0) recvmmsg(r3, &(0x7f0000002580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/146, 0x92}], 0x1}}], 0x1, 0x0, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x2, &(0x7f00000003c0)=[0x0, 0xffffffffffffffff]) statx(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0x6000, 0x4, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r7}, 0x2c, {'rootmode', 0x3d, 0x1000}}) read$FUSE(r7, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r7, &(0x7f0000002300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064daa2bac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c252074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e1024a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b6732ced59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b4dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca365892a2b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b3", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)={0x130, 0x0, 0x400, {0x1, 0x7, 0x0, '\x00', {0x7ff, 0xa2a, 0x4, 0x8000, r8, r9, 0x1000, '\x00', 0x1, 0x2, 0xb4e7, 0x2, {0x8003, 0x8}, {0x6, 0x10001}, {0x100000000, 0x7}, {0x4, 0xa00}, 0x8000, 0xb, 0x4, 0x3}}}}) r10 = getegid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000440)={{0x1, 0x1, 0x18, r3, {0xee01, 0xee01}}, './file0\x00'}) fstat(r3, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x7, &(0x7f0000000480)=[r4, r5, r6, r9, r10, r11, r12]) r13 = syz_usb_connect(0x6, 0x3f, &(0x7f0000000140)=ANY=[@ANYRESHEX=r3], 0x0) syz_usb_control_io(r13, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3, {0x8}}, './file0\x00'}) sendmsg$NFT_BATCH(r14, &(0x7f0000000200)={&(0x7f0000000180), 0xc, &(0x7f00000001c0)={&(0x7f0000000840)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELSET={0x1fc, 0xb, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0xd}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x2}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x2}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x9}, @NFTA_SET_ID={0x8}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_HANDLE={0xc, 0x10, 0x1, 0x0, 0x5}, @NFTA_SET_DESC={0x1a8, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x184, 0x2, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x200}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7fff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80000000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffff00}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xf}]}, {0x54, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1ff8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7a}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x5}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x1000}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0x2c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x816}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x200}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}]}, {0x34, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xbfa1}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfff}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x80}]}, {0x1c, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfffffff3}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xc02}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_SET_DESC_CONCAT={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}]}]}]}, @NFT_MSG_NEWCHAIN={0x88, 0x3, 0xa, 0x401, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x20, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x36ed478b}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth1_virt_wifi\x00'}]}, @NFTA_CHAIN_COUNTERS={0x34, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x4}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x4ec}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xfffffffffffffffc}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x5}]}]}, @NFT_MSG_NEWFLOWTABLE={0xc8, 0x16, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_HOOK={0x80, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x7c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'pimreg1\x00'}, {0x14, 0x1, 'macvlan0\x00'}, {0x14, 0x1, 'hsr0\x00'}, {0x14, 0x1, 'ipvlan1\x00'}, {0x14, 0x1, 'batadv_slave_0\x00'}, {0x14, 0x1, 'veth1_to_bridge\x00'}]}]}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x374}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) ioctl$SOUND_MIXER_WRITE_VOLUME(r14, 0xc0044d0f, &(0x7f0000000080)=0x5b) connect$bt_l2cap(r14, &(0x7f0000000100)={0x1f, 0x8001, @any, 0x7}, 0xe) 5.834370256s ago: executing program 7 (id=4364): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYRES16=r1, @ANYBLOB="310300000000000000000600000008000300", @ANYRES64=r1], 0x1c}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) (async, rerun: 32) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0) (async, rerun: 64) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 64) close(r4) (async, rerun: 32) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) (rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) (async, rerun: 64) listen(r5, 0x0) (async, rerun: 64) r6 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000280)=ANY=[], 0x14}}, 0x0) (async) getsockname$packet(r8, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 64) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x200, 0x80}, [@IFLA_MASTER={0x8, 0xa, r9}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TTL_INHERIT={0x5, 0xc, 0x1}]}}}]}, 0x44}}, 0x0) (async, rerun: 64) r10 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r10, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x18, 0x0, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) (async, rerun: 32) r11 = syz_open_dev$audion(&(0x7f0000000080), 0x1, 0x2) (rerun: 32) ioctl$sock_inet_SIOCSARP(r11, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x306, @remote}, 0x20, {0x2, 0x4e20, @multicast2}, 'vlan0\x00'}) (async, rerun: 32) ioctl$DRM_IOCTL_RM_MAP(r11, 0x4028641b, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil}) (rerun: 32) 5.833256026s ago: executing program 5 (id=4365): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) readv(r0, &(0x7f0000000000), 0x1) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) r3 = creat(&(0x7f00000002c0)='./file0\x00', 0x60) write$binfmt_script(r3, &(0x7f0000000cc0)={'#! ', './file0', [{0x20, ',\xeaZu\xad\x8b\x1bo\xb5\xaa\t\x8d\x8f6j\\\xb0i\xd0{\xe8\xbd\x94\xe6\xd4[\xa3\x111\xb3\x93\xc9\x16eRuA{\f\xd4qf\a\xc4,V\x04U\x83hspb\xd5\xfa\xe2\xc9e\xc1\xbd:|\x15\xf4\x91\x13\xb6\x06\xc9\xb5D\a6\x11\xc9\x06\xc7\xcc\xfa\xf8\vBp9DCxf7\xcf\x14\xf9\xafFD\xbaz\xdd\x06(c\xb2\xa4.K.fxd\x1b]\xff\x9e'}, {0x20, '\t\x1b\x1c\x1e\xc3h$\xb0^\xc1\xab/\xb9\xf0\x13\xed\xd2\x05\xdfn{q\xac\xca\'\xef\xb0*\x11j=\xfb\x06$pY\x1cD\xd4\xf3\x98\xc6\xa1\x88\x9c\xe4\r9\xd3\x06L\xbf\x1a\xf1}M79?L\x98e\f\xb5\x0f\xfb\bH\xa8V\xc9ty\xdaJ9E-\xd0Z\xf4\x9b\xa0\xf5\x92\x06\x1b\x81\x03\xb7\xb0\xe3\x88\x85}G\xd9\x05\x85Jn\xf7\xf0\xae\xf7\xe22\x80[\xc62\'\x8e\xafC!b\x12\x9e\xd6\x0fW\x03\xf2c\xa5\x98h\xf9H\xa2\xa8\x83\xcb\x1c\xdd\xdc\xd2}\xfezZ\xc5\xd0ua\xd7\x06\x00\xa8\xf27\x8cU\xc4\x11\x1e\"`\x06Y\xafZ\xefK\xb1\xf0\x99\xd6\x1b\xed\xf5\xb7@/\x9d\x11\x9b\xe5\x9dP\xff\x99w\x81\xca,\x9a\xfc\a\x99\f\b%\x90\xd5\xd8\xb7\xc07#\xb7\xb5\xfc!i/\x05\x865\xeawWV+\xcc\x8c\xd3\xb5\x03\xff\xe0\x00'/233}, {0x20, '\x00{aU<7*g\xa0W\x110\xba\'\xd8\xad\xe4\x87\x0f\xbd\x0f\x1d\xfd\xbf]8\x0e\x1d\t\x12\xa2L\xb6i\x03\r\bYK8\xc9c\x99S\xc9\xed\x8b|\xc8r\n\x80\x04!\x80j\x9f\xb6s\xed1\x96\xc5\x16\x0f|h\xa8\xc9]\xfc\x1c\x97\aQMP\xf8\xc7\xea\xcf\x90\xad\xbf\xc1:\x96\xa1\x8a\xb7)m\x9e\xc81\x85qL\x06\x81\xa0\x1d\xd2\xc7\xe9\xe8V\xc4\x88I\xdb\xdd\xb1\x98yC\v\x9d\x1e\xad\xcbQA\x83\xd2e\xfekH\xe2\x86\x01;+\xea,a\x94\xce\xb0h\xaf!^\xe9I\xf2\xd5u\x9c\xab^\n\xe1{B#uTb\xdb\xdc<\x00\x8d\xc6\xdc\x86)\xa5\xa9D5\xe9\x8a\xc3\xcc\xad\xa5\xd1\xef\xb3\xe7\x8cZ\xdb(\xbb\tV\xda\x05Kz\x04\xbe\xf1^\xe7%\x0e\xf1[|2r\\\x03\xea0\x03\x93@\xae\xba \"\xa5\'Q\x98!+\xb6\xa8\x8d\xd0\x7f\x12\xfay\xa7\xa0\x13f\x0f&\'\xe2\x15\xa7\n\x1a\xf7\x00\xea\x994*.a\n\xf7[~\xe8\x81\xd53}\xc4\x86V[O\xe0\xa2\xd7\xdc\xc5\x0e\xc7\xf2\xec\x13\x8e\xcen\xd8\x00mqc\x9e\x83x\xe6#\x99TJ\xa6\b$\x9c\x97\xac+\x90|\xc5\x1d\x03m\xc5\xd9\x91\xd5\xde\xe2\xa8^\xfeIju.w\xa9\xb1\x8b\xe5JM\xca\xa3\t)\xa8\xbb\xb6\x12l\x8c\x1f\xe93q\xfe\xd6tTW\x13\r\xcd\x9c\x92\xf2\xa6\xd8=|\xb7\xe8\xd0\xe1\xbc\xa0I\xa2\xf5\xdf\xbd\xdb\xb8n\xad{s\x85OU!'}, {0x20, '\xa6\x01+\x12e\xe9G\x87X\xff\x0e{\xe26\xec\xb1\xb07\xf0\x83\x1f5\xd8+!a<\x17i\xfb\xa9\x0f\xe3\x9c\xf4\x89S\x02\xa7\x93\xaf\xa9\xc8\x17W_\x8d\x7fm\x18\xbc\xb9x\xc2M\xa1\xeb:\xa8Tn;[\xb7\xecR\xdd\xd0\x95l\x00\x92\xff\x19\x1a\xa9\x06\x00\xe7Q\x11\xb83*#[\xe2\xfe0\xd7\xe1\x00\xb0q\xd7\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}\xad\xbbG\xeb\xcf\xc0\xa2~}@w\xf9\xbc\xe3\xf1\x04\x8e!d\xfa\x83>J\xd6\xc4]\xca\xf1\x8f}|\xf5Z\x9c\xc9\x1f\xd9P'}, {0x20, '\xa4\xdfy\xf5Y\xbf\xd9i@8\\\x87h\xa6\xa0\xa43\x84\xe7\xd5\x98\xe8\x01\xd3\xf0\xc72\xdf\xfb\x00\xfd\xcd\xf2q\x84\xcb-\xf3\x92\x12\xef^~v\x10/X\x1e\xc3\xb1T\xf4\xd0m|\xabr\xc7L\x9b3\xbeCJ\xad!\xb2\xb5g\x7f\xe9W\a\x00\x03=q\x8a\x83|\\w\xe1\xf3\xf1\xe8\x83\xef\xe2\x8bU\xebG4<\x1b\a57<;\xefm:?\x8e\x16\tu\xd5=\xc6P5\xd7\xeci\xcaI\x15\x00]\xc6%\x94&9\xac\xa9\xe9k\x99qc2\xc6V6\x1e\x1c\xeb\x9e\xc78\xb4y+\x85\xc4\xfa.\x15\xe4\x11\xa2\x92\t\xde\xa9\xdc\xe1\xfd\x98\xd2Ja\'r4\xe3sFv\x02\xa6\x8exO\xd0D\x8ea\xc3g\xe5V|@1\x15H4(\xb8E\xa4\xa9\x8bp:\x82k/.:\xf6\x003G(\xd4\xfc\xa0\x01\xe3Q\x805?\br\xc2\x96(y\x8c\x95\xf2Rx\xca\x06\xea\xf43\xf2/8L\xd3u\x87m\x96\xfc\x9cU]\xffiN\x14\xe7-{\xea\x9f\'D\xc0\xeeqA\x1a\xed\x8d\xc8\xad\xcdZS\x1b\xb6{\xfa\xa8\x84\nd=\x0e\x8fc9\xf0\x7fK\xd7\b\x86r\xac\xaf\xd0\xb6^y\xc5\x03c\xc22\xa9R\x90\x9e\xfc\xce\x957O\x06]\xdcZ\x17\xb3\x1bb\xc9Dm\xa2\xd3\x91'}]}, 0x4ba) mmap$dsp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xf, 0x10, r3, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000340)=0x8001) 5.733371268s ago: executing program 6 (id=4366): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r1 = dup(0xffffffffffffffff) write$FUSE_DIRENTPLUS(r1, 0x0, 0xb0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85000000750000000400000007"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) getrlimit(0x2, &(0x7f0000000000)) sendto(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0) mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB="2373793a73797a302e6261516bfa3788b600"], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) 5.699236286s ago: executing program 0 (id=4367): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000380)={0x0, 0x8c}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r4, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x34000811) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000040)=ANY=[], 0x1000f) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x11) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)={0x2c, 0x0, 0x7, 0x101, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0x8, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x40}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000780)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r5, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x0, 0x0, {{0x11}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x811}, 0x0) 5.420121931s ago: executing program 5 (id=4368): unshare(0x24060400) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={r0, r1+60000000}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) syz_io_uring_submit(0x0, 0x0, 0x0) r3 = fsopen(&(0x7f0000000080)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) fsmount(r3, 0x0, 0xf) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed={{0x85, 0x0, 0x0, 0x0, 0x68, 0x4}}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000000)='ro\x00', 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x202}, {}], 0x20000000000000dc, 0x0, 0x0, 0xffffffa7) 4.709958871s ago: executing program 0 (id=4369): shmget(0x1, 0x4000, 0x100, &(0x7f0000ffa000/0x4000)=nil) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001000000b0a0fa1ca682f8989dfe5c1850326101effb4c8b50d81a3c6778eaa132faecc4bde467fe5c34860495937949a3de9b41dc5753c5e6c4da6f1badf3ac917b25420cf565eabac8e0285301a3126a53491c4d245fe40d29fc92909a10813d1c12a126e4b2a032c1b1ddf41acc075c9e8e9cf1dcfb8222616bee3389363dfc6b1ddbab54f8ace9cfaddd0c91ec122b5565338b99cdd7410da130c694a191fcd1497b9c1e8c20019b220b1197f54388e5fd6a0049fd7d2316", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x2c, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e24, 0x68, @loopback, 0xc2}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000000)={r3}, &(0x7f0000000080)=0x10) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB="000000000000000000000033d593cada2e7dbc00", @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write(0xffffffffffffffff, &(0x7f0000000280), 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000000)={0x7, @pix_mp={0x6, 0x401, 0x47504a4d, 0x2, 0x8, [{0x9, 0x2}, {0x7, 0x200008}, {0x4, 0xf533}, {0x54b, 0x80000001}, {0x7, 0x8}, {0x3, 0x401}, {0x8, 0x8b9}, {0x6, 0x3}], 0x5, 0x8, 0x0, 0x1}}) 4.563586637s ago: executing program 6 (id=4370): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() syz_emit_vhci(&(0x7f00000015c0)=ANY=[@ANYBLOB], 0x102) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r5, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000100)={r6, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x4], [0x0, 0x0, 0x0, 0x40000], [0x0, 0x0, 0x1]}) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000300)={r6}) ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f00000002c0)={r7}) r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r9 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r8, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r10, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r9, 0xc06864ce, &(0x7f0000000100)={r11, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x4], [0x0, 0x0, 0x0, 0x40000], [0x0, 0x0, 0x1]}) ioctl$DRM_IOCTL_MODE_GETFB2(r8, 0xc06864ce, &(0x7f0000000300)={r11}) ioctl$DRM_IOCTL_GEM_FLINK(r8, 0xc008640a, &(0x7f00000002c0)={r12}) 4.562890239s ago: executing program 0 (id=4371): syz_open_dev$video4linux(0x0, 0x7, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(0x0, 0x0, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) pipe2(0x0, 0x0) write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x1, 0x0, {0x3}}, 0x18) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x3, &(0x7f00000001c0)=0x1, 0x4) ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfcca0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(0xffffffffffffffff, 0x3b72, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002f00)=[{{&(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000040)="86", 0x1}], 0x1}}], 0x1, 0x20004000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x2000, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0700000040008100000002000000200001801400040000000000000000000000ffffac1414aa060001000a"], 0x34}, 0x1, 0x0, 0x0, 0x8081}, 0x24000800) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x18, 0x0) 4.517502565s ago: executing program 7 (id=4372): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x3, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10) socket$inet6_sctp(0xa, 0x5, 0x84) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x140, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmmsg$inet(r0, &(0x7f0000002c40)=[{{0x0, 0xc03e, 0x0}}], 0x1, 0x0) 3.102101049s ago: executing program 6 (id=4373): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f00000001c0)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0xf5, 0xd31a, 0x0, @loopback, @remote, 0x80, 0x7800, 0x6, 0x553}}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x55, &(0x7f00000000c0)={&(0x7f00000003c0)=@ipv4_newaddr={0x68, 0x14, 0x400, 0x70bd27, 0x25dfdbfe, {0x2, 0x80, 0x92, 0xfd, r1}, [@IFA_CACHEINFO={0x14, 0x6, {0x7, 0x1fd, 0x4, 0xde2}}, @IFA_RT_PRIORITY={0x8, 0x9, 0xe}, @IFA_CACHEINFO={0x14, 0x6, {0x101, 0x80000001, 0xffff}}, @IFA_FLAGS={0x8, 0x8, 0x608}, @IFA_RT_PRIORITY={0x8}, @IFA_ADDRESS={0x8, 0x1, @private=0xa010101}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x3}]}, 0x68}, 0x1, 0xba01, 0x0, 0x4004894}, 0x40005) r2 = fsopen(&(0x7f0000000140)='vfat\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00U\n\x03\v`\x03,k\x1c\x14\x1fl\x15s\x90\x03\x89\x8e\x17M\xdf\x8b\xce\xb2{\x04Nv(y?\x8d\xabQ\x92\x17rRs\x96\x12\x9cM_\ai\xb7\xc3\xa1\a\x13\xcc\x7fV\xf2\x9fx\xb0\x9fF{\xfa\xb8\x18g\x93*/(\x92#Dn&\xa3\xe2\x85\x8c\xf8\x80\xc5\xbbl\xab\xca\xe40x0}) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@newlink={0x28, 0x10, 0x437, 0x2000, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, 0x10196, 0xa080}, [@IFLA_MASTER={0x8, 0xa, r6}]}, 0x28}, 0x1, 0x0, 0x0, 0x4c841}, 0x0) connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x84}}, 0x26) 2.415381953s ago: executing program 0 (id=4374): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)={0x1c, r1, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_HOP_PENALTY={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x810}, 0x20000000) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000d00)=""/197, 0xc5}, {&(0x7f0000000700)=""/215, 0xd7}, {&(0x7f0000003200)=""/4046, 0xfce}, {&(0x7f0000000c00)=""/207, 0xcf}, {&(0x7f0000000a00)=""/196, 0xc4}, {&(0x7f0000002180)=""/100, 0x64}, {&(0x7f0000002200)=""/4066, 0xfe2}, {&(0x7f0000000540)=""/242, 0xf2}, {&(0x7f0000000300)=""/176, 0xb0}, {&(0x7f0000000800)=""/150, 0x96}, {&(0x7f0000000240)=""/159, 0x9f}], 0xb}, 0x40002002) recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0) recvmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 1.941533516s ago: executing program 7 (id=4375): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0) socket$xdp(0x2c, 0x3, 0x0) (async) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/86, 0x300d000, 0x1000, 0x10000000, 0x3}, 0x20) 1.903686549s ago: executing program 3 (id=4376): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_emit_ethernet(0x22, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000000800450000140000000000739078ac1414bbac141435e185cbd78c5ba924f939f7e24b75ca058412abec679b6f8610bc9d315a06147bfd8ebeb8cd3a1569b5e9deb498f4da7a"], 0x0) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/mem_sleep', 0x102, 0x0) sendfile(r4, r4, 0x0, 0x6) openat$audio1(0xffffffffffffff9c, 0x0, 0x129202, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000480)='net/icmp6\x00') preadv(r5, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0x114a, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000a80)={'dummy0\x00'}) r6 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000780)={'vxcan1\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000040)={0x1d, r7, 0x3}, 0x18) sendmmsg$unix(r2, &(0x7f0000001080), 0x0, 0x80) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002400)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000400000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d57aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c295122a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e720c9901de2ebb9000000018e3095c4c5c7a156cec37dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e8f0a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340bdc8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9fae997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfd0aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5ea3c88d5480efd8329d9a733d8f9ffffff5f91ae162745f6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bc39c1e91c000b85457917dcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a9c1f2dc7e8542422113285b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b4a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef3b398f0e6bb7a30006000000cba12953d58cff0f65fd31fbd9853fd57b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0091245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689df8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000040000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00122e812a5e37cd52c9eb7336281cb8c6c64c382680fdc8f7eeafce2e993c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710b20f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaaf56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9f30f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c67491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce169117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd803bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfc8c00000000000000afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb56923b0735ab60a539ade786bd6004d0ea3edbd6c49859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3030000000000000059f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee2838903b6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2caa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f10f615c87c441dc970ec896a5af6bf69b50a244bc131538c6cfc98a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d5b7b29a938f488be7eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cb00000000000000000000f4e1b774d0732ede6385923110ae01da6437a9b7a01b2d8c6afdcf15fd0040393ed3f2d3bf40285c414df6ddaab8e27b4c0028bd945d6e622017b2d96c978859fc2917951c5662b325f7fead9c68f9df5ef9f401a2127dc1d386022cdf8a786b02d0a7a74f7c7564e993772bacf42831528fa72bbb64cbe93d2ce0ff64ec7499e7d4c326d1497916ce58b283ff659db3ef576a74571a2bc325e87a72a3ed27a57efe5d6016193ea3d6c63fb777ca5aec649e977443cbe3603ebf1a3b1f705b6f576fe7a6bfa7f20036821615b808c442658d069434c8fb423dd1e5673b61f867e042172654f48c3aa8464e8f75f93b5660f6449b93a5957198ee5c258f04edd640b77f3a49b01230a2a863d4a8d69ebbd0cffbae7602956090f6681131b7ced5ac86f330282f1e3a435a915a790dd88e2220c7904457576c4e0942ccbd07f1cd9c04645ae4c77bcd2f95b263b7495bd56a99536092c1fc86b32d9e57d1d7627ec3390ffa7d4f229a071639f4d61bf0030b4f9ee0533d8c5ce2e06b98e859df68e9491b1a708c60baa367370b2cd91b56b537425ed74d811ff4e07f53abeb164a"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f0000000240)=r11, 0x4) sendmsg$inet(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="25b096f681cd731c3f3a9badc4e3cf5edeae1f3b5082d7ab3a97c053df68744e7c7e24d0b59997bab4bccff8363b275de3510b0ebe4275d8d2f153395668e3d608e358fc2294263c03f8dc4f8bf194e4fde4600a2dec2f483a914e2fde0cbc344a2b9fc18dd198966045a6d4d4eb8571e8bb69e6724e37fcbaa6e4c64050b47256b9bb17f5c0aa5101e015ecdcb62fec46fc0205512535", 0xfed7}, {&(0x7f0000000280)="d3a88bea5916e313729a3989393caca70c74cd74e62e524bdd37be131ad827f911027e70ccf679d8e7c0cd3333095f83d6d473db345ded2ac8acaa87503de74c82431758e8e11e3ecb7bce02d6cd65f4eb88cc49ceb9e39f7117eb0f62323dc9b80dea447b0c96a383f14281bb87b09de0a6153ceeaae2b50a2b0f0f41810f379f9c3a1f3938461829d716a4bda86ab11b41f754bc15d71b", 0xfed0}], 0x2}, 0x0) 1.881142326s ago: executing program 5 (id=4377): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty, 0x4}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x3, @mcast2}}, {{0xa, 0x0, 0x2, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0xa4ffffff, @rand_addr=' \x01\x00'}}}, 0x15a) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) mknodat(r2, &(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) unshare(0x20000600) unshare(0x2a020480) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000900)={[{@workdir={'workdir', 0x3d, './bus'}}]}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) 1.82931361s ago: executing program 7 (id=4378): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) (async) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x0, 0x10ffff, 0xfffffffd}) (async) syz_usb_control_io$uac1(r0, 0x0, 0x0) (async) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)={0x0, 0x30, 0xc, "00004700000040f400bec073"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='-'], 0x118) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) (async) bind$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e21, 0x6, @local, 0x8}, 0x1c) (async) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0) syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x40, 0x6, 0xb9, {0xb9, 0x7, "382908172f84c0cb016b325e223f37542d26907abceb3e2e44d83ba30749d119c947612bb5313fa521941450d8d5d68f4ba34a0fde32687571cbf8fa1744ff48eea76e9fe36c7af42d99d20d10298da73dfa51e019fbb70a71d0caf8b6454fe47dd3cc3476aa111e08a7997471cee4a0d21cf5d4805af14a2d39056610f1bd0828c6ca3a5c9f93fedfec1de6b5b423ec97cfd70b13fad6b88044b0bf3cc1619ffb82d54d7356badb723c7e32078990caf1b2cd64423cb7"}}, 0x0}, 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) (async) chroot(&(0x7f00000003c0)='./file0/../file0/../file0/../file0\x00') (async) mount$bind(&(0x7f0000000380)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) (async) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') (async) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000480)='./file0/../file0\x00', 0x0, 0x21adc51, 0x0) (async) syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000340)={0x34, &(0x7f00000009c0)={0x0, 0xb, 0xcf, "008000000000000015628c9a662319731f913034872e440311670a06d704820c59df338cd4009b95c69a88ef239a9423dc3f50ea394633ea89250fca0428f4b66d487d79342f5890806e15045cd45010c3f4fadaaa8a0c50057d533be48d8336242b6e540f29319fd084264bdc9428dccc31bcce64b775e044a57a6d0cf4552f13bc32185a249ffad53a0ef0f4244148a446f7193e56e0e3de6fb577744111f359e84e1da1a0e6aa22a2cd981bf53f923c4746e567207f79ad82d0ea05fb793f76e585869550dd1dbea5403d3a538c"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, &(0x7f0000000300)={0x14, &(0x7f00000003c0)={0x0, 0xb, 0xc0, {0xc0, 0xf, "0db00d733d56082b1e6e371a76d8134190285a5b2b012a34d7dbfb66362aca8903515bef5f2fd3980d7ee4161cfc754426a66a9d714085787da0e3552de7bd1d0a8fb6f0743c9ce7f7b8bd129b00e20096fb20ecf1d467b3d214c0df4c1975d7738f3c820d35286a287bc789b2df951a0f90f1519d0e05b9494681f3a85b42a9d809420233665dc7503628079908275be7feda5a599d2d7cf0f18395ea85eaf6f01d00a82f6d16f4d63a7478f13e8e1c8f6e61858daff8ed69ce8a8a69e3"}}, &(0x7f00000004c0)={0x0, 0x3, 0xa5, @string={0xa5, 0x3, "01ce3eceafcabb21f26531d4abebd7020934efa91c7bb40ea3187ba4ddda37e2fed319eefef43d82d64cdb6ebe828d4070fd04bb5a72f7de66ada6e4ac7b360739f9418070d2f9670e18b3d335cd8a4a51839450e560425ea4573f141a04c9dbd614d636047482c497d536ec7d98376c4a8e01e6678439c21823352abc4fffbf5c866e16bc7d7c8e15f75fc7a7a20d892112bd169c8e162050b6e3321fea0e0419616e"}}}, &(0x7f0000000840)={0x44, &(0x7f0000000580)={0x0, 0x16, 0x26, "f6b1293aa31713e7fb22969d7a43bcdba7a0835066f8623a4a07c67404b553142d67f0105bb2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000640)={0x20, 0x81, 0x1, "dd"}, &(0x7f0000000680)={0x20, 0x82, 0x2, 'p)'}, &(0x7f00000006c0)={0x20, 0x83, 0x1, ':'}, &(0x7f0000000700)={0x20, 0x84, 0x1, 'P'}, &(0x7f0000000740)={0x20, 0x85, 0x3, "22c06a"}}) (async) syz_usb_connect$cdc_ecm(0x5, 0xc8, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb6, 0x1, 0x1, 0x3, 0x40, 0x2, [{{0x9, 0x4, 0x0, 0x6, 0x3, 0x2, 0x6, 0x0, 0xe, {{0x6, 0x24, 0x6, 0x0, 0x0, "ff"}, {0x5, 0x24, 0x0, 0xbf0}, {0xd, 0x24, 0xf, 0x1, 0x9fc7, 0x4, 0x933, 0xfb}, [@acm={0x4, 0x24, 0x2, 0xe}, @mdlm_detail={0x6d, 0x24, 0x13, 0x6, "99ed5e391a8c0f6235f2acd9d9b9cccd5f3fc93824a5c18aeceef42da562846ba29ec3c78fedfa50dd80c90d4c77f7a8091955e64068f96e556c1907d85870a0954a88253fd00b48cd570d57350cd7ebe1ca39082a2aba34c0df42935258a332653fa5dc443cf2aa44"}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x0, 0x4, 0x5}}], {{0x9, 0x5, 0x82, 0x2, 0x8, 0x9, 0xe, 0xbf}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x1, 0x5, 0x8}}}}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x310, 0x7f, 0x4, 0x8, 0x20, 0xd}, 0x6c, &(0x7f0000000180)=ANY=[@ANYRESDEC=r0], 0x2, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x425}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x429}}]}) 1.728797038s ago: executing program 6 (id=4379): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f0000000380)={0x0, 0x8c}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r4, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x34000811) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000040)=ANY=[], 0x1000f) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x11) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)={0x2c, 0x0, 0x7, 0x101, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0x8, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x40}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000780)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r5, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x0, 0x0, {{0x11}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x811}, 0x0) 117.188603ms ago: executing program 0 (id=4380): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20) pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r1 = dup(0xffffffffffffffff) write$FUSE_DIRENTPLUS(r1, 0x0, 0xb0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec85000000750000000400000007"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) getrlimit(0x2, &(0x7f0000000000)) sendto(0xffffffffffffffff, &(0x7f0000000740), 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0) mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB="2373793a73797a302e6261516bfa3788b600"], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) 116.147422ms ago: executing program 6 (id=4381): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0xc, &(0x7f00000000c0)=0x7e6, 0x4) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0xfffd, 0x80, 0x300}}) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$SIOCPNENABLEPIPE(r3, 0x89e0, 0x500) recvmsg(r1, &(0x7f00000018c0)={0x0, 0x0, 0x0}, 0x0) syz_emit_ethernet(0xb7, &(0x7f0000000140)={@local, @link_local, @void, {@mpls_mc={0x8848, {[{0xc41b}], @llc={@snap={0x1, 0x54, "aae7", "e9f035", 0x8848, "f01cb6f21033071b5d88e55f37834a59755c3871bc7f4db5f755ffca53e0ef4640b4a5f3d664ff5a9ebef95484408b123e15390822545f354624dfe65801c39ba5ecf10f205abd4b2b29a7e67209b21f72ad3fff36218538e00022b08a1b81b5c4e726738b738ab44485cb58733e9a8267a0b8039d40c817caae16e0227b6c22de812dfce62ec6278675d4aa9c2e70c3a8391b22671be9a40555ed00"}}}}}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sync() syz_emit_ethernet(0x62, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd600a0100002c2b0000000000000000000000000000000000fe8000000000000000000000000000aa3a020201"], 0x0) 0s ago: executing program 3 (id=4382): shmget(0x1, 0x4000, 0x100, &(0x7f0000ffa000/0x4000)=nil) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001000000b0a0fa1ca682f8989dfe5c1850326101effb4c8b50d81a3c6778eaa132faecc4bde467fe5c34860495937949a3de9b41dc5753c5e6c4da6f1badf3ac917b25420cf565eabac8e0285301a3126a53491c4d245fe40d29fc92909a10813d1c12a126e4b2a032c1b1ddf41acc075c9e8e9cf1dcfb8222616bee3389363dfc6b1ddbab54f8ace9cfaddd0c91ec122b5565338b99cdd7410da130c694a191fcd1497b9c1e8c20019b220b1197f54388e5fd6a0049fd7d23160cda367212525e", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) fsopen(&(0x7f0000000040)='gfs2meta\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000040), 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x2c, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e24, 0x68, @loopback, 0xc2}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000000)={r3}, &(0x7f0000000080)=0x10) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000700000000000000", @ANYRES32, @ANYBLOB="000000000000000000000033d593cada2e7dbc00", @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) write(0xffffffffffffffff, &(0x7f0000000280), 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000000)={0x7, @pix_mp={0x6, 0x401, 0x47504a4d, 0x2, 0x8, [{0x9, 0x2}, {0x7, 0x200008}, {0x4, 0xf533}, {0x54b, 0x80000001}, {0x7, 0x8}, {0x3, 0x401}, {0x8, 0x8b9}, {0x6, 0x3}], 0x5, 0x8, 0x0, 0x1}}) kernel console output (not intermixed with test programs): yS3. [ 1448.323579][T18865] bond0: (slave syz_tun): Releasing backup interface [ 1449.831275][T16724] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1449.841994][T16724] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1449.851615][T16724] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1449.860559][T16724] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1449.869928][T16724] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1449.877576][T16724] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1450.867889][T19775] gretap0 speed is unknown, defaulting to 1000 [ 1451.115880][T19789] serio: Serial port ptm0 [ 1452.046921][T19800] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3664'. [ 1452.056364][T19800] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3664'. [ 1452.067903][ T9339] Bluetooth: hci0: command tx timeout [ 1452.273118][T11470] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 1452.487264][T11470] usb 4-1: Using ep0 maxpacket: 16 [ 1452.563254][T11470] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1452.627480][T11470] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1452.647656][T11470] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1452.666278][T11470] usb 4-1: Manufacturer: syz [ 1452.687372][T11470] usb 4-1: config 0 descriptor?? [ 1452.717308][T19775] chnl_net:caif_netlink_parms(): no params data found [ 1452.820537][T19775] bridge0: port 1(bridge_slave_0) entered blocking state [ 1452.828182][T19775] bridge0: port 1(bridge_slave_0) entered disabled state [ 1452.835555][T19775] bridge_slave_0: entered allmulticast mode [ 1452.842632][T19775] bridge_slave_0: entered promiscuous mode [ 1452.851766][T19775] bridge0: port 2(bridge_slave_1) entered blocking state [ 1452.858990][T19775] bridge0: port 2(bridge_slave_1) entered disabled state [ 1452.866314][T19775] bridge_slave_1: entered allmulticast mode [ 1452.874417][T19775] bridge_slave_1: entered promiscuous mode [ 1452.903745][T19775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1452.925464][T19775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1452.967356][T19775] team0: Port device team_slave_0 added [ 1452.992722][T19775] team0: Port device team_slave_1 added [ 1453.896178][T19814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1453.906901][T19814] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1454.283758][ T9339] Bluetooth: hci0: command tx timeout [ 1454.413029][T11470] usb 4-1: USB disconnect, device number 80 [ 1454.437643][T19775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1454.522995][T19820] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3667'. [ 1454.532264][T19820] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3667'. [ 1454.541459][T19820] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3667'. [ 1454.624134][T19775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1454.677610][T19775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1454.723731][T19775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1454.731311][T19775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1454.757262][ C1] vkms_vblank_simulate: vblank timer overrun [ 1454.778676][T19775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1455.130628][T19775] hsr_slave_0: entered promiscuous mode [ 1455.137352][T19775] hsr_slave_1: entered promiscuous mode [ 1455.601160][T19775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1455.630012][T19775] Cannot create hsr debugfs directory [ 1456.060851][T19775] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1456.262226][T19775] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1456.422840][T19775] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1456.453437][T19840] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3671'. [ 1456.494350][T19840] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3671'. [ 1456.506437][ T9339] Bluetooth: hci0: command tx timeout [ 1456.585950][T19775] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1456.840903][T19844] bond1: entered promiscuous mode [ 1456.846754][T19844] bond1: entered allmulticast mode [ 1456.883797][T19848] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3674'. [ 1456.891116][T19844] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1456.933548][T19848] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3674'. [ 1458.685806][T19775] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1458.724376][T19775] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1458.731401][ T9339] Bluetooth: hci0: command tx timeout [ 1459.103826][T19775] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1459.177648][T19775] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1459.503539][T19775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1459.539622][T19775] 8021q: adding VLAN 0 to HW filter on device team0 [ 1459.551526][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state [ 1459.558687][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1459.590783][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 1459.597914][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1459.656044][T19775] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1459.669127][T19775] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1460.902987][T19775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1461.209128][T19910] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3688'. [ 1461.292613][T19910] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3688'. [ 1462.227933][T19775] veth0_vlan: entered promiscuous mode [ 1462.252692][T19775] veth1_vlan: entered promiscuous mode [ 1462.299822][T19775] veth0_macvtap: entered promiscuous mode [ 1462.309532][T19775] veth1_macvtap: entered promiscuous mode [ 1462.355601][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.399147][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.438424][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.449185][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.459325][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.469850][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.479759][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.493095][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.503018][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.513559][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.524473][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.554803][T19925] FAULT_INJECTION: forcing a failure. [ 1462.554803][T19925] name failslab, interval 1, probability 0, space 0, times 0 [ 1462.567755][T19925] CPU: 1 UID: 0 PID: 19925 Comm: syz.5.3690 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1462.567784][T19925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1462.567797][T19925] Call Trace: [ 1462.567804][T19925] [ 1462.567812][T19925] dump_stack_lvl+0x241/0x360 [ 1462.567851][T19925] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1462.567882][T19925] ? __pfx__printk+0x10/0x10 [ 1462.567913][T19925] ? kmem_cache_alloc_noprof+0x48/0x380 [ 1462.567941][T19925] ? __pfx___might_resched+0x10/0x10 [ 1462.567967][T19925] should_fail_ex+0x40a/0x550 [ 1462.567994][T19925] should_failslab+0xac/0x100 [ 1462.568025][T19925] ? alloc_empty_file+0x9e/0x1d0 [ 1462.568051][T19925] kmem_cache_alloc_noprof+0x70/0x380 [ 1462.568082][T19925] alloc_empty_file+0x9e/0x1d0 [ 1462.568109][T19925] path_openat+0x107/0x3590 [ 1462.568143][T19925] ? __schedule+0x18c4/0x4c40 [ 1462.568176][T19925] ? mark_lock+0x9a/0x360 [ 1462.568210][T19925] ? __pfx___schedule+0x10/0x10 [ 1462.568234][T19925] ? __pfx_path_openat+0x10/0x10 [ 1462.568281][T19925] do_filp_open+0x27f/0x4e0 [ 1462.568313][T19925] ? __pfx_do_filp_open+0x10/0x10 [ 1462.568378][T19925] do_sys_openat2+0x13e/0x1d0 [ 1462.568406][T19925] ? __pfx_do_sys_openat2+0x10/0x10 [ 1462.568433][T19925] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1462.568462][T19925] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1462.568491][T19925] __x64_sys_openat+0x247/0x2a0 [ 1462.568520][T19925] ? __pfx___x64_sys_openat+0x10/0x10 [ 1462.568560][T19925] do_syscall_64+0xf3/0x230 [ 1462.568588][T19925] ? clear_bhb_loop+0x35/0x90 [ 1462.568618][T19925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1462.568644][T19925] RIP: 0033:0x7f03b8b8b750 [ 1462.568662][T19925] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 1462.568679][T19925] RSP: 002b:00007f03b99c4f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1462.568700][T19925] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f03b8b8b750 [ 1462.568715][T19925] RDX: 0000000000000002 RSI: 00007f03b99c4fa0 RDI: 00000000ffffff9c [ 1462.568727][T19925] RBP: 00007f03b99c4fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1462.568739][T19925] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1462.568751][T19925] R13: 0000000000000000 R14: 00007f03b8da6160 R15: 00007ffe1d369df8 [ 1462.568780][T19925] [ 1462.800657][ C1] vkms_vblank_simulate: vblank timer overrun [ 1462.825373][T19926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1462.835515][T19926] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1462.901875][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.911973][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.924243][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.939341][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.952404][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.962359][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1462.965296][T19929] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1462.973101][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1462.991172][T19775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1463.001446][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1463.014913][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.025072][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1463.041787][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.051911][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1463.062498][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.079669][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1463.090608][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.106711][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1463.117737][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.127775][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1463.204394][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.214359][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1463.225174][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.235076][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1463.245921][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.260675][T19775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1463.271721][T19775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1463.289312][T19775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1463.311214][T19775] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1463.320340][T19775] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1463.331711][T19775] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1463.340848][T19775] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1464.475761][T10305] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1464.483878][ T6788] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1464.491712][ T6788] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1464.577769][T10305] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1464.983559][T19951] net_ratelimit: 404 callbacks suppressed [ 1464.983618][T19951] netlink: zone id is out of range [ 1465.156586][T19951] netlink: zone id is out of range [ 1465.207085][T19951] netlink: zone id is out of range [ 1465.247061][T19951] netlink: zone id is out of range [ 1465.296162][T19951] netlink: zone id is out of range [ 1465.332341][T19951] netlink: zone id is out of range [ 1465.377733][T19951] netlink: zone id is out of range [ 1465.416737][T19951] netlink: zone id is out of range [ 1465.426802][T19951] netlink: zone id is out of range [ 1465.445174][T19951] netlink: zone id is out of range [ 1465.664722][T19963] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3703'. [ 1465.805169][ T8] hid-generic 0000:0003:0000.0034: unknown main item tag 0x0 [ 1465.823747][ T8] hid-generic 0000:0003:0000.0034: unknown main item tag 0x0 [ 1465.853273][ T8] hid-generic 0000:0003:0000.0034: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1467.596516][T19982] overlayfs: missing 'lowerdir' [ 1468.497835][T19987] netlink: 1080 bytes leftover after parsing attributes in process `syz.3.3711'. [ 1469.574682][T20007] 9pnet_fd: Insufficient options for proto=fd [ 1469.832404][T20012] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3721'. [ 1472.366741][T11470] hid-generic 0000:0003:0000.0035: unknown main item tag 0x0 [ 1472.430406][T11470] hid-generic 0000:0003:0000.0035: unknown main item tag 0x0 [ 1472.526176][T11470] hid-generic 0000:0003:0000.0035: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1472.819495][T20046] FAULT_INJECTION: forcing a failure. [ 1472.819495][T20046] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1472.832879][T20046] CPU: 0 UID: 0 PID: 20046 Comm: syz.3.3731 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1472.832908][T20046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1472.832918][T20046] Call Trace: [ 1472.832923][T20046] [ 1472.832929][T20046] dump_stack_lvl+0x241/0x360 [ 1472.832955][T20046] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1472.832976][T20046] ? __pfx__printk+0x10/0x10 [ 1472.832999][T20046] ? snprintf+0xda/0x120 [ 1472.833014][T20046] should_fail_ex+0x40a/0x550 [ 1472.833033][T20046] _copy_to_user+0x31/0xb0 [ 1472.833048][T20046] simple_read_from_buffer+0xca/0x150 [ 1472.833066][T20046] proc_fail_nth_read+0x1e9/0x250 [ 1472.833084][T20046] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1472.833101][T20046] ? rw_verify_area+0x243/0x630 [ 1472.833120][T20046] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1472.833136][T20046] vfs_read+0x1f8/0xb40 [ 1472.833157][T20046] ? fdget_pos+0x254/0x320 [ 1472.833175][T20046] ? __pfx___mutex_lock+0x10/0x10 [ 1472.833193][T20046] ? __pfx_vfs_read+0x10/0x10 [ 1472.833214][T20046] ? __fget_files+0x2a/0x410 [ 1472.833231][T20046] ? __fget_files+0x395/0x410 [ 1472.833247][T20046] ? __fget_files+0x2a/0x410 [ 1472.833269][T20046] ksys_read+0x18f/0x2b0 [ 1472.833282][T20046] ? __pfx_ksys_read+0x10/0x10 [ 1472.833294][T20046] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1472.833313][T20046] ? do_syscall_64+0xb6/0x230 [ 1472.833333][T20046] do_syscall_64+0xf3/0x230 [ 1472.833368][T20046] ? clear_bhb_loop+0x35/0x90 [ 1472.833389][T20046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1472.833408][T20046] RIP: 0033:0x7f06e798b7fc [ 1472.833420][T20046] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1472.833432][T20046] RSP: 002b:00007f06e57f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1472.833447][T20046] RAX: ffffffffffffffda RBX: 00007f06e7ba6080 RCX: 00007f06e798b7fc [ 1472.833457][T20046] RDX: 000000000000000f RSI: 00007f06e57f60a0 RDI: 0000000000000006 [ 1472.833466][T20046] RBP: 00007f06e57f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1472.833475][T20046] R10: 00004000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 1472.833484][T20046] R13: 0000000000000000 R14: 00007f06e7ba6080 R15: 00007ffe9e386c38 [ 1472.833504][T20046] [ 1473.366121][T20043] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma? [ 1473.511811][T12339] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1473.549748][T20050] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1473.704396][T20050] program syz.3.3732 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1473.922819][T11468] vivid-000: reconnect [ 1474.221087][ C1] sd 0:0:1:0: [sda] tag#6558 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1474.231624][ C1] sd 0:0:1:0: [sda] tag#6558 CDB: Read(6) 08 00 00 00 00 00 [ 1479.990906][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 1480.394058][T16724] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1480.409938][T16724] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1480.418399][T16724] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1480.427691][T16724] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1480.818138][T16724] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1480.827170][T16724] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1480.946438][T20086] netlink: 1080 bytes leftover after parsing attributes in process `syz.3.3741'. [ 1481.162590][T20077] gretap0 speed is unknown, defaulting to 1000 [ 1482.704143][T20077] chnl_net:caif_netlink_parms(): no params data found [ 1482.713760][T20100] FAULT_INJECTION: forcing a failure. [ 1482.713760][T20100] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1482.763386][T20100] CPU: 0 UID: 0 PID: 20100 Comm: syz.7.3745 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1482.763403][T20100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1482.763412][T20100] Call Trace: [ 1482.763417][T20100] [ 1482.763423][T20100] dump_stack_lvl+0x241/0x360 [ 1482.763449][T20100] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1482.763469][T20100] ? __pfx__printk+0x10/0x10 [ 1482.763493][T20100] ? __pfx_lock_release+0x10/0x10 [ 1482.763524][T20100] should_fail_ex+0x40a/0x550 [ 1482.763548][T20100] _copy_from_user+0x2d/0xb0 [ 1482.763568][T20100] copy_msghdr_from_user+0xae/0x680 [ 1482.763593][T20100] ? __pfx___might_resched+0x10/0x10 [ 1482.763615][T20100] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1482.763643][T20100] ? do_recvmmsg+0x44e/0xab0 [ 1482.763660][T20100] ? __might_fault+0xaa/0x120 [ 1482.763684][T20100] do_recvmmsg+0x3bd/0xab0 [ 1482.763704][T20100] ? __pfx_do_recvmmsg+0x10/0x10 [ 1482.763729][T20100] ? ksys_write+0x22a/0x2b0 [ 1482.763742][T20100] ? __pfx_lock_release+0x10/0x10 [ 1482.763762][T20100] ? sb_end_write+0xe9/0x1c0 [ 1482.763779][T20100] ? vfs_write+0x7fa/0xd10 [ 1482.763792][T20100] ? __mutex_unlock_slowpath+0x227/0x800 [ 1482.763816][T20100] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1482.763842][T20100] ? __fget_files+0x2a/0x410 [ 1482.763868][T20100] __x64_sys_recvmmsg+0x199/0x250 [ 1482.763884][T20100] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1482.763899][T20100] ? do_syscall_64+0x100/0x230 [ 1482.763918][T20100] ? do_syscall_64+0xb6/0x230 [ 1482.763937][T20100] do_syscall_64+0xf3/0x230 [ 1482.763955][T20100] ? clear_bhb_loop+0x35/0x90 [ 1482.763975][T20100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1482.763992][T20100] RIP: 0033:0x7f576bd8cde9 [ 1482.764004][T20100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1482.764014][T20100] RSP: 002b:00007f576cbef038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1482.764028][T20100] RAX: ffffffffffffffda RBX: 00007f576bfa5fa0 RCX: 00007f576bd8cde9 [ 1482.764038][T20100] RDX: 040000000000029d RSI: 0000400000000600 RDI: 0000000000000003 [ 1482.764047][T20100] RBP: 00007f576cbef090 R08: 0000000000000000 R09: 0000000000000000 [ 1482.764055][T20100] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1482.764063][T20100] R13: 0000000000000000 R14: 00007f576bfa5fa0 R15: 00007ffcd46951d8 [ 1482.764082][T20100] [ 1483.023635][T16724] Bluetooth: hci4: command tx timeout [ 1483.891253][ T8] hid-generic 0000:0003:0000.0036: unknown main item tag 0x0 [ 1483.904666][ T8] hid-generic 0000:0003:0000.0036: unknown main item tag 0x0 [ 1483.923002][ T8] hid-generic 0000:0003:0000.0036: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1483.994631][T20077] bridge0: port 1(bridge_slave_0) entered blocking state [ 1484.066791][T20077] bridge0: port 1(bridge_slave_0) entered disabled state [ 1484.136848][T20117] FAULT_INJECTION: forcing a failure. [ 1484.136848][T20117] name failslab, interval 1, probability 0, space 0, times 0 [ 1484.149487][T20117] CPU: 0 UID: 0 PID: 20117 Comm: syz.7.3750 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1484.149503][T20117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1484.149512][T20117] Call Trace: [ 1484.149518][T20117] [ 1484.149523][T20117] dump_stack_lvl+0x241/0x360 [ 1484.149549][T20117] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1484.149570][T20117] ? __pfx__printk+0x10/0x10 [ 1484.149608][T20117] ? kmem_cache_alloc_noprof+0x48/0x380 [ 1484.149627][T20117] ? __pfx___might_resched+0x10/0x10 [ 1484.149646][T20117] should_fail_ex+0x40a/0x550 [ 1484.149666][T20117] should_failslab+0xac/0x100 [ 1484.149691][T20117] ? alloc_file_pseudo_noaccount+0x1f7/0x3a0 [ 1484.149710][T20117] kmem_cache_alloc_noprof+0x70/0x380 [ 1484.149731][T20117] alloc_file_pseudo_noaccount+0x1f7/0x3a0 [ 1484.149755][T20117] ? __pfx_alloc_file_pseudo_noaccount+0x10/0x10 [ 1484.149776][T20117] ? iput+0x3be/0xa50 [ 1484.149795][T20117] ? ilookup+0x107/0x140 [ 1484.149817][T20117] bdev_file_open_by_dev+0x173/0x220 [ 1484.149839][T20117] disk_scan_partitions+0x1be/0x2b0 [ 1484.149860][T20117] blkdev_common_ioctl+0x13cf/0x2460 [ 1484.149879][T20117] ? __lock_acquire+0x1397/0x2100 [ 1484.149898][T20117] ? __pfx_blkdev_common_ioctl+0x10/0x10 [ 1484.149914][T20117] ? tomoyo_path_number_perm+0x206/0x860 [ 1484.149935][T20117] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1484.149967][T20117] ? __asan_memset+0x23/0x50 [ 1484.149988][T20117] ? smack_file_ioctl+0x29e/0x3a0 [ 1484.150007][T20117] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1484.150026][T20117] ? file_to_blk_mode+0xcc/0x140 [ 1484.150048][T20117] blkdev_ioctl+0x4ca/0x6a0 [ 1484.150066][T20117] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1484.150086][T20117] ? __pfx_blkdev_ioctl+0x10/0x10 [ 1484.150105][T20117] __se_sys_ioctl+0xf5/0x170 [ 1484.150194][T20117] do_syscall_64+0xf3/0x230 [ 1484.150216][T20117] ? clear_bhb_loop+0x35/0x90 [ 1484.150241][T20117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1484.150260][T20117] RIP: 0033:0x7f576bd8cde9 [ 1484.150273][T20117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1484.150285][T20117] RSP: 002b:00007f576cbef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1484.150300][T20117] RAX: ffffffffffffffda RBX: 00007f576bfa5fa0 RCX: 00007f576bd8cde9 [ 1484.150311][T20117] RDX: 0000000000000000 RSI: 000000000000125f RDI: 0000000000000006 [ 1484.150320][T20117] RBP: 00007f576cbef090 R08: 0000000000000000 R09: 0000000000000000 [ 1484.150328][T20117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1484.150337][T20117] R13: 0000000000000000 R14: 00007f576bfa5fa0 R15: 00007ffcd46951d8 [ 1484.150356][T20117] [ 1484.437881][T20077] bridge_slave_0: entered allmulticast mode [ 1484.445515][T20077] bridge_slave_0: entered promiscuous mode [ 1484.455794][T20077] bridge0: port 2(bridge_slave_1) entered blocking state [ 1484.470318][T20077] bridge0: port 2(bridge_slave_1) entered disabled state [ 1484.479172][T20077] bridge_slave_1: entered allmulticast mode [ 1484.496787][T20077] bridge_slave_1: entered promiscuous mode [ 1484.671994][T20077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1484.685444][T20077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1484.721148][T20077] team0: Port device team_slave_0 added [ 1484.731314][T20077] team0: Port device team_slave_1 added [ 1484.795519][T20122] Bluetooth: MGMT ver 1.23 [ 1484.843736][T20077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1484.869274][T20077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1485.687413][T20077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1485.691722][T16724] Bluetooth: hci4: command tx timeout [ 1485.703185][T20077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1485.710277][T20077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1485.751510][T20077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1486.164360][T20077] hsr_slave_0: entered promiscuous mode [ 1486.189290][T20077] hsr_slave_1: entered promiscuous mode [ 1486.352265][T20077] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1487.234210][T20077] Cannot create hsr debugfs directory [ 1487.819409][T20077] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1487.895424][T16724] Bluetooth: hci4: command tx timeout [ 1488.445630][T20077] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1490.117731][T16724] Bluetooth: hci4: command tx timeout [ 1490.969540][T20177] net_ratelimit: 798 callbacks suppressed [ 1490.969562][T20177] netlink: zone id is out of range [ 1490.981473][T20177] netlink: zone id is out of range [ 1490.996103][T20177] netlink: zone id is out of range [ 1491.010138][T20177] netlink: zone id is out of range [ 1491.023888][T20177] netlink: zone id is out of range [ 1491.029934][T20177] netlink: zone id is out of range [ 1491.044544][T20177] netlink: zone id is out of range [ 1491.066813][T20177] netlink: zone id is out of range [ 1491.088272][T20177] netlink: zone id is out of range [ 1491.109309][T20177] netlink: zone id is out of range [ 1493.315186][T20188] netlink: 1080 bytes leftover after parsing attributes in process `syz.7.3767'. [ 1494.770649][T20077] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1494.996871][T20077] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1495.477734][T20077] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1495.494052][T20077] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1495.519000][T20077] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1495.546655][T20077] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1495.580591][ T5878] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 1495.704357][T20077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1495.726676][T20077] 8021q: adding VLAN 0 to HW filter on device team0 [ 1495.741781][T19268] bridge0: port 1(bridge_slave_0) entered blocking state [ 1495.748913][T19268] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1495.761647][ T5878] usb 6-1: Using ep0 maxpacket: 32 [ 1495.769185][T19268] bridge0: port 2(bridge_slave_1) entered blocking state [ 1495.776325][T19268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1495.787973][ T5878] usb 6-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 1495.802343][ T5878] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1495.828728][ T5878] usb 6-1: Product: syz [ 1495.832979][ T5878] usb 6-1: Manufacturer: syz [ 1495.844414][ T5878] usb 6-1: SerialNumber: syz [ 1495.849679][ T5910] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 1495.873638][ T5878] usb 6-1: config 0 descriptor?? [ 1496.021524][ T5910] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1496.045306][ T5910] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1496.056327][ T5910] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1496.066651][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1496.090726][T20201] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1496.093630][T20077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1496.114660][ T5910] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1496.220144][T20207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1496.260382][T20207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1496.425136][ T5910] usb 4-1: USB disconnect, device number 81 [ 1496.816030][T20077] veth0_vlan: entered promiscuous mode [ 1496.853469][T20077] veth1_vlan: entered promiscuous mode [ 1496.923264][T20077] veth0_macvtap: entered promiscuous mode [ 1496.944642][T20077] veth1_macvtap: entered promiscuous mode [ 1496.971450][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1496.982481][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1496.993697][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1497.004869][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.015159][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1497.026207][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.039134][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1497.062091][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.072380][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1497.085939][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.096041][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1497.106714][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.372126][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1497.383503][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.393666][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1497.405346][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.415283][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1497.425875][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.438284][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1497.449167][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1497.464248][T20237] x_tables: ip_tables: osf match: only valid for protocol 6 [ 1498.176954][ T5878] RobotFuzz Open Source InterFace, OSIF 6-1:0.0: failure sending bit rate [ 1498.270643][ T5878] RobotFuzz Open Source InterFace, OSIF 6-1:0.0: probe with driver RobotFuzz Open Source InterFace, OSIF failed with error -110 [ 1498.459011][T20077] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1498.784276][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.826816][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.844551][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.856441][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.867042][ T5878] usb 6-1: USB disconnect, device number 18 [ 1498.868156][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.884370][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.901315][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.924317][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.938577][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.950108][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.963623][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.976160][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1498.988535][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1498.999542][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1499.025330][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1499.038641][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1499.052921][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1499.064168][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1499.074430][T20077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1499.105002][T20077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1499.133714][T20077] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1499.156619][T20077] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.163469][T20248] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1499.166070][T20077] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.189166][T20077] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.199150][T20077] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.896437][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1499.926717][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1500.203581][ T1156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1500.462775][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1500.818902][ T8] usb 4-1: new full-speed USB device number 82 using dummy_hcd [ 1501.053057][ T8] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1501.802590][ T8] usb 4-1: not running at top speed; connect to a high speed hub [ 1501.810382][ T8] usb 4-1: too many configurations: 255, using maximum allowed: 8 [ 1501.833566][ T8] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1501.923151][ T8] usb 4-1: can't read configurations, error -61 [ 1502.126156][ T8] usb 4-1: new full-speed USB device number 83 using dummy_hcd [ 1503.002643][T20286] ALSA: mixer_oss: invalid index 40000 [ 1503.100765][T20275] netlink: 'syz.5.3788': attribute type 32 has an invalid length. [ 1503.128289][T20275] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3788'. [ 1503.137259][T20275] (unnamed net_device) (uninitialized): option coupled_control: invalid value (111) [ 1503.172586][ T8] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1503.190121][T20296] cifs: Unknown parameter 'no'aN[Gzob,er;%j [ 1503.190121][T20296] z,@qJ#"h/.W1ȱnNC"C׈E)8+' [ 1503.211479][ T8] usb 4-1: not running at top speed; connect to a high speed hub [ 1503.253684][ T8] usb 4-1: too many configurations: 255, using maximum allowed: 8 [ 1503.272044][ T8] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1503.280765][ T8] usb 4-1: can't read configurations, error -61 [ 1503.376938][T20302] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 1503.638341][ T8] usb usb4-port1: attempt power cycle [ 1504.100944][ T5911] usb 7-1: new high-speed USB device number 56 using dummy_hcd [ 1504.291276][T20311] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3796'. [ 1504.315016][ T5911] usb 7-1: Using ep0 maxpacket: 16 [ 1504.343423][ T5911] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b [ 1504.378887][ T5911] usb 7-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1504.387107][ T5911] usb 7-1: Product: syz [ 1504.414169][ T5911] usb 7-1: SerialNumber: syz [ 1504.448286][ T5911] usb 7-1: config 0 descriptor?? [ 1504.476130][ T5911] usb 7-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1504.484194][ T5911] dvb_usb_af9015 7-1:0.0: probe with driver dvb_usb_af9015 failed with error -22 [ 1504.510471][ T5911] usb 7-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 1504.523514][ T5911] dvb_usb_af9035 7-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 1506.529391][ T5879] usb 7-1: USB disconnect, device number 56 [ 1506.629515][ T29] audit: type=1800 audit(1739730784.479:502): pid=20328 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.5.3802" name="/newroot/125/bus" dev="tmpfs" ino=674 res=0 errno=0 [ 1506.629707][T20330] Invalid ELF header magic: != ELF [ 1508.245177][T20356] libceph: resolve '..0' (ret=-3): failed [ 1511.671338][T20383] Bluetooth: MGMT ver 1.23 [ 1512.689156][ T6788] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1513.022288][T20389] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1513.068366][T20398] 9pnet: p9_errstr2errno: server reported unknown error ~zx [ 1513.457876][T11470] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 1513.684746][T11470] usb 4-1: Using ep0 maxpacket: 32 [ 1514.111026][T11470] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 62, changing to 9 [ 1514.171582][T11470] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1514.192858][T11470] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1514.231615][T11470] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1514.242135][T11470] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1514.257051][T11470] usb 4-1: Product: syz [ 1514.275345][T11470] usb 4-1: Manufacturer: syz [ 1514.290955][T11470] usb 4-1: SerialNumber: syz [ 1515.797411][T20397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1515.852477][T20397] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1515.917386][T11470] cdc_ncm 4-1:1.0: SET_NTB_FORMAT failed [ 1515.961550][T11470] cdc_ncm 4-1:1.0: bind() failure [ 1515.986006][T11470] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 1516.199459][T11470] cdc_ncm 4-1:1.1: bind() failure [ 1516.229381][T11470] usb 4-1: USB disconnect, device number 85 [ 1516.233018][T20429] FAULT_INJECTION: forcing a failure. [ 1516.233018][T20429] name failslab, interval 1, probability 0, space 0, times 0 [ 1516.309966][T20429] CPU: 1 UID: 0 PID: 20429 Comm: syz.7.3831 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1516.309990][T20429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1516.310003][T20429] Call Trace: [ 1516.310010][T20429] [ 1516.310018][T20429] dump_stack_lvl+0x241/0x360 [ 1516.310053][T20429] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1516.310083][T20429] ? __pfx__printk+0x10/0x10 [ 1516.310123][T20429] should_fail_ex+0x40a/0x550 [ 1516.310150][T20429] should_failslab+0xac/0x100 [ 1516.310173][T20429] ? skb_clone+0x20c/0x390 [ 1516.310200][T20429] kmem_cache_alloc_noprof+0x70/0x380 [ 1516.310230][T20429] skb_clone+0x20c/0x390 [ 1516.310253][T20429] __netlink_deliver_tap+0x3cc/0x7f0 [ 1516.310282][T20429] ? netlink_deliver_tap+0x2e/0x1b0 [ 1516.310300][T20429] netlink_deliver_tap+0x19d/0x1b0 [ 1516.310319][T20429] netlink_unicast+0x7c4/0x990 [ 1516.310354][T20429] ? __pfx_netlink_unicast+0x10/0x10 [ 1516.310379][T20429] ? __virt_addr_valid+0x45f/0x530 [ 1516.310406][T20429] ? __phys_addr_symbol+0x2f/0x70 [ 1516.310430][T20429] ? __check_object_size+0x47a/0x730 [ 1516.310458][T20429] netlink_sendmsg+0x8e4/0xcb0 [ 1516.310488][T20429] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1516.310519][T20429] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1516.310536][T20429] __sock_sendmsg+0x221/0x270 [ 1516.310563][T20429] ____sys_sendmsg+0x52a/0x7e0 [ 1516.310589][T20429] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1516.310607][T20429] ? __fget_files+0x2a/0x410 [ 1516.310633][T20429] ? __fget_files+0x2a/0x410 [ 1516.310666][T20429] __sys_sendmsg+0x269/0x350 [ 1516.310689][T20429] ? __pfx___sys_sendmsg+0x10/0x10 [ 1516.310720][T20429] ? do_sys_openat2+0x17a/0x1d0 [ 1516.310768][T20429] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1516.310794][T20429] ? do_syscall_64+0x100/0x230 [ 1516.310822][T20429] ? do_syscall_64+0xb6/0x230 [ 1516.310850][T20429] do_syscall_64+0xf3/0x230 [ 1516.310875][T20429] ? clear_bhb_loop+0x35/0x90 [ 1516.310904][T20429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1516.310928][T20429] RIP: 0033:0x7f576bd8cde9 [ 1516.310945][T20429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1516.310961][T20429] RSP: 002b:00007f576cbef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1516.310981][T20429] RAX: ffffffffffffffda RBX: 00007f576bfa5fa0 RCX: 00007f576bd8cde9 [ 1516.310994][T20429] RDX: 0000000000000000 RSI: 0000400000000000 RDI: 0000000000000005 [ 1516.311006][T20429] RBP: 00007f576cbef090 R08: 0000000000000000 R09: 0000000000000000 [ 1516.311018][T20429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1516.311029][T20429] R13: 0000000000000000 R14: 00007f576bfa5fa0 R15: 00007ffcd46951d8 [ 1516.311057][T20429] [ 1516.585545][ C1] vkms_vblank_simulate: vblank timer overrun [ 1516.852474][T20429] bridge0: port 2(bridge_slave_1) entered disabled state [ 1518.611617][T20453] x_tables: duplicate underflow at hook 1 [ 1521.148207][T20479] net_ratelimit: 394 callbacks suppressed [ 1521.148226][T20479] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 1523.366130][T20501] FAULT_INJECTION: forcing a failure. [ 1523.366130][T20501] name failslab, interval 1, probability 0, space 0, times 0 [ 1523.379256][T20501] CPU: 1 UID: 0 PID: 20501 Comm: syz.6.3852 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1523.379279][T20501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1523.379290][T20501] Call Trace: [ 1523.379297][T20501] [ 1523.379304][T20501] dump_stack_lvl+0x241/0x360 [ 1523.379338][T20501] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1523.379369][T20501] ? __pfx__printk+0x10/0x10 [ 1523.379399][T20501] ? fs_reclaim_acquire+0x93/0x130 [ 1523.379418][T20501] ? __pfx___might_resched+0x10/0x10 [ 1523.379443][T20501] should_fail_ex+0x40a/0x550 [ 1523.379470][T20501] should_failslab+0xac/0x100 [ 1523.379496][T20501] __kmalloc_noprof+0xdd/0x4c0 [ 1523.379519][T20501] ? tomoyo_encode+0x26f/0x540 [ 1523.379542][T20501] tomoyo_encode+0x26f/0x540 [ 1523.379566][T20501] tomoyo_realpath_from_path+0x59e/0x5e0 [ 1523.379596][T20501] tomoyo_check_open_permission+0x258/0x4f0 [ 1523.379625][T20501] ? tomoyo_check_open_permission+0x207/0x4f0 [ 1523.379652][T20501] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1523.379713][T20501] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1523.379731][T20501] ? tomoyo_file_open+0x165/0x220 [ 1523.379756][T20501] security_file_open+0xac/0x250 [ 1523.379784][T20501] do_dentry_open+0x320/0x1960 [ 1523.379815][T20501] ? vfs_open+0x31/0x370 [ 1523.379841][T20501] vfs_open+0x3b/0x370 [ 1523.379867][T20501] path_openat+0x2c81/0x3590 [ 1523.379924][T20501] ? __pfx_path_openat+0x10/0x10 [ 1523.379970][T20501] do_filp_open+0x27f/0x4e0 [ 1523.380001][T20501] ? __pfx_do_filp_open+0x10/0x10 [ 1523.380028][T20501] ? do_raw_spin_lock+0x14f/0x370 [ 1523.380082][T20501] do_sys_openat2+0x13e/0x1d0 [ 1523.380109][T20501] ? __pfx_do_sys_openat2+0x10/0x10 [ 1523.380131][T20501] ? __fget_files+0x2a/0x410 [ 1523.380158][T20501] ? __fget_files+0x2a/0x410 [ 1523.380194][T20501] __x64_sys_openat+0x247/0x2a0 [ 1523.380222][T20501] ? __pfx___x64_sys_openat+0x10/0x10 [ 1523.380251][T20501] ? do_syscall_64+0x100/0x230 [ 1523.380280][T20501] ? do_syscall_64+0xb6/0x230 [ 1523.380308][T20501] do_syscall_64+0xf3/0x230 [ 1523.380333][T20501] ? clear_bhb_loop+0x35/0x90 [ 1523.380362][T20501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1523.380386][T20501] RIP: 0033:0x7f5923f8cde9 [ 1523.380402][T20501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1523.380419][T20501] RSP: 002b:00007f5924db0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1523.380439][T20501] RAX: ffffffffffffffda RBX: 00007f59241a6160 RCX: 00007f5923f8cde9 [ 1523.380453][T20501] RDX: 000000000000c901 RSI: 0000400000000340 RDI: ffffffffffffff9c [ 1523.380466][T20501] RBP: 00007f5924db0090 R08: 0000000000000000 R09: 0000000000000000 [ 1523.380478][T20501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1523.380489][T20501] R13: 0000000000000000 R14: 00007f59241a6160 R15: 00007ffe2a7d91f8 [ 1523.380517][T20501] [ 1523.380702][T20501] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1524.543453][T20517] netlink: 197276 bytes leftover after parsing attributes in process `syz.3.3854'. [ 1524.766178][ T29] audit: type=1326 audit(1739730801.438:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20513 comm="syz.6.3855" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5923f8cde9 code=0x0 [ 1524.813540][T20523] netlink: 56 bytes leftover after parsing attributes in process `syz.6.3855'. [ 1524.871733][T20523] wg2: entered promiscuous mode [ 1524.886414][T20523] wg2: entered allmulticast mode [ 1525.088428][ T5879] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 1526.134481][ T5879] usb 6-1: Using ep0 maxpacket: 32 [ 1526.159278][ T5879] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 1526.174585][ T5879] usb 6-1: config 0 has no interface number 0 [ 1526.187425][ T5879] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1526.199084][ T5879] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1526.207207][ T5879] usb 6-1: Product: syz [ 1526.223661][ T5879] usb 6-1: Manufacturer: syz [ 1526.228902][ T5879] usb 6-1: SerialNumber: syz [ 1526.300143][ T5879] usb 6-1: config 0 descriptor?? [ 1526.429696][ T5879] smsc95xx v2.0.0 [ 1526.769689][ T5879] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1526.791317][T20541] fuse: Invalid rootmode [ 1526.795955][ T5879] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1526.979691][T20547] netlink: 1080 bytes leftover after parsing attributes in process `syz.7.3864'. [ 1529.117082][T20578] netlink: zone id is out of range [ 1529.144352][T20578] netlink: zone id is out of range [ 1529.185021][T20578] netlink: zone id is out of range [ 1529.190181][T20578] netlink: zone id is out of range [ 1529.237017][T20578] netlink: zone id is out of range [ 1529.242169][T20578] netlink: zone id is out of range [ 1529.277430][T20578] netlink: zone id is out of range [ 1529.282577][T20578] netlink: zone id is out of range [ 1529.324302][T20578] netlink: zone id is out of range [ 1529.329439][T20578] netlink: zone id is out of range [ 1529.689687][T20520] syz.5.3858 (20520): drop_caches: 2 [ 1530.056888][ T5879] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1530.086272][ T5879] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 1530.104247][ T5879] usb 6-1: USB disconnect, device number 19 [ 1530.172895][T20599] fuse: Invalid rootmode [ 1531.645797][T20617] overlayfs: missing 'lowerdir' [ 1531.662307][T20617] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3882'. [ 1532.713146][T20638] FAULT_INJECTION: forcing a failure. [ 1532.713146][T20638] name failslab, interval 1, probability 0, space 0, times 0 [ 1532.800131][T20638] CPU: 0 UID: 0 PID: 20638 Comm: syz.7.3888 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1532.800156][T20638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1532.800167][T20638] Call Trace: [ 1532.800174][T20638] [ 1532.800182][T20638] dump_stack_lvl+0x241/0x360 [ 1532.800218][T20638] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1532.800247][T20638] ? __pfx__printk+0x10/0x10 [ 1532.800276][T20638] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 1532.800301][T20638] ? __pfx___might_resched+0x10/0x10 [ 1532.800326][T20638] should_fail_ex+0x40a/0x550 [ 1532.800352][T20638] should_failslab+0xac/0x100 [ 1532.800376][T20638] kmem_cache_alloc_node_noprof+0x77/0x380 [ 1532.800405][T20638] ? __alloc_skb+0x1c3/0x440 [ 1532.800435][T20638] __alloc_skb+0x1c3/0x440 [ 1532.800466][T20638] ? __pfx___alloc_skb+0x10/0x10 [ 1532.800495][T20638] ? netlink_autobind+0xd6/0x2f0 [ 1532.800513][T20638] ? netlink_autobind+0x2b0/0x2f0 [ 1532.800536][T20638] netlink_sendmsg+0x638/0xcb0 [ 1532.800564][T20638] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1532.800599][T20638] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1532.800617][T20638] __sock_sendmsg+0x221/0x270 [ 1532.800643][T20638] ____sys_sendmsg+0x52a/0x7e0 [ 1532.800669][T20638] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1532.800686][T20638] ? __fget_files+0x2a/0x410 [ 1532.800711][T20638] ? __fget_files+0x2a/0x410 [ 1532.800741][T20638] __sys_sendmsg+0x269/0x350 [ 1532.800764][T20638] ? __pfx___sys_sendmsg+0x10/0x10 [ 1532.800793][T20638] ? do_sys_openat2+0x17a/0x1d0 [ 1532.800835][T20638] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1532.800857][T20638] ? do_syscall_64+0x100/0x230 [ 1532.800884][T20638] ? do_syscall_64+0xb6/0x230 [ 1532.800911][T20638] do_syscall_64+0xf3/0x230 [ 1532.800936][T20638] ? clear_bhb_loop+0x35/0x90 [ 1532.800965][T20638] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1532.800989][T20638] RIP: 0033:0x7f576bd8cde9 [ 1532.801006][T20638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1532.801022][T20638] RSP: 002b:00007f576cbef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1532.801041][T20638] RAX: ffffffffffffffda RBX: 00007f576bfa5fa0 RCX: 00007f576bd8cde9 [ 1532.801054][T20638] RDX: 0000000020000840 RSI: 0000400000000140 RDI: 0000000000000004 [ 1532.801066][T20638] RBP: 00007f576cbef090 R08: 0000000000000000 R09: 0000000000000000 [ 1532.801077][T20638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1532.801088][T20638] R13: 0000000000000000 R14: 00007f576bfa5fa0 R15: 00007ffcd46951d8 [ 1532.801114][T20638] [ 1533.132992][T20642] fuse: Bad value for 'rootmode' [ 1533.800551][T20657] fuse: Bad value for 'user_id' [ 1533.805513][T20657] fuse: Bad value for 'user_id' [ 1535.080598][T20666] pim6reg: entered allmulticast mode [ 1535.162156][T20666] pim6reg: left allmulticast mode [ 1536.110819][T20675] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3899'. [ 1536.133295][T20675] 9pnet_fd: Insufficient options for proto=fd [ 1536.185786][T20678] fuse: Bad value for 'user_id' [ 1536.196398][T20678] fuse: Bad value for 'user_id' [ 1536.902562][T20684] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3901'. [ 1537.157833][T20691] fuse: Bad value for 'rootmode' [ 1542.225786][T20735] overlayfs: failed to get inode (-116) [ 1542.231626][T20735] overlayfs: failed to get inode (-116) [ 1542.642043][T20745] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194322 ns). Using initial count to start timer. [ 1543.542840][T20739] kvm: pic: non byte write [ 1544.396281][T20757] netlink: 'syz.6.3920': attribute type 4 has an invalid length. [ 1545.063300][T20758] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3920'. [ 1545.072372][T20758] netlink: 92 bytes leftover after parsing attributes in process `syz.6.3920'. [ 1545.113483][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 1545.882522][ T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1545.889045][T20766] FAULT_INJECTION: forcing a failure. [ 1545.889045][T20766] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1545.983804][T20766] CPU: 1 UID: 0 PID: 20766 Comm: syz.5.3923 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1545.983830][T20766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1545.983842][T20766] Call Trace: [ 1545.983848][T20766] [ 1545.983856][T20766] dump_stack_lvl+0x241/0x360 [ 1545.983892][T20766] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1545.983920][T20766] ? __pfx__printk+0x10/0x10 [ 1545.983952][T20766] ? snprintf+0xda/0x120 [ 1545.983974][T20766] should_fail_ex+0x40a/0x550 [ 1545.984000][T20766] _copy_to_user+0x31/0xb0 [ 1545.984021][T20766] simple_read_from_buffer+0xca/0x150 [ 1545.984052][T20766] proc_fail_nth_read+0x1e9/0x250 [ 1545.984077][T20766] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1545.984101][T20766] ? rw_verify_area+0x243/0x630 [ 1545.984129][T20766] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1545.984152][T20766] vfs_read+0x1f8/0xb40 [ 1545.984181][T20766] ? fdget_pos+0x254/0x320 [ 1545.984205][T20766] ? __pfx___mutex_lock+0x10/0x10 [ 1545.984231][T20766] ? __pfx_vfs_read+0x10/0x10 [ 1545.984261][T20766] ? __fget_files+0x2a/0x410 [ 1545.984286][T20766] ? __fget_files+0x395/0x410 [ 1545.984307][T20766] ? __fget_files+0x2a/0x410 [ 1545.984339][T20766] ksys_read+0x18f/0x2b0 [ 1545.984358][T20766] ? __pfx_ksys_read+0x10/0x10 [ 1545.984376][T20766] ? do_syscall_64+0x100/0x230 [ 1545.984404][T20766] ? do_syscall_64+0xb6/0x230 [ 1545.984432][T20766] do_syscall_64+0xf3/0x230 [ 1545.984457][T20766] ? clear_bhb_loop+0x35/0x90 [ 1545.984487][T20766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1545.984511][T20766] RIP: 0033:0x7f03b8b8b7fc [ 1545.984528][T20766] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1545.984544][T20766] RSP: 002b:00007f03b9a07030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1545.984563][T20766] RAX: ffffffffffffffda RBX: 00007f03b8da5fa0 RCX: 00007f03b8b8b7fc [ 1545.984577][T20766] RDX: 000000000000000f RSI: 00007f03b9a070a0 RDI: 0000000000000003 [ 1545.984589][T20766] RBP: 00007f03b9a07090 R08: 0000000000000000 R09: 0000000000000000 [ 1545.984600][T20766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1545.984611][T20766] R13: 0000000000000000 R14: 00007f03b8da5fa0 R15: 00007ffe1d369df8 [ 1545.984639][T20766] [ 1546.208356][ C1] vkms_vblank_simulate: vblank timer overrun [ 1546.553933][ T5875] usb 7-1: new high-speed USB device number 57 using dummy_hcd [ 1546.828206][ T5875] usb 7-1: Using ep0 maxpacket: 16 [ 1546.852362][ T5875] usb 7-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=9a.1d [ 1546.927643][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1546.935734][ T5875] usb 7-1: Product: syz [ 1547.004471][ T5875] usb 7-1: Manufacturer: syz [ 1547.009193][ T5875] usb 7-1: SerialNumber: syz [ 1547.059225][ T5875] usb 7-1: config 0 descriptor?? [ 1547.080125][ T5875] ims_pcu 7-1:0.0: Missing CDC union descriptor [ 1547.091852][ T5875] ims_pcu 7-1:0.0: probe with driver ims_pcu failed with error -22 [ 1547.298768][ T5875] usb 7-1: USB disconnect, device number 57 [ 1547.705065][T20793] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3933'. [ 1548.290014][T20804] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3934'. [ 1548.595888][ T8] usb 7-1: new full-speed USB device number 58 using dummy_hcd [ 1548.940363][ T8] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 1548.948695][ T8] usb 7-1: config 0 has no interface number 0 [ 1548.954804][ T8] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1548.977526][ T8] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1549.009641][ T8] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1549.022224][ T8] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64 [ 1549.033394][ T8] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1549.047489][ T8] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1549.057903][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1549.091192][ T8] usb 7-1: config 0 descriptor?? [ 1549.098578][T20798] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 1549.142882][ T8] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1549.394665][ T5911] usb 7-1: USB disconnect, device number 58 [ 1549.410324][ T5911] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 1552.922201][T20843] ax25_connect(): syz.7.3944 uses autobind, please contact jreuter@yaina.de [ 1554.533047][T20854] net_ratelimit: 407 callbacks suppressed [ 1554.533067][T20854] netlink: zone id is out of range [ 1555.564799][T20854] netlink: zone id is out of range [ 1555.639040][T20854] netlink: zone id is out of range [ 1555.716528][T20854] netlink: zone id is out of range [ 1555.721675][T20854] netlink: zone id is out of range [ 1555.747230][T20854] netlink: zone id is out of range [ 1555.790257][T20854] netlink: zone id is out of range [ 1555.800750][T20854] netlink: zone id is out of range [ 1555.818510][T20854] netlink: zone id is out of range [ 1555.832780][T20854] netlink: zone id is out of range [ 1555.919295][T20864] dlm: non-version read from control device 36 [ 1556.508764][T20880] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3958'. [ 1558.760108][T20910] netlink: 52 bytes leftover after parsing attributes in process `syz.7.3968'. [ 1559.318092][ T5875] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 1559.365021][T20922] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3971'. [ 1559.387904][T20922] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3971'. [ 1559.489382][ T5875] usb 6-1: Using ep0 maxpacket: 16 [ 1559.502203][ T5875] usb 6-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 1559.542623][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1559.604259][ T5875] usb 6-1: Product: syz [ 1560.360594][ T5875] usb 6-1: Manufacturer: syz [ 1560.365251][ T5875] usb 6-1: SerialNumber: syz [ 1560.371730][ T5875] usb 6-1: config 0 descriptor?? [ 1560.379388][ T5875] ums-onetouch 6-1:0.0: USB Mass Storage device detected [ 1560.738996][ T5875] usb 6-1: USB disconnect, device number 20 [ 1560.933343][T20937] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3976'. [ 1561.809430][T20945] FAULT_INJECTION: forcing a failure. [ 1561.809430][T20945] name failslab, interval 1, probability 0, space 0, times 0 [ 1561.823244][T20945] CPU: 0 UID: 0 PID: 20945 Comm: syz.5.3978 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1561.823275][T20945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1561.823287][T20945] Call Trace: [ 1561.823294][T20945] [ 1561.823303][T20945] dump_stack_lvl+0x241/0x360 [ 1561.823339][T20945] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1561.823370][T20945] ? __pfx__printk+0x10/0x10 [ 1561.823402][T20945] ? __kmalloc_cache_noprof+0x48/0x390 [ 1561.823429][T20945] ? __pfx___might_resched+0x10/0x10 [ 1561.823455][T20945] should_fail_ex+0x40a/0x550 [ 1561.823482][T20945] should_failslab+0xac/0x100 [ 1561.823507][T20945] __kmalloc_cache_noprof+0x70/0x390 [ 1561.823532][T20945] ? __se_sys_mount+0x15a/0x3c0 [ 1561.823555][T20945] ? memdup_user+0x9f/0xc0 [ 1561.823587][T20945] __se_sys_mount+0x15a/0x3c0 [ 1561.823611][T20945] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1561.823639][T20945] ? __pfx___se_sys_mount+0x10/0x10 [ 1561.823665][T20945] ? do_syscall_64+0x100/0x230 [ 1561.823695][T20945] ? __x64_sys_mount+0x20/0xc0 [ 1561.823722][T20945] do_syscall_64+0xf3/0x230 [ 1561.823748][T20945] ? clear_bhb_loop+0x35/0x90 [ 1561.823778][T20945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1561.823804][T20945] RIP: 0033:0x7f03b8b8cde9 [ 1561.823820][T20945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1561.823837][T20945] RSP: 002b:00007f03b99e6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1561.823858][T20945] RAX: ffffffffffffffda RBX: 00007f03b8da6080 RCX: 00007f03b8b8cde9 [ 1561.823873][T20945] RDX: 0000400000000080 RSI: 00004000000000c0 RDI: 0000000000000000 [ 1561.823886][T20945] RBP: 00007f03b99e6090 R08: 0000400000000400 R09: 0000000000000000 [ 1561.823898][T20945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1561.823910][T20945] R13: 0000000000000000 R14: 00007f03b8da6080 R15: 00007ffe1d369df8 [ 1561.823937][T20945] [ 1562.389334][T20951] FAULT_INJECTION: forcing a failure. [ 1562.389334][T20951] name failslab, interval 1, probability 0, space 0, times 0 [ 1562.402411][T20951] CPU: 1 UID: 0 PID: 20951 Comm: syz.3.3980 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1562.402436][T20951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1562.402448][T20951] Call Trace: [ 1562.402466][T20951] [ 1562.402474][T20951] dump_stack_lvl+0x241/0x360 [ 1562.402508][T20951] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1562.402537][T20951] ? __pfx__printk+0x10/0x10 [ 1562.402565][T20951] ? __kmalloc_cache_noprof+0x48/0x390 [ 1562.402591][T20951] ? __pfx___might_resched+0x10/0x10 [ 1562.402609][T20951] ? arch_stack_walk+0xfd/0x150 [ 1562.402638][T20951] should_fail_ex+0x40a/0x550 [ 1562.402663][T20951] should_failslab+0xac/0x100 [ 1562.402684][T20951] __kmalloc_cache_noprof+0x70/0x390 [ 1562.402704][T20951] ? rtnl_newlink+0x12e/0x2210 [ 1562.402730][T20951] rtnl_newlink+0x12e/0x2210 [ 1562.402756][T20951] ? kasan_save_track+0x51/0x80 [ 1562.402774][T20951] ? kasan_save_free_info+0x40/0x50 [ 1562.402797][T20951] ? __kasan_slab_free+0x59/0x70 [ 1562.402815][T20951] ? kmem_cache_free+0x195/0x410 [ 1562.402839][T20951] ? __pfx_rtnl_newlink+0x10/0x10 [ 1562.402860][T20951] ? __netlink_deliver_tap+0x56b/0x7f0 [ 1562.402879][T20951] ? __pfx_validate_chain+0x10/0x10 [ 1562.402904][T20951] ? __sock_sendmsg+0x221/0x270 [ 1562.402926][T20951] ? ____sys_sendmsg+0x52a/0x7e0 [ 1562.402941][T20951] ? __sys_sendmsg+0x269/0x350 [ 1562.402957][T20951] ? do_syscall_64+0xf3/0x230 [ 1562.402981][T20951] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1562.403024][T20951] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1562.403050][T20951] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1562.403081][T20951] ? mark_lock+0x9a/0x360 [ 1562.403108][T20951] ? __lock_acquire+0x1397/0x2100 [ 1562.403154][T20951] ? rcu_read_unlock+0x87/0xa0 [ 1562.403174][T20951] ? __pfx_lock_release+0x10/0x10 [ 1562.403205][T20951] ? cap_capable+0x139/0x450 [ 1562.403239][T20951] ? __pfx_rtnl_newlink+0x10/0x10 [ 1562.403262][T20951] rtnetlink_rcv_msg+0x791/0xcf0 [ 1562.403282][T20951] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 1562.403307][T20951] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1562.403334][T20951] ? ref_tracker_free+0x643/0x7e0 [ 1562.403362][T20951] netlink_rcv_skb+0x1e3/0x430 [ 1562.403393][T20951] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1562.403417][T20951] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1562.403462][T20951] ? netlink_deliver_tap+0x2e/0x1b0 [ 1562.403482][T20951] netlink_unicast+0x7f6/0x990 [ 1562.403515][T20951] ? __pfx_netlink_unicast+0x10/0x10 [ 1562.403540][T20951] ? __virt_addr_valid+0x45f/0x530 [ 1562.403566][T20951] ? __phys_addr_symbol+0x2f/0x70 [ 1562.403591][T20951] ? __check_object_size+0x47a/0x730 [ 1562.403617][T20951] netlink_sendmsg+0x8e4/0xcb0 [ 1562.403645][T20951] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1562.403673][T20951] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1562.403689][T20951] __sock_sendmsg+0x221/0x270 [ 1562.403715][T20951] ____sys_sendmsg+0x52a/0x7e0 [ 1562.403741][T20951] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1562.403758][T20951] ? __fget_files+0x2a/0x410 [ 1562.403785][T20951] ? __fget_files+0x2a/0x410 [ 1562.403816][T20951] __sys_sendmsg+0x269/0x350 [ 1562.403839][T20951] ? __pfx___sys_sendmsg+0x10/0x10 [ 1562.403869][T20951] ? do_sys_openat2+0x17a/0x1d0 [ 1562.403914][T20951] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1562.403938][T20951] ? do_syscall_64+0x100/0x230 [ 1562.403966][T20951] ? do_syscall_64+0xb6/0x230 [ 1562.403993][T20951] do_syscall_64+0xf3/0x230 [ 1562.404018][T20951] ? clear_bhb_loop+0x35/0x90 [ 1562.404046][T20951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1562.404070][T20951] RIP: 0033:0x7f06e798cde9 [ 1562.404086][T20951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1562.404101][T20951] RSP: 002b:00007f06e870b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1562.404121][T20951] RAX: ffffffffffffffda RBX: 00007f06e7ba5fa0 RCX: 00007f06e798cde9 [ 1562.404134][T20951] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 000000000000000c [ 1562.404145][T20951] RBP: 00007f06e870b090 R08: 0000000000000000 R09: 0000000000000000 [ 1562.404157][T20951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1562.404167][T20951] R13: 0000000000000000 R14: 00007f06e7ba5fa0 R15: 00007ffe9e386c38 [ 1562.404198][T20951] [ 1562.815668][ C1] vkms_vblank_simulate: vblank timer overrun [ 1563.186871][T20955] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3013113693 (3013113693 ns) > initial count (230350673 ns). Using initial count to start timer. [ 1563.206167][ T5911] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 1563.359039][ T5911] usb 4-1: device descriptor read/64, error -71 [ 1563.615771][ T5911] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 1563.872163][ T5911] usb 4-1: device descriptor read/64, error -71 [ 1563.946941][T11470] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 1563.990613][ T5911] usb usb4-port1: attempt power cycle [ 1564.118095][T11470] usb 6-1: Using ep0 maxpacket: 32 [ 1564.142868][T11470] usb 6-1: config 0 has an invalid interface number: 132 but max is 0 [ 1564.197893][T11470] usb 6-1: config 0 has no interface number 0 [ 1564.249202][T11470] usb 6-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1564.259101][T20979] netlink: 1080 bytes leftover after parsing attributes in process `syz.0.3991'. [ 1564.358777][T11470] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 1564.368803][T11470] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1564.377840][ T5911] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 1564.391239][T11470] usb 6-1: Product: syz [ 1564.406010][T11470] usb 6-1: Manufacturer: syz [ 1564.413552][ T5911] usb 4-1: device descriptor read/8, error -71 [ 1564.428746][T11470] usb 6-1: SerialNumber: syz [ 1564.504545][T11470] usb 6-1: config 0 descriptor?? [ 1564.671061][T20968] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 1564.739411][ T5911] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1564.799247][T11470] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 1564.846810][ T5911] usb 4-1: device descriptor read/8, error -71 [ 1564.984022][T11470] em28xx 6-1:0.132: Video interface 132 found: bulk [ 1565.259936][ T5911] usb usb4-port1: unable to enumerate USB device [ 1565.267109][T11470] em28xx 6-1:0.132: chip ID is em28174 [ 1566.286146][T20993] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3996'. [ 1566.628310][T21000] pimreg: entered allmulticast mode [ 1566.649154][T21000] pimreg: left allmulticast mode [ 1567.194234][T11470] em28xx 6-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5) [ 1567.237308][T11470] em28xx 6-1:0.132: failed to read eeprom (err=-5) [ 1567.252894][T11470] em28xx 6-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 1567.358158][T11470] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 1567.376377][T21007] fuse: Unknown parameter 'user_i00000000000000000000' [ 1567.393261][T11470] em28xx 6-1:0.132: analog set to bulk mode. [ 1567.473046][ T5911] em28xx 6-1:0.132: Registering V4L2 extension [ 1567.533621][T21008] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3999'. [ 1567.644536][ T8] usb 6-1: USB disconnect, device number 21 [ 1567.661463][ T8] em28xx 6-1:0.132: Disconnecting em28xx [ 1568.745029][ T5911] usb 6-1: Decoder not found [ 1568.750545][ T5911] em28xx 6-1:0.132: failed to create media graph [ 1568.757296][ T5911] em28xx 6-1:0.132: V4L2 device video103 deregistered [ 1568.767740][ T5911] em28xx 6-1:0.132: Remote control support is not available for this card. [ 1568.785437][ T8] em28xx 6-1:0.132: Closing input extension [ 1570.492925][ T8] em28xx 6-1:0.132: Freeing device [ 1570.687569][T21040] loop7: detected capacity change from 0 to 16384 [ 1572.557045][T21055] vlan2: entered allmulticast mode [ 1573.273813][T21066] fuse: Unknown parameter 'user_id00000000000000000000' [ 1575.364771][T18230] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 1575.627276][T18230] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1575.763196][T18230] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1575.824493][T18230] usb 6-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 1575.835635][T18230] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1575.911738][T18230] usb 6-1: config 0 descriptor?? [ 1577.703793][T18230] usbhid 6-1:0.0: can't add hid device: -71 [ 1577.737836][T18230] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1578.148701][T18230] usb 6-1: USB disconnect, device number 22 [ 1578.492778][T21134] FAULT_INJECTION: forcing a failure. [ 1578.492778][T21134] name failslab, interval 1, probability 0, space 0, times 0 [ 1578.509643][T21134] CPU: 0 UID: 0 PID: 21134 Comm: syz.3.4033 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1578.509666][T21134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1578.509679][T21134] Call Trace: [ 1578.509686][T21134] [ 1578.509694][T21134] dump_stack_lvl+0x241/0x360 [ 1578.509729][T21134] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1578.509758][T21134] ? __pfx__printk+0x10/0x10 [ 1578.509787][T21134] ? kmem_cache_alloc_noprof+0x48/0x380 [ 1578.509812][T21134] ? __pfx___might_resched+0x10/0x10 [ 1578.509835][T21134] should_fail_ex+0x40a/0x550 [ 1578.509860][T21134] should_failslab+0xac/0x100 [ 1578.509884][T21134] ? mas_alloc_nodes+0x25b/0x7e0 [ 1578.509907][T21134] kmem_cache_alloc_noprof+0x70/0x380 [ 1578.509934][T21134] mas_alloc_nodes+0x25b/0x7e0 [ 1578.509965][T21134] mas_preallocate+0x575/0x8d0 [ 1578.509992][T21134] ? __pfx_mas_preallocate+0x10/0x10 [ 1578.510024][T21134] ? __mas_set_range+0x133/0x3c0 [ 1578.510052][T21134] __split_vma+0x302/0xc50 [ 1578.510080][T21134] ? mark_lock+0x9a/0x360 [ 1578.510106][T21134] ? __pfx___split_vma+0x10/0x10 [ 1578.510136][T21134] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1578.510166][T21134] vms_gather_munmap_vmas+0x2e6/0x1600 [ 1578.510191][T21134] ? __pfx_preempt_schedule+0x10/0x10 [ 1578.510224][T21134] ? preempt_schedule_thunk+0x1a/0x30 [ 1578.510250][T21134] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 1578.510273][T21134] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 1578.510296][T21134] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1578.510331][T21134] do_vmi_align_munmap+0x3ff/0x6f0 [ 1578.510359][T21134] ? __pfx_do_vmi_align_munmap+0x10/0x10 [ 1578.510410][T21134] ? mas_find+0x8c0/0xbb0 [ 1578.510436][T21134] do_vmi_munmap+0x24e/0x2d0 [ 1578.510471][T21134] do_munmap+0x18a/0x240 [ 1578.510500][T21134] ? __pfx_do_munmap+0x10/0x10 [ 1578.510531][T21134] ? __pfx_down_write_killable+0x10/0x10 [ 1578.510569][T21134] __se_sys_mremap+0x10c1/0x1b20 [ 1578.510605][T21134] ? __pfx___se_sys_mremap+0x10/0x10 [ 1578.510636][T21134] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1578.510661][T21134] ? irqentry_exit+0x63/0x90 [ 1578.510682][T21134] ? lockdep_hardirqs_on+0x99/0x150 [ 1578.510713][T21134] ? __x64_sys_mremap+0x20/0xc0 [ 1578.510737][T21134] do_syscall_64+0xf3/0x230 [ 1578.510762][T21134] ? clear_bhb_loop+0x35/0x90 [ 1578.510789][T21134] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1578.510814][T21134] RIP: 0033:0x7f06e798cde9 [ 1578.510830][T21134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1578.510847][T21134] RSP: 002b:00007f06e57d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1578.510867][T21134] RAX: ffffffffffffffda RBX: 00007f06e7ba6160 RCX: 00007f06e798cde9 [ 1578.510881][T21134] RDX: 0000000000600000 RSI: 0000000000a00000 RDI: 0000400000000000 [ 1578.510893][T21134] RBP: 00007f06e57d5090 R08: 0000400000a00000 R09: 0000000000000000 [ 1578.510905][T21134] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1578.510915][T21134] R13: 0000000000000001 R14: 00007f06e7ba6160 R15: 00007ffe9e386c38 [ 1578.510942][T21134] [ 1579.262846][T15008] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1580.494837][T18230] usb 7-1: new high-speed USB device number 59 using dummy_hcd [ 1581.042063][T18230] usb 7-1: Using ep0 maxpacket: 32 [ 1581.077382][T18230] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD8, changing to 0x88 [ 1581.103818][T18230] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 1581.129452][T18230] usb 7-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 1581.150135][T18230] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1581.161442][T18230] usb 7-1: Product: syz [ 1581.165621][T18230] usb 7-1: Manufacturer: syz [ 1581.189385][T18230] usb 7-1: SerialNumber: syz [ 1581.203228][T18230] usb 7-1: config 0 descriptor?? [ 1581.243834][T18230] usb 7-1: no audio or video endpoints found [ 1582.118248][T21173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1582.449302][T21180] program syz.7.4044 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1583.164820][T21173] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1583.538363][ T5910] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 1583.661285][T21188] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4046'. [ 1583.679728][T21189] vlan2: entered promiscuous mode [ 1583.708352][T21189] gretap0: entered promiscuous mode [ 1583.726419][T21189] vlan2: entered allmulticast mode [ 1583.742501][T21189] gretap0: entered allmulticast mode [ 1583.801532][T21189] gretap0: left allmulticast mode [ 1583.806754][T21189] gretap0: left promiscuous mode [ 1584.078681][ T5929] usb 7-1: USB disconnect, device number 59 [ 1587.664030][T21225] misc userio: No port type given on /dev/userio [ 1587.682500][T21225] misc userio: No port type given on /dev/userio [ 1588.506141][T21224] delete_channel: no stack [ 1588.908100][T21237] netlink: 92 bytes leftover after parsing attributes in process `syz.5.4058'. [ 1591.409776][T21230] gretap0 speed is unknown, defaulting to 1000 [ 1594.511570][T21280] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4069'. [ 1596.308847][T21279] syz.7.4070: attempt to access beyond end of device [ 1596.308847][T21279] nbd7: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1596.327258][T21279] XFS (nbd7): SB validate failed with error -5. [ 1598.037952][T21313] netlink: 'syz.6.4077': attribute type 1 has an invalid length. [ 1598.424377][T21313] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4077'. [ 1598.496628][T21313] netlink: 'syz.6.4077': attribute type 1 has an invalid length. [ 1598.511327][T21313] netlink: 224 bytes leftover after parsing attributes in process `syz.6.4077'. [ 1598.779450][T21321] FAULT_INJECTION: forcing a failure. [ 1598.779450][T21321] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1598.792757][T21321] CPU: 1 UID: 0 PID: 21321 Comm: syz.0.4078 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1598.792780][T21321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1598.792792][T21321] Call Trace: [ 1598.792799][T21321] [ 1598.792807][T21321] dump_stack_lvl+0x241/0x360 [ 1598.792843][T21321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1598.792872][T21321] ? __pfx__printk+0x10/0x10 [ 1598.792904][T21321] ? ___ratelimit+0xc5/0x690 [ 1598.792933][T21321] should_fail_ex+0x40a/0x550 [ 1598.792959][T21321] _copy_to_user+0x31/0xb0 [ 1598.792981][T21321] copy_to_sockptr+0x65/0xa0 [ 1598.793007][T21321] do_ip_getsockopt+0x18c4/0x2940 [ 1598.793038][T21321] ? __pfx_do_ip_getsockopt+0x10/0x10 [ 1598.793066][T21321] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1598.793094][T21321] ? mark_lock+0x9a/0x360 [ 1598.793123][T21321] ? __lock_acquire+0x1397/0x2100 [ 1598.793175][T21321] ? __pfx___might_resched+0x10/0x10 [ 1598.793198][T21321] ip_getsockopt+0xed/0x2e0 [ 1598.793225][T21321] ? __pfx_ip_getsockopt+0x10/0x10 [ 1598.793251][T21321] ? __might_fault+0xaa/0x120 [ 1598.793281][T21321] ? sock_common_getsockopt+0x2e/0xb0 [ 1598.793305][T21321] ? raw_getsockopt+0xca/0x1e0 [ 1598.793330][T21321] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1598.793358][T21321] do_sock_getsockopt+0x3c4/0x7e0 [ 1598.793382][T21321] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1598.793409][T21321] ? __fget_files+0x2a/0x410 [ 1598.793435][T21321] ? __fget_files+0x395/0x410 [ 1598.793458][T21321] ? __fget_files+0x2a/0x410 [ 1598.793506][T21321] __x64_sys_getsockopt+0x2a1/0x370 [ 1598.793532][T21321] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 1598.793553][T21321] ? do_syscall_64+0x100/0x230 [ 1598.793584][T21321] ? do_syscall_64+0xb6/0x230 [ 1598.793612][T21321] do_syscall_64+0xf3/0x230 [ 1598.793639][T21321] ? clear_bhb_loop+0x35/0x90 [ 1598.793670][T21321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1598.793696][T21321] RIP: 0033:0x7f1be598cde9 [ 1598.793713][T21321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1598.793730][T21321] RSP: 002b:00007f1be37d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1598.793751][T21321] RAX: ffffffffffffffda RBX: 00007f1be5ba6160 RCX: 00007f1be598cde9 [ 1598.793766][T21321] RDX: 0000000000000034 RSI: 0000000000000000 RDI: 0000000000000003 [ 1598.793778][T21321] RBP: 00007f1be37d5090 R08: 0000400000000180 R09: 0000000000000000 [ 1598.793791][T21321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1598.793803][T21321] R13: 0000000000000000 R14: 00007f1be5ba6160 R15: 00007fff84334268 [ 1598.793831][T21321] [ 1599.054151][ C1] vkms_vblank_simulate: vblank timer overrun [ 1604.238054][T21358] FAULT_INJECTION: forcing a failure. [ 1604.238054][T21358] name failslab, interval 1, probability 0, space 0, times 0 [ 1604.285075][T21358] CPU: 1 UID: 0 PID: 21358 Comm: syz.5.4091 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1604.285102][T21358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1604.285114][T21358] Call Trace: [ 1604.285121][T21358] [ 1604.285129][T21358] dump_stack_lvl+0x241/0x360 [ 1604.285166][T21358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1604.285197][T21358] ? __pfx__printk+0x10/0x10 [ 1604.285226][T21358] ? fs_reclaim_acquire+0x93/0x130 [ 1604.285245][T21358] ? __pfx___might_resched+0x10/0x10 [ 1604.285269][T21358] should_fail_ex+0x40a/0x550 [ 1604.285295][T21358] should_failslab+0xac/0x100 [ 1604.285319][T21358] __kmalloc_noprof+0xdd/0x4c0 [ 1604.285341][T21358] ? tomoyo_encode+0x26f/0x540 [ 1604.285364][T21358] tomoyo_encode+0x26f/0x540 [ 1604.285387][T21358] tomoyo_realpath_from_path+0x59e/0x5e0 [ 1604.285416][T21358] tomoyo_path_number_perm+0x236/0x860 [ 1604.285441][T21358] ? __lock_acquire+0x1397/0x2100 [ 1604.285465][T21358] ? tomoyo_path_number_perm+0x206/0x860 [ 1604.285493][T21358] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1604.285554][T21358] ? __fget_files+0x2a/0x410 [ 1604.285581][T21358] ? __fget_files+0x2a/0x410 [ 1604.285610][T21358] security_file_ioctl+0xc6/0x2a0 [ 1604.285643][T21358] __se_sys_ioctl+0x46/0x170 [ 1604.285663][T21358] do_syscall_64+0xf3/0x230 [ 1604.285689][T21358] ? clear_bhb_loop+0x35/0x90 [ 1604.285718][T21358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1604.285742][T21358] RIP: 0033:0x7f03b8b8cde9 [ 1604.285758][T21358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1604.285774][T21358] RSP: 002b:00007f03b9a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1604.285794][T21358] RAX: ffffffffffffffda RBX: 00007f03b8da5fa0 RCX: 00007f03b8b8cde9 [ 1604.285807][T21358] RDX: 0000400000000040 RSI: 00000000402c542c RDI: 0000000000000004 [ 1604.285819][T21358] RBP: 00007f03b9a07090 R08: 0000000000000000 R09: 0000000000000000 [ 1604.285830][T21358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1604.285841][T21358] R13: 0000000000000000 R14: 00007f03b8da5fa0 R15: 00007ffe1d369df8 [ 1604.285868][T21358] [ 1604.286417][T21358] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1604.450796][ C1] vkms_vblank_simulate: vblank timer overrun [ 1605.128704][T21372] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4094'. [ 1605.436942][T21376] netlink: 1088 bytes leftover after parsing attributes in process `syz.5.4095'. [ 1607.678101][T21391] netlink: 60 bytes leftover after parsing attributes in process `syz.5.4100'. [ 1607.734732][T21394] netlink: 'syz.0.4102': attribute type 33 has an invalid length. [ 1607.775039][T21394] netlink: 152 bytes leftover after parsing attributes in process `syz.0.4102'. [ 1607.991171][T21398] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4104'. [ 1608.291735][ T5879] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 1609.087098][T21409] netlink: 1088 bytes leftover after parsing attributes in process `syz.6.4107'. [ 1609.271984][ T5879] usb 6-1: Using ep0 maxpacket: 16 [ 1609.290540][ T5879] usb 6-1: config 7 has an invalid interface number: 149 but max is 0 [ 1609.322087][T21411] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4108'. [ 1609.328680][ T5879] usb 6-1: config 7 contains an unexpected descriptor of type 0x1, skipping [ 1609.360756][ T5879] usb 6-1: config 7 contains an unexpected descriptor of type 0x2, skipping [ 1609.380521][ T5879] usb 6-1: config 7 has no interface number 0 [ 1609.391198][ T5879] usb 6-1: config 7 interface 149 altsetting 0 endpoint 0x8 has invalid maxpacket 544, setting to 64 [ 1609.424651][ T5879] usb 6-1: config 7 interface 149 altsetting 0 endpoint 0xF has invalid maxpacket 1096, setting to 64 [ 1609.444699][ T5879] usb 6-1: config 7 interface 149 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 1609.466387][ T5879] usb 6-1: config 7 interface 149 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1609.478557][ T5879] usb 6-1: config 7 interface 149 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 1609.510466][ T5879] usb 6-1: config 7 interface 149 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 1609.542369][ T5879] usb 6-1: config 7 interface 149 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 1609.564077][ T5879] usb 6-1: config 7 interface 149 altsetting 0 has 8 endpoint descriptors, different from the interface descriptor's value: 11 [ 1609.587221][ T5879] usb 6-1: New USB device found, idVendor=19d2, idProduct=1282, bcdDevice=a1.7d [ 1609.606566][ T5879] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1609.628106][ T5879] usb 6-1: Product: 俍侳ᡆ䬠䫏ȹ膋࿪舙㣍뮬嘄빰羽䇟穡꿑᭻쟔飋眤䊷ᅱ╤৅㰤됽褑몥᷸짺ዶꪆ넁퐥啌英뼢쏶멥텫濤坱赲笄ꬷ銍я䉭鐷︙뙋圭㎀࠻젎仒❔ꧪ䚷鹕檵彪츇ṙ쨏㌅ೠꛭٹ뒕୴驒悴䌻테踺磼․뙠蓮㦇鬕忋閱哾꽛﷡뷲뾟쮶㵉蕗꥘珎ᓐ昧蕿猑Ḹ緾৷닊蹘 [ 1609.661033][ C1] vkms_vblank_simulate: vblank timer overrun [ 1609.691042][ T5879] usb 6-1: Manufacturer: ࠊ [ 1609.696638][ T5879] usb 6-1: SerialNumber: ఊ [ 1609.702806][ T5929] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1609.705435][T21402] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1609.722333][T21420] fuse: Unknown parameter '0x0000000000000003' [ 1609.895331][ T5929] usb 4-1: Using ep0 maxpacket: 8 [ 1609.908381][ T5929] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D [ 1609.928355][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1609.952758][ T5929] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0 [ 1609.981185][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 23343, setting to 1024 [ 1610.015028][ T5929] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024 [ 1610.040128][ T5929] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f [ 1610.046257][ T5879] option 6-1:7.149: GSM modem (1-port) converter detected [ 1610.067374][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1610.075066][ T5879] usb 6-1: USB disconnect, device number 23 [ 1610.084225][ T5879] option 6-1:7.149: device disconnected [ 1610.097168][ T5929] usb 4-1: Product: syz [ 1610.906378][ T5929] usb 4-1: Manufacturer: syz [ 1610.921404][ T5929] usb 4-1: SerialNumber: syz [ 1610.947847][ T5929] usb 4-1: config 0 descriptor?? [ 1610.955069][T21417] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1610.986310][ T5929] kvaser_usb 4-1:0.0: error -EPROTO: Cannot get software info [ 1610.993842][ T5929] kvaser_usb 4-1:0.0: probe with driver kvaser_usb failed with error -71 [ 1611.345558][T21417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1611.466994][T21417] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1613.022305][ T9339] Bluetooth: hci4: command 0x0406 tx timeout [ 1613.035407][T21450] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4120'. [ 1613.058756][ T5929] usb 4-1: USB disconnect, device number 91 [ 1613.090102][T21452] net_ratelimit: 824 callbacks suppressed [ 1613.090117][T21452] netlink: zone id is out of range [ 1613.102452][T21452] netlink: zone id is out of range [ 1613.107585][T21452] netlink: zone id is out of range [ 1613.112732][T21452] netlink: zone id is out of range [ 1613.120151][T21452] netlink: zone id is out of range [ 1613.127135][T21452] netlink: zone id is out of range [ 1613.132519][T21452] netlink: zone id is out of range [ 1613.143416][T21452] netlink: zone id is out of range [ 1613.148650][T21452] netlink: zone id is out of range [ 1613.153792][T21452] netlink: zone id is out of range [ 1613.359128][T21456] fuse: Unknown parameter '0x0000000000000003' [ 1614.950531][T21463] input: syz0 as /devices/virtual/input/input51 [ 1615.340294][T10305] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1616.120791][T21473] 9pnet_fd: Insufficient options for proto=fd [ 1616.714064][T21485] pimreg: entered allmulticast mode [ 1618.109004][T21499] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4135'. [ 1618.811765][ T29] audit: type=1326 audit(1739730890.149:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21496 comm="syz.3.4133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e798cde9 code=0x7ffc0000 [ 1619.190243][ T29] audit: type=1326 audit(1739730890.158:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21496 comm="syz.3.4133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e798cde9 code=0x7ffc0000 [ 1619.260209][ T29] audit: type=1326 audit(1739730890.168:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21496 comm="syz.3.4133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f06e798cde9 code=0x7ffc0000 [ 1619.346981][ T29] audit: type=1326 audit(1739730890.168:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21496 comm="syz.3.4133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e798cde9 code=0x7ffc0000 [ 1619.384082][ C1] vkms_vblank_simulate: vblank timer overrun [ 1619.483123][ T29] audit: type=1326 audit(1739730890.168:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21496 comm="syz.3.4133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e798cde9 code=0x7ffc0000 [ 1619.576721][ T29] audit: type=1326 audit(1739730890.177:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21496 comm="syz.3.4133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06e798cde9 code=0x7ffc0000 [ 1619.665068][ T29] audit: type=1326 audit(1739730890.215:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21496 comm="syz.3.4133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e798cde9 code=0x7ffc0000 [ 1619.686750][ C1] vkms_vblank_simulate: vblank timer overrun [ 1619.690548][ T8] usb 7-1: new high-speed USB device number 60 using dummy_hcd [ 1619.771084][ T29] audit: type=1326 audit(1739730890.215:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21496 comm="syz.3.4133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e798cde9 code=0x7ffc0000 [ 1619.792753][ C1] vkms_vblank_simulate: vblank timer overrun [ 1619.867614][ T29] audit: type=1326 audit(1739730890.271:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21496 comm="syz.3.4133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f06e798cde9 code=0x7ffc0000 [ 1619.916320][ T29] audit: type=1326 audit(1739730890.280:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21496 comm="syz.3.4133" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06e798cde9 code=0x7ffc0000 [ 1619.938994][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1619.960048][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1619.975480][ T8] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1620.000618][ T8] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1620.163382][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1620.185867][ T8] usb 7-1: config 0 descriptor?? [ 1620.661002][ T8] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 1620.722106][ T8] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 1620.738122][ T8] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 1620.757141][ T8] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 1620.783827][ T8] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 1621.076067][ T8] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 1621.480419][ T8] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 1621.488473][ T8] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 1621.497434][ T8] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 1621.505683][ T8] plantronics 0003:047F:FFFF.0037: unknown main item tag 0x0 [ 1621.526065][ T8] plantronics 0003:047F:FFFF.0037: No inputs registered, leaving [ 1621.570768][ T8] plantronics 0003:047F:FFFF.0037: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 1621.571053][T21512] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4138'. [ 1621.617235][ T8] usb 7-1: USB disconnect, device number 60 [ 1622.414095][T21536] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4144'. [ 1622.543269][T21541] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4146'. [ 1622.839906][T21533] : entered promiscuous mode [ 1622.852308][ T8] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1623.046118][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 1623.063133][ T8] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1623.079724][ T8] usb 4-1: config 8 has an invalid interface number: 255 but max is 0 [ 1623.101881][ T8] usb 4-1: config 8 has no interface number 0 [ 1623.108087][ T8] usb 4-1: config 8 interface 255 has no altsetting 0 [ 1623.123931][ T8] usb 4-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf [ 1623.154799][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1623.164740][ T8] usb 4-1: Product: syz [ 1623.168914][ T8] usb 4-1: Manufacturer: syz [ 1623.189537][ T8] usb 4-1: SerialNumber: syz [ 1623.220475][T21548] FAULT_INJECTION: forcing a failure. [ 1623.220475][T21548] name failslab, interval 1, probability 0, space 0, times 0 [ 1623.246445][T21548] CPU: 0 UID: 0 PID: 21548 Comm: syz.6.4149 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1623.246475][T21548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1623.246487][T21548] Call Trace: [ 1623.246494][T21548] [ 1623.246502][T21548] dump_stack_lvl+0x241/0x360 [ 1623.246541][T21548] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1623.246571][T21548] ? __pfx__printk+0x10/0x10 [ 1623.246606][T21548] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 1623.246633][T21548] ? __pfx___might_resched+0x10/0x10 [ 1623.246658][T21548] should_fail_ex+0x40a/0x550 [ 1623.246684][T21548] should_failslab+0xac/0x100 [ 1623.246709][T21548] kmem_cache_alloc_node_noprof+0x77/0x380 [ 1623.246733][T21548] ? __alloc_skb+0x1c3/0x440 [ 1623.246764][T21548] __alloc_skb+0x1c3/0x440 [ 1623.246791][T21548] ? validate_chain+0x11e/0x5920 [ 1623.246820][T21548] ? __pfx___alloc_skb+0x10/0x10 [ 1623.246846][T21548] ? reacquire_held_locks+0x630/0x690 [ 1623.246874][T21548] ? __pfx_lock_release+0x10/0x10 [ 1623.246902][T21548] alloc_skb_with_frags+0xc3/0x820 [ 1623.246920][T21548] ? mark_lock+0x9a/0x360 [ 1623.246944][T21548] ? __pfx_validate_chain+0x10/0x10 [ 1623.246973][T21548] ? __lock_acquire+0x1397/0x2100 [ 1623.247000][T21548] sock_alloc_send_pskb+0x91a/0xa60 [ 1623.247036][T21548] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 1623.247059][T21548] ? smack_socket_sendmsg+0x178/0x540 [ 1623.247091][T21548] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 1623.247120][T21548] ? tomoyo_socket_sendmsg_permission+0x288/0x420 [ 1623.247144][T21548] hci_sock_sendmsg+0x22b/0x11c0 [ 1623.247170][T21548] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 1623.247196][T21548] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 1623.247222][T21548] ? get_pid_task+0x23/0x1f0 [ 1623.247252][T21548] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 1623.247275][T21548] __sock_sendmsg+0x221/0x270 [ 1623.247300][T21548] sock_write_iter+0x2d7/0x3f0 [ 1623.247338][T21548] ? __pfx_sock_write_iter+0x10/0x10 [ 1623.247371][T21548] ? bpf_lsm_file_permission+0x9/0x10 [ 1623.247397][T21548] vfs_write+0xacf/0xd10 [ 1623.247419][T21548] ? __pfx_sock_write_iter+0x10/0x10 [ 1623.247442][T21548] ? __pfx_vfs_write+0x10/0x10 [ 1623.247468][T21548] ? do_sys_openat2+0x17a/0x1d0 [ 1623.247494][T21548] ? __fget_files+0x2a/0x410 [ 1623.247521][T21548] ? __fget_files+0x2a/0x410 [ 1623.247552][T21548] ksys_write+0x18f/0x2b0 [ 1623.247572][T21548] ? __pfx_ksys_write+0x10/0x10 [ 1623.247595][T21548] ? do_syscall_64+0x100/0x230 [ 1623.247624][T21548] ? do_syscall_64+0xb6/0x230 [ 1623.247651][T21548] do_syscall_64+0xf3/0x230 [ 1623.247677][T21548] ? clear_bhb_loop+0x35/0x90 [ 1623.247706][T21548] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1623.247731][T21548] RIP: 0033:0x7f5923f8cde9 [ 1623.247748][T21548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1623.247765][T21548] RSP: 002b:00007f5924df2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1623.247784][T21548] RAX: ffffffffffffffda RBX: 00007f59241a5fa0 RCX: 00007f5923f8cde9 [ 1623.247797][T21548] RDX: 0000000000000006 RSI: 0000400000000300 RDI: 0000000000000005 [ 1623.247810][T21548] RBP: 00007f5924df2090 R08: 0000000000000000 R09: 0000000000000000 [ 1623.247822][T21548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1623.247833][T21548] R13: 0000000000000000 R14: 00007f59241a5fa0 R15: 00007ffe2a7d91f8 [ 1623.247861][T21548] [ 1623.643945][ T5929] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 1623.814381][ T5929] usb 6-1: Using ep0 maxpacket: 32 [ 1623.822101][ T5929] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1623.833770][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1623.845977][ T5929] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1623.857223][ T5929] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1623.866316][ T5929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1623.878870][ T5929] usb 6-1: config 0 descriptor?? [ 1623.886046][T21544] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 1623.978325][ T5929] hub 6-1:0.0: USB hub found [ 1623.983784][ T8] catc 4-1:8.255: Can't set altsetting 1. [ 1623.989743][ T8] catc 4-1:8.255: probe with driver catc failed with error -5 [ 1624.027107][ T8] usb 4-1: USB disconnect, device number 92 [ 1624.126659][T21561] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4151'. [ 1625.065475][ T5929] hub 6-1:0.0: config failed, hub has too many ports! (err -19) [ 1625.526937][ T5929] usbhid 6-1:0.0: can't add hid device: -71 [ 1625.532999][ T5929] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1625.590262][ T5929] usb 6-1: USB disconnect, device number 24 [ 1625.879732][ T29] kauditd_printk_skb: 28 callbacks suppressed [ 1625.879751][ T29] audit: type=1326 audit(1739730897.034:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21564 comm="syz.3.4154" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f06e798cde9 code=0x0 [ 1626.174594][T21578] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4158'. [ 1627.261710][T21588] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4160'. [ 1627.326742][T21588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4160'. [ 1627.979325][ T5929] IPVS: starting estimator thread 0... [ 1627.979643][T21598] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (7664372734 ns) > initial count (4194322 ns). Using initial count to start timer. [ 1628.112775][T21599] IPVS: using max 22 ests per chain, 52800 per kthread [ 1628.539646][ T5929] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 1628.723465][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1628.740902][T21607] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4165'. [ 1628.763808][ T5929] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1628.793674][ T5929] usb 4-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 1628.803406][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1628.818716][ T5929] usb 4-1: config 0 descriptor?? [ 1628.926633][T21610] random: crng reseeded on system resumption [ 1629.056262][ T5929] kye 0003:0458:5011.0038: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 1629.139329][ T5929] kye 0003:0458:5011.0038: hidraw0: USB HID vff.fe Device [HID 0458:5011] on usb-dummy_hcd.3-1/input0 [ 1629.166022][ T5929] kye 0003:0458:5011.0038: tablet-enabling feature report not found [ 1629.364482][ T5929] kye 0003:0458:5011.0038: tablet enabling failed [ 1629.386102][ T5929] usb 4-1: USB disconnect, device number 93 [ 1629.687960][ T29] audit: type=1326 audit(1739730900.579:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21605 comm="syz.5.4166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03b8b8cde9 code=0x7fc00000 [ 1631.135286][ T29] audit: type=1326 audit(1739730901.945:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1631.229506][T21643] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4175'. [ 1631.898595][ T29] audit: type=1326 audit(1739730901.945:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1631.945441][ T29] audit: type=1326 audit(1739730901.945:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1632.023925][ T29] audit: type=1326 audit(1739730901.945:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1632.247552][ T29] audit: type=1326 audit(1739730901.945:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1632.977398][ T29] audit: type=1326 audit(1739730901.945:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1633.071258][ T29] audit: type=1326 audit(1739730901.945:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1633.175074][ T29] audit: type=1326 audit(1739730901.945:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1633.228000][ T29] audit: type=1326 audit(1739730901.945:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1634.071410][ T29] audit: type=1326 audit(1739730901.945:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1634.124253][ T29] audit: type=1326 audit(1739730901.945:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21619 comm="syz.7.4169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576bd8cde9 code=0x7fc00000 [ 1635.873479][T11470] usb 7-1: new high-speed USB device number 61 using dummy_hcd [ 1636.296180][T11470] usb 7-1: Using ep0 maxpacket: 32 [ 1636.399394][T11470] usb 7-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 1636.476814][T11470] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1636.534467][T11470] usb 7-1: Product: syz [ 1636.584443][T11470] usb 7-1: Manufacturer: syz [ 1636.610550][T11470] usb 7-1: SerialNumber: syz [ 1636.878666][T11470] usb 7-1: config 0 descriptor?? [ 1636.987256][T11470] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 1637.155531][T11470] gspca_stk1135: reg_w 0x2 err -71 [ 1637.163907][T11470] gspca_stk1135: serial bus timeout: status=0x00 [ 1637.174435][T11470] gspca_stk1135: Sensor write failed [ 1637.181115][T11470] gspca_stk1135: serial bus timeout: status=0x00 [ 1637.198456][T11470] gspca_stk1135: Sensor write failed [ 1637.209652][T11470] gspca_stk1135: serial bus timeout: status=0x00 [ 1637.219550][T21692] overlay: ./bus is not a directory [ 1637.232274][T11470] gspca_stk1135: Sensor read failed [ 1637.247279][T11470] gspca_stk1135: serial bus timeout: status=0x00 [ 1637.263097][T11470] gspca_stk1135: Sensor read failed [ 1637.268419][T11470] gspca_stk1135: Detected sensor type unknown (0x0) [ 1637.284553][T11470] gspca_stk1135: serial bus timeout: status=0x00 [ 1637.290942][T11470] gspca_stk1135: Sensor read failed [ 1637.308911][T11470] gspca_stk1135: serial bus timeout: status=0x00 [ 1637.316802][T11470] gspca_stk1135: Sensor read failed [ 1637.322085][T11470] gspca_stk1135: serial bus timeout: status=0x00 [ 1637.328529][T11470] gspca_stk1135: Sensor write failed [ 1637.334312][T11470] gspca_stk1135: serial bus timeout: status=0x00 [ 1637.341050][T11470] gspca_stk1135: Sensor write failed [ 1637.346421][T11470] stk1135 7-1:0.0: probe with driver stk1135 failed with error -71 [ 1637.357196][T11470] usb 7-1: USB disconnect, device number 61 [ 1640.864363][T21719] can0: slcan on ttyS3. [ 1640.991452][T21719] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4197'. [ 1641.657344][T21713] can0 (unregistered): slcan off ttyS3. [ 1642.386727][T21730] netlink: 1088 bytes leftover after parsing attributes in process `syz.7.4201'. [ 1647.683445][T21781] net_ratelimit: 60 callbacks suppressed [ 1647.683482][T21781] openvswitch: netlink: Actions may not be safe on all matching packets [ 1649.365246][T19268] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1651.566607][T21813] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4223'. [ 1652.415494][T21820] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4224'. [ 1652.425717][T21819] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 1652.700603][T11470] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 1653.182398][T11470] usb 4-1: Using ep0 maxpacket: 16 [ 1653.353951][T11470] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1653.383930][T11470] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1653.400822][T11470] usb 4-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=fc.66 [ 1653.421407][T11470] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1653.430659][T11470] usb 4-1: Product: syz [ 1653.435250][T11470] usb 4-1: Manufacturer: syz [ 1653.445373][T11470] usb 4-1: SerialNumber: syz [ 1653.452637][T11470] usb 4-1: config 0 descriptor?? [ 1654.117178][T21822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1654.166496][T21822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1654.416125][T21848] overlayfs: overlapping lowerdir path [ 1656.518984][ T8] usb 4-1: USB disconnect, device number 94 [ 1657.819911][T21882] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4240'. [ 1658.076797][T21884] netlink: 132 bytes leftover after parsing attributes in process `syz.6.4241'. [ 1659.820492][ T5929] usb 7-1: new high-speed USB device number 62 using dummy_hcd [ 1660.778139][T21914] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 1660.788963][ T5929] usb 7-1: Using ep0 maxpacket: 16 [ 1660.797278][ T5929] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1660.808275][ T5929] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1660.819963][ T5929] usb 7-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=fc.66 [ 1660.838304][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1660.857520][ T5929] usb 7-1: Product: syz [ 1660.865121][ T5929] usb 7-1: Manufacturer: syz [ 1660.870755][ T5929] usb 7-1: SerialNumber: syz [ 1660.909918][ T5929] usb 7-1: config 0 descriptor?? [ 1661.049231][T11470] hid-generic 0000:0003:0000.0039: unknown main item tag 0x0 [ 1661.059106][T11470] hid-generic 0000:0003:0000.0039: unknown main item tag 0x0 [ 1661.899544][T11470] hid-generic 0000:0003:0000.0039: hidraw0: HID v0.00 Device [syz1] on syz1 [ 1662.017411][T21903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1662.076210][T21903] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1662.434010][T21938] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4256'. [ 1662.661954][T21942] netlink: 'syz.7.4257': attribute type 10 has an invalid length. [ 1662.674719][T21942] macvlan0: entered promiscuous mode [ 1662.687689][T21942] macvlan0: entered allmulticast mode [ 1662.726388][T21942] veth1_vlan: entered allmulticast mode [ 1662.761431][T21942] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 1663.440123][ T8] usb 7-1: USB disconnect, device number 62 [ 1663.595185][T21957] vxcan0: tx drop: invalid sa for name 0x0000000000000001 [ 1665.539450][ T5878] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 1666.015111][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1666.071282][ T5878] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1666.137819][ T5878] usb 4-1: New USB device found, idVendor=0c70, idProduct=f00d, bcdDevice= 0.00 [ 1666.168678][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1666.229126][ T5878] usb 4-1: config 0 descriptor?? [ 1666.561824][T21980] syzkaller0: entered promiscuous mode [ 1666.609100][T21980] syzkaller0: entered allmulticast mode [ 1666.820442][ T5878] aquacomputer_d5next 0003:0C70:F00D.003A: unknown main item tag 0x0 [ 1666.850828][ T5878] aquacomputer_d5next 0003:0C70:F00D.003A: unknown main item tag 0x0 [ 1666.859028][ T5878] aquacomputer_d5next 0003:0C70:F00D.003A: unknown main item tag 0x0 [ 1666.876349][ T5878] aquacomputer_d5next 0003:0C70:F00D.003A: unknown main item tag 0x0 [ 1666.885542][ T5878] aquacomputer_d5next 0003:0C70:F00D.003A: unknown main item tag 0x0 [ 1666.908521][ T5878] aquacomputer_d5next 0003:0C70:F00D.003A: hidraw0: USB HID v20.00 Device [HID 0c70:f00d] on usb-dummy_hcd.3-1/input0 [ 1667.021399][ T5878] usb 4-1: USB disconnect, device number 95 [ 1669.876697][T22004] Invalid logical block size (85) [ 1670.780593][T22017] netlink: zone id is out of range [ 1670.806791][T22017] netlink: zone id is out of range [ 1670.815551][T22017] netlink: zone id is out of range [ 1670.825784][T22017] netlink: zone id is out of range [ 1670.841583][T22020] FAULT_INJECTION: forcing a failure. [ 1670.841583][T22020] name failslab, interval 1, probability 0, space 0, times 0 [ 1670.855625][T22017] netlink: zone id is out of range [ 1670.908047][T22017] netlink: zone id is out of range [ 1670.913877][T22017] netlink: zone id is out of range [ 1670.929023][T22017] netlink: zone id is out of range [ 1670.960994][T22020] CPU: 0 UID: 0 PID: 22020 Comm: syz.7.4280 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1670.961022][T22020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1670.961033][T22020] Call Trace: [ 1670.961041][T22020] [ 1670.961048][T22020] dump_stack_lvl+0x241/0x360 [ 1670.961084][T22020] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1670.961113][T22020] ? __pfx__printk+0x10/0x10 [ 1670.961143][T22020] ? __kmalloc_noprof+0xb5/0x4c0 [ 1670.961166][T22020] ? __pfx___might_resched+0x10/0x10 [ 1670.961195][T22020] should_fail_ex+0x40a/0x550 [ 1670.961217][T22020] should_failslab+0xac/0x100 [ 1670.961238][T22020] __kmalloc_noprof+0xdd/0x4c0 [ 1670.961257][T22020] ? sock_kmalloc+0xd7/0x160 [ 1670.961278][T22020] sock_kmalloc+0xd7/0x160 [ 1670.961297][T22020] ____sys_sendmsg+0x216/0x7e0 [ 1670.961319][T22020] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1670.961334][T22020] ? __fget_files+0x2a/0x410 [ 1670.961356][T22020] ? __fget_files+0x2a/0x410 [ 1670.961383][T22020] __sys_sendmsg+0x269/0x350 [ 1670.961403][T22020] ? __pfx___sys_sendmsg+0x10/0x10 [ 1670.961441][T22020] ? __might_fault+0xaa/0x120 [ 1670.961465][T22020] ? __pfx_lock_release+0x10/0x10 [ 1670.961494][T22020] ? rcu_is_watching+0x15/0xb0 [ 1670.961518][T22020] ? trace_sys_enter+0x25/0x120 [ 1670.961543][T22020] do_syscall_64+0xf3/0x230 [ 1670.961564][T22020] ? clear_bhb_loop+0x35/0x90 [ 1670.961588][T22020] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1670.961609][T22020] RIP: 0033:0x7f576bd8cde9 [ 1670.961623][T22020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1670.961637][T22020] RSP: 002b:00007f576cbef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1670.961656][T22020] RAX: ffffffffffffffda RBX: 00007f576bfa5fa0 RCX: 00007f576bd8cde9 [ 1670.961668][T22020] RDX: 0000000000008000 RSI: 0000400000000000 RDI: 0000000000000007 [ 1670.961678][T22020] RBP: 00007f576cbef090 R08: 0000000000000000 R09: 0000000000000000 [ 1670.961687][T22020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1670.961697][T22020] R13: 0000000000000000 R14: 00007f576bfa5fa0 R15: 00007ffcd46951d8 [ 1670.961719][T22020] [ 1670.964698][T22017] netlink: zone id is out of range [ 1671.231789][T22017] netlink: zone id is out of range [ 1671.479442][T22031] netlink: 1260 bytes leftover after parsing attributes in process `syz.0.4284'. [ 1671.489412][T22009] overlayfs: statfs failed on './file0' [ 1673.106155][T22058] netlink: 'syz.0.4288': attribute type 1 has an invalid length. [ 1673.332520][T22065] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1673.341409][T22065] batadv_slave_1: entered promiscuous mode [ 1673.350959][T22065] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4292'. [ 1673.431413][ T5878] usb 7-1: new high-speed USB device number 63 using dummy_hcd [ 1673.557764][ T5911] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 1673.611222][ T5878] usb 7-1: Using ep0 maxpacket: 8 [ 1673.629393][ T5878] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1673.648263][ T5878] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1673.660993][ T5878] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1673.679660][ T5878] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1673.694861][ T5878] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1673.728858][ T5911] usb 6-1: Using ep0 maxpacket: 16 [ 1673.748817][ T5911] usb 6-1: config 0 has an invalid interface number: 111 but max is 0 [ 1673.776386][ T5911] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1673.803653][ T5878] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1673.812021][ T5911] usb 6-1: config 0 has no interface number 0 [ 1673.842482][ T5878] usb 7-1: config 0 descriptor?? [ 1673.863455][ T5911] usb 6-1: config 0 interface 111 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1674.002023][ T5911] usb 6-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=fc.66 [ 1674.049320][ T5911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1674.155968][ T5911] usb 6-1: Product: syz [ 1674.203953][ T5911] usb 6-1: Manufacturer: syz [ 1674.208592][ T5911] usb 6-1: SerialNumber: syz [ 1674.222854][ T5911] usb 6-1: config 0 descriptor?? [ 1674.224119][ T5929] usb 7-1: USB disconnect, device number 63 [ 1674.468371][T22063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1674.482404][T22063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1675.959915][T22097] Process accounting resumed [ 1676.754483][ T8] usb 6-1: USB disconnect, device number 25 [ 1676.882939][T22114] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4307'. [ 1679.769217][ T8] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1680.100385][ T8] usb 6-1: Using ep0 maxpacket: 8 [ 1681.111263][ T8] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D [ 1681.152770][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1681.468996][ T8] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0 [ 1681.478791][ T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 23343, setting to 1024 [ 1681.490993][ T8] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024 [ 1681.505097][ T8] usb 6-1: New USB device found, idVendor=0bfd, idProduct=0124, bcdDevice=3a.9f [ 1681.522230][ T8] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1681.540921][ T8] usb 6-1: Product: syz [ 1681.546842][ T8] usb 6-1: Manufacturer: syz [ 1681.551469][ T8] usb 6-1: SerialNumber: syz [ 1681.575574][ T8] usb 6-1: config 0 descriptor?? [ 1681.585283][T22137] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1681.597130][ T5929] usb 4-1: new full-speed USB device number 96 using dummy_hcd [ 1681.618471][ T8] kvaser_usb 6-1:0.0: error -EPROTO: Cannot get software info [ 1681.625985][ T8] kvaser_usb 6-1:0.0: probe with driver kvaser_usb failed with error -71 [ 1681.917777][ T5875] usb 7-1: new high-speed USB device number 64 using dummy_hcd [ 1681.963856][ T5929] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1682.100165][T22136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1682.112862][ T5929] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1682.171882][T22136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1682.185047][ T5875] usb 7-1: Using ep0 maxpacket: 16 [ 1682.222949][ T5929] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1682.239360][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1682.283124][ T5875] usb 7-1: config 0 has an invalid interface number: 111 but max is 0 [ 1682.292417][ T5875] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1682.319492][ T5929] usb 4-1: Product: syz [ 1682.323687][ T5929] usb 4-1: Manufacturer: syz [ 1682.328892][ T5929] usb 4-1: SerialNumber: syz [ 1682.333609][ T5875] usb 7-1: config 0 has no interface number 0 [ 1682.341415][ T5875] usb 7-1: config 0 interface 111 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1682.384000][ T5875] usb 7-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=fc.66 [ 1682.393636][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1682.411376][ T5875] usb 7-1: Product: syz [ 1682.415616][ T5875] usb 7-1: Manufacturer: syz [ 1682.422135][ T5875] usb 7-1: SerialNumber: syz [ 1682.428842][ T5875] usb 7-1: config 0 descriptor?? [ 1682.448661][T22165] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4321'. [ 1682.600318][T22148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1682.609489][T22148] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1682.778297][T22154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1682.803159][T22154] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1683.563606][T18230] usb 6-1: USB disconnect, device number 26 [ 1684.007544][ T6788] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1684.174304][ T5929] usb 4-1: 0:2 : does not exist [ 1684.189872][ T5929] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 1684.239678][ T5929] usb 4-1: USB disconnect, device number 96 [ 1684.591955][T20933] udevd[20933]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1685.430933][T22188] net_ratelimit: 142 callbacks suppressed [ 1685.430952][T22188] netlink: zone id is out of range [ 1685.443421][T22188] netlink: set zone limit has 8 unknown bytes [ 1685.991830][T11470] usb 7-1: USB disconnect, device number 64 [ 1686.333684][T22194] RDS: rds_bind could not find a transport for fe80::c, load rds_tcp or rds_rdma? [ 1688.129121][T22211] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4335'. [ 1688.140785][T22209] overlay: ./bus is not a directory [ 1688.186109][T22211] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4335'. [ 1690.496642][T22234] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4341'. [ 1690.537909][T22234] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4341'. [ 1690.579754][T22234] (unnamed net_device) (uninitialized): option mode: invalid value (12) [ 1690.812585][T22241] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4343'. [ 1690.917838][T16724] Bluetooth: hci4: unexpected event for opcode 0x203b [ 1690.946482][T22248] 9pnet_fd: Insufficient options for proto=fd [ 1692.622496][T22259] ufs: You didn't specify the type of your ufs filesystem [ 1692.622496][T22259] [ 1692.622496][T22259] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 1692.622496][T22259] [ 1692.622496][T22259] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 1692.654673][ C1] vkms_vblank_simulate: vblank timer overrun [ 1693.083552][T22259] ufs: ufstype=old is supported read-only [ 1693.117638][T22259] syz.6.4348: attempt to access beyond end of device [ 1693.117638][T22259] nbd6: rw=0, sector=16, nr_sectors = 2 limit=0 [ 1693.156678][T22263] overlay: ./bus is not a directory [ 1694.554400][T11470] usb 7-1: new high-speed USB device number 65 using dummy_hcd [ 1695.152916][T11470] usb 7-1: Using ep0 maxpacket: 32 [ 1695.892691][T16724] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1695.902236][T16724] Bluetooth: hci4: Injecting HCI hardware error event [ 1695.922248][T16724] Bluetooth: hci4: hardware error 0x00 [ 1696.577295][T22284] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 1696.643106][T11470] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1696.670030][T11470] usb 7-1: unable to read config index 0 descriptor/start: -71 [ 1696.749158][T11470] usb 7-1: can't read configurations, error -71 [ 1696.796651][T22289] netlink: 'syz.7.4356': attribute type 1 has an invalid length. [ 1697.524364][T22302] fuse: Unknown parameter 'group_ip' [ 1698.285188][T16724] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1699.463226][T22313] overlay: ./bus is not a directory [ 1700.082731][T22316] futex_wake_op: syz.3.4363 tries to shift op by 144; fix this program [ 1704.010166][T22351] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1704.064846][T22351] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1704.113130][T22353] netlink: 'syz.0.4374': attribute type 29 has an invalid length. [ 1704.121420][T22356] netlink: 'syz.0.4374': attribute type 29 has an invalid length. [ 1704.157388][T22353] netlink: 'syz.0.4374': attribute type 29 has an invalid length. [ 1704.218953][T22353] netlink: 'syz.0.4374': attribute type 29 has an invalid length. [ 1705.812304][T22369] overlay: ./bus is not a directory [ 1706.126212][T22373] ================================================================== [ 1706.126226][T22373] BUG: KASAN: global-out-of-bounds in bit_putcs+0x147b/0x1db0 [ 1706.126252][T22373] Read of size 1 at addr ffffffff8c624950 by task syz.6.4381/22373 [ 1706.126265][T22373] [ 1706.126273][T22373] CPU: 0 UID: 0 PID: 22373 Comm: syz.6.4381 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1706.126290][T22373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1706.126299][T22373] Call Trace: [ 1706.126305][T22373] [ 1706.126312][T22373] dump_stack_lvl+0x241/0x360 [ 1706.126338][T22373] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1706.126364][T22373] ? __pfx__printk+0x10/0x10 [ 1706.126387][T22373] ? _printk+0xd5/0x120 [ 1706.126408][T22373] ? __virt_addr_valid+0x183/0x530 [ 1706.126430][T22373] ? __virt_addr_valid+0x183/0x530 [ 1706.126451][T22373] print_report+0x169/0x550 [ 1706.126469][T22373] ? __virt_addr_valid+0x183/0x530 [ 1706.126489][T22373] ? __virt_addr_valid+0x183/0x530 [ 1706.126509][T22373] ? __virt_addr_valid+0x45f/0x530 [ 1706.126529][T22373] ? __phys_addr+0x113/0x170 [ 1706.126550][T22373] ? bit_putcs+0x147b/0x1db0 [ 1706.126569][T22373] kasan_report+0x143/0x180 [ 1706.126593][T22373] ? bit_putcs+0x147b/0x1db0 [ 1706.126616][T22373] bit_putcs+0x147b/0x1db0 [ 1706.126649][T22373] ? __pfx_bit_putcs+0x10/0x10 [ 1706.126670][T22373] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1706.126694][T22373] fbcon_putcs+0x2e0/0x450 [ 1706.126714][T22373] ? __pfx_bit_putcs+0x10/0x10 [ 1706.126734][T22373] complement_pos+0x780/0xa90 [ 1706.126750][T22373] ? lockdep_hardirqs_on+0x99/0x150 [ 1706.126770][T22373] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1706.126788][T22373] ? __pfx_complement_pos+0x10/0x10 [ 1706.126804][T22373] ? __timer_delete+0x5e/0x390 [ 1706.126823][T22373] set_selection_kernel+0x570/0x17c0 [ 1706.126845][T22373] set_selection_user+0x11c/0x180 [ 1706.126863][T22373] ? __pfx_set_selection_user+0x10/0x10 [ 1706.126882][T22373] ? tioclinux+0x29a/0x490 [ 1706.126898][T22373] vt_ioctl+0x9db/0x2090 [ 1706.126913][T22373] ? vt_ioctl+0x71/0x2090 [ 1706.126928][T22373] ? __pfx_vt_ioctl+0x10/0x10 [ 1706.126942][T22373] ? __asan_memset+0x23/0x50 [ 1706.126964][T22373] ? smack_file_ioctl+0x29e/0x3a0 [ 1706.126984][T22373] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1706.127006][T22373] ? tty_jobctrl_ioctl+0x36e/0xba0 [ 1706.127023][T22373] ? __fget_files+0x2a/0x410 [ 1706.127043][T22373] tty_ioctl+0x90f/0xdc0 [ 1706.127061][T22373] ? __pfx_tty_ioctl+0x10/0x10 [ 1706.127079][T22373] __se_sys_ioctl+0xf5/0x170 [ 1706.127094][T22373] do_syscall_64+0xf3/0x230 [ 1706.127114][T22373] ? clear_bhb_loop+0x35/0x90 [ 1706.127138][T22373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1706.127159][T22373] RIP: 0033:0x7f5923f8cde9 [ 1706.127172][T22373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1706.127185][T22373] RSP: 002b:00007f5924df2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1706.127202][T22373] RAX: ffffffffffffffda RBX: 00007f59241a5fa0 RCX: 00007f5923f8cde9 [ 1706.127214][T22373] RDX: 0000400000001900 RSI: 000000000000541c RDI: 0000000000000005 [ 1706.127224][T22373] RBP: 00007f592400e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1706.127234][T22373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1706.127243][T22373] R13: 0000000000000000 R14: 00007f59241a5fa0 R15: 00007ffe2a7d91f8 [ 1706.127260][T22373] [ 1706.127265][T22373] [ 1706.127270][T22373] The buggy address belongs to the variable: [ 1706.127276][T22373] oid_data+0x370/0x3a0 [ 1706.127298][T22373] [ 1706.127302][T22373] The buggy address belongs to the physical page: [ 1706.127314][T22373] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xc624 [ 1706.127329][T22373] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1706.127351][T22373] raw: 00fff00000002000 ffffea0000318908 ffffea0000318908 0000000000000000 [ 1706.127365][T22373] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1706.127374][T22373] page dumped because: kasan: bad access detected [ 1706.127385][T22373] page_owner info is not present (never set?) [ 1706.127392][T22373] [ 1706.127396][T22373] Memory state around the buggy address: [ 1706.127405][T22373] ffffffff8c624800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1706.127416][T22373] ffffffff8c624880: 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 f9 [ 1706.127426][T22373] >ffffffff8c624900: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1706.127435][T22373] ^ [ 1706.127445][T22373] ffffffff8c624980: 06 f9 f9 f9 05 f9 f9 f9 06 f9 f9 f9 00 00 00 00 [ 1706.127456][T22373] ffffffff8c624a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1706.127465][T22373] ================================================================== [ 1706.127481][T22373] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1706.127491][T22373] CPU: 0 UID: 0 PID: 22373 Comm: syz.6.4381 Not tainted 6.14.0-rc2-syzkaller-00041-g4dc1d1bec898 #0 [ 1706.127508][T22373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 1706.127518][T22373] Call Trace: [ 1706.127523][T22373] [ 1706.127530][T22373] dump_stack_lvl+0x241/0x360 [ 1706.127555][T22373] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1706.127580][T22373] ? __pfx__printk+0x10/0x10 [ 1706.127604][T22373] ? rcu_is_watching+0x15/0xb0 [ 1706.127628][T22373] ? lock_release+0xbf/0xa30 [ 1706.127648][T22373] ? vscnprintf+0x5d/0x90 [ 1706.127665][T22373] panic+0x349/0x880 [ 1706.127686][T22373] ? check_panic_on_warn+0x21/0xb0 [ 1706.127707][T22373] ? __pfx_panic+0x10/0x10 [ 1706.127730][T22373] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1706.127749][T22373] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1706.127768][T22373] ? print_report+0x502/0x550 [ 1706.127787][T22373] check_panic_on_warn+0x86/0xb0 [ 1706.127807][T22373] ? bit_putcs+0x147b/0x1db0 [ 1706.127827][T22373] end_report+0x77/0x160 [ 1706.127844][T22373] kasan_report+0x154/0x180 [ 1706.127862][T22373] ? bit_putcs+0x147b/0x1db0 [ 1706.127885][T22373] bit_putcs+0x147b/0x1db0 [ 1706.127919][T22373] ? __pfx_bit_putcs+0x10/0x10 [ 1706.127942][T22373] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1706.127965][T22373] fbcon_putcs+0x2e0/0x450 [ 1706.127985][T22373] ? __pfx_bit_putcs+0x10/0x10 [ 1706.128006][T22373] complement_pos+0x780/0xa90 [ 1706.128021][T22373] ? lockdep_hardirqs_on+0x99/0x150 [ 1706.128042][T22373] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1706.128060][T22373] ? __pfx_complement_pos+0x10/0x10 [ 1706.128077][T22373] ? __timer_delete+0x5e/0x390 [ 1706.128096][T22373] set_selection_kernel+0x570/0x17c0 [ 1706.128119][T22373] set_selection_user+0x11c/0x180 [ 1706.128137][T22373] ? __pfx_set_selection_user+0x10/0x10 [ 1706.128157][T22373] ? tioclinux+0x29a/0x490 [ 1706.128174][T22373] vt_ioctl+0x9db/0x2090 [ 1706.128189][T22373] ? vt_ioctl+0x71/0x2090 [ 1706.128205][T22373] ? __pfx_vt_ioctl+0x10/0x10 [ 1706.128219][T22373] ? __asan_memset+0x23/0x50 [ 1706.128242][T22373] ? smack_file_ioctl+0x29e/0x3a0 [ 1706.128262][T22373] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1706.128285][T22373] ? tty_jobctrl_ioctl+0x36e/0xba0 [ 1706.128302][T22373] ? __fget_files+0x2a/0x410 [ 1706.128322][T22373] tty_ioctl+0x90f/0xdc0 [ 1706.128341][T22373] ? __pfx_tty_ioctl+0x10/0x10 [ 1706.128360][T22373] __se_sys_ioctl+0xf5/0x170 [ 1706.128375][T22373] do_syscall_64+0xf3/0x230 [ 1706.128396][T22373] ? clear_bhb_loop+0x35/0x90 [ 1706.128419][T22373] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1706.128440][T22373] RIP: 0033:0x7f5923f8cde9 [ 1706.128452][T22373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1706.128465][T22373] RSP: 002b:00007f5924df2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1706.128481][T22373] RAX: ffffffffffffffda RBX: 00007f59241a5fa0 RCX: 00007f5923f8cde9 [ 1706.128493][T22373] RDX: 0000400000001900 RSI: 000000000000541c RDI: 0000000000000005 [ 1706.128503][T22373] RBP: 00007f592400e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 1706.128514][T22373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1706.128524][T22373] R13: 0000000000000000 R14: 00007f59241a5fa0 R15: 00007ffe2a7d91f8 [ 1706.128540][T22373] [ 1706.128874][T22373] Kernel Offset: disabled