last executing test programs: 9.200538467s ago: executing program 2 (id=1593): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f27, 0x5, 0x2, 0x421, 0x1, 0xcc7, 0x7fffffff, 0x5c952399, 0x80000005, 0x3ff, 0x2, 0x300, 0x1, 0x3, 0x0, 0x0, 0x0, 0x8, 0xfffffffa, 0x1ff, 0x80000089, 0xa, 0x0, 0x20001e54, 0xffffeada, 0x3, 0x3d, 0x8, 0x4, 0x8000000, 0xdffffffa]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4040}, 0x20008000) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'geneve1\x00', 0x0}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) r3 = mq_open(&(0x7f0000001140)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb', 0x42, 0x0, 0x0) mq_timedsend(r3, 0x0, 0x0, 0xf, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x6, 0x0) mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0) r4 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$binfmt_register(r4, &(0x7f0000000340)={0x3a, 'syz0', 0x3a, 'E', 0x3a, 0x5, 0x3a, '\'', 0x3a, '\x9c\xdc\x90E\x93\x92G\x0f\xd0\x13\xd5\x8c\xe7\xb9\xe5\x0e\xaf]Y\xc1\r\x172\x98\r\x80\xa9\xd1\x84\x00\x00|BU\x91\xce\xe4\xf4;w\xcb1\x8a\xb5 \xaa\x1b\xee\xa3\x17\xd0\x98\xd1(\xe3\x0f\xe6\x0f\xfe\xe4j\xe8\xd4\x8e/\xb3\x95O\xa6\xe0\x80\xab\xd4\xf3\xd4\x9c\xe9\xf1Lj\xe7o\xbb\xb7\xbc\x03\x1fs\x1f\xcc\xdf?3|M\xac;\x95od\xbe,\xcbe\x84z\xd6\xda\x91st\xc8}T\t5\xea\xaf\xa6\xaf\xce\x9fIDs\x8e\xfd\xa7\x88\x86@\xadP\xe7\x82g\xd1\xfc\xac!\xd2\xa3V^Z\xf7y\xe5\xf4\f\xb5]\"', 0x3a, './file0', 0x3a, [0x46, 0x43, 0x4f, 0x4f]}, 0xc5) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000400010000001c001a8018000a80140007"], 0x58}, 0x1, 0x2}, 0x0) 9.070661234s ago: executing program 4 (id=1594): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x24004000) r2 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) sched_setscheduler(0x0, 0x1, 0x0) openat$mixer(0xffffffffffffff9c, 0x0, 0x101403, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000) r4 = socket$nl_generic(0x10, 0x3, 0x10) getcwd(0x0, 0xfffffffffffffe7d) sendmsg$nl_generic(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001080)={0x14, 0x38, 0x301, 0x70bd2b, 0x25dfdbfa, {0x5}}, 0x14}}, 0x40800) r5 = socket$kcm(0x10, 0x2, 0x0) bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfc, 0x400}, 0xc) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) r6 = memfd_create(&(0x7f0000000680)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\xa4\xf4\xe0\xe8\xed\xf4\x1eM\xd8\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000002c0)=0x8) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000200)=0x7f) fcntl$dupfd(0xffffffffffffffff, 0xc0a, 0xffffffffffffffff) r5 = userfaultfd(0x80801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x54d}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f000066d000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000c9a000/0x2000)=nil) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000540)}], 0x1}}], 0x1, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"]) r6 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffb, 0x7fffffff, 0x3, 0x0, 0x4002004c4, 0x1000, 0x5, 0x0, 0x0, 0xa, 0x0, 0x9, 0x0, 0x5], 0xeeee8000, 0x2113c0}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 7.989568906s ago: executing program 1 (id=1599): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20400}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_rr={{0x7}, {0x18, 0x2, {0x7, "bf32568d2fd41b329a5f8a92fc91d2ff"}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44000800}, 0x4000010) fsetxattr$security_ima(0xffffffffffffffff, 0x0, &(0x7f0000000500)=ANY=[], 0x1009, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="580000000206010300000000000000000000000005000400000000000900020073797a31000000001400078008000840000000200500140005000000050005000200000005000100060000000c000300686173683a6970008b820f9329444054a00dc90fbe7fe8121d66e02ae2c8d2a788fd91ff9980d45ed1f2a266344778552960733decd69a513e31dfb9aeae93f4b7717d3699918aa1deb52904fd665bffe2eddcc60917b5bd5dd3fc44a8687c0bdcd1fa19c4c811f5ecc6a7834093ff9b1ae5e7d01b07099ba7addd9b45c7026aefa8fea735c225af4dc091e1a72c54d0c3d720f0ddab371ea6073fde9a6ea0c42dfaf0d30493"], 0x58}}, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r4 = socket$inet(0x2, 0x2, 0x1) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair(0x6, 0x5, 0xb9, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) io_uring_enter(0xffffffffffffffff, 0x156a, 0x63b8, 0x44, &(0x7f0000000140)={[0x9]}, 0x8) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) r9 = fsmount(r8, 0x0, 0x86) fchdir(r9) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3) open(&(0x7f0000000000)='./file0\x00', 0x148640, 0x78e22799f4a46f8e) sendmsg$IPSET_CMD_ADD(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540", @ANYRES8=r0, @ANYRESHEX=r7, @ANYRES64, @ANYBLOB="aca711d505c933e0092904bd2c852b524cbeddc36395153d39198d32d6c00532fb536ccdfd149d0fff85088a62001882580672fd6840f07e57c0389b8d7412943b62173c810615a54d1cc81e6c5ea3036facbf379602547b146d3b59ef3f8893e1a1d5b6b1b1ce9f0c7a34a9f11956f6517e08b62f2db1300c7d770da9f48e9c13221a4026a640a344f668a231e53a9301322d5b2cef77763d82308a2ce70dfabb201e5019587d36db2bdd"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r10, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000280)={0x24, 0x15, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_OBJ_USERDATA={0xe, 0x8, "5add36881d0b9c9f599e"}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004085}, 0x4004) close_range(r4, 0xffffffffffffffff, 0x0) 7.898847334s ago: executing program 4 (id=1600): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000004", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000069000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180), 0x4) syz_emit_ethernet(0x11, &(0x7f0000000040)=ANY=[], 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000000)=""/108, &(0x7f0000000080)=0x18) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_procfs(0x0, &(0x7f0000000600)='comm\x00') write$FUSE_INIT(r4, &(0x7f00000001c0)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x2b, 0xfffffff8, 0x102000, 0x1, 0x7fff, 0x7, 0x2, 0x0, 0x0, 0x100, 0x3}}, 0x50) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000002c0)=0xffffffffffffffff, 0x4) socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000007c0)=ANY=[@ANYBLOB="2c0000001d00070f000000000000000007000000", @ANYRES32, @ANYBLOB="0000520006000500010000000800", @ANYRES32=r7], 0x2c}, 0x1, 0x0, 0x0, 0xc0c5}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1e00000008000000018000000800000001200000697d33741a52e164fa3394c64a6b5b5848ca21695173e18201694a7a503796b5605b097312cab8402e9057c9bbc495b861de6af8dbf1c29a5969d4dfcffa933ebc1a4beb532e36931e390932f90c285b6d15ba518cd3465ffeb3ca27879b541b322619f046f212a5c9947744243c8da9cda0d2d23634e84660510df64fcc1db48b130bfd83476edbfa770795f3dc", @ANYRES32=r4, @ANYBLOB="ff0700"/20, @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="0000000005000000050000000100"/28], 0x50) setresgid(0xee00, 0xee01, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeeb, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0), 0xc) socket(0x10, 0x2, 0x0) 7.837571876s ago: executing program 0 (id=1601): r0 = syz_open_dev$video4linux(&(0x7f0000000380), 0xee2, 0x20801) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000640)=ANY=[@ANYBLOB="91109a000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="d8000000180081054e81f782db4cb904021d0800fe20fe05e8fe55a10a0015000200142603600e12080005007f370401a8001600200006000500027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2e98a61e284ce5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970392", 0xd8}], 0x1}, 0x0) r2 = syz_open_dev$vivid(&(0x7f0000000180), 0x3, 0x2) ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000040)={0x10, 0x4, 0x1, 0x0, 0x4d}) ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0xdb54, 0xa, 0x4, 0x0, 0x2}) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x0, {0x80000001, 0x6, 0x3, 0x3}}) 7.494326614s ago: executing program 0 (id=1602): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={0xffffffffffffffff, 0x0, &(0x7f0000000440)=""/236}, 0x20) 6.941506536s ago: executing program 4 (id=1603): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) add_key$keyring(0x0, &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1ff, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r5, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0x8a010101}, 0x10, 0x0, 0x0, &(0x7f0000000240)}, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000040)=0x1) socket$nl_crypto(0x10, 0x3, 0x15) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="81b08f9feb0100182531a7f5d263560cd1674830c9ecad7ff900008a60000000000000000c00"], 0x0, 0x26}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, r6, 0x1, 0x1}, 0x48) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x3b, 0x3, 0xe, 0x10001, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x20, 0x20, 0x0, 0x3}}) 6.8673469s ago: executing program 3 (id=1604): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xfdef) r0 = open(&(0x7f0000000000)='./file0\x00', 0x60840, 0x21) flock(r0, 0x1) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000300)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x84, 0x84, 0x4, [@int={0x8, 0x0, 0x0, 0x1, 0x0, 0x54, 0x0, 0x2b, 0x4}, @volatile={0x10}, @union={0x6, 0x3, 0x0, 0x5, 0x1, 0x5, [{0xc, 0x3, 0x7f}, {0x6, 0x2}, {0xb}]}, @decl_tag={0x8, 0x0, 0x0, 0x11, 0x1, 0x4}, @const={0x10, 0x0, 0x0, 0xa, 0x3}, @float={0xa, 0x0, 0x0, 0x10, 0x4}, @var={0xd, 0x0, 0x0, 0xe, 0x1, 0x1}]}, {0x0, [0x2e, 0x30]}}, &(0x7f0000000540)=""/142, 0xa0, 0x8e, 0x0, 0x0, 0x10000, @value=r2}, 0x28) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000200)=ANY=[@ANYRESOCT=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfbfffffd}, 0x94) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[], 0x48}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x4}}, [@NFT_MSG_DELSETELEM={0x5c, 0xe, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x5}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}]}, @NFT_MSG_NEWRULE={0x424, 0x6, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0xa}, [@NFTA_RULE_USERDATA={0xed, 0x7, 0x1, 0x0, "a296e4fa6aa8cab96cf86486c85e4aaa6388fa78471b4d881f2b4a6e649c42a13fddc8622ca1a7c8f7b723b027367f5665a8a0d06653e477980c32c7be9deee31d942ae2577500f4badc0416c80fb371fc8f2109a53473fae0aa1ef30403c891283d42b94cc6e3cf327ffe8e3e2de3924d458f1734d0db216a40bc498149d14937594f474f898e63138d0f923a0112494b6c3aa0625646dc092114f55211e14a7c4351f45c15b25111d514e17aab5d96e8bc461031285308ec967a2818448ec2c6086756437ce3bcf53e3353c02f4305a4118275402e410ecec700b2f39e9d138610182f4cfecba4f3"}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_RULE_EXPRESSIONS={0x2a0, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @socket={{0xb}, @void}}, {0x160, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x14c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x140, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0xc5, 0x1, "1300bd87d780b7d4b01e34db3bbc9490dc18545fb6fe292f9524f8d9a0c77222323e096291ee5d6d803007a5ea64f7e26c9058ebf69ce2493d4f4c43caf75db6438afff5f10ebe51be4dbd8298429407b062fcb1cf620905b0df6954818e8dc05cdf0e53034815c36737790eeef61db857c32e100b588a292a2bc0d9cb696d38526f36c38085a27963840bf3ab313166c4dad3a3000d8ded55d0722fecb84af60f92425227ab44c23dc8549dac71059c8c7a91d33655acdbceda036653ba9316f4"}, @NFTA_DATA_VERDICT={0x2c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}]}, @NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x1}]}}}, {0x24, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x10}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}, {0x54, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_TPROXY_REG_PORT={0x8, 0x3, 0x1, 0x0, 0x16}, @NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0x13}, @NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_TPROXY_FAMILY={0x8}, @NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0x11}, @NFTA_TPROXY_FAMILY={0x8}, @NFTA_TPROXY_REG_ADDR={0x8, 0x2, 0x1, 0x0, 0x17}]}}}, {0x3c, 0x1, 0x0, 0x1, @tunnel={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_TUNNEL_KEY={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_TUNNEL_MODE={0x8, 0x3, 0x1, 0x0, 0x377d912fcdfee460}, @NFTA_TUNNEL_MODE={0x8}, @NFTA_TUNNEL_KEY={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_TUNNEL_KEY={0x8, 0x1, 0x1, 0x0, 0x1}]}}}, {0x48, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_RT_KEY={0x8}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x4}]}}}, {0x30, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}, @NFTA_RULE_ID={0x8}, @NFTA_RULE_USERDATA={0x4d, 0x7, 0x1, 0x0, "6b23f76b6739f46894796d008c7843ae72331464273163ff875d98135cd9d5cbac8f4fac4855ff5dd75ab746998f4a17d4eb3998eaa3165824b1725a72e229faf0ce75cb4664bde7e9"}, @NFTA_RULE_ID={0x8}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x5}]}, @NFT_MSG_NEWSETELEM={0x34, 0xc, 0xa, 0x300, 0x0, 0x0, {0x5, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELCHAIN={0xa4, 0x5, 0xa, 0x101, 0x0, 0x0, {0xcfb2e2a3eff9f10e, 0x0, 0x1}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x84, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'batadv_slave_1\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'bridge0\x00'}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_HOOK_DEV={0x14, 0x3, 'vlan0\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'gretap0\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'batadv_slave_1\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'vcan0\x00'}]}]}, @NFT_MSG_DELSET={0x1c, 0xb, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x4}]}, @NFT_MSG_DELOBJ={0xc4, 0x14, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_OBJ_USERDATA={0x6c, 0x8, "e48763af66a42104f3f6ea23b5c8bde6c6c6a4f202a32b1ab352d31dd1518bb523e2874847e6d95e84ff1d386295e674e7e2e267c2e7e5eff189a7b6c6e4bad9732198790a5096f83f67e0b040f64255bca96c54dc8168f646a6e015aa5c9d10023510c45f2560b9"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x660}, 0x1, 0x0, 0x0, 0x4000}, 0x20000880) socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, 0x0, 0x2) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 6.848499429s ago: executing program 0 (id=1605): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='gid_map\x00') write$tcp_mem(r3, &(0x7f00000000c0)={0xe4, 0x20, 0x8, 0x20, 0x832}, 0xaa) 6.726732932s ago: executing program 2 (id=1606): sendmsg$inet(0xffffffffffffffff, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1}}}], 0x20}, 0x4008804) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000140)={0x0, 0x2000bb22, 0x2, {0x1, @raw_data="3d924b827139e8a4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc331c96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a700"}}) 6.535259729s ago: executing program 3 (id=1607): syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCRSGCAUSE(0xffffffffffffffff, 0x89e0, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x6, 0x0, 0x7fff0006}]}) mkdir(0x0, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fcntl$getownex(r2, 0x10, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000841, &(0x7f0000b63fe4)={0xa, 0x2, 0xfffffffc, @local}, 0x1c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000008000000000000000000000300000000020000000200000000000000000000000000000903000000070000000000000c000000000000000000"], 0x0, 0x50}, 0x28) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = dup(r4) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fffff0000600054000"], 0x6c}}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/oops_count', 0x37a0cb12cf32113e, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc3}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 5.50771625s ago: executing program 0 (id=1608): syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCRSGCAUSE(0xffffffffffffffff, 0x89e0, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x6, 0x0, 0x7fff0006}]}) mkdir(0x0, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fcntl$getownex(r2, 0x10, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000008000000000000000000000300000000020000000200000000000000000000000000000903000000070000000000000c000000000000000000"], 0x0, 0x50}, 0x28) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = dup(r3) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40841}, 0x4) 5.507134413s ago: executing program 2 (id=1609): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r1, &(0x7f00000001c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @bcast}, 0x1c) sendto$rose(r1, 0x0, 0x0, 0xc0, 0x0, 0x0) r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x2dbe, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x4, 0x0, {0x9, 0x21, 0x101, 0x2, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xe, 0xdf, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000380)={0x2c, &(0x7f0000000080)={0x0, 0x6, 0x46, {0x46, 0xf, "43dd0e4662b52bc316df9bda5ae69341eed7f1f5480899f79749f3aca4dda1597da7cfcdd38c2cda1cb2bd3a6f7292d8ff7645876e89ff441be71fe8c246ec912f338167"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r3 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffafff, 0x1000, 0x2, 0x33d}) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) r4 = userfaultfd(0x80801) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x100}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r6, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2e}}], 0x10) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) 5.506369066s ago: executing program 4 (id=1610): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="000000000000006500ceb08e02398c32d9da2393be6ebe6a3e30c925814391a957571cfa8e82b75a3f5900"/52, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) io_uring_setup(0x1d8f, 0x0) r0 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0x8d) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x1000000, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000017c00000400fc80a72601"], 0x26c0}}, 0x4010) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xa60a, 0x3}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r5, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r5, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', 0xffffffffffffffff, 0x0, 0xd}, 0x18) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004a40)=ANY=[@ANYBLOB="c0260000410007010000000007000000027c00000400fc80a72601"], 0x26c0}}, 0x4010) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) gettid() bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@fallback=r0, r0, 0x24, 0x4, 0x0, @void, @value=r0}, 0x20) r7 = syz_open_dev$video4linux(&(0x7f0000000100), 0x7, 0x88200) ioctl$VIDIOC_QUERYBUF_DMABUF(r7, 0xc0585609, &(0x7f0000000140)={0x0, 0xb, 0x4, 0x10, 0x5, {}, {0x1, 0x8, 0x81, 0x9, 0x1, 0x7f, "229762a3"}, 0x3, 0x4, {}, 0x4, 0x0, r0}) r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r8, 0x0) accept4$x25(r8, 0x0, 0x0, 0x80800) 3.95088697s ago: executing program 1 (id=1611): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e20"], 0x0) 3.842726447s ago: executing program 1 (id=1612): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, r0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'wpan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syz_genetlink_get_family_id$nfc(&(0x7f0000000780), 0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80006) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x44, 0x8, 0x0, 0x0}}, 0x10) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r3, &(0x7f0000000400), &(0x7f0000000440)=""/236}, 0x20) 3.647345827s ago: executing program 4 (id=1613): syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000400)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f00000004c0), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB=',msize=0x000000000e058']) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) timer_getoverrun(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0xbc4, &(0x7f0000001480)={0x0, 0x1064, 0x80, 0x0, 0x3c8}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffb, 0x0, 0x4) sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800}, 0x4000008) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @multicast2}}, 0x5, 0x0, 0xffffffff, 0x5, 0x20, 0x0, 0x2}, 0x9c) syz_io_uring_setup(0x466c, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f0000001340)=0x0, &(0x7f0000000140)) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r7, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0) syz_io_uring_submit(r6, r5, &(0x7f0000000340)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0xc, 0x18, r2, 0x0, 0x0, 0x0, 0x2100, 0x1, {0x1}}) io_uring_enter(r3, 0x47fb, 0x0, 0x0, 0x0, 0x0) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x1010, 0xffffffffffffffff, 0xeb38e000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 2.788333068s ago: executing program 3 (id=1614): socket$inet6(0xa, 0x80002, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x2d, 0x20040040) bind$unix(r7, &(0x7f0000000240)=@abs={0x1, 0x0, 0x4e23}, 0x6e) recvmmsg(r6, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x10020, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_GETMODE(r8, 0x5601, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0xb49, 0x9, 0x8, 0x7, 0xfffffff9}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$vicodec0(0xffffff9c, 0x0, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r9, 0x8983, &(0x7f00000000c0)={0x0, 'macvlan0\x00', {0x1}, 0x2}) 2.683826595s ago: executing program 1 (id=1615): bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x44, 0x8, 0x0, 0x0}}, 0x10) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={0xffffffffffffffff, 0x0, &(0x7f0000000440)=""/236}, 0x20) 2.488750762s ago: executing program 1 (id=1616): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x13, r0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'wpan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syz_genetlink_get_family_id$nfc(&(0x7f0000000780), 0xffffffffffffffff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80006) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x44, 0x8, 0x0, 0x0}}, 0x10) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r3, &(0x7f0000000400), &(0x7f0000000440)=""/236}, 0x20) 2.464650247s ago: executing program 2 (id=1617): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x7) r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x131002, 0x0) ioctl$KDDELIO(r1, 0x4b35, 0x9) (async) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='timers\x00') read$msr(r2, &(0x7f00000001c0)=""/73, 0x49) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) setsockopt$inet_mtu(0xffffffffffffffff, 0x111, 0xa, &(0x7f0000000000), 0x4) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x40, 0x0, 0x0) (async) ioctl$KVM_SET_NESTED_STATE(r5, 0x4080aebf, &(0x7f0000003680)={{0x0, 0x0, 0x80}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c2371371b77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc2456a72fabb16b47da71624d2e9081de748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc3016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e516"}) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="65660fc736b9230200000f320fc5b0040000000f0f10970fe8fa640f01cfc4e21d4501c744240000000000c74424021c320000c744240600000000c4e17de69222ad2eec0fc76e04b8200fae82ef66bafc0c66b8004066ef66b8296c", 0x5c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) ioctl$TCSETSF2(r2, 0x5432, 0x0) 2.464214482s ago: executing program 3 (id=1618): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='gid_map\x00') write$tcp_mem(r3, &(0x7f00000000c0)={0xe4, 0x20, 0x8, 0x20, 0x832}, 0xaa) 1.399964949s ago: executing program 0 (id=1619): sendmsg$inet(0xffffffffffffffff, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1}}}], 0x20}, 0x4008804) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2) ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000140)={0x0, 0x2000bb22, 0x2, {0x1, @raw_data="3d924b827139e8a4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc331c96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a700"}}) 1.319586652s ago: executing program 3 (id=1620): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) add_key$keyring(0x0, &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1ff, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r5, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0x8a010101}, 0x10, 0x0, 0x0, &(0x7f0000000240)}, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000040)=0x1) socket$nl_crypto(0x10, 0x3, 0x15) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="81b08f9feb0100182531a7f5d263560cd1674830c9ecad7ff900008a60000000000000000c00"], 0x0, 0x26}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, r6, 0x1, 0x1}, 0x48) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000240)={'syztnl1\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x3b, 0x3, 0xe, 0x10001, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x20, 0x20, 0x0, 0x3}}) 1.278449129s ago: executing program 1 (id=1621): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={0x0, 0x50}}, 0x4000004) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='task\x00') getdents(r1, &(0x7f0000001fc0)=""/184, 0x9a) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x497, &(0x7f0000000440)={0x0, 0x607b, 0x8, 0x0, 0x27d}, &(0x7f0000000280)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_init_net_socket$x25(0x9, 0x5, 0x0) socket$rds(0x15, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1a"], 0x7c}}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) sendto$inet6(r5, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) recvmmsg(r5, &(0x7f0000007900), 0x847, 0x10162, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0x3, 0xffff}, {0xf, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0xc004}, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc0045540, &(0x7f0000000040)=0x8) 541.022795ms ago: executing program 2 (id=1622): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e20"], 0x0) 0s ago: executing program 0 (id=1623): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x103}, 0x0) getpid() sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r1 = syz_open_dev$loop(&(0x7f0000000100), 0xdf6, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb}, 0x18) write$binfmt_misc(r2, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d00009520a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bc0007008019000000000000000000000000af1e4ccfb7b3cad80004010400", [0x1, 0x2000000000001]}}) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c03390006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r7], 0xb4}}, 0x0) kernel console output (not intermixed with test programs): 278.492283][ T7830] dump_stack_lvl+0x189/0x250 [ 278.492310][ T7830] ? __pfx____ratelimit+0x10/0x10 [ 278.492329][ T7830] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.492348][ T7830] ? __pfx__printk+0x10/0x10 [ 278.492376][ T7830] ? __pfx___might_resched+0x10/0x10 [ 278.492401][ T7830] should_fail_ex+0x414/0x560 [ 278.492426][ T7830] should_failslab+0xa8/0x100 [ 278.492448][ T7830] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 278.492468][ T7830] ? __alloc_skb+0x112/0x2d0 [ 278.492499][ T7830] __alloc_skb+0x112/0x2d0 [ 278.492524][ T7830] netlink_sendmsg+0x5c6/0xb30 [ 278.492557][ T7830] ? __pfx_netlink_sendmsg+0x10/0x10 [ 278.492593][ T7830] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 278.492612][ T7830] ? __pfx_netlink_sendmsg+0x10/0x10 [ 278.492637][ T7830] __sock_sendmsg+0x21c/0x270 [ 278.492661][ T7830] ____sys_sendmsg+0x505/0x830 [ 278.492693][ T7830] ? __pfx_____sys_sendmsg+0x10/0x10 [ 278.492726][ T7830] ? import_iovec+0x74/0xa0 [ 278.492755][ T7830] ___sys_sendmsg+0x21f/0x2a0 [ 278.492784][ T7830] ? __pfx____sys_sendmsg+0x10/0x10 [ 278.492851][ T7830] ? __fget_files+0x2a/0x420 [ 278.492871][ T7830] ? __fget_files+0x3a0/0x420 [ 278.492903][ T7830] __x64_sys_sendmsg+0x19b/0x260 [ 278.492934][ T7830] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 278.492971][ T7830] ? __pfx_ksys_write+0x10/0x10 [ 278.492986][ T7830] ? rcu_is_watching+0x15/0xb0 [ 278.493012][ T7830] ? do_syscall_64+0xbe/0x3b0 [ 278.493036][ T7830] do_syscall_64+0xfa/0x3b0 [ 278.493055][ T7830] ? lockdep_hardirqs_on+0x9c/0x150 [ 278.493074][ T7830] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.493093][ T7830] ? clear_bhb_loop+0x60/0xb0 [ 278.493116][ T7830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.493132][ T7830] RIP: 0033:0x7f628cd8ebe9 [ 278.493156][ T7830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 278.493171][ T7830] RSP: 002b:00007f628aff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 278.493192][ T7830] RAX: ffffffffffffffda RBX: 00007f628cfb5fa0 RCX: 00007f628cd8ebe9 [ 278.493205][ T7830] RDX: 0000000000040880 RSI: 0000200000000180 RDI: 0000000000000003 [ 278.493217][ T7830] RBP: 00007f628aff6090 R08: 0000000000000000 R09: 0000000000000000 [ 278.493229][ T7830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 278.493240][ T7830] R13: 00007f628cfb6038 R14: 00007f628cfb5fa0 R15: 00007ffc07defc38 [ 278.493268][ T7830] [ 279.592526][ T7847] netlink: 'syz.3.527': attribute type 10 has an invalid length. [ 280.316264][ T7840] lo speed is unknown, defaulting to 1000 [ 281.918836][ T7870] netlink: 'syz.4.531': attribute type 10 has an invalid length. [ 283.402458][ T7877] netlink: 80 bytes leftover after parsing attributes in process `syz.2.533'. [ 283.689135][ T7878] tipc: Enabling of bearer rejected, failed to enable media [ 283.919954][ T7884] tipc: Enabling of bearer rejected, failed to enable media [ 288.493743][ T7932] tipc: Enabling of bearer rejected, already enabled [ 289.494405][ T7934] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 289.858078][ T7937] tipc: Enabling of bearer rejected, failed to enable media [ 289.882688][ T7937] syzkaller0: entered promiscuous mode [ 289.941031][ T7937] syzkaller0: entered allmulticast mode [ 290.066098][ T7948] FAULT_INJECTION: forcing a failure. [ 290.066098][ T7948] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 290.130026][ T7948] CPU: 0 UID: 0 PID: 7948 Comm: syz.1.552 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 290.130058][ T7948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 290.130069][ T7948] Call Trace: [ 290.130075][ T7948] [ 290.130082][ T7948] dump_stack_lvl+0x189/0x250 [ 290.130109][ T7948] ? __pfx____ratelimit+0x10/0x10 [ 290.130129][ T7948] ? __pfx_dump_stack_lvl+0x10/0x10 [ 290.130149][ T7948] ? __pfx__printk+0x10/0x10 [ 290.130173][ T7948] ? __might_fault+0xb0/0x130 [ 290.130203][ T7948] should_fail_ex+0x414/0x560 [ 290.130227][ T7948] _copy_from_user+0x2d/0xb0 [ 290.130250][ T7948] do_sock_getsockopt+0x17d/0x450 [ 290.130279][ T7948] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 290.130305][ T7948] ? do_syscall_64+0x20/0x3b0 [ 290.130323][ T7948] ? __fget_files+0x3a0/0x420 [ 290.130343][ T7948] ? __fget_files+0x2a/0x420 [ 290.130370][ T7948] __x64_sys_getsockopt+0x1a5/0x250 [ 290.130396][ T7948] ? do_syscall_64+0x20/0x3b0 [ 290.130418][ T7948] ? do_syscall_64+0x20/0x3b0 [ 290.130442][ T7948] do_syscall_64+0xfa/0x3b0 [ 290.130463][ T7948] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.130482][ T7948] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 290.130500][ T7948] ? clear_bhb_loop+0x60/0xb0 [ 290.130523][ T7948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.130541][ T7948] RIP: 0033:0x7f628cd8ebe9 [ 290.130558][ T7948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.130573][ T7948] RSP: 002b:00007f628aff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 290.130593][ T7948] RAX: ffffffffffffffda RBX: 00007f628cfb5fa0 RCX: 00007f628cd8ebe9 [ 290.130608][ T7948] RDX: 0000000000000002 RSI: 0000000000000028 RDI: 0000000000000003 [ 290.130619][ T7948] RBP: 00007f628aff6090 R08: 0000200000000080 R09: 0000000000000000 [ 290.130631][ T7948] R10: 00002000000012c0 R11: 0000000000000246 R12: 0000000000000001 [ 290.130643][ T7948] R13: 00007f628cfb6038 R14: 00007f628cfb5fa0 R15: 00007ffc07defc38 [ 290.130673][ T7948] [ 291.116983][ T7952] 9pnet_fd: Insufficient options for proto=fd [ 291.128928][ T7960] lo speed is unknown, defaulting to 1000 [ 292.182163][ T5915] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 292.201732][ T7976] tipc: Enabling of bearer rejected, already enabled [ 292.403225][ T5915] usb 1-1: Using ep0 maxpacket: 8 [ 292.410710][ T5915] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 292.422993][ T5915] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 292.434704][ T5915] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 292.454722][ T5915] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 292.483887][ T5915] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 292.495098][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.516322][ T5915] usb 1-1: Product: syz [ 292.520543][ T5915] usb 1-1: Manufacturer: syz [ 292.554974][ T5915] usb 1-1: SerialNumber: syz [ 292.592517][ T5915] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 292.638828][ T5915] usbtest 1-1:1.0: Linux user mode ISO test driver [ 292.678566][ T5915] usbtest 1-1:1.0: high-speed {control iso-in iso-out} tests (+alt) [ 293.049056][ T1208] usb 1-1: USB disconnect, device number 13 [ 293.459457][ T7993] netlink: 'syz.4.566': attribute type 10 has an invalid length. [ 296.097129][ T8024] tipc: Enabling of bearer rejected, failed to enable media [ 299.334282][ T30] audit: type=1326 audit(1755842806.349:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8043 comm="syz.4.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94fc18ebe9 code=0x7ffc0000 [ 299.368834][ T30] audit: type=1326 audit(1755842806.349:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8043 comm="syz.4.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94fc18ebe9 code=0x7ffc0000 [ 299.390835][ T30] audit: type=1326 audit(1755842806.349:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8043 comm="syz.4.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94fc18ebe9 code=0x7ffc0000 [ 299.488434][ T30] audit: type=1326 audit(1755842806.349:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8043 comm="syz.4.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94fc18ebe9 code=0x7ffc0000 [ 299.680939][ T30] audit: type=1326 audit(1755842806.349:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8043 comm="syz.4.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94fc18ebe9 code=0x7ffc0000 [ 299.904444][ T30] audit: type=1326 audit(1755842806.349:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8043 comm="syz.4.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94fc190b07 code=0x7ffc0000 [ 299.938870][ T30] audit: type=1326 audit(1755842806.349:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8043 comm="syz.4.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f94fc190a7c code=0x7ffc0000 [ 300.017235][ T30] audit: type=1326 audit(1755842806.349:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8043 comm="syz.4.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f94fc1909b4 code=0x7ffc0000 [ 300.144841][ T30] audit: type=1326 audit(1755842806.349:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8043 comm="syz.4.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f94fc1909b4 code=0x7ffc0000 [ 300.325136][ T30] audit: type=1326 audit(1755842806.349:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8043 comm="syz.4.580" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f94fc18d84a code=0x7ffc0000 [ 301.486662][ T8064] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 301.574896][ T8067] FAULT_INJECTION: forcing a failure. [ 301.574896][ T8067] name failslab, interval 1, probability 0, space 0, times 0 [ 301.618460][ T8067] CPU: 0 UID: 0 PID: 8067 Comm: syz.1.585 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 301.618488][ T8067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 301.618500][ T8067] Call Trace: [ 301.618508][ T8067] [ 301.618517][ T8067] dump_stack_lvl+0x189/0x250 [ 301.618544][ T8067] ? __pfx____ratelimit+0x10/0x10 [ 301.618565][ T8067] ? __pfx_dump_stack_lvl+0x10/0x10 [ 301.618585][ T8067] ? __pfx__printk+0x10/0x10 [ 301.618609][ T8067] ? __pfx___might_resched+0x10/0x10 [ 301.618629][ T8067] ? fs_reclaim_acquire+0x7d/0x100 [ 301.618657][ T8067] should_fail_ex+0x414/0x560 [ 301.618681][ T8067] should_failslab+0xa8/0x100 [ 301.618704][ T8067] __kmalloc_noprof+0xcb/0x4f0 [ 301.618722][ T8067] ? tomoyo_encode+0x28b/0x550 [ 301.618748][ T8067] tomoyo_encode+0x28b/0x550 [ 301.618777][ T8067] tomoyo_realpath_from_path+0x58d/0x5d0 [ 301.618809][ T8067] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 301.618829][ T8067] tomoyo_path_number_perm+0x1e8/0x5a0 [ 301.618853][ T8067] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 301.618889][ T8067] ? __lock_acquire+0xab9/0xd20 [ 301.618926][ T8067] ? __fget_files+0x2a/0x420 [ 301.618951][ T8067] ? __fget_files+0x2a/0x420 [ 301.618977][ T8067] ? __fget_files+0x3a0/0x420 [ 301.618995][ T8067] ? __fget_files+0x2a/0x420 [ 301.619019][ T8067] security_file_ioctl+0xcb/0x2d0 [ 301.619043][ T8067] __se_sys_ioctl+0x47/0x170 [ 301.619074][ T8067] do_syscall_64+0xfa/0x3b0 [ 301.619094][ T8067] ? lockdep_hardirqs_on+0x9c/0x150 [ 301.619114][ T8067] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.619133][ T8067] ? clear_bhb_loop+0x60/0xb0 [ 301.619156][ T8067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.619173][ T8067] RIP: 0033:0x7f628cd8ebe9 [ 301.619191][ T8067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.619208][ T8067] RSP: 002b:00007f628aff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 301.619229][ T8067] RAX: ffffffffffffffda RBX: 00007f628cfb5fa0 RCX: 00007f628cd8ebe9 [ 301.619243][ T8067] RDX: 0000200000000080 RSI: 00000000c0045009 RDI: 0000000000000003 [ 301.619256][ T8067] RBP: 00007f628aff6090 R08: 0000000000000000 R09: 0000000000000000 [ 301.619267][ T8067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.619277][ T8067] R13: 00007f628cfb6038 R14: 00007f628cfb5fa0 R15: 00007ffc07defc38 [ 301.619311][ T8067] [ 301.619332][ T8067] ERROR: Out of memory at tomoyo_realpath_from_path. [ 301.635942][ T8072] netlink: 'syz.2.584': attribute type 4 has an invalid length. [ 302.128778][ T8080] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 302.610656][ T8087] tipc: Enabling of bearer rejected, already enabled [ 304.180430][ T8097] syz.2.591 (8097): /proc/8092/oom_adj is deprecated, please use /proc/8092/oom_score_adj instead. [ 304.418616][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 304.418635][ T30] audit: type=1326 audit(1755842811.459:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8101 comm="syz.4.593" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f94fc18ebe9 code=0x0 [ 304.531973][ T5928] usb 1-1: new low-speed USB device number 14 using dummy_hcd [ 305.394589][ T5928] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 305.542317][ T5928] usb 1-1: config 0 has no interface number 0 [ 305.614484][ T5928] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 305.633019][ T5928] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 305.653255][ T5928] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 305.692007][ T5928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.759193][ T5928] usb 1-1: config 0 descriptor?? [ 305.787118][ T8098] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 305.830264][ T5928] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 306.106408][ T43] usb 1-1: USB disconnect, device number 14 [ 307.388129][ T8126] loop2: detected capacity change from 0 to 7 [ 307.473392][ T8130] FAULT_INJECTION: forcing a failure. [ 307.473392][ T8130] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 308.225336][ T8130] CPU: 1 UID: 0 PID: 8130 Comm: syz.2.601 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 308.225364][ T8130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 308.225386][ T8130] Call Trace: [ 308.225394][ T8130] [ 308.225403][ T8130] dump_stack_lvl+0x189/0x250 [ 308.225429][ T8130] ? __pfx____ratelimit+0x10/0x10 [ 308.225450][ T8130] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.225471][ T8130] ? __pfx__printk+0x10/0x10 [ 308.225496][ T8130] ? __might_fault+0xb0/0x130 [ 308.225526][ T8130] should_fail_ex+0x414/0x560 [ 308.225552][ T8130] _copy_from_user+0x2d/0xb0 [ 308.225579][ T8130] inet6_ioctl+0x180/0x280 [ 308.225602][ T8130] ? __pfx_inet6_ioctl+0x10/0x10 [ 308.225620][ T8130] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 308.225657][ T8130] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 308.225689][ T8130] sock_do_ioctl+0xdc/0x300 [ 308.225714][ T8130] ? __pfx_sock_do_ioctl+0x10/0x10 [ 308.225733][ T8130] ? __lock_acquire+0xab9/0xd20 [ 308.225755][ T8130] ? __asan_memset+0x22/0x50 [ 308.225781][ T8130] ? smack_file_ioctl+0x24a/0x340 [ 308.225807][ T8130] sock_ioctl+0x576/0x790 [ 308.225830][ T8130] ? __pfx_sock_ioctl+0x10/0x10 [ 308.225851][ T8130] ? __fget_files+0x2a/0x420 [ 308.225872][ T8130] ? __fget_files+0x3a0/0x420 [ 308.225895][ T8130] ? __fget_files+0x2a/0x420 [ 308.225919][ T8130] ? bpf_lsm_file_ioctl+0x9/0x20 [ 308.225941][ T8130] ? __pfx_sock_ioctl+0x10/0x10 [ 308.225961][ T8130] __se_sys_ioctl+0xfc/0x170 [ 308.225989][ T8130] do_syscall_64+0xfa/0x3b0 [ 308.226009][ T8130] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.226029][ T8130] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.226048][ T8130] ? clear_bhb_loop+0x60/0xb0 [ 308.226071][ T8130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.226089][ T8130] RIP: 0033:0x7f0e82b8ebe9 [ 308.226106][ T8130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.226121][ T8130] RSP: 002b:00007f0e8395b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 308.226141][ T8130] RAX: ffffffffffffffda RBX: 00007f0e82db5fa0 RCX: 00007f0e82b8ebe9 [ 308.226155][ T8130] RDX: 0000200000005fc0 RSI: 000000000000890c RDI: 0000000000000004 [ 308.226168][ T8130] RBP: 00007f0e8395b090 R08: 0000000000000000 R09: 0000000000000000 [ 308.226179][ T8130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.226190][ T8130] R13: 00007f0e82db6038 R14: 00007f0e82db5fa0 R15: 00007ffeaa164208 [ 308.226227][ T8130] [ 309.799463][ T8128] tipc: Enabling of bearer rejected, failed to enable media [ 309.889261][ T5500] dhcpcd (5500) used greatest stack depth: 19720 bytes left [ 309.976289][ T8126] Dev loop2: unable to read RDB block 7 [ 310.016759][ T8126] loop2: unable to read partition table [ 310.039562][ T8126] loop2: partition table beyond EOD, truncated [ 310.077263][ T8126] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 311.800134][ T8164] netlink: 'syz.3.608': attribute type 4 has an invalid length. [ 312.630356][ T8165] netlink: 'syz.1.607': attribute type 10 has an invalid length. [ 313.207488][ T8172] netlink: 'syz.4.609': attribute type 4 has an invalid length. [ 316.662178][ T8192] tipc: Enabling of bearer rejected, already enabled [ 317.229911][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.237720][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.373251][ T8215] netlink: 'syz.1.620': attribute type 4 has an invalid length. [ 320.160505][ T8223] block device autoloading is deprecated and will be removed. [ 321.120151][ T8234] netlink: 'syz.0.628': attribute type 1 has an invalid length. [ 321.172895][ T8234] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 321.181443][ T8234] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 321.239995][ T8234] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 321.801156][ T8244] netlink: 'syz.4.632': attribute type 20 has an invalid length. [ 321.828079][ T8244] dvmrp1: entered allmulticast mode [ 322.132517][ T5953] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 322.226533][ T8253] netlink: 'syz.2.634': attribute type 4 has an invalid length. [ 322.618552][ T5953] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 322.635944][ T5953] usb 2-1: config 0 has no interface number 0 [ 322.649193][ T5953] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 322.670690][ T5953] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 322.689486][ T5953] usb 2-1: config 0 interface 255 has no altsetting 0 [ 322.696540][ T5953] usb 2-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 322.832203][ T5953] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.849592][ T5953] usb 2-1: config 0 descriptor?? [ 325.192165][ T5953] usb 2-1: string descriptor 0 read error: -71 [ 325.207396][ T5953] ums-realtek 2-1:0.255: USB Mass Storage device detected [ 325.897389][ T5953] usb 2-1: USB disconnect, device number 11 [ 327.811991][ T5835] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 328.002987][ T5835] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 328.026204][ T5835] usb 3-1: config 0 has no interface number 0 [ 328.206213][ T5835] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 328.231980][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 328.240135][ T5835] usb 3-1: Product: syz [ 328.251960][ T5835] usb 3-1: Manufacturer: syz [ 328.801937][ T5835] usb 3-1: SerialNumber: syz [ 328.836602][ T5835] usb 3-1: config 0 descriptor?? [ 328.892402][ T8321] syzkaller1: entered promiscuous mode [ 328.924895][ T8321] syzkaller1: entered allmulticast mode [ 329.050628][ T8299] netlink: 36 bytes leftover after parsing attributes in process `syz.2.646'. [ 329.075322][ T8299] netlink: 8 bytes leftover after parsing attributes in process `syz.2.646'. [ 330.101531][ T5835] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 330.773234][ T5835] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 330.788905][ T5835] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 330.818429][ T5835] usb 3-1: media controller created [ 330.863239][ T5835] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 332.048559][ T5835] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 332.472317][ T8359] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 332.493122][ T5835] usb 3-1: USB disconnect, device number 11 [ 332.600743][ T8363] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 332.619302][ T8364] netlink: 'syz.2.665': attribute type 10 has an invalid length. [ 333.382045][ T30] audit: type=1326 audit(1755842840.419:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.3.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51a3b8ebe9 code=0x7ffc0000 [ 334.222780][ T30] audit: type=1326 audit(1755842840.429:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.3.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51a3b8ebe9 code=0x7ffc0000 [ 334.532080][ T30] audit: type=1326 audit(1755842840.529:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.3.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f51a3b8ebe9 code=0x7ffc0000 [ 334.573137][ T30] audit: type=1326 audit(1755842841.549:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.3.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51a3b8ebe9 code=0x7ffc0000 [ 334.603919][ T30] audit: type=1326 audit(1755842841.549:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.3.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51a3b8ebe9 code=0x7ffc0000 [ 337.245958][ T8403] netlink: 228 bytes leftover after parsing attributes in process `syz.2.675'. [ 337.880369][ T8414] fuse: Unknown parameter '0xffffffffffffffff0x00000000000000080xffffffffffffffffæ(@¥â¼»x5ù3˜d{' [ 338.146477][ T8419] netlink: 'syz.0.678': attribute type 3 has an invalid length. [ 338.154447][ T8419] netlink: 'syz.0.678': attribute type 1 has an invalid length. [ 338.163213][ T8419] netlink: 216 bytes leftover after parsing attributes in process `syz.0.678'. [ 338.172557][ T8419] NCSI netlink: No device for ifindex 33022 [ 338.182183][ T5953] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 338.738806][ T8418] tipc: Enabling of bearer rejected, already enabled [ 338.841397][ T8423] capability: warning: `syz.0.678' uses 32-bit capabilities (legacy support in use) [ 338.886325][ T5953] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 339.442061][ T5953] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 339.501966][ T5953] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 339.547216][ T5953] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 339.570486][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.580771][ T8427] netlink: 'syz.4.682': attribute type 1 has an invalid length. [ 339.591691][ T5953] usb 3-1: Product: syz [ 339.597765][ T5953] usb 3-1: Manufacturer: syz [ 339.605637][ T5953] usb 3-1: SerialNumber: syz [ 340.437383][ T8427] 8021q: adding VLAN 0 to HW filter on device bond1 [ 340.605342][ T5953] cdc_ncm 3-1:1.0: bind() failure [ 340.606751][ T8431] bond1: (slave ip6gretap1): making interface the new active one [ 340.645290][ T8431] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 340.680216][ T5953] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 340.712794][ T5953] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 340.722150][ T5901] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 340.741279][ T5953] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 340.770854][ T5953] usb 3-1: USB disconnect, device number 12 [ 341.615744][ T8444] netlink: 'syz.2.685': attribute type 10 has an invalid length. [ 341.631998][ T5901] usb 4-1: Using ep0 maxpacket: 8 [ 341.775415][ T5901] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 341.788655][ T8427] veth3: entered promiscuous mode [ 341.829264][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.849933][ T5901] usb 4-1: Product: syz [ 341.856847][ T8427] bond1: (slave veth3): Enslaving as an active interface with a down link [ 341.881016][ T5901] usb 4-1: Manufacturer: syz [ 341.902062][ T8440] erspan0: entered allmulticast mode [ 341.948522][ T5901] usb 4-1: SerialNumber: syz [ 341.967961][ T5901] usb 4-1: config 0 descriptor?? [ 341.978033][ T5901] gspca_main: se401-2.14.0 probing 047d:5003 [ 341.996892][ T8440] bond1: (slave erspan0): Enslaving as an active interface with an up link [ 343.183489][ T5901] gspca_se401: Bayer format not supported! [ 343.225127][ T8455] FAULT_INJECTION: forcing a failure. [ 343.225127][ T8455] name failslab, interval 1, probability 0, space 0, times 0 [ 343.292025][ T8455] CPU: 0 UID: 0 PID: 8455 Comm: syz.0.687 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 343.292052][ T8455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 343.292062][ T8455] Call Trace: [ 343.292069][ T8455] [ 343.292076][ T8455] dump_stack_lvl+0x189/0x250 [ 343.292103][ T8455] ? __pfx____ratelimit+0x10/0x10 [ 343.292124][ T8455] ? __pfx_dump_stack_lvl+0x10/0x10 [ 343.292146][ T8455] ? __pfx__printk+0x10/0x10 [ 343.292177][ T8455] ? __pfx___might_resched+0x10/0x10 [ 343.292197][ T8455] ? fs_reclaim_acquire+0x7d/0x100 [ 343.292226][ T8455] should_fail_ex+0x414/0x560 [ 343.292251][ T8455] should_failslab+0xa8/0x100 [ 343.292274][ T8455] kmem_cache_alloc_noprof+0x73/0x3c0 [ 343.292292][ T8455] ? __kernfs_new_node+0xd7/0x7e0 [ 343.292320][ T8455] __kernfs_new_node+0xd7/0x7e0 [ 343.292344][ T8455] ? __lock_acquire+0xab9/0xd20 [ 343.292371][ T8455] ? __pfx___kernfs_new_node+0x10/0x10 [ 343.292395][ T8455] ? kernfs_root+0x1c/0x230 [ 343.292425][ T8455] ? kernfs_root+0x1c/0x230 [ 343.292446][ T8455] ? kernfs_root+0x1c/0x230 [ 343.292466][ T8455] ? kernfs_root+0x1c/0x230 [ 343.292493][ T8455] kernfs_new_node+0x102/0x210 [ 343.292523][ T8455] __kernfs_create_file+0x4b/0x2e0 [ 343.292556][ T8455] sysfs_add_file_mode_ns+0x238/0x300 [ 343.292585][ T8455] sysfs_create_file_ns+0x128/0x1a0 [ 343.292604][ T8455] ? __pfx___up_read+0x10/0x10 [ 343.292627][ T8455] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 343.292644][ T8455] ? acpi_device_notify+0x171/0x380 [ 343.292671][ T8455] ? __dev_fwnode+0x50/0x80 [ 343.292699][ T8455] ? device_create_file+0xf4/0x1c0 [ 343.292728][ T8455] device_add+0x440/0xb50 [ 343.292761][ T8455] input_register_device+0x9ca/0x10b0 [ 343.292805][ T8455] uinput_create_device+0x422/0x670 [ 343.292828][ T8455] ? __lock_acquire+0xab9/0xd20 [ 343.292860][ T8455] uinput_ioctl_handler+0x3f0/0x1570 [ 343.292886][ T8455] ? __pfx_uinput_ioctl_handler+0x10/0x10 [ 343.292921][ T8455] ? __fget_files+0x2a/0x420 [ 343.292939][ T8455] ? __fget_files+0x3a0/0x420 [ 343.292963][ T8455] ? bpf_lsm_file_ioctl+0x9/0x20 [ 343.292985][ T8455] ? __pfx_uinput_ioctl+0x10/0x10 [ 343.293005][ T8455] __se_sys_ioctl+0xfc/0x170 [ 343.293035][ T8455] do_syscall_64+0xfa/0x3b0 [ 343.293057][ T8455] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.293076][ T8455] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 343.293095][ T8455] ? clear_bhb_loop+0x60/0xb0 [ 343.293119][ T8455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.293138][ T8455] RIP: 0033:0x7f780398ebe9 [ 343.293155][ T8455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.293170][ T8455] RSP: 002b:00007f78048da038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 343.293191][ T8455] RAX: ffffffffffffffda RBX: 00007f7803bb5fa0 RCX: 00007f780398ebe9 [ 343.293205][ T8455] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 343.293217][ T8455] RBP: 00007f78048da090 R08: 0000000000000000 R09: 0000000000000000 [ 343.293229][ T8455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 343.293240][ T8455] R13: 00007f7803bb6038 R14: 00007f7803bb5fa0 R15: 00007ffc371ae478 [ 343.293273][ T8455] [ 343.827590][ T8469] tmpfs: Bad value for 'mpol' [ 343.832989][ T8469] binder: 8462:8469 ioctl 4018620d 0 returned -22 [ 344.476619][ T8472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 344.637289][ T30] audit: type=1326 audit(1755842851.549:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8462 comm="syz.1.689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f628cd8ebe9 code=0x7fc00000 [ 344.666447][ T8472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 345.092953][ T5915] usb 4-1: USB disconnect, device number 8 [ 347.152024][ T8504] netlink: 'syz.4.700': attribute type 10 has an invalid length. [ 348.939326][ T8514] nvme_fabrics: missing parameter 'transport=%s' [ 348.946125][ T8514] nvme_fabrics: missing parameter 'nqn=%s' [ 349.207170][ T8529] tty tty2: ldisc open failed (-12), clearing slot 1 [ 351.952417][ T5901] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 352.586151][ T8564] trusted_key: encrypted_key: keylen parameter is missing [ 352.603859][ T5915] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 352.834077][ T5915] usb 3-1: Using ep0 maxpacket: 16 [ 352.843181][ T5915] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 353.474459][ T5915] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 353.521998][ T5915] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 353.530371][ T5915] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 353.608024][ T5915] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 353.617097][ T5915] usb 3-1: config 0 has no interface number 0 [ 353.632795][ T5915] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 353.646330][ T5915] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 353.668564][ T5915] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 353.708084][ T5915] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 353.759197][ T5915] usb 3-1: config 0 interface 125 has no altsetting 2 [ 353.780632][ T5915] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 353.806142][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.838125][ T5915] usb 3-1: Product: syz [ 353.851976][ T5915] usb 3-1: Manufacturer: syz [ 353.858554][ T5915] usb 3-1: SerialNumber: syz [ 353.923109][ T5915] usb 3-1: config 0 descriptor?? [ 353.931325][ T5915] usb 3-1: selecting invalid altsetting 2 [ 354.334969][ T8581] netlink: 'syz.4.718': attribute type 4 has an invalid length. [ 354.799274][ T5901] usb 3-1: USB disconnect, device number 13 [ 356.361132][ T8597] syzkaller0: entered promiscuous mode [ 356.372405][ T8597] syzkaller0: entered allmulticast mode [ 359.630044][ T8624] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 359.812121][ T5953] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 360.352526][ T5953] usb 4-1: Using ep0 maxpacket: 32 [ 360.474159][ T5953] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 360.521952][ T5953] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 360.550273][ T5953] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 360.695479][ T8631] netlink: 'syz.2.732': attribute type 4 has an invalid length. [ 361.202601][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.381263][ T5953] usb 4-1: config 0 descriptor?? [ 361.854072][ T8634] Cannot find add_set index 0 as target [ 362.053850][ T5953] usbhid 4-1:0.0: can't add hid device: -32 [ 362.060325][ T5953] usbhid 4-1:0.0: probe with driver usbhid failed with error -32 [ 362.080421][ T5953] usb 4-1: USB disconnect, device number 9 [ 362.184016][ T8640] netlink: 228 bytes leftover after parsing attributes in process `syz.4.735'. [ 364.050559][ T8653] netlink: 'syz.0.740': attribute type 5 has an invalid length. [ 364.060152][ T8655] netlink: 4 bytes leftover after parsing attributes in process `syz.1.739'. [ 365.099562][ T8675] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 367.240466][ T8706] netlink: 20 bytes leftover after parsing attributes in process `syz.1.756'. [ 367.249788][ T8706] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 367.329281][ T8709] netlink: 'syz.4.757': attribute type 10 has an invalid length. [ 367.351829][ T8709] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 367.579385][ T5901] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 368.582288][ T5901] usb 3-1: Using ep0 maxpacket: 8 [ 368.607051][ T5901] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 368.630139][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.655590][ T5901] usb 3-1: Product: syz [ 368.659818][ T5901] usb 3-1: Manufacturer: syz [ 368.669369][ T5901] usb 3-1: SerialNumber: syz [ 368.686823][ T5901] usb 3-1: config 0 descriptor?? [ 368.696440][ T5901] gspca_main: se401-2.14.0 probing 047d:5003 [ 369.125484][ T8735] netlink: 'syz.0.764': attribute type 10 has an invalid length. [ 369.180339][ T5901] gspca_se401: Wrong descriptor type [ 369.530277][ T5901] usb 3-1: USB disconnect, device number 14 [ 369.761178][ T8742] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 370.160428][ T8750] netlink: 'syz.0.769': attribute type 3 has an invalid length. [ 370.189138][ T8750] netlink: 'syz.0.769': attribute type 3 has an invalid length. [ 370.219191][ T8750] netlink: 16 bytes leftover after parsing attributes in process `syz.0.769'. [ 370.287463][ T8754] netlink: 'syz.2.772': attribute type 1 has an invalid length. [ 370.404267][ T8754] bond1: entered promiscuous mode [ 370.411123][ T8754] 8021q: adding VLAN 0 to HW filter on device bond1 [ 370.602996][ T5953] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 370.612375][ T8759] bond1: (slave bridge1): making interface the new active one [ 370.650238][ T8759] bridge1: entered promiscuous mode [ 370.658017][ T8759] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 370.762085][ T5953] usb 2-1: Using ep0 maxpacket: 16 [ 371.373518][ T5953] usb 2-1: config 0 has an invalid interface number: 64 but max is 0 [ 371.381697][ T5953] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 371.395816][ T5953] usb 2-1: config 0 has no interface number 0 [ 371.403928][ T5953] usb 2-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.5b [ 371.439759][ T5953] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.471733][ T5953] usb 2-1: config 0 descriptor?? [ 371.526773][ T5953] usb 2-1: Found UVC 0.00 device (0bd3:0555) [ 371.551949][ T5953] usb 2-1: No valid video chain found. [ 372.284193][ T8746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.312326][ T8746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 372.332004][ T5928] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 372.504974][ T5928] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 372.519971][ T5928] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 372.549935][ T5928] usb 4-1: config 0 has no interface number 0 [ 372.559814][ T5928] usb 4-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0x13, changing to 0x3 [ 372.571473][ T5928] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 10 [ 372.586807][ T5928] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 372.598434][ T5928] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 372.611616][ T5928] usb 4-1: config 0 interface 52 has no altsetting 0 [ 372.620722][ T5928] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 372.639524][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 372.666103][ T5928] usb 4-1: Product: syz [ 372.671565][ T5928] usb 4-1: SerialNumber: syz [ 372.860447][ T5928] usb 4-1: config 0 descriptor?? [ 373.375300][ T8788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.775'. [ 374.150207][ T5835] usb 4-1: USB disconnect, device number 10 [ 374.187154][ T5928] usb 2-1: USB disconnect, device number 12 [ 374.277296][ T8796] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 374.317919][ T8796] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 374.379188][ T8796] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 375.643344][ T8814] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 376.259644][ T8816] orangefs_mount: mount request failed with -4 [ 378.653950][ T8847] syzkaller0: entered promiscuous mode [ 378.668624][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.676341][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.686254][ T8847] syzkaller0: entered allmulticast mode [ 378.762055][ T5929] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 378.972052][ T5835] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 378.983507][ T5929] usb 3-1: Using ep0 maxpacket: 16 [ 379.000641][ T5929] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice= 6.8a [ 379.010290][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.018679][ T5929] usb 3-1: Product: syz [ 379.023045][ T5929] usb 3-1: Manufacturer: syz [ 379.027750][ T5929] usb 3-1: SerialNumber: syz [ 379.039641][ T5929] usb 3-1: config 0 descriptor?? [ 379.047586][ T5929] mcba_usb 3-1:0.0: Can't find endpoints [ 379.131975][ T5835] usb 2-1: Using ep0 maxpacket: 8 [ 379.139976][ T5835] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 379.174980][ T5835] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x97, changing to 0x87 [ 379.200824][ T5835] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 36, changing to 9 [ 379.212462][ T5835] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 50274, setting to 1024 [ 379.225140][ T5835] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 379.238527][ T5835] usb 2-1: New USB device found, idVendor=0c2e, idProduct=0720, bcdDevice=9b.f7 [ 379.254576][ T5835] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.264925][ T5929] usb 3-1: USB disconnect, device number 15 [ 379.280741][ T5835] usb 2-1: config 0 descriptor?? [ 379.290124][ T8854] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 379.305801][ T5835] metro_usb 2-1:0.0: Metrologic USB to Serial converter detected [ 379.324506][ T5835] usb 2-1: Metrologic USB to Serial converter now attached to ttyUSB0 [ 379.524609][ T5929] usb 2-1: USB disconnect, device number 13 [ 379.616665][ T5929] metro-usb ttyUSB0: Metrologic USB to Serial converter now disconnected from ttyUSB0 [ 379.633950][ T5929] metro_usb 2-1:0.0: device disconnected [ 379.922266][ T5835] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 380.400279][ T8875] syzkaller0: entered promiscuous mode [ 380.407741][ T8875] syzkaller0: entered allmulticast mode [ 380.537415][ T5835] usb 1-1: Using ep0 maxpacket: 32 [ 380.552164][ T5835] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 380.593741][ T5835] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 380.629409][ T5835] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 380.659005][ T5835] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.701230][ T5835] usb 1-1: config 0 descriptor?? [ 381.282979][ T5835] usbhid 1-1:0.0: can't add hid device: -32 [ 381.395899][ T5835] usbhid 1-1:0.0: probe with driver usbhid failed with error -32 [ 381.650275][ T5835] usb 1-1: USB disconnect, device number 16 [ 385.895993][ T8922] FAULT_INJECTION: forcing a failure. [ 385.895993][ T8922] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 385.983106][ T8926] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 386.613279][ T8922] CPU: 0 UID: 0 PID: 8922 Comm: syz.2.818 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 386.613304][ T8922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 386.613318][ T8922] Call Trace: [ 386.613326][ T8922] [ 386.613334][ T8922] dump_stack_lvl+0x189/0x250 [ 386.613360][ T8922] ? __pfx____ratelimit+0x10/0x10 [ 386.613378][ T8922] ? __pfx_dump_stack_lvl+0x10/0x10 [ 386.613399][ T8922] ? __pfx__printk+0x10/0x10 [ 386.613423][ T8922] ? __might_fault+0xb0/0x130 [ 386.613453][ T8922] should_fail_ex+0x414/0x560 [ 386.613477][ T8922] _copy_from_iter+0x1db/0x16f0 [ 386.613509][ T8922] ? txopt_get+0x7a/0x3f0 [ 386.613526][ T8922] ? txopt_get+0x7a/0x3f0 [ 386.613544][ T8922] ? __pfx__copy_from_iter+0x10/0x10 [ 386.613564][ T8922] ? txopt_get+0x335/0x3f0 [ 386.613582][ T8922] ? txopt_get+0x7a/0x3f0 [ 386.613600][ T8922] ? __pfx_txopt_get+0x10/0x10 [ 386.613635][ T8922] rawv6_sendmsg+0xb39/0x17f0 [ 386.613667][ T8922] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 386.613692][ T8922] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 386.613741][ T8922] ? sock_rps_record_flow+0x19/0x410 [ 386.613765][ T8922] ? inet_sendmsg+0x2f4/0x370 [ 386.613783][ T8922] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 386.613806][ T8922] __sock_sendmsg+0x19c/0x270 [ 386.613832][ T8922] sock_write_iter+0x258/0x330 [ 386.613856][ T8922] ? __pfx_sock_write_iter+0x10/0x10 [ 386.613888][ T8922] ? bpf_lsm_file_permission+0x9/0x20 [ 386.613907][ T8922] ? security_file_permission+0x75/0x290 [ 386.613937][ T8922] vfs_write+0x54b/0xa90 [ 386.613960][ T8922] ? __pfx_sock_write_iter+0x10/0x10 [ 386.613981][ T8922] ? __pfx_vfs_write+0x10/0x10 [ 386.614010][ T8922] ? __fget_files+0x2a/0x420 [ 386.614041][ T8922] ksys_write+0x145/0x250 [ 386.614061][ T8922] ? __pfx_ksys_write+0x10/0x10 [ 386.614076][ T8922] ? rcu_is_watching+0x15/0xb0 [ 386.614102][ T8922] ? do_syscall_64+0xbe/0x3b0 [ 386.614127][ T8922] do_syscall_64+0xfa/0x3b0 [ 386.614146][ T8922] ? lockdep_hardirqs_on+0x9c/0x150 [ 386.614166][ T8922] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.614185][ T8922] ? clear_bhb_loop+0x60/0xb0 [ 386.614205][ T8922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.614223][ T8922] RIP: 0033:0x7f0e82b8ebe9 [ 386.614240][ T8922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.614255][ T8922] RSP: 002b:00007f0e8395b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 386.614274][ T8922] RAX: ffffffffffffffda RBX: 00007f0e82db5fa0 RCX: 00007f0e82b8ebe9 [ 386.614288][ T8922] RDX: 00000000000005ac RSI: 00002000000000c0 RDI: 0000000000000003 [ 386.614298][ T8922] RBP: 00007f0e8395b090 R08: 0000000000000000 R09: 0000000000000000 [ 386.614308][ T8922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 386.614319][ T8922] R13: 00007f0e82db6038 R14: 00007f0e82db5fa0 R15: 00007ffeaa164208 [ 386.614345][ T8922] [ 387.769087][ T8942] FAULT_INJECTION: forcing a failure. [ 387.769087][ T8942] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 387.782611][ T8942] CPU: 0 UID: 0 PID: 8942 Comm: syz.1.825 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 387.782638][ T8942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 387.782651][ T8942] Call Trace: [ 387.782659][ T8942] [ 387.782667][ T8942] dump_stack_lvl+0x189/0x250 [ 387.782694][ T8942] ? __pfx____ratelimit+0x10/0x10 [ 387.782716][ T8942] ? __pfx_dump_stack_lvl+0x10/0x10 [ 387.782734][ T8942] ? __pfx__printk+0x10/0x10 [ 387.782754][ T8942] ? __might_fault+0xb0/0x130 [ 387.782782][ T8942] should_fail_ex+0x414/0x560 [ 387.782813][ T8942] _copy_from_iter+0x1db/0x16f0 [ 387.782840][ T8942] ? __pfx__copy_from_iter+0x10/0x10 [ 387.782861][ T8942] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 387.782889][ T8942] ? skb_put+0x11b/0x210 [ 387.782920][ T8942] hci_sock_sendmsg+0x422/0xef0 [ 387.782955][ T8942] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 387.782987][ T8942] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 387.783005][ T8942] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 387.783033][ T8942] __sock_sendmsg+0x21c/0x270 [ 387.783060][ T8942] sock_write_iter+0x258/0x330 [ 387.783085][ T8942] ? __pfx_sock_write_iter+0x10/0x10 [ 387.783117][ T8942] ? bpf_lsm_file_permission+0x9/0x20 [ 387.783138][ T8942] ? security_file_permission+0x75/0x290 [ 387.783168][ T8942] vfs_write+0x54b/0xa90 [ 387.783192][ T8942] ? __pfx_sock_write_iter+0x10/0x10 [ 387.783214][ T8942] ? __pfx_vfs_write+0x10/0x10 [ 387.783243][ T8942] ? __fget_files+0x2a/0x420 [ 387.783273][ T8942] ksys_write+0x145/0x250 [ 387.783293][ T8942] ? __pfx_ksys_write+0x10/0x10 [ 387.783309][ T8942] ? rcu_is_watching+0x15/0xb0 [ 387.783335][ T8942] ? do_syscall_64+0xbe/0x3b0 [ 387.783361][ T8942] do_syscall_64+0xfa/0x3b0 [ 387.783381][ T8942] ? lockdep_hardirqs_on+0x9c/0x150 [ 387.783401][ T8942] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.783420][ T8942] ? clear_bhb_loop+0x60/0xb0 [ 387.783444][ T8942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.783462][ T8942] RIP: 0033:0x7f628cd8ebe9 [ 387.783479][ T8942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.783496][ T8942] RSP: 002b:00007f628aff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 387.783517][ T8942] RAX: ffffffffffffffda RBX: 00007f628cfb5fa0 RCX: 00007f628cd8ebe9 [ 387.783538][ T8942] RDX: 000000000000000d RSI: 0000200000000000 RDI: 0000000000000004 [ 387.783550][ T8942] RBP: 00007f628aff6090 R08: 0000000000000000 R09: 0000000000000000 [ 387.783562][ T8942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 387.783574][ T8942] R13: 00007f628cfb6038 R14: 00007f628cfb5fa0 R15: 00007ffc07defc38 [ 387.783606][ T8942] [ 388.122203][ T5929] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 388.442542][ T5929] usb 3-1: Using ep0 maxpacket: 32 [ 388.917905][ T5929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.365448][ T5929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.450018][ T5929] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 389.479559][ T5929] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.617798][ T5929] usb 3-1: config 0 descriptor?? [ 391.045211][ T5929] usb 3-1: can't set config #0, error -71 [ 391.071647][ T5929] usb 3-1: USB disconnect, device number 16 [ 391.365403][ T8977] netlink: 'syz.2.834': attribute type 2 has an invalid length. [ 391.772401][ T8984] netlink: 20 bytes leftover after parsing attributes in process `syz.1.837'. [ 394.829549][ T9012] xt_nat: multiple ranges no longer supported [ 398.831817][ T9042] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 398.841366][ T9042] FAULT_INJECTION: forcing a failure. [ 398.841366][ T9042] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 398.856026][ T9042] CPU: 0 UID: 0 PID: 9042 Comm: syz.1.851 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 398.856053][ T9042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 398.856064][ T9042] Call Trace: [ 398.856072][ T9042] [ 398.856081][ T9042] dump_stack_lvl+0x189/0x250 [ 398.856108][ T9042] ? __pfx____ratelimit+0x10/0x10 [ 398.856130][ T9042] ? __pfx_dump_stack_lvl+0x10/0x10 [ 398.856151][ T9042] ? __pfx__printk+0x10/0x10 [ 398.856175][ T9042] ? __might_fault+0xb0/0x130 [ 398.856206][ T9042] should_fail_ex+0x414/0x560 [ 398.856232][ T9042] _copy_from_user+0x2d/0xb0 [ 398.856259][ T9042] iommufd_fops_ioctl+0x3f9/0x520 [ 398.856289][ T9042] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 398.856326][ T9042] ? __fget_files+0x3a0/0x420 [ 398.856347][ T9042] ? __fget_files+0x2a/0x420 [ 398.856372][ T9042] ? bpf_lsm_file_ioctl+0x9/0x20 [ 398.856395][ T9042] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 398.856419][ T9042] __se_sys_ioctl+0xfc/0x170 [ 398.856457][ T9042] do_syscall_64+0xfa/0x3b0 [ 398.856477][ T9042] ? lockdep_hardirqs_on+0x9c/0x150 [ 398.856503][ T9042] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.856522][ T9042] ? clear_bhb_loop+0x60/0xb0 [ 398.856545][ T9042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.856564][ T9042] RIP: 0033:0x7f628cd8ebe9 [ 398.856581][ T9042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.856599][ T9042] RSP: 002b:00007f628afd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 398.856619][ T9042] RAX: ffffffffffffffda RBX: 00007f628cfb6090 RCX: 00007f628cd8ebe9 [ 398.856634][ T9042] RDX: 0000200000000300 RSI: 0000000000003b8a RDI: 0000000000000005 [ 398.856646][ T9042] RBP: 00007f628afd5090 R08: 0000000000000000 R09: 0000000000000000 [ 398.856658][ T9042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 398.856670][ T9042] R13: 00007f628cfb6128 R14: 00007f628cfb6090 R15: 00007ffc07defc38 [ 398.856702][ T9042] [ 399.910032][ T9055] netlink: 'syz.0.857': attribute type 1 has an invalid length. [ 400.147787][ T9060] netlink: 228 bytes leftover after parsing attributes in process `syz.4.858'. [ 404.358865][ T5835] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 405.793363][ T9131] Device name cannot be null; rc = [-22] [ 413.332918][ T9185] netlink: 'syz.1.890': attribute type 4 has an invalid length. [ 413.341730][ T9185] netlink: 'syz.1.890': attribute type 4 has an invalid length. [ 415.687876][ T9217] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 415.864676][ T9217] fuse: Bad value for 'group_id' [ 415.870115][ T9217] fuse: Bad value for 'group_id' [ 417.603474][ T9233] loop4: detected capacity change from 0 to 7 [ 417.629560][ T9233] Dev loop4: unable to read RDB block 7 [ 417.635628][ T9233] loop4: unable to read partition table [ 417.641431][ T9233] loop4: partition table beyond EOD, truncated [ 417.647819][ T9233] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 417.926505][ T9244] netlink: 8 bytes leftover after parsing attributes in process `syz.0.902'. [ 417.935651][ T9244] netlink: 48 bytes leftover after parsing attributes in process `syz.0.902'. [ 417.997070][ T9244] vlan2: entered allmulticast mode [ 418.544653][ T9248] syz_tun: entered allmulticast mode [ 418.829316][ T9250] syz_tun: left allmulticast mode [ 421.362172][ T5928] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 421.529134][ T5928] usb 2-1: config 1 has an invalid interface number: 224 but max is 0 [ 421.539002][ T5928] usb 2-1: config 1 has no interface number 0 [ 421.572201][ T5928] usb 2-1: config 1 interface 224 has no altsetting 0 [ 421.584081][ T5928] usb 2-1: New USB device found, idVendor=2c7c, idProduct=0620, bcdDevice=2c.26 [ 421.635668][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.644869][ T5928] usb 2-1: Product: syz [ 421.649108][ T5928] usb 2-1: Manufacturer: syz [ 421.654478][ T5928] usb 2-1: SerialNumber: syz [ 421.976150][ T5928] qmi_wwan 2-1:1.224: probe with driver qmi_wwan failed with error -22 [ 421.996360][ T5928] usb 2-1: USB disconnect, device number 14 [ 423.112390][ T9286] netlink: 'syz.0.918': attribute type 10 has an invalid length. [ 423.752307][ T9299] netlink: 40 bytes leftover after parsing attributes in process `syz.2.922'. [ 426.021644][ T9324] netlink: 'syz.0.932': attribute type 3 has an invalid length. [ 426.030351][ T9324] netlink: 666 bytes leftover after parsing attributes in process `syz.0.932'. [ 426.581241][ T9320] bridge0: port 2(bridge_slave_1) entered disabled state [ 426.685293][ T9335] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 427.845168][ T9345] netlink: 'syz.2.934': attribute type 4 has an invalid length. [ 427.930143][ T9346] netlink: 'syz.2.934': attribute type 4 has an invalid length. [ 428.528977][ T9357] netlink: 'syz.0.936': attribute type 4 has an invalid length. [ 428.610312][ T9357] netlink: 'syz.0.936': attribute type 4 has an invalid length. [ 432.118575][ T9389] overlayfs: failed to clone upperpath [ 432.215785][ T9395] netlink: 'syz.1.948': attribute type 12 has an invalid length. [ 432.263851][ T9399] overlayfs: failed to clone upperpath [ 432.671922][ T9408] tipc: Enabling of bearer rejected, failed to enable media [ 434.277406][ T9427] netlink: 72 bytes leftover after parsing attributes in process `syz.0.961'. [ 436.857139][ T9457] tipc: Enabled bearer , priority 0 [ 436.874137][ T9457] syzkaller0: entered promiscuous mode [ 436.882676][ T9457] syzkaller0: entered allmulticast mode [ 437.062088][ T5835] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 437.141540][ T9457] tipc: Resetting bearer [ 437.779236][ T9456] tipc: Resetting bearer [ 437.809833][ T9456] tipc: Disabling bearer [ 439.369950][ T9479] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.423742][ T5938] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.430989][ T5938] bridge0: port 1(bridge_slave_0) entered forwarding state [ 440.116412][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.122965][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.362235][ T5929] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 442.302321][ T5929] usb 1-1: device descriptor read/64, error -71 [ 442.665091][ T9500] orangefs_mount: mount request failed with -4 [ 443.322247][ T5929] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 444.200362][ T9524] syz.4.983 (9524) used greatest stack depth: 16784 bytes left [ 444.735738][ T9533] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 444.913629][ T5929] usb 1-1: Using ep0 maxpacket: 32 [ 445.624201][ T5929] usb 1-1: device descriptor read/all, error -71 [ 445.634779][ T5929] usb usb1-port1: attempt power cycle [ 446.167884][ T9540] fuse: Unknown parameter 'uid>00000000000000000000' [ 447.303089][ T9556] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 447.641190][ T9558] orangefs_mount: mount request failed with -4 [ 448.274313][ T9564] netlink: 4400 bytes leftover after parsing attributes in process `syz.1.995'. [ 449.056290][ T9586] netlink: 'syz.2.1001': attribute type 10 has an invalid length. [ 449.692074][ T1208] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 450.434412][ T1208] usb 1-1: Using ep0 maxpacket: 32 [ 451.427659][ T1208] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 451.474737][ T1208] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 452.038122][ T1208] usb 1-1: string descriptor 0 read error: -71 [ 452.052044][ T1208] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 452.061140][ T1208] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.102295][ T1208] usb 1-1: config 0 descriptor?? [ 452.112211][ T1208] usb 1-1: can't set config #0, error -71 [ 452.604165][ T1208] usb 1-1: USB disconnect, device number 20 [ 452.794404][ T9620] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1009'. [ 453.062483][ T1208] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 453.288649][ T9631] netlink: 'syz.1.1013': attribute type 10 has an invalid length. [ 453.512898][ T1208] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 453.515248][ T1208] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 453.518898][ T1208] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 453.520173][ T1208] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 453.594681][ T1208] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 453.595156][ T1208] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 453.595178][ T1208] usb 3-1: Product: syz [ 453.596080][ T1208] usb 3-1: Manufacturer: syz [ 453.605612][ T1208] cdc_wdm 3-1:1.0: skipping garbage [ 453.605634][ T1208] cdc_wdm 3-1:1.0: skipping garbage [ 453.612502][ T1208] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 453.612536][ T1208] cdc_wdm 3-1:1.0: Unknown control protocol [ 453.821759][ T1208] usb 3-1: USB disconnect, device number 17 [ 453.898709][ T9640] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.924421][ T9372] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.924579][ T9372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.687032][ T9644] overlayfs: failed to clone upperpath [ 454.936901][ T9650] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1022'. [ 454.966146][ T9650] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1022'. [ 455.057705][ T9650] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1022'. [ 455.901968][ T1208] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 456.009381][ T9660] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1025'. [ 456.233586][ T9671] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.259152][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.266449][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 456.522432][ T5928] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 456.732060][ T5928] usb 2-1: Using ep0 maxpacket: 16 [ 456.821951][ T5928] usb 2-1: unable to get BOS descriptor or descriptor too short [ 456.842762][ T5928] usb 2-1: config 13 has an invalid interface number: 50 but max is 0 [ 456.857991][ T5928] usb 2-1: config 13 has an invalid descriptor of length 71, skipping remainder of the config [ 457.044748][ T5928] usb 2-1: config 13 has no interface number 0 [ 457.051014][ T5928] usb 2-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16 [ 457.061552][ T5928] usb 2-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 457.076776][ T5928] usb 2-1: config 13 interface 50 has no altsetting 0 [ 457.087063][ T5928] usb 2-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 457.100993][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.132617][ T5928] usb 2-1: Product: syz [ 457.137595][ T5928] usb 2-1: Manufacturer: syz [ 457.254941][ T5928] usb 2-1: SerialNumber: syz [ 457.263926][ T9669] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 457.376853][ T9684] netlink: 'syz.3.1032': attribute type 10 has an invalid length. [ 457.385032][ T9684] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1032'. [ 457.405928][ T9684] batman_adv: batadv0: Adding interface: virt_wifi0 [ 457.412854][ T9684] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 457.439884][ T9684] batman_adv: batadv0: Interface activated: virt_wifi0 [ 459.275672][ T9697] netlink: 'syz.3.1036': attribute type 10 has an invalid length. [ 459.284054][ T9697] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1036'. [ 459.284513][ T5928] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 459.353976][ T5928] usb 2-1: MIDIStreaming interface descriptor not found [ 459.531995][ T5928] usb 2-1: USB disconnect, device number 15 [ 459.722341][ T9707] syzkaller1: entered promiscuous mode [ 459.727873][ T9707] syzkaller1: entered allmulticast mode [ 460.132991][ T9718] overlayfs: failed to clone upperpath [ 460.882778][ T9745] netlink: 'syz.4.1045': attribute type 2 has an invalid length. [ 461.660689][ T9754] netlink: 'syz.3.1048': attribute type 10 has an invalid length. [ 462.992055][ T9770] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1053'. [ 463.503314][ T5928] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 463.753937][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.764966][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.782196][ T5928] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 464.360951][ T5928] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 464.374186][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.404699][ T5928] usb 4-1: config 0 descriptor?? [ 464.912790][ T5928] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 465.354337][ T9795] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 465.771481][ T9796] orangefs_mount: mount request failed with -4 [ 465.874496][ T5928] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 465.886672][ T5928] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 465.894238][ T5928] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 465.901746][ T5928] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 465.909212][ T5928] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 465.918515][ T5928] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 466.108316][ T5928] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 466.175548][ T5928] usb 4-1: USB disconnect, device number 13 [ 466.423060][ T9816] netlink: 'syz.3.1067': attribute type 10 has an invalid length. [ 468.832033][ T5901] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 468.841501][ T3595] libceph: connect (1)[c::]:6789 error -101 [ 468.849391][ T3595] libceph: mon0 (1)[c::]:6789 connect error [ 468.864833][ T9846] ceph: No mds server is up or the cluster is laggy [ 469.276183][ T3595] libceph: connect (1)[c::]:6789 error -101 [ 469.452394][ T3595] libceph: mon0 (1)[c::]:6789 connect error [ 469.531609][ T9857] netlink: 'syz.2.1079': attribute type 10 has an invalid length. [ 469.544274][ T5901] usb 4-1: Using ep0 maxpacket: 8 [ 469.742787][ T3595] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 469.742931][ T5901] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 64 [ 469.777721][ T5901] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 469.956924][ T3595] usb 1-1: Using ep0 maxpacket: 32 [ 469.984003][ T3595] usb 1-1: config 0 has an invalid interface number: 98 but max is 0 [ 470.002145][ T5901] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 470.008209][ T3595] usb 1-1: config 0 has no interface number 0 [ 470.059638][ T3595] usb 1-1: New USB device found, idVendor=11f5, idProduct=0005, bcdDevice=27.80 [ 470.082061][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.094979][ T3595] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.125907][ T5901] usbtmc 4-1:16.0: bulk endpoints not found [ 470.131996][ T3595] usb 1-1: Product: syz [ 470.132019][ T3595] usb 1-1: Manufacturer: syz [ 470.132034][ T3595] usb 1-1: SerialNumber: syz [ 470.138127][ T3595] usb 1-1: config 0 descriptor?? [ 470.204419][ T3595] pl2303 1-1:0.98: required interrupt-in endpoint missing [ 471.769604][ T5901] usb 1-1: USB disconnect, device number 21 [ 472.859782][ T9889] 9pnet_fd: Insufficient options for proto=fd [ 473.675102][ T9897] netlink: 'syz.4.1092': attribute type 10 has an invalid length. [ 473.689515][ T9892] loop4: detected capacity change from 0 to 7 [ 473.717861][ T9892] Dev loop4: unable to read RDB block 7 [ 473.723574][ T9892] loop4: unable to read partition table [ 473.729451][ T9892] loop4: partition table beyond EOD, truncated [ 473.735723][ T9892] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 474.058249][ T9902] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1090'. [ 474.067679][ T9902] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1090'. [ 475.425305][ T9915] evm: overlay not supported [ 476.524813][ T5928] usb 4-1: USB disconnect, device number 14 [ 476.940459][ T9933] loop2: detected capacity change from 0 to 7 [ 477.194612][ T9933] Dev loop2: unable to read RDB block 7 [ 477.203448][ T9933] loop2: AHDI p2 p3 [ 477.208661][ T9933] loop2: partition table partially beyond EOD, truncated [ 477.219112][ T9933] loop2: p2 size 150995456 extends beyond EOD, truncated [ 481.108557][ T9957] netlink: 'syz.3.1109': attribute type 3 has an invalid length. [ 481.136589][ T9957] netlink: 'syz.3.1109': attribute type 1 has an invalid length. [ 481.202624][ T9957] netlink: 220 bytes leftover after parsing attributes in process `syz.3.1109'. [ 482.708376][T10016] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1122'. [ 482.719346][T10016] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1122'. [ 483.149302][ T5835] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 483.327582][ T5835] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 483.443166][T10021] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 484.249501][T10021] orangefs_mount: mount request failed with -4 [ 484.250003][ T5835] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.291950][ T5835] usb 2-1: Product: syz [ 484.296173][ T5835] usb 2-1: Manufacturer: syz [ 484.300791][ T5835] usb 2-1: SerialNumber: syz [ 484.312280][ T5835] usb 2-1: config 0 descriptor?? [ 484.320809][ T5835] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 484.537942][T10028] tipc: Enabled bearer , priority 0 [ 485.282464][ T5835] gspca_sunplus: reg_r err -110 [ 485.287458][ T5835] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 485.327696][T10028] syzkaller0: entered promiscuous mode [ 485.372016][T10028] syzkaller0: entered allmulticast mode [ 486.321448][T10027] tipc: Resetting bearer [ 486.508489][T10027] tipc: Disabling bearer [ 487.912390][ T5901] usb 2-1: USB disconnect, device number 16 [ 488.484822][T10063] lo speed is unknown, defaulting to 1000 [ 488.635092][T10068] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 488.684338][ T9606] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 489.342439][ T9606] usb 3-1: Using ep0 maxpacket: 32 [ 489.788708][ T9606] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 489.812713][ T9606] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.996550][ T9606] usb 3-1: config 0 descriptor?? [ 490.007781][ T9606] gspca_main: sq930x-2.14.0 probing 041e:403c [ 490.719236][ T9606] gspca_sq930x: reg_r 001f failed -110 [ 490.824977][ T9606] sq930x 3-1:0.0: probe with driver sq930x failed with error -110 [ 492.409854][ T5929] usb 3-1: USB disconnect, device number 19 [ 497.269288][T10153] IPVS: set_ctl: invalid protocol: 108 172.20.20.170:20003 [ 498.330420][T10164] netlink: 'syz.2.1166': attribute type 4 has an invalid length. [ 498.463609][T10164] Bluetooth: MGMT ver 1.23 [ 498.733518][ T5928] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 498.924643][ T5928] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 499.058393][ T5928] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 499.058424][ T5928] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 499.058480][ T5928] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 499.058514][ T5928] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 499.066213][ T5928] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 499.066245][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 499.066263][ T5928] usb 1-1: Product: syz [ 499.066276][ T5928] usb 1-1: Manufacturer: syz [ 499.103177][ T5928] cdc_wdm 1-1:1.0: skipping garbage [ 499.103199][ T5928] cdc_wdm 1-1:1.0: skipping garbage [ 499.174004][ T5928] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 499.174029][ T5928] cdc_wdm 1-1:1.0: Unknown control protocol [ 499.282169][ T30] audit: type=1326 audit(1755843006.299:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10175 comm="syz.2.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82b8ebe9 code=0x7ffc0000 [ 499.868149][ T30] audit: type=1326 audit(1755843006.299:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10175 comm="syz.2.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f0e82b8ebe9 code=0x7ffc0000 [ 499.889551][ C1] vkms_vblank_simulate: vblank timer overrun [ 499.948074][ T30] audit: type=1326 audit(1755843006.299:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10175 comm="syz.2.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82b8ebe9 code=0x7ffc0000 [ 500.136239][ T30] audit: type=1326 audit(1755843006.299:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10175 comm="syz.2.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f0e82b8ebe9 code=0x7ffc0000 [ 500.157816][ C1] vkms_vblank_simulate: vblank timer overrun [ 500.164085][ T5929] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 500.266197][T10187] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1168'. [ 500.728294][ T30] audit: type=1326 audit(1755843006.299:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10175 comm="syz.2.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82b8ebe9 code=0x7ffc0000 [ 500.799558][ T30] audit: type=1326 audit(1755843006.299:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10175 comm="syz.2.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82b8ebe9 code=0x7ffc0000 [ 500.827840][ T30] audit: type=1326 audit(1755843006.299:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10175 comm="syz.2.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0e82b8ebe9 code=0x7ffc0000 [ 500.911888][ T5929] usb 3-1: Using ep0 maxpacket: 32 [ 500.933910][ T30] audit: type=1326 audit(1755843006.299:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10175 comm="syz.2.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82b8ebe9 code=0x7ffc0000 [ 500.992274][ T30] audit: type=1326 audit(1755843006.299:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10175 comm="syz.2.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0e82b8ebe9 code=0x7ffc0000 [ 501.053147][ T5929] usb 3-1: config 0 has an invalid interface number: 79 but max is 0 [ 501.062695][ T30] audit: type=1326 audit(1755843006.299:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10175 comm="syz.2.1170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e82b8ebe9 code=0x7ffc0000 [ 501.127308][ T5929] usb 3-1: config 0 has no interface number 0 [ 501.172719][ T5929] usb 3-1: New USB device found, idVendor=16dc, idProduct=0015, bcdDevice=84.53 [ 501.319836][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.442816][ T5929] usb 3-1: Product: syz [ 501.976476][ T5901] usb 1-1: USB disconnect, device number 22 [ 501.982736][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.989132][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.119803][ T5929] usb 3-1: Manufacturer: syz [ 502.164529][ T5929] usb 3-1: SerialNumber: syz [ 502.242687][ T5929] usb 3-1: config 0 descriptor?? [ 503.234385][ T5929] usb 3-1: can't set config #0, error -71 [ 503.467478][ T5929] usb 3-1: USB disconnect, device number 20 [ 503.638172][ T5901] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 504.382426][ T5901] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 504.390755][ T5901] usb 1-1: config 0 has no interface number 0 [ 504.769071][ T5901] usb 1-1: config 0 interface 251 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 505.060600][T10233] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 505.604509][ T5901] usb 1-1: config 0 interface 251 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 505.915904][ T5901] usb 1-1: config 0 interface 251 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 507.424313][ T5901] usb 1-1: New USB device found, idVendor=05ac, idProduct=030b, bcdDevice=7d.4e [ 507.437001][T10254] orangefs_mount: mount request failed with -4 [ 507.526894][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.633826][ T5901] usb 1-1: Product: syz [ 507.693910][ T5901] usb 1-1: config 0 descriptor?? [ 507.772123][ T5901] usb 1-1: can't set config #0, error -71 [ 507.790290][ T5901] usb 1-1: USB disconnect, device number 23 [ 507.840449][T10297] IPVS: set_ctl: invalid protocol: 108 172.20.20.170:20003 [ 509.636169][T10326] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 511.283323][T10350] netlink: 'syz.1.1204': attribute type 10 has an invalid length. [ 511.615697][T10355] IPVS: set_ctl: invalid protocol: 108 172.20.20.170:20003 [ 511.972230][T10355] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 512.032263][T10355] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 513.356210][T10373] 9pnet_fd: Insufficient options for proto=fd [ 513.471411][T10375] overlayfs: failed to clone upperpath [ 514.693611][T10392] new mount options do not match the existing superblock, will be ignored [ 517.241404][T10416] IPVS: set_ctl: invalid protocol: 108 172.20.20.170:20003 [ 517.917804][T10420] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 517.930029][T10420] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 518.064079][T10422] 9pnet_fd: Insufficient options for proto=fd [ 518.321134][T10432] sctp: [Deprecated]: syz.1.1229 (pid 10432) Use of int in maxseg socket option. [ 518.321134][T10432] Use struct sctp_assoc_value instead [ 518.614075][T10437] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 519.390677][T10441] mmap: syz.3.1231 (10441) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 520.681450][ T9606] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 521.753432][ T9606] usb 1-1: Using ep0 maxpacket: 32 [ 521.774335][ T9606] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 521.872180][ T9606] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 521.912096][ T9606] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 521.921294][ T9606] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.977616][ T9606] usb 1-1: config 0 descriptor?? [ 523.394863][ T9606] usbhid 1-1:0.0: can't add hid device: -71 [ 523.400925][ T9606] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 523.427868][T10482] tipc: Enabled bearer , priority 0 [ 523.497545][T10482] syzkaller0: entered promiscuous mode [ 523.526523][T10482] syzkaller0: entered allmulticast mode [ 523.597636][ T9606] usb 1-1: USB disconnect, device number 24 [ 523.842020][T10493] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 524.082406][ T5928] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 524.426684][T10482] tipc: Resetting bearer [ 524.545727][T10481] tipc: Resetting bearer [ 524.646493][T10481] tipc: Disabling bearer [ 524.667082][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 524.679203][T10486] orangefs_mount: mount request failed with -4 [ 524.687021][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 524.699261][ T5928] usb 4-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 524.729612][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.749548][ T5928] usb 4-1: config 0 descriptor?? [ 525.013025][T10488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 525.062482][T10488] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 525.751283][ T1208] kernel write not supported for file bpf-prog (pid: 1208 comm: kworker/0:2) [ 526.023530][ T5928] usbhid 4-1:0.0: can't add hid device: -71 [ 526.042532][ T5928] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 526.261347][T10530] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 527.005070][ T5928] usb 4-1: USB disconnect, device number 15 [ 527.501143][T10549] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 529.221889][T10569] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 529.230079][T10569] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 529.243409][T10569] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 529.251345][T10569] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 532.016213][ T5835] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 532.305042][ T5835] usb 4-1: Using ep0 maxpacket: 16 [ 532.336713][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 532.541883][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 532.568287][ T5835] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 532.592907][ T5835] usb 4-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 532.602606][ T5835] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.631119][ T5835] usb 4-1: config 0 descriptor?? [ 532.675253][ T5835] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input19 [ 532.901451][ T5190] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 533.286552][T10611] IPVS: set_ctl: invalid protocol: 108 172.20.20.170:20003 [ 533.287451][T10611] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 533.287972][T10611] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 533.378242][T10603] ceph: No mds server is up or the cluster is laggy [ 533.390522][ T5953] libceph: connect (1)[c::]:6789 error -101 [ 533.406703][ T5953] libceph: mon0 (1)[c::]:6789 connect error [ 533.623162][ T5190] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 533.865008][ T5190] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 533.959921][ T5190] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 534.086340][T10619] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1278'. [ 534.948128][ T5835] usb 4-1: USB disconnect, device number 16 [ 536.994847][T10647] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 538.472808][T10663] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.541847][ T9372] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.549087][ T9372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 538.738257][T10666] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 538.847824][T10668] Bluetooth: hci0: invalid length 0, exp 2 for type 30 [ 538.869895][T10234] hid-generic FFFA:00B4:0006.0004: unknown main item tag 0x4 [ 539.260071][T10234] hid-generic FFFA:00B4:0006.0004: hidraw0: HID v7fffff.ff Device [syz1] on syz0 [ 539.772944][T10666] orangefs_mount: mount request failed with -4 [ 542.019134][T10698] netlink: 'syz.1.1298': attribute type 10 has an invalid length. [ 542.411539][T10704] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 542.419592][T10704] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 542.431878][T10704] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 542.439830][T10704] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 543.081875][T10706] IPVS: set_ctl: invalid protocol: 108 172.20.20.170:20003 [ 543.108854][T10706] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 543.677069][T10714] netlink: 'syz.3.1305': attribute type 10 has an invalid length. [ 543.723204][T10714] bridge0: port 2(bridge_slave_1) entered disabled state [ 543.730534][T10714] bridge0: port 1(bridge_slave_0) entered disabled state [ 543.761582][T10714] bridge0: port 2(bridge_slave_1) entered blocking state [ 543.768879][T10714] bridge0: port 2(bridge_slave_1) entered forwarding state [ 543.776444][T10714] bridge0: port 1(bridge_slave_0) entered blocking state [ 543.783583][T10714] bridge0: port 1(bridge_slave_0) entered forwarding state [ 543.876962][T10714] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 543.948231][T10716] openvswitch: netlink: VXLAN extension message has 8 unknown bytes. [ 544.296307][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 544.296322][ T30] audit: type=1326 audit(1755843051.349:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10722 comm="syz.0.1308" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f780398ebe9 code=0x0 [ 545.114884][T10739] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1312'. [ 545.596752][T10749] Invalid source name [ 545.600938][T10749] UBIFS error (pid: 10749): cannot open "ubifs", error -22 [ 545.711708][T10751] netlink: 'syz.0.1315': attribute type 6 has an invalid length. [ 551.808364][T10799] overlayfs: failed to clone upperpath [ 552.419750][T10802] loop4: detected capacity change from 0 to 7 [ 552.427240][T10802] Dev loop4: unable to read RDB block 7 [ 552.433067][T10802] loop4: unable to read partition table [ 552.438951][T10802] loop4: partition table beyond EOD, truncated [ 552.446384][T10802] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 552.793583][T10815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1331'. [ 552.802675][T10815] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1331'. [ 552.838199][T10814] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 553.538145][T10816] orangefs_mount: mount request failed with -4 [ 553.778473][T10819] tipc: Enabling of bearer rejected, failed to enable media [ 554.437271][T10845] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 554.727849][T10843] netlink: 'syz.4.1345': attribute type 6 has an invalid length. [ 555.687072][T10863] netlink: 'syz.1.1350': attribute type 10 has an invalid length. [ 556.189333][T10852] orangefs_mount: mount request failed with -4 [ 556.337081][T10868] netlink: 'syz.4.1354': attribute type 10 has an invalid length. [ 556.504240][T10875] tipc: Enabled bearer , priority 0 [ 556.552569][T10875] syzkaller0: entered promiscuous mode [ 556.552681][T10234] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 557.677441][T10875] syzkaller0: entered allmulticast mode [ 557.687325][T10878] netlink: 'syz.1.1356': attribute type 10 has an invalid length. [ 557.705648][T10875] tipc: Resetting bearer [ 557.719823][T10884] overlayfs: failed to clone upperpath [ 557.735842][T10874] tipc: Resetting bearer [ 557.809262][T10874] tipc: Disabling bearer [ 557.829651][T10234] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 557.845791][T10234] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 557.858522][T10234] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 557.879067][T10234] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 557.898767][T10234] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 557.913559][T10234] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 557.926939][T10234] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 557.935208][T10234] usb 3-1: Product: syz [ 557.939511][T10234] usb 3-1: Manufacturer: syz [ 557.955307][T10234] cdc_wdm 3-1:1.0: skipping garbage [ 557.960699][T10234] cdc_wdm 3-1:1.0: skipping garbage [ 557.973854][T10234] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 557.989029][T10234] cdc_wdm 3-1:1.0: Unknown control protocol [ 558.098489][T10897] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 558.277837][ T5953] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 558.890453][T10898] orangefs_mount: mount request failed with -4 [ 559.151914][ T5953] usb 2-1: Using ep0 maxpacket: 32 [ 559.168221][ T5953] usb 2-1: unable to get BOS descriptor or descriptor too short [ 559.766853][ T5953] usb 2-1: config 128 has an invalid interface number: 165 but max is 0 [ 559.789051][ T5953] usb 2-1: config 128 has no interface number 0 [ 559.801712][ T5953] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=a5.f3 [ 559.815045][ T5953] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.827126][ T5953] usb 2-1: Product: syz [ 559.831478][ T5953] usb 2-1: Manufacturer: syz [ 559.960215][ T5953] usb 2-1: SerialNumber: syz [ 560.109964][T10914] netlink: 'syz.3.1366': attribute type 6 has an invalid length. [ 560.862919][ T24] usb 3-1: USB disconnect, device number 21 [ 560.874160][T10915] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1367'. [ 560.919898][T10900] orangefs_mount: mount request failed with -4 [ 561.398600][T10920] FAULT_INJECTION: forcing a failure. [ 561.398600][T10920] name failslab, interval 1, probability 0, space 0, times 0 [ 561.411712][ T5953] usb 2-1: USB disconnect, device number 17 [ 561.437538][T10922] overlayfs: failed to clone upperpath [ 561.444058][T10920] CPU: 0 UID: 0 PID: 10920 Comm: syz.2.1369 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 561.444082][T10920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 561.444096][T10920] Call Trace: [ 561.444105][T10920] [ 561.444112][T10920] dump_stack_lvl+0x189/0x250 [ 561.444135][T10920] ? __pfx____ratelimit+0x10/0x10 [ 561.444153][T10920] ? __pfx_dump_stack_lvl+0x10/0x10 [ 561.444170][T10920] ? __pfx__printk+0x10/0x10 [ 561.444199][T10920] ? __pfx___might_resched+0x10/0x10 [ 561.444224][T10920] should_fail_ex+0x414/0x560 [ 561.444249][T10920] should_failslab+0xa8/0x100 [ 561.444273][T10920] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 561.444293][T10920] ? __alloc_skb+0x112/0x2d0 [ 561.444323][T10920] __alloc_skb+0x112/0x2d0 [ 561.444354][T10920] netlink_sendmsg+0x5c6/0xb30 [ 561.444390][T10920] ? __pfx_netlink_sendmsg+0x10/0x10 [ 561.444424][T10920] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 561.444442][T10920] ? __pfx_netlink_sendmsg+0x10/0x10 [ 561.444469][T10920] __sock_sendmsg+0x21c/0x270 [ 561.444494][T10920] ____sys_sendmsg+0x505/0x830 [ 561.444526][T10920] ? __pfx_____sys_sendmsg+0x10/0x10 [ 561.444564][T10920] ? import_iovec+0x74/0xa0 [ 561.444594][T10920] ___sys_sendmsg+0x21f/0x2a0 [ 561.444623][T10920] ? __pfx____sys_sendmsg+0x10/0x10 [ 561.444678][T10920] ? __fget_files+0x2a/0x420 [ 561.444698][T10920] ? __fget_files+0x3a0/0x420 [ 561.444731][T10920] __x64_sys_sendmsg+0x19b/0x260 [ 561.444764][T10920] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 561.444812][T10920] ? __pfx_ksys_write+0x10/0x10 [ 561.444828][T10920] ? rcu_is_watching+0x15/0xb0 [ 561.444855][T10920] ? do_syscall_64+0xbe/0x3b0 [ 561.444881][T10920] do_syscall_64+0xfa/0x3b0 [ 561.444900][T10920] ? lockdep_hardirqs_on+0x9c/0x150 [ 561.444921][T10920] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.444940][T10920] ? clear_bhb_loop+0x60/0xb0 [ 561.444964][T10920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.444983][T10920] RIP: 0033:0x7f0e82b8ebe9 [ 561.445000][T10920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 561.445017][T10920] RSP: 002b:00007f0e8395b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 561.445038][T10920] RAX: ffffffffffffffda RBX: 00007f0e82db5fa0 RCX: 00007f0e82b8ebe9 [ 561.445054][T10920] RDX: 0000000000040000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 561.445067][T10920] RBP: 00007f0e8395b090 R08: 0000000000000000 R09: 0000000000000000 [ 561.445079][T10920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 561.445091][T10920] R13: 00007f0e82db6038 R14: 00007f0e82db5fa0 R15: 00007ffeaa164208 [ 561.445123][T10920] [ 561.877039][ T5835] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 562.226457][ T5835] usb 1-1: config index 0 descriptor too short (expected 9, got 0) [ 562.961887][ T5835] usb 1-1: can't read configurations, error -22 [ 562.987261][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.994396][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.102114][ T5835] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 563.379649][ T5835] usb 1-1: config index 0 descriptor too short (expected 9, got 0) [ 563.421855][ T5835] usb 1-1: can't read configurations, error -22 [ 564.234030][ T5835] usb usb1-port1: attempt power cycle [ 565.165658][T10946] pim6reg: entered allmulticast mode [ 565.424415][T10954] IPVS: set_ctl: invalid protocol: 108 172.20.20.170:20003 [ 566.687978][T10972] tipc: Enabled bearer , priority 0 [ 566.775787][T10972] syzkaller0: entered promiscuous mode [ 567.194403][T10972] syzkaller0: entered allmulticast mode [ 567.228960][T10972] tipc: Resetting bearer [ 567.284708][T10971] tipc: Resetting bearer [ 567.413229][T10971] tipc: Disabling bearer [ 568.456006][T10990] IPVS: set_ctl: invalid protocol: 108 172.20.20.170:20003 [ 568.464410][T10990] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 569.468885][T11000] netlink: 'syz.3.1397': attribute type 1 has an invalid length. [ 569.497820][T10993] loop4: detected capacity change from 0 to 7 [ 569.519436][T10993] Dev loop4: unable to read RDB block 7 [ 569.525155][T10993] loop4: unable to read partition table [ 569.531004][T10993] loop4: partition table beyond EOD, truncated [ 569.537244][T10993] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 569.843805][T11009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1393'. [ 569.854535][T11009] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1393'. [ 570.386954][T11011] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1401'. [ 571.741123][T11039] netlink: 'syz.2.1405': attribute type 6 has an invalid length. [ 572.671934][T10234] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 573.173812][T10234] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 573.271889][T10234] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 573.289557][T10234] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 573.308541][T10234] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.316982][T10234] usb 1-1: Product: syz [ 573.321441][T10234] usb 1-1: Manufacturer: syz [ 573.328060][T10234] usb 1-1: SerialNumber: syz [ 573.554027][ T5155] Bluetooth: hci2: SCO packet for unknown connection handle 200 [ 573.571351][T10234] usb 1-1: 0:2 : does not exist [ 573.598811][T10234] usb 1-1: USB disconnect, device number 28 [ 576.052516][T11085] netlink: 'syz.4.1420': attribute type 6 has an invalid length. [ 578.472436][T11101] FAULT_INJECTION: forcing a failure. [ 578.472436][T11101] name failslab, interval 1, probability 0, space 0, times 0 [ 578.485305][T11101] CPU: 0 UID: 0 PID: 11101 Comm: syz.2.1424 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 578.485332][T11101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 578.485343][T11101] Call Trace: [ 578.485353][T11101] [ 578.485362][T11101] dump_stack_lvl+0x189/0x250 [ 578.485389][T11101] ? __pfx____ratelimit+0x10/0x10 [ 578.485411][T11101] ? __pfx_dump_stack_lvl+0x10/0x10 [ 578.485433][T11101] ? __pfx__printk+0x10/0x10 [ 578.485461][T11101] ? __pfx___might_resched+0x10/0x10 [ 578.485491][T11101] should_fail_ex+0x414/0x560 [ 578.485518][T11101] should_failslab+0xa8/0x100 [ 578.485542][T11101] __kmalloc_noprof+0xcb/0x4f0 [ 578.485560][T11101] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 578.485589][T11101] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 578.485620][T11101] genl_start+0x180/0x6c0 [ 578.485639][T11101] ? netlink_lookup+0x30/0x200 [ 578.485672][T11101] __netlink_dump_start+0x466/0x7e0 [ 578.485708][T11101] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 578.485734][T11101] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 578.485754][T11101] ? genl_get_cmd+0x67f/0x910 [ 578.485776][T11101] ? __pfx___mutex_lock+0x10/0x10 [ 578.485799][T11101] ? __pfx_genl_start+0x10/0x10 [ 578.485817][T11101] ? __pfx_genl_dumpit+0x10/0x10 [ 578.485834][T11101] ? __pfx_genl_done+0x10/0x10 [ 578.485857][T11101] ? __pfx_genl_rcv_msg+0x10/0x10 [ 578.485888][T11101] genl_rcv_msg+0x5da/0x790 [ 578.485916][T11101] ? __pfx_genl_rcv_msg+0x10/0x10 [ 578.485936][T11101] ? __pfx_nl802154_list_associations+0x10/0x10 [ 578.485978][T11101] netlink_rcv_skb+0x205/0x470 [ 578.486005][T11101] ? __pfx_genl_rcv_msg+0x10/0x10 [ 578.486028][T11101] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 578.486081][T11101] ? down_read+0x1ad/0x2e0 [ 578.486107][T11101] genl_rcv+0x28/0x40 [ 578.486125][T11101] netlink_unicast+0x75c/0x8e0 [ 578.486163][T11101] netlink_sendmsg+0x805/0xb30 [ 578.486188][T11101] ? lockdep_hardirqs_on+0x9c/0x150 [ 578.486219][T11101] ? __pfx_netlink_sendmsg+0x10/0x10 [ 578.486251][T11101] ? __sanitizer_cov_trace_pc+0x11/0x70 [ 578.486278][T11101] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 578.486298][T11101] ? __pfx_netlink_sendmsg+0x10/0x10 [ 578.486326][T11101] __sock_sendmsg+0x21c/0x270 [ 578.486353][T11101] ____sys_sendmsg+0x505/0x830 [ 578.486389][T11101] ? __pfx_____sys_sendmsg+0x10/0x10 [ 578.486430][T11101] ? import_iovec+0x74/0xa0 [ 578.486461][T11101] ___sys_sendmsg+0x21f/0x2a0 [ 578.486493][T11101] ? __pfx____sys_sendmsg+0x10/0x10 [ 578.486565][T11101] ? __fget_files+0x2a/0x420 [ 578.486585][T11101] ? __fget_files+0x3a0/0x420 [ 578.486620][T11101] __x64_sys_sendmsg+0x19b/0x260 [ 578.486652][T11101] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 578.486711][T11101] do_syscall_64+0xfa/0x3b0 [ 578.486734][T11101] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.486753][T11101] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 578.486771][T11101] ? clear_bhb_loop+0x60/0xb0 [ 578.486795][T11101] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.486814][T11101] RIP: 0033:0x7f0e82b8ebe9 [ 578.486831][T11101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 578.486849][T11101] RSP: 002b:00007f0e83919038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 578.486870][T11101] RAX: ffffffffffffffda RBX: 00007f0e82db6180 RCX: 00007f0e82b8ebe9 [ 578.486884][T11101] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000009 [ 578.486897][T11101] RBP: 00007f0e83919090 R08: 0000000000000000 R09: 0000000000000000 [ 578.486909][T11101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 578.486921][T11101] R13: 00007f0e82db6218 R14: 00007f0e82db6180 R15: 00007ffeaa164208 [ 578.486954][T11101] [ 579.562928][T11122] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 579.578457][T11122] batadv_slave_1: entered promiscuous mode [ 579.595691][T11122] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1432'. [ 580.989281][T11136] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1436'. [ 581.010124][T11136] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 581.107830][T11137] lo speed is unknown, defaulting to 1000 [ 581.222280][T11140] 9pnet_fd: Insufficient options for proto=fd [ 581.344851][T11140] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 581.443276][T10272] bond0: (slave team0): link status definitely down, disabling slave [ 581.619591][T11144] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1438'. [ 581.630001][T11144] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1438'. [ 581.674702][T11144] vlan3: entered allmulticast mode [ 583.321880][ T5953] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 583.511330][ T5953] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 583.531603][ T5953] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 583.554358][ T5953] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 583.563809][ T5953] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 583.581123][ T5953] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 583.625111][ T5953] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 583.637761][ T5953] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 583.646086][ T5953] usb 4-1: Product: syz [ 583.650410][ T5953] usb 4-1: Manufacturer: syz [ 583.697178][ T5953] cdc_wdm 4-1:1.0: skipping garbage [ 583.705596][ T5953] cdc_wdm 4-1:1.0: skipping garbage [ 583.717108][ T5953] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 583.723227][ T5953] cdc_wdm 4-1:1.0: Unknown control protocol [ 585.178179][T11194] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 585.992352][T11186] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1450'. [ 586.001973][T11186] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1450'. [ 586.240414][ T9606] usb 4-1: USB disconnect, device number 17 [ 587.683262][T11208] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1456'. [ 588.036256][ T5928] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 588.396249][ T5928] usb 3-1: Using ep0 maxpacket: 8 [ 588.451082][ T5928] usb 3-1: config 0 has an invalid interface number: 186 but max is 0 [ 588.688907][ T5928] usb 3-1: config 0 has no interface number 0 [ 588.888495][ T5928] usb 3-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 589.052284][ T5928] usb 3-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 589.071925][ T5928] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 589.091931][ T5928] usb 3-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 589.137770][T11226] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 589.153151][T11226] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0 [ 589.313341][ T5928] usb 3-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 589.327776][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.336155][ T5928] usb 3-1: Product: syz [ 589.346783][ T5928] usb 3-1: Manufacturer: syz [ 589.358310][ T5928] usb 3-1: SerialNumber: syz [ 589.369862][ T5928] usb 3-1: config 0 descriptor?? [ 589.982655][ T5928] iowarrior 3-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0 [ 590.072338][T11210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 590.107032][T11234] netlink: 'syz.0.1462': attribute type 29 has an invalid length. [ 590.115348][T11210] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 590.151638][T11234] netlink: 'syz.0.1462': attribute type 29 has an invalid length. [ 590.169161][T10234] usb 3-1: USB disconnect, device number 22 [ 590.539550][T11250] netlink: 'syz.1.1465': attribute type 6 has an invalid length. [ 624.427644][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.434850][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 665.028641][T11266] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 666.449489][T11284] xt_bpf: check failed: parse error [ 666.474058][T11284] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1476'. [ 666.492370][T11284] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1476'. [ 667.155442][T11307] netlink: 'syz.3.1482': attribute type 6 has an invalid length. [ 667.905675][T11312] overlayfs: failed to clone upperpath [ 668.568110][ T5953] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 668.727866][ T5953] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 668.758359][ T5953] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 668.876116][ T5953] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 668.904029][ T5953] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 668.998370][ T5953] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 669.040567][ T5953] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 669.229246][ T5953] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 669.248679][ T5953] usb 4-1: Product: syz [ 669.256313][ T5953] usb 4-1: Manufacturer: syz [ 669.276844][ T5953] cdc_wdm 4-1:1.0: skipping garbage [ 669.347176][ T5953] cdc_wdm 4-1:1.0: skipping garbage [ 669.686537][ T5953] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 669.802704][ T5953] cdc_wdm 4-1:1.0: Unknown control protocol [ 671.515588][T11347] netlink: 'syz.1.1495': attribute type 6 has an invalid length. [ 672.101219][ T43] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 672.109353][ T5953] usb 4-1: USB disconnect, device number 18 [ 672.346657][ T43] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 672.376368][ T43] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 672.397367][T11351] overlayfs: missing 'lowerdir' [ 672.417597][ T43] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 672.440781][ T43] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 672.470973][ T43] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 672.589247][ T43] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 672.898875][ T1208] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 673.203053][ T43] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 673.211101][ T43] usb 1-1: Product: syz [ 673.215370][ T43] usb 1-1: Manufacturer: syz [ 673.402604][ T43] cdc_wdm 1-1:1.0: skipping garbage [ 673.413334][ T43] cdc_wdm 1-1:1.0: skipping garbage [ 673.443197][ T43] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 673.449168][ T43] cdc_wdm 1-1:1.0: Unknown control protocol [ 673.455093][ T1208] usb 4-1: Using ep0 maxpacket: 32 [ 673.817233][T11366] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1494'. [ 674.666860][ T1208] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 674.691913][ T1208] usb 4-1: config 0 has no interface number 0 [ 674.708433][ T1208] usb 4-1: config 0 interface 184 has no altsetting 0 [ 674.726214][ T1208] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 674.745738][ T1208] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 674.755342][ T1208] usb 4-1: Product: syz [ 674.760864][ T1208] usb 4-1: Manufacturer: syz [ 674.765995][ T1208] usb 4-1: SerialNumber: syz [ 674.776631][ T1208] usb 4-1: config 0 descriptor?? [ 674.793337][ T1208] smsc75xx v1.0.0 [ 674.801919][ T1208] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 674.820125][ T1208] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -22 [ 674.838795][T11374] 9pnet_fd: Insufficient options for proto=fd [ 674.855961][T11374] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 674.888706][T10281] bond0: (slave team0): link status definitely down, disabling slave [ 675.513125][T11380] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 675.603655][ T5928] usb 4-1: USB disconnect, device number 19 [ 675.737543][ T5953] usb 1-1: USB disconnect, device number 29 [ 676.171526][T11380] orangefs_mount: mount request failed with -4 [ 676.504492][T11391] netlink: 'syz.2.1508': attribute type 6 has an invalid length. [ 677.281916][ T5953] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 677.845411][ T5953] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 678.462431][ T5953] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 678.475782][ T5953] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 678.484873][ T5953] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 678.497298][ T5953] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 678.511348][ T5953] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 678.538800][ T5953] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 678.556536][ T5953] usb 1-1: Product: syz [ 678.565439][ T5953] usb 1-1: Manufacturer: syz [ 678.580984][ T5953] cdc_wdm 1-1:1.0: skipping garbage [ 679.609090][ T5953] cdc_wdm 1-1:1.0: skipping garbage [ 679.850715][ T5953] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 679.859564][ T5953] cdc_wdm 1-1:1.0: Unknown control protocol [ 680.797927][T11420] veth1_macvtap: left promiscuous mode [ 680.803701][T11420] macsec0: entered promiscuous mode [ 680.808997][T11420] macsec0: entered allmulticast mode [ 680.822205][T11420] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1516'. [ 680.835368][T11420] Bluetooth: MGMT ver 1.23 [ 681.471893][ T5953] usb 1-1: USB disconnect, device number 30 [ 682.494824][T11436] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1521'. [ 685.317783][T10274] Bluetooth: hci5: Frame reassembly failed (-84) [ 685.342094][T10234] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 685.529975][T10234] usb 3-1: unable to get BOS descriptor or descriptor too short [ 685.642405][T10234] usb 3-1: config 1 interface 0 altsetting 64 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 685.740098][T10234] usb 3-1: config 1 interface 0 has no altsetting 0 [ 685.849857][T10234] usb 3-1: New USB device found, idVendor=0b05, idProduct=18c6, bcdDevice= 0.40 [ 685.878483][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.894617][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.966257][T10234] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 686.048792][T10234] usb 3-1: Product: syz [ 686.096325][T10234] usb 3-1: Manufacturer: syz [ 686.151628][T10234] usb 3-1: SerialNumber: syz [ 686.198973][T11451] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 686.436686][T10234] usbhid 3-1:1.0: can't add hid device: -71 [ 686.443712][T10234] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 686.454526][T10234] usb 3-1: USB disconnect, device number 23 [ 686.542443][ T3595] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 686.714219][ T3595] usb 4-1: Using ep0 maxpacket: 32 [ 686.724561][ T3595] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 686.742252][ T3595] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 686.759378][ T3595] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 686.776146][ T3595] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 686.788951][ T3595] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 686.802336][ T3595] usb 4-1: config 0 descriptor?? [ 686.808247][T11467] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 686.819179][ T3595] hub 4-1:0.0: USB hub found [ 687.031558][ T3595] hub 4-1:0.0: 2 ports detected [ 687.353743][ T5155] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 688.286855][ T3595] hub 4-1:0.0: set hub depth failed [ 688.316080][ T3595] usb 4-1: USB disconnect, device number 20 [ 689.989273][T11479] netlink: 'syz.4.1534': attribute type 12 has an invalid length. [ 690.093750][T11501] loop8: detected capacity change from 0 to 7 [ 690.150024][T11501] Dev loop8: unable to read RDB block 7 [ 690.156195][T11501] loop8: AHDI p1 p2 p3 [ 690.160835][T11501] loop8: partition table partially beyond EOD, truncated [ 690.169614][T11501] loop8: p1 start 1601398130 is beyond EOD, truncated [ 690.177842][T11501] loop8: p2 start 1702059890 is beyond EOD, truncated [ 690.190697][ T3595] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 690.697997][ T3595] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 690.743344][ T3595] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 690.779997][ T3595] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 690.907407][ T3595] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 690.991143][T11511] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 691.240832][ T3595] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 692.489427][ T3595] usb 1-1: config 0 descriptor?? [ 692.603046][ T3595] hub 1-1:0.0: USB hub found [ 692.892348][ T3595] hub 1-1:0.0: 14 ports detected [ 692.904676][ T3595] hub 1-1:0.0: insufficient power available to use all downstream ports [ 694.212010][ T3595] hub 1-1:0.0: hub_hub_status failed (err = -32) [ 694.256751][ T3595] hub 1-1:0.0: config failed, can't get hub status (err -32) [ 694.721920][ T1208] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 695.536128][ T1208] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 695.623948][ T1208] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 695.630731][T11552] orangefs_mount: mount request failed with -4 [ 695.655273][ T1208] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 695.783729][ T1208] usb 2-1: config 1 has no interface number 0 [ 695.908890][ T1208] usb 2-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 695.934555][ T5901] usb 1-1: USB disconnect, device number 31 [ 695.988311][T11561] netlink: 'syz.2.1558': attribute type 10 has an invalid length. [ 696.114013][ T1208] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 696.158218][ T1208] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 696.175131][ T1208] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 696.191797][ T1208] usb 2-1: Product: syz [ 696.200326][ T1208] usb 2-1: Manufacturer: syz [ 696.205239][ T1208] usb 2-1: SerialNumber: syz [ 696.364652][T11568] IPVS: length: 214 != 24 [ 697.497374][T11548] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1554'. [ 697.627750][ T1208] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 697.794310][ T1208] usb 2-1: USB disconnect, device number 18 [ 697.809517][T11582] 9pnet_fd: Insufficient options for proto=fd [ 697.810275][T11584] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 697.838690][ T9370] bond0: (slave team0): link status definitely down, disabling slave [ 698.868894][T11591] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 698.900534][T11591] CIFS mount error: No usable UNC path provided in device string! [ 698.900534][T11591] [ 699.888618][T11591] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 700.209984][T11603] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1566'. [ 700.503283][T11611] netlink: 'syz.1.1570': attribute type 6 has an invalid length. [ 701.397477][T11618] netlink: 'syz.0.1573': attribute type 10 has an invalid length. [ 704.033838][T11638] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 704.156731][T11640] netlink: 'syz.4.1581': attribute type 10 has an invalid length. [ 705.186267][T11669] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 705.193071][T11669] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 705.199596][T11669] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 705.206279][T11669] comedi comedi3: 8255: I/O port conflict (0x7fffffff,4) [ 705.249797][T11669] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 705.257043][T11669] comedi comedi3: 8255: I/O port conflict (0xffffffff80000005,4) [ 705.264888][T11669] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 705.271547][T11669] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 705.297836][T11669] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 705.331899][T11669] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 705.363783][T11674] netlink: 'syz.4.1594': attribute type 10 has an invalid length. [ 706.237540][T11681] xt_CT: You must specify a L4 protocol and not use inversions on it [ 706.360514][T11686] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 706.383867][T10274] bond0: (slave team0): link status definitely down, disabling slave [ 706.562519][T11695] netlink: 'syz.0.1601': attribute type 21 has an invalid length. [ 706.580906][T11695] netlink: 'syz.0.1601': attribute type 6 has an invalid length. [ 706.601177][T11695] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1601'. [ 708.902219][ T1208] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 708.937536][T11727] netlink: zone id is out of range [ 708.943021][T11727] netlink: zone id is out of range [ 708.948154][T11727] netlink: zone id is out of range [ 708.992468][T11727] netlink: set zone limit has 4 unknown bytes [ 708.999378][T11728] netlink: del zone limit has 4 unknown bytes [ 709.053860][ T1208] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 709.100156][ T1208] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 709.110552][ T5901] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 709.119187][ T5928] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 709.127701][ T1208] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 709.138634][ T1208] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 709.149801][ T1208] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 709.234063][ T1208] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 709.243391][ T1208] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 709.251369][ T1208] usb 4-1: Product: syz [ 709.255706][ T1208] usb 4-1: Manufacturer: syz [ 709.264005][ T1208] cdc_wdm 4-1:1.0: skipping garbage [ 709.269216][ T1208] cdc_wdm 4-1:1.0: skipping garbage [ 709.288482][ T1208] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 709.300155][ T1208] cdc_wdm 4-1:1.0: Unknown control protocol [ 709.311966][ T5901] usb 3-1: Using ep0 maxpacket: 32 [ 709.322840][ T5901] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00 [ 709.332189][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.341384][ T5928] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 709.350386][ T5928] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 709.363056][ T5901] usb 3-1: config 0 descriptor?? [ 709.379198][ T5928] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 709.402878][ T5928] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 709.419634][ T5928] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 709.444873][ T5928] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 709.461470][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 709.476122][ T5928] usb 1-1: Product: syz [ 709.480489][ T5928] usb 1-1: Manufacturer: syz [ 709.641807][ T5928] cdc_wdm 1-1:1.0: skipping garbage [ 709.647149][ T5928] cdc_wdm 1-1:1.0: skipping garbage [ 709.664385][ T5928] cdc_wdm 1-1:1.0: cdc-wdm1: USB WDM device [ 709.670378][ T5928] cdc_wdm 1-1:1.0: Unknown control protocol [ 709.756332][T11730] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1607'. [ 710.285686][ T5901] konepure 0003:1E7D:2DBE.0005: hidraw0: USB HID v1.01 Device [HID 1e7d:2dbe] on usb-dummy_hcd.2-1/input0 [ 710.632004][ T9606] usb 3-1: USB disconnect, device number 24 [ 710.668586][T11740] netlink: 'syz.4.1613': attribute type 10 has an invalid length. [ 711.526345][ T5928] usb 4-1: USB disconnect, device number 21 [ 711.579470][T11740] team0: Port device wlan1 added [ 712.059628][T11758] sp0: Synchronizing with TNC [ 712.880923][ T3595] usb 1-1: USB disconnect, device number 32 [ 715.313469][ T9370] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.561219][ T9370] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.727245][ T9370] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 715.754044][ T9616] bond0: (slave syz_tun): Releasing backup interface [ 715.840739][ T9370] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 716.032918][ T9370] bridge_slave_1: left allmulticast mode [ 716.042253][ T9370] bridge_slave_1: left promiscuous mode [ 716.049338][ T9370] bridge0: port 2(bridge_slave_1) entered disabled state [ 716.074307][ T9370] bridge0: port 1(bridge_slave_0) entered disabled state [ 716.326344][ T9370] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 716.480932][ T9370] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 716.494389][ T9370] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 716.506139][ T9370] bond0 (unregistering): (slave team0): Releasing backup interface [ 716.514851][ T9370] bond0 (unregistering): Released all slaves [ 716.587617][ T9370] tipc: Left network mode [ 716.781111][ T9370] hsr_slave_0: left promiscuous mode [ 716.788196][ T9370] hsr_slave_1: left promiscuous mode [ 716.794540][ T9370] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 716.804305][ T9370] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 716.813076][ T9370] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 716.820479][ T9370] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 716.829215][ T9370] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 716.836534][ T9370] batman_adv: batadv0: Removing interface: virt_wifi0 [ 716.857521][ T9370] veth0_macvtap: left promiscuous mode [ 716.863711][ T9370] veth1_vlan: left promiscuous mode [ 716.869161][ T9370] veth0_vlan: left promiscuous mode [ 716.942727][ T9370] pim6reg (unregistering): left allmulticast mode [ 717.310874][ T9370] team0 (unregistering): Port device team_slave_1 removed [ 717.354109][ T9370] team0 (unregistering): Port device team_slave_0 removed [ 718.104636][ T973] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.173099][ T973] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.247831][ T973] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.339073][ T973] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.462129][ T973] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.527277][ T973] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.590281][ T973] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.667754][ T973] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.816423][ T973] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.890000][ T973] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.949338][ T973] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.008978][ T973] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.106331][ T973] bridge_slave_1: left allmulticast mode [ 719.112595][ T973] bridge_slave_1: left promiscuous mode [ 719.118408][ T973] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.128298][ T973] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.140678][ T973] bridge_slave_1: left allmulticast mode [ 719.147215][ T973] bridge_slave_1: left promiscuous mode [ 719.154251][ T973] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.165271][ T973] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.176956][ T973] bridge_slave_1: left allmulticast mode [ 719.183633][ T973] bridge_slave_1: left promiscuous mode [ 719.189323][ T973] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.198395][ T973] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.523621][ T973] bond1 (unregistering): (slave bridge1): Releasing backup interface [ 719.531951][ T973] bridge1 (unregistering): left promiscuous mode [ 719.659694][ T973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 719.671542][ T973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 719.691655][ T973] bond0 (unregistering): (slave team0): Releasing backup interface [ 719.700365][ T973] bond0 (unregistering): Released all slaves [ 719.799167][ T973] bond1 (unregistering): Released all slaves [ 719.835991][ T973] bond1 (unregistering): (slave ip6gretap1): Releasing active interface [ 719.844533][ T973] bond1 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 4a:48:72:a4:cc:51 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 719.867516][ T973] bond1 (unregistering): (slave erspan0): making interface the new active one [ 719.936581][ T973] bond1 (unregistering): (slave erspan0): Releasing active interface [ 719.989828][ T973] dvmrp1 (unregistering): left allmulticast mode [ 720.139638][ T973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 720.150163][ T973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 720.160741][ T973] bond0 (unregistering): (slave team0): Releasing backup interface [ 720.169905][ T973] bond0 (unregistering): Released all slaves [ 720.270164][ T973] bond1 (unregistering): (slave veth3): Releasing active interface [ 720.280778][ T973] bond1 (unregistering): Released all slaves [ 720.572011][ T973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 720.591177][ T973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 720.602433][ T973] bond0 (unregistering): (slave team0): Releasing backup interface [ 720.610994][ T973] bond0 (unregistering): Released all slaves [ 720.625753][ T973] bond1 (unregistering): Released all slaves [ 720.746213][ T973] tipc: Disabling bearer [ 720.764580][ T973] tipc: Left network mode [ 720.784821][ T973] tipc: Disabling bearer [ 720.793167][ T973] tipc: Left network mode [ 720.808587][ T973] tipc: Disabling bearer [ 720.814871][ T973] tipc: Left network mode [ 721.000092][ T973] [ 721.002461][ T973] ====================================================== [ 721.009457][ T973] WARNING: possible circular locking dependency detected [ 721.016484][ T973] 6.16.0-syzkaller #0 Not tainted [ 721.021487][ T973] ------------------------------------------------------ [ 721.028486][ T973] kworker/u8:5/973 is trying to acquire lock: [ 721.034551][ T973] ffff888076e24e00 (team->team_lock_key){+.+.}-{4:4}, at: team_del_slave+0x32/0x1c0 [ 721.043937][ T973] [ 721.043937][ T973] but task is already holding lock: [ 721.051280][ T973] ffff888056d80768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0 [ 721.061709][ T973] [ 721.061709][ T973] which lock already depends on the new lock. [ 721.061709][ T973] [ 721.072116][ T973] [ 721.072116][ T973] the existing dependency chain (in reverse order) is: [ 721.081361][ T973] [ 721.081361][ T973] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 721.089100][ T973] lock_acquire+0x120/0x360 [ 721.094113][ T973] __mutex_lock+0x182/0xe80 [ 721.099150][ T973] ieee80211_open+0xed/0x1f0 [ 721.104257][ T973] __dev_open+0x470/0x880 [ 721.109092][ T973] netif_open+0xaa/0x170 [ 721.113837][ T973] dev_open+0x125/0x260 [ 721.118497][ T973] team_add_slave+0xb36/0x2840 [ 721.123848][ T973] do_set_master+0x530/0x6d0 [ 721.128959][ T973] do_setlink+0xcf0/0x41c0 [ 721.133908][ T973] rtnl_newlink+0x160b/0x1c70 [ 721.139096][ T973] rtnetlink_rcv_msg+0x7cc/0xb70 [ 721.144542][ T973] netlink_rcv_skb+0x205/0x470 [ 721.149813][ T973] netlink_unicast+0x75c/0x8e0 [ 721.155085][ T973] netlink_sendmsg+0x805/0xb30 [ 721.160381][ T973] __sock_sendmsg+0x21c/0x270 [ 721.165576][ T973] ____sys_sendmsg+0x505/0x830 [ 721.170861][ T973] ___sys_sendmsg+0x21f/0x2a0 [ 721.176068][ T973] __x64_sys_sendmsg+0x19b/0x260 [ 721.181513][ T973] do_syscall_64+0xfa/0x3b0 [ 721.186537][ T973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.192971][ T973] [ 721.192971][ T973] -> #0 (team->team_lock_key){+.+.}-{4:4}: [ 721.201069][ T973] validate_chain+0xb9b/0x2140 [ 721.206353][ T973] __lock_acquire+0xab9/0xd20 [ 721.211556][ T973] lock_acquire+0x120/0x360 [ 721.216565][ T973] __mutex_lock+0x182/0xe80 [ 721.221577][ T973] team_del_slave+0x32/0x1c0 [ 721.226678][ T973] team_device_event+0x285/0xa20 [ 721.232137][ T973] notifier_call_chain+0x1b3/0x3e0 [ 721.237770][ T973] unregister_netdevice_many_notify+0x15d8/0x2320 [ 721.244722][ T973] unregister_netdevice_queue+0x33c/0x380 [ 721.250980][ T973] _cfg80211_unregister_wdev+0x165/0x590 [ 721.257153][ T973] ieee80211_remove_interfaces+0x49a/0x6d0 [ 721.263495][ T973] ieee80211_unregister_hw+0x5d/0x2c0 [ 721.269382][ T973] mac80211_hwsim_del_radio+0x275/0x460 [ 721.275443][ T973] hwsim_exit_net+0x584/0x640 [ 721.280629][ T973] ops_undo_list+0x497/0x990 [ 721.285816][ T973] cleanup_net+0x4c5/0x800 [ 721.290817][ T973] process_scheduled_works+0xade/0x17b0 [ 721.296908][ T973] worker_thread+0x8a0/0xda0 [ 721.302062][ T973] kthread+0x70e/0x8a0 [ 721.306661][ T973] ret_from_fork+0x3fc/0x770 [ 721.311763][ T973] ret_from_fork_asm+0x1a/0x30 [ 721.317064][ T973] [ 721.317064][ T973] other info that might help us debug this: [ 721.317064][ T973] [ 721.327309][ T973] Possible unsafe locking scenario: [ 721.327309][ T973] [ 721.334752][ T973] CPU0 CPU1 [ 721.340205][ T973] ---- ---- [ 721.345587][ T973] lock(&rdev->wiphy.mtx); [ 721.350078][ T973] lock(team->team_lock_key); [ 721.357348][ T973] lock(&rdev->wiphy.mtx); [ 721.364358][ T973] lock(team->team_lock_key); [ 721.369102][ T973] [ 721.369102][ T973] *** DEADLOCK *** [ 721.369102][ T973] [ 721.377228][ T973] 5 locks held by kworker/u8:5/973: [ 721.382407][ T973] #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 721.393353][ T973] #1: ffffc90003a3fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 721.403870][ T973] #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 721.413180][ T973] #3: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0 [ 721.423015][ T973] #4: ffff888056d80768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0 [ 721.433800][ T973] [ 721.433800][ T973] stack backtrace: [ 721.439777][ T973] CPU: 1 UID: 0 PID: 973 Comm: kworker/u8:5 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 721.439792][ T973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 721.439800][ T973] Workqueue: netns cleanup_net [ 721.439818][ T973] Call Trace: [ 721.439824][ T973] [ 721.439830][ T973] dump_stack_lvl+0x189/0x250 [ 721.439845][ T973] ? __pfx_dump_stack_lvl+0x10/0x10 [ 721.439855][ T973] ? __pfx__printk+0x10/0x10 [ 721.439869][ T973] ? print_lock_name+0xde/0x100 [ 721.439881][ T973] print_circular_bug+0x2ee/0x310 [ 721.439894][ T973] check_noncircular+0x134/0x160 [ 721.439906][ T973] validate_chain+0xb9b/0x2140 [ 721.439919][ T973] ? lockdep_hardirqs_on+0x9c/0x150 [ 721.439932][ T973] __lock_acquire+0xab9/0xd20 [ 721.439942][ T973] ? team_del_slave+0x32/0x1c0 [ 721.439956][ T973] lock_acquire+0x120/0x360 [ 721.439964][ T973] ? team_del_slave+0x32/0x1c0 [ 721.439977][ T973] ? __mutex_trylock_common+0x153/0x260 [ 721.440002][ T973] __mutex_lock+0x182/0xe80 [ 721.440013][ T973] ? team_del_slave+0x32/0x1c0 [ 721.440025][ T973] ? rcu_is_watching+0x15/0xb0 [ 721.440038][ T973] ? team_del_slave+0x32/0x1c0 [ 721.440051][ T973] ? __pfx___mutex_lock+0x10/0x10 [ 721.440062][ T973] ? bond_netdev_event+0xd9/0xe80 [ 721.440077][ T973] ? __pfx___mutex_lock+0x10/0x10 [ 721.440087][ T973] ? __pfx_bond_netdev_event+0x10/0x10 [ 721.440103][ T973] team_del_slave+0x32/0x1c0 [ 721.440117][ T973] team_device_event+0x285/0xa20 [ 721.440127][ T973] notifier_call_chain+0x1b3/0x3e0 [ 721.440141][ T973] unregister_netdevice_many_notify+0x15d8/0x2320 [ 721.440156][ T973] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 721.440167][ T973] ? __lock_acquire+0xab9/0xd20 [ 721.440181][ T973] unregister_netdevice_queue+0x33c/0x380 [ 721.440191][ T973] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 721.440203][ T973] _cfg80211_unregister_wdev+0x165/0x590 [ 721.440219][ T973] ieee80211_remove_interfaces+0x49a/0x6d0 [ 721.440232][ T973] ? __pfx_synchronize_rcu+0x10/0x10 [ 721.440243][ T973] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 721.440255][ T973] ? rcu_is_watching+0x15/0xb0 [ 721.440266][ T973] ieee80211_unregister_hw+0x5d/0x2c0 [ 721.440283][ T973] mac80211_hwsim_del_radio+0x275/0x460 [ 721.440299][ T973] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 721.440316][ T973] hwsim_exit_net+0x584/0x640 [ 721.440329][ T973] ? __pfx_hwsim_exit_net+0x10/0x10 [ 721.440342][ T973] ? __ip_vs_dev_cleanup_batch+0x238/0x260 [ 721.440357][ T973] ops_undo_list+0x497/0x990 [ 721.440372][ T973] ? __pfx_ops_undo_list+0x10/0x10 [ 721.440387][ T973] cleanup_net+0x4c5/0x800 [ 721.440401][ T973] ? __pfx_cleanup_net+0x10/0x10 [ 721.440415][ T973] ? _raw_spin_unlock_irq+0x23/0x50 [ 721.440423][ T973] ? process_scheduled_works+0x9ef/0x17b0 [ 721.440433][ T973] ? process_scheduled_works+0x9ef/0x17b0 [ 721.440444][ T973] process_scheduled_works+0xade/0x17b0 [ 721.440459][ T973] ? __pfx_process_scheduled_works+0x10/0x10 [ 721.440472][ T973] worker_thread+0x8a0/0xda0 [ 721.440488][ T973] kthread+0x70e/0x8a0 [ 721.440502][ T973] ? __pfx_worker_thread+0x10/0x10 [ 721.440511][ T973] ? __pfx_kthread+0x10/0x10 [ 721.440524][ T973] ? _raw_spin_unlock_irq+0x23/0x50 [ 721.440532][ T973] ? lockdep_hardirqs_on+0x9c/0x150 [ 721.440542][ T973] ? __pfx_kthread+0x10/0x10 [ 721.440554][ T973] ret_from_fork+0x3fc/0x770 [ 721.440564][ T973] ? __pfx_ret_from_fork+0x10/0x10 [ 721.440574][ T973] ? __switch_to_asm+0x39/0x70 [ 721.440586][ T973] ? __switch_to_asm+0x33/0x70 [ 721.440597][ T973] ? __pfx_kthread+0x10/0x10 [ 721.440609][ T973] ret_from_fork_asm+0x1a/0x30 [ 721.440624][ T973] [ 721.796692][ T973] team0: Port device wlan1 removed [ 722.028446][ T973] hsr_slave_0: left promiscuous mode [ 722.034173][ T973] hsr_slave_1: left promiscuous mode [ 722.039786][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 722.047339][ T973] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 722.055526][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 722.064231][ T973] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 722.075509][ T973] hsr_slave_0: left promiscuous mode [ 722.081256][ T973] hsr_slave_1: left promiscuous mode [ 722.087111][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 722.094727][ T973] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 722.102388][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 722.109806][ T973] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 722.119883][ T973] hsr_slave_0: left promiscuous mode [ 722.127092][ T973] hsr_slave_1: left promiscuous mode [ 722.133315][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 722.140704][ T973] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 722.148575][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 722.156100][ T973] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 722.168815][ T973] veth1_macvtap: left promiscuous mode [ 722.174453][ T973] veth0_macvtap: left promiscuous mode [ 722.179967][ T973] veth1_vlan: left promiscuous mode [ 722.185325][ T973] veth0_vlan: left promiscuous mode [ 722.191319][ T973] veth1_macvtap: left promiscuous mode [ 722.197204][ T973] veth0_macvtap: left promiscuous mode [ 722.202865][ T973] veth1_vlan: left promiscuous mode [ 722.208111][ T973] veth0_vlan: left promiscuous mode [ 722.214324][ T973] veth1_macvtap: left promiscuous mode [ 722.219825][ T973] veth0_macvtap: left promiscuous mode [ 722.225513][ T973] veth1_vlan: left promiscuous mode [ 722.230760][ T973] veth0_vlan: left promiscuous mode [ 722.402815][ T973] team0 (unregistering): Port device team_slave_1 removed [ 722.429845][ T973] team0 (unregistering): Port device team_slave_0 removed [ 722.745811][ T973] team0 (unregistering): Port device team_slave_1 removed [ 722.756497][ T973] team0 (unregistering): Port device team_slave_0 removed [ 723.104035][ T973] team0 (unregistering): Port device team_slave_1 removed [ 723.132214][ T973] team0 (unregistering): Port device team_slave_0 removed [ 723.993320][ T973] IPVS: stop unused estimator thread 0...