last executing test programs: 19m4.211562926s ago: executing program 32 (id=81): syz_open_dev$video(0x0, 0x7, 0x101002) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, 0x0, 0x20040010) bind$alg(0xffffffffffffffff, 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023892) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, 0x0) poll(0x0, 0x0, 0x6) readlinkat(0xffffffffffffffff, 0x0, &(0x7f0000000180)=""/10, 0xa) fsmount(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40480d4}, 0x20) 16m49.89123593s ago: executing program 33 (id=546): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)={{0x12, 0x1, 0x0, 0x3a, 0x98, 0x2a, 0x8, 0xccd, 0x10a3, 0x23a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x57, 0x33, 0x19}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)={0x20, 0x14, 0x6, "cff6162afaf7"}, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 16m8.710267901s ago: executing program 4 (id=734): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1}}, 0x10) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r2, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) socket(0xa, 0x80807, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f00000000c0)='tmpfs\x00', 0xa145c7, 0x0) symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000300)={0x3b01, 0x0, 0x13}, 0x18) ioctl$FUSE_DEV_IOC_BACKING_CLOSE(0xffffffffffffffff, 0x4004e502, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1e, &(0x7f0000000040)=0x200, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) faccessat(r4, &(0x7f0000000000)='./file1\x00', 0xa6) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18) bind$inet6(r1, &(0x7f0000000540)={0xa, 0x4e22, 0x7, @empty, 0x200}, 0x1c) listen(r0, 0x0) 16m2.863262653s ago: executing program 4 (id=749): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000680001ed"], 0x2c}}, 0x4000) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000000)=ANY=[], 0xffc9) 16m2.581589645s ago: executing program 4 (id=752): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x8, 'batadv0\x00', {'wlan1\x00'}}) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x20200) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000000c0)) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r2, &(0x7f00000001c0)={0xa, 0x8000002, 0x0, @mcast2}, 0x1b) r3 = getpgrp(0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='setgroups\x00') quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x13, 0x13, &(0x7f0000001200)=@raw=[@call={0x85, 0x0, 0x0, 0x1f}, @alu={0x7, 0x0, 0x3, 0x8, 0x1, 0xffffffffffffffff, 0x10}, @func, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9cd}, @alu={0x4, 0x1, 0x4, 0x9, 0xe, 0x30, 0xfffffffffffffff0}, @exit, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, @map_val={0x18, 0x2, 0x2, 0x0, r7}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xba}}], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26}, 0x94) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYRES32], 0x2c}, 0x1, 0x0, 0x0, 0xc880}, 0x40000) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000300)={0x3, @win={{0x100002, 0x5, 0x0, 0x3}, 0x6, 0x5, &(0x7f0000000280)={{0x1, 0xc490, 0x7, 0xffffff28}}, 0x753, &(0x7f00000002c0), 0x76}}) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000009060102000000f8ffffff00000000000900020073797a310000000005000100070000001c0007800c00018008000140fffffffe0c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) 15m58.427575187s ago: executing program 4 (id=768): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) r1 = open(&(0x7f00000002c0)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x14a) renameat(r1, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00') 15m57.834999897s ago: executing program 4 (id=772): setresuid(0xee00, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) ioprio_set$uid(0x3, 0xee00, 0x0) ioprio_get$uid(0x3, 0x0) 15m54.687725824s ago: executing program 4 (id=792): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008}, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000100000001800018014000200776c616e30000000000000000000000b08000700e80700000800070001000000080009007f00000008000700090000000800080008000000080006"], 0x5c}, 0x1, 0x0, 0x0, 0x4084}, 0x0) 15m54.337290512s ago: executing program 34 (id=792): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008}, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01000000000000000000100000001800018014000200776c616e30000000000000000000000b08000700e80700000800070001000000080009007f00000008000700090000000800080008000000080006"], 0x5c}, 0x1, 0x0, 0x0, 0x4084}, 0x0) 13m58.872724585s ago: executing program 3 (id=1385): socketpair$unix(0x1, 0x3, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) bind$tipc(r0, 0x0, 0x0) sendmsg$tipc(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4010}, 0x8820) 13m58.112475115s ago: executing program 3 (id=1389): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32) ftruncate(r2, 0x6000000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0) truncate(0x0, 0x42d9) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x48042, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r4, 0x2000) ioctl$EXT4_IOC_GET_ES_CACHE(r4, 0xc020662a, 0x0) 13m57.590362033s ago: executing program 3 (id=1391): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_mreqsrc(r3, 0x0, 0x27, &(0x7f0000000200)={@remote, @private, @empty}, &(0x7f00000002c0)=0xc) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) semget$private(0x0, 0x4000, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x448d3}, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000740)) write$UHID_INPUT(r0, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b5b09094bf70e0dd038e7ff7fc6e5539b324c078b089b3438076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b32310d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e01000000138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12d3099dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f6dc7bcbf2a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509301815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827466cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d951061ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153bdf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033095563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db87195358bfee2916580dacae008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2df086dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36ffffffff00000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817b97c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000f4ff000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) 13m53.315436759s ago: executing program 3 (id=1402): sendmsg$NFT_MSG_GETTABLE(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x708e8866d617f1cf}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000800}, 0x0) write(0xffffffffffffffff, &(0x7f0000000500)="ba", 0x1) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x2) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4044011}], 0x1, 0x40040) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0) 13m52.200178381s ago: executing program 3 (id=1404): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) 13m48.855755566s ago: executing program 3 (id=1408): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x8, 'batadv0\x00', {'wlan1\x00'}}) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x20200) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000000c0)) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r2, &(0x7f00000001c0)={0xa, 0x8000002, 0x0, @mcast2}, 0x1b) r3 = getpgrp(0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='setgroups\x00') quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x13, 0x13, &(0x7f0000001200)=@raw=[@call={0x85, 0x0, 0x0, 0x1f}, @alu={0x7, 0x0, 0x3, 0x8, 0x1, 0xffffffffffffffff, 0x10}, @func, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9cd}, @alu={0x4, 0x1, 0x4, 0x9, 0xe, 0x30, 0xfffffffffffffff0}, @exit, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, @map_val={0x18, 0x2, 0x2, 0x0, r7}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xba}}], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26}, 0x94) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYRES32], 0x2c}, 0x1, 0x0, 0x0, 0xc880}, 0x40000) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000300)={0x3, @win={{0x100002, 0x5, 0x0, 0x3}, 0x6, 0x5, &(0x7f0000000280)={{0x1, 0xc490, 0x7, 0xffffff28}}, 0x753, &(0x7f00000002c0), 0x76}}) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000009060102000000f8ffffff00000000000900020073797a310000000005000100070000001c0007800c00018008000140fffffffe"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) 13m32.413502523s ago: executing program 35 (id=1408): openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x8, 'batadv0\x00', {'wlan1\x00'}}) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x20200) ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000000c0)) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r2, &(0x7f00000001c0)={0xa, 0x8000002, 0x0, @mcast2}, 0x1b) r3 = getpgrp(0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000004c0)='setgroups\x00') quotactl$Q_SYNC(0xffffffff80000101, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x13, 0x13, &(0x7f0000001200)=@raw=[@call={0x85, 0x0, 0x0, 0x1f}, @alu={0x7, 0x0, 0x3, 0x8, 0x1, 0xffffffffffffffff, 0x10}, @func, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x9cd}, @alu={0x4, 0x1, 0x4, 0x9, 0xe, 0x30, 0xfffffffffffffff0}, @exit, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, @map_val={0x18, 0x2, 0x2, 0x0, r7}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xba}}], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26}, 0x94) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=ANY=[@ANYRES32], 0x2c}, 0x1, 0x0, 0x0, 0xc880}, 0x40000) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000300)={0x3, @win={{0x100002, 0x5, 0x0, 0x3}, 0x6, 0x5, &(0x7f0000000280)={{0x1, 0xc490, 0x7, 0xffffff28}}, 0x753, &(0x7f00000002c0), 0x76}}) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000009060102000000f8ffffff00000000000900020073797a310000000005000100070000001c0007800c00018008000140fffffffe"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) 13m5.404090231s ago: executing program 7 (id=1462): syz_emit_ethernet(0x8a, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) setgroups(0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x4000) r4 = io_uring_setup(0xf08, 0x0) io_uring_register$IORING_UNREGISTER_RING_FDS(r4, 0x15, &(0x7f0000001900)=[{0x0, 0x1, 0x0, 0x0, 0x0}], 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0) r5 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r5, 0x40146f2c, &(0x7f00000000c0)={0x1, 0x0, 0x3, 0x13, 0x4}) close(r5) 13m2.909831124s ago: executing program 7 (id=1465): sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x4850) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) mount(&(0x7f0000000440)=@sg0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)='affs\x00', 0x0, 0x0) ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x890d, &(0x7f0000000180)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0x4e24, @broadcast}, {0x2, 0x4e24, @broadcast}, 0x80, 0x0, 0x0, 0x0, 0x9, 0x0, 0x6, 0xffffffffffffffff, 0x7}) readv(0xffffffffffffffff, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) 13m1.442859129s ago: executing program 7 (id=1467): r0 = io_uring_setup(0x650b, &(0x7f0000000180)={0x0, 0x2c3f, 0x0, 0x21, 0xab}) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) close(r1) r2 = socket(0x28, 0x5, 0x0) r3 = socket(0x28, 0x5, 0x0) listen(r3, 0x4) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000300)={0xa, 0x2, 0xfffffffc, @empty, 0x80000001}, 0x1c) setsockopt$inet6_tcp_int(r4, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r4, &(0x7f0000000340)="fb", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x3, @loopback, 0x1}}, 0x0, 0x0, 0x6, 0x0, "10baa70a93289349d889de25b87376f6622d337642b89005000000000000001b7ef6619dd6b2ca4edb6f7debd38b6d889a8c986b33e249c3157f1f370dfd6700"}, 0xd8) r5 = dup(r4) sendmsg$NFT_MSG_GETSET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000380)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x81}, 0x800) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), 0x0}, 0x20) getpeername$packet(r2, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) syz_usb_connect$uac1(0x0, 0xaa, &(0x7f0000000080)=ANY=[], 0x0) 12m59.961051221s ago: executing program 7 (id=1470): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="04460000000000009500"/28], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, 0x0, 0x20000000) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x680, 0x628, 0x3f8, 0x3f8, 0x0, 0x628, 0x710, 0x710, 0x710, 0x710, 0x710, 0x6, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast1, [], [], 'veth1\x00', 'syz_tun\x00'}, 0x11e, 0xa8, 0x1d0, 0x1f000000, {0x0, 0x7}}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'unconfined\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0, 0x7400}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@remote, 'nr0\x00'}}}, {{@ipv6={@empty, @private0, [], [], 'sit0\x00', 'sit0\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@dst={{0x48}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00', 0x0, {0x68}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@private, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6e0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) sendmmsg(r5, &(0x7f0000002900)=[{{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000b40)="97a797c5", 0xa797}], 0x1}}], 0x1, 0x0) bind$vsock_stream(r4, &(0x7f0000000440), 0x10) r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r6, 0xc400941d, 0x0) ioctl$BTRFS_IOC_DEV_INFO(r6, 0xd000941e, &(0x7f0000001880)={0x0, "f8f0b588b9fd32557d4834a86dee9291"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) open(0x0, 0x143bc2, 0x1c0) 12m56.963503015s ago: executing program 7 (id=1472): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x80000, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r6 = socket$rds(0x15, 0x5, 0x0) bind$rds(r6, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) syz_io_uring_setup(0x2, &(0x7f0000000180)={0x0, 0x289b, 0x10000, 0x1, 0x323}, &(0x7f0000000000), &(0x7f00000003c0)) ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000040)={0x6, 0x15, 0xc}) 12m55.396003194s ago: executing program 7 (id=1474): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000880), r0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = syz_open_dev$vcsu(&(0x7f00000000c0), 0x1, 0x100) read$snddsp(r2, 0x0, 0x0) syz_open_dev$dri(&(0x7f00000002c0), 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101343) openat$binderfs(0xffffffffffffff9c, 0x0, 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) gettid() sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22, 0x20000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x18}, 0x50) timer_create(0x0, 0x0, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000300)={0xfffffffffffffffc, 0x1217000, 0x800, 0x13, 0x7}, 0x20) bind$ax25(0xffffffffffffffff, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @null, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) close_range(r1, 0xffffffffffffffff, 0x0) syz_emit_vhci(&(0x7f0000000b40)=ANY=[@ANYBLOB="0436"], 0xa) getresuid(&(0x7f0000000000)=0x0, 0x0, &(0x7f0000000080)) setuid(r5) 12m39.913136794s ago: executing program 36 (id=1474): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000880), r0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = syz_open_dev$vcsu(&(0x7f00000000c0), 0x1, 0x100) read$snddsp(r2, 0x0, 0x0) syz_open_dev$dri(&(0x7f00000002c0), 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101343) openat$binderfs(0xffffffffffffff9c, 0x0, 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) gettid() sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22, 0x20000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x18}, 0x50) timer_create(0x0, 0x0, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000300)={0xfffffffffffffffc, 0x1217000, 0x800, 0x13, 0x7}, 0x20) bind$ax25(0xffffffffffffffff, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @null, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) close_range(r1, 0xffffffffffffffff, 0x0) syz_emit_vhci(&(0x7f0000000b40)=ANY=[@ANYBLOB="0436"], 0xa) getresuid(&(0x7f0000000000)=0x0, 0x0, &(0x7f0000000080)) setuid(r5) 10m44.083106325s ago: executing program 8 (id=2342): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x67, &(0x7f0000000080)=0x9, 0x4) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4627, 0xfdfffffd, @local, 0x2}, 0x1c) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x7151, 0x0) 10m43.019237247s ago: executing program 8 (id=2355): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x85) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) r0 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0) r1 = creat(&(0x7f0000000200)='./bus\x00', 0x84) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r0], 0x2b) sendfile(r2, r0, 0x0, 0x4000000053d2) 10m42.669943444s ago: executing program 8 (id=2358): sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f000000d040)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x4050) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x97, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) 10m41.767679741s ago: executing program 8 (id=2367): fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) rseq(&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$HIDIOCGNAME(0xffffffffffffffff, 0x80404806, &(0x7f00000001c0)) pread64(0xffffffffffffffff, &(0x7f0000000140)=""/15, 0xf, 0x2) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0) accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, &(0x7f0000000080)=0x10, 0x0) 10m41.493459275s ago: executing program 8 (id=2369): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) quotactl$Q_SETINFO(0xffffffff80000601, &(0x7f0000000180)=@filename='./file0/file0\x00', 0x0, 0x0) 10m41.320375743s ago: executing program 9 (id=2370): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x20000) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="90000000", @ANYRES16=r3, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r1, @ANYBLOB="0600cd00000000006900330080200900ffffffffffff0802110000005050505050505f0009000000000000006400001004060308090004000602fc0105030597052a01042d1a00041602000000000000007b00967879ec24f3cebb47001100000001000001000001"], 0x90}, 0x1, 0x0, 0x0, 0x40080c0}, 0x20008000) 10m40.992621386s ago: executing program 9 (id=2373): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x23, 0x0, 0x0) r1 = timerfd_create(0x9, 0x0) r2 = timerfd_create(0x9, 0x0) timerfd_settime(r2, 0x2, &(0x7f00000000c0)={{}, {0x77359400}}, 0x0) timerfd_settime(r1, 0x1, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r1, &(0x7f0000000000)=[{&(0x7f0000000400)=""/192, 0xc0}], 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 10m40.715698225s ago: executing program 9 (id=2376): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f00000000c0)=0x8, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f00000002c0)=0x8, 0x4) r2 = dup(r1) bind$unix(r2, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) r3 = dup(r0) bind$unix(r3, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) 10m40.536209846s ago: executing program 9 (id=2379): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f00000006c0)='./file0\x00', 0x0, 0x38ad211, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2020) 10m40.530777171s ago: executing program 8 (id=2380): r0 = io_uring_setup(0x98e, &(0x7f0000000180)={0x0, 0x9c2f, 0x10, 0x2, 0xfffffffc}) r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) accept4(r1, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) 10m40.439465275s ago: executing program 9 (id=2382): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r0 = openat$kvm(0x0, &(0x7f00000002c0), 0xa600, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1}) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000040)={0x1, 0x0, [{0x4, 0x2, 0x0, 0x0, @sint={0x7, 0x1ff}}]}) r2 = eventfd2(0x8, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r2, 0x4}) ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000540)={0x81, 0x0, 0x1}) write$eventfd(r2, &(0x7f0000000080)=0x430f, 0x8) 10m39.871357907s ago: executing program 9 (id=2388): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b70000008e000000bca31000000000002403000030feffff720af0ffa4ffffff91a4f0ff000000001f030000000000002e140200000000002604fdffa4ffffff14010000000300001d130000000000007a0a00fe0020001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb150c537bf2085651d6dd6ce9bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf0134c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4136dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91ff073e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baaa244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b7025488316241f64c851a7fe7396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30c1675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010fcdb9913823333a70c2a4ab000000000000003f8dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc090000000000000061563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9901010000b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba435926b61c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0aa81192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e5789c6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06eef98aee88ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06ee0ff698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e913ac1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e495295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000060000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c97552606ffff97e86dc995604346262a177b06c634969a31b5717c416f8224662f4dd46d6081cb96dd6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd00}, 0x48) 10m39.529957365s ago: executing program 37 (id=2388): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b70000008e000000bca31000000000002403000030feffff720af0ffa4ffffff91a4f0ff000000001f030000000000002e140200000000002604fdffa4ffffff14010000000300001d130000000000007a0a00fe0020001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb150c537bf2085651d6dd6ce9bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf0134c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4136dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91ff073e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baaa244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b7025488316241f64c851a7fe7396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30c1675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010fcdb9913823333a70c2a4ab000000000000003f8dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc090000000000000061563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9901010000b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba435926b61c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0aa81192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e5789c6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06eef98aee88ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06ee0ff698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e913ac1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e495295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000060000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c97552606ffff97e86dc995604346262a177b06c634969a31b5717c416f8224662f4dd46d6081cb96dd6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd00}, 0x48) 10m25.036221903s ago: executing program 38 (id=2380): r0 = io_uring_setup(0x98e, &(0x7f0000000180)={0x0, 0x9c2f, 0x10, 0x2, 0xfffffffc}) r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) accept4(r1, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) 9.052421484s ago: executing program 2 (id=4466): r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x7) ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0)=0xa0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x43, 0x0, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r4) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000840)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000240)=ANY=[@ANYBLOB="60010000", @ANYRES16=r6, @ANYBLOB="010028bd7000fedbdf254400000008000300", @ANYRES32=r7, @ANYBLOB="0a0018000303030303030000080070000400070030015a"], 0x160}, 0x1, 0x0, 0x0, 0x18000}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r8 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5889, 0x0, 0x0, 0xfffffffc}, &(0x7f0000000400)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r8, 0x3516, 0x0, 0x0, 0x0, 0x0) close_range(r5, r4, 0x2d8fdc80c66cbb40) 8.700043419s ago: executing program 2 (id=4471): prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4}) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, 0x0) r5 = socket(0x22, 0x2, 0x24) getsockname$packet(r5, 0x0, 0x0) ioctl$sock_rose_SIOCRSCLRRT(0xffffffffffffffff, 0x89e4) openat$incfs(0xffffffffffffff9c, &(0x7f0000000300)='.pending_reads\x00', 0x40, 0x81) syz_open_dev$usbfs(&(0x7f0000000340), 0x800000001fe, 0x802) syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000001240)=0x0, &(0x7f0000001340)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x8, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1}) write(0xffffffffffffffff, 0x0, 0x0) 5.678954643s ago: executing program 0 (id=4484): r0 = syz_genetlink_get_family_id$devlink(&(0x7f00000006c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000001a00)={0x14, r0, 0x601, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000810}, 0x10) (fail_nth: 4) openat(0xffffffffffffff9c, 0x0, 0x0, 0x8) 5.503760649s ago: executing program 5 (id=4485): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$SIOCGSTAMP(r1, 0x8906, 0x0) sendmsg$inet(r1, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000140)}, {&(0x7f0000000040)="5e52d4884d83d9", 0x7}], 0x2, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}], 0x20}, 0x0) read$char_usb(r1, &(0x7f0000000180)=""/133, 0xfdef) 5.217515748s ago: executing program 0 (id=4486): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x18000000000002a0, 0x10, 0x0, &(0x7f0000000080)="5aee41dea43e63a3f7fb7f110000ffff", 0x0, 0xf004, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.99636212s ago: executing program 0 (id=4487): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7) openat$kvm(0xffffffffffffff9c, 0x0, 0x100, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, 0x0, &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x94) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f00000000c0)=r2, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$inet_tcp(0x2, 0x1, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d1030000140000001100"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="1400000010000100ffef0000efff00001b00000a5c0000000e0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000300003801c0000800c00018006000100d103"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) 3.892763366s ago: executing program 5 (id=4489): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x4}}}, 0x28}}, 0x48d0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000e5876e4040200516940a0000000109022400010000000009040000025883b2000905", @ANYRES8], 0x0) 3.891633862s ago: executing program 1 (id=4490): r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x43, 0x0, 0x3}, 0x10) r2 = syz_open_dev$I2C(&(0x7f0000001640), 0x0, 0x102) ioctl$I2C_PEC(r2, 0x708, 0x7) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000001a40)={0x0, 0x0, 0x5, &(0x7f0000001a00)={0x1d, "68c1f8b6564defe9902d16c7afb3e7c0818831541830d5ed6d781cd0de4b75c401"}}) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x1, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xc084}, 0x24000080) r3 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=0x0], 0x0, 0xe2, 0x0, 0xfffffffe, 0x8000, 0x10000, @value=r3}, 0x28) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25GCALLUSERDATA(r5, 0x89e4, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'erspan0\x00', 0x0}) sendto$packet(r6, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000080086dd4803", 0x10300, 0x0, &(0x7f0000000140)={0x11, 0x0, r7}, 0x14) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x792, 0x2, 0xb8c1, 0x2, 0xffffffffffffffff, 0x9, '\x00', r7, r4, 0x0, 0x5, 0x3, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) ioctl$VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f0000000140)={0x405, 0xa, 0x1, 0x0, 0xcc}) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, 0x0, &(0x7f00000004c0), 0xce, r8}, 0x38) r10 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) r11 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5889, 0x0, 0x0, 0xfffffffc}, &(0x7f0000000400)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r11, 0x3516, 0x0, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r10, &(0x7f00000004c0)={0x29, 0x3, 0x0, {0x2, 0x8, 0x0, 'erspan0\x00'}}, 0x29) r14 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r14, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.487366047s ago: executing program 2 (id=4491): r0 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, &(0x7f0000000dc0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 3.486479367s ago: executing program 0 (id=4492): r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r2 = open(&(0x7f0000000100)='./file0\x00', 0x141bc2, 0xeb) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0, r2}, 0x68) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x3404c895) setsockopt$sock_attach_bpf(r3, 0x1, 0x24, &(0x7f0000000000), 0x4) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r0}, 0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={'streebog512-generic\x00'}}) 3.440279932s ago: executing program 6 (id=4493): r0 = epoll_create1(0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000100)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff95"], &(0x7f0000000000)='GPL\x00'}, 0x94) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_opts(r1, 0x84, 0x9, &(0x7f0000000440)=""/170, &(0x7f0000003a80)=0xaa) close_range(r0, 0xffffffffffffffff, 0x0) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r2, 0x0, 0x0) 3.3828179s ago: executing program 1 (id=4494): setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0xffb2) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={0x1c, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@nested={0x8, 0x1a, 0x0, 0x1, [@nested={0x4, 0x3}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x42804}, 0x84) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000100)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d24070000030769dc000049c40c240000e9fffff5ffffffff0924031300010005024524", @ANYRES8=r1, @ANYBLOB="05"], 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x4, &(0x7f0000000440)=@ccm_128={{0x304}, "522ddb507406ff33", "cf0e5184c26ab821574a7962dae3c20b", "853979e6", "d981bc4bac99f91e"}, 0x28) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) write$char_usb(r2, &(0x7f0000000000)="d9aa565e0dc26105e4cd7a", 0xb) 3.293746853s ago: executing program 0 (id=4495): setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) socket$packet(0x11, 0x3, 0x300) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r0, &(0x7f0000000140)=[{&(0x7f0000000200)=""/138, 0x8a}], 0x1, 0x1a, 0xfffffffb) syz_usb_connect(0x3, 0x371, 0x0, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000140)={0x474203, 0x5d4}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xff, 0x7fff0000}]}) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1400000000000000010000000100"], 0x18, 0x40044}}], 0x1, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) sendmmsg$inet(r6, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) syz_usb_connect(0x1, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b0500000000000904"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000e, 0x12, r7, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x501000, 0x0) ioctl$XFS_IOC_FSGROWFSRT(0xffffffffffffffff, 0x40105870, 0x0) socket$packet(0x11, 0x3, 0x300) 3.203507982s ago: executing program 6 (id=4496): pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000), 0x560c89bb) listen(r1, 0xffffffff) write$sequencer(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="8103039000000000ff03000005b4090805000000"], 0x14) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x9, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, 0xe) shutdown(r2, 0x1) recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) r4 = socket$packet(0x11, 0x3, 0x300) r5 = dup(r4) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r6, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000240)={0x1, 0x1, 0x0, &(0x7f0000000200)=""/51, 0x0}) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000340)) dup(r7) ioctl$VHOST_NET_SET_BACKEND(r6, 0x4008af30, &(0x7f00000003c0)={0x1, r5}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r8 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 3.169011618s ago: executing program 2 (id=4497): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x18000000000002a0, 0x10, 0x0, &(0x7f0000000080)="5aee41dea43e63a3f7fb7f110000ffff", 0x0, 0xf004, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.538467086s ago: executing program 2 (id=4498): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r1, 0x1, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x880) socket$inet(0xa, 0x801, 0x84) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r3, 0x4068aea3, &(0x7f0000000000)) unshare(0x22020600) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x5, 0x1, 0x4, 0x7}, 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x9, r4}, 0x38) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000f00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x66) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x26, 0x0, 0x0) 2.492169258s ago: executing program 1 (id=4499): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8008, 0xfffffffffffffffe}) fcntl$lock(r0, 0x26, &(0x7f0000000080)={0x1, 0x3, 0x1000000000009, 0x2, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7, 0x5}) r1 = syz_clone3(&(0x7f0000001400)={0x44000, &(0x7f0000000180), &(0x7f0000000200), &(0x7f0000000240), {0x20}, &(0x7f0000000340)=""/129, 0x81, &(0x7f0000000400)=""/4096, &(0x7f0000000280)=[0xffffffffffffffff], 0x1, {r0}}, 0x58) timer_create(0x4, &(0x7f0000000100)={0x0, 0x21, 0x1, @tid=r1}, &(0x7f0000000300)=0x0) setresuid(0xee01, 0xee01, 0x0) setresuid(0x0, 0x0, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) get_robust_list(r3, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040), 0x0) 2.364389061s ago: executing program 6 (id=4500): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$SIOCGSTAMP(r1, 0x8906, 0x0) sendmsg$inet(r1, &(0x7f0000000000)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000140)="be", 0x1}, {&(0x7f0000000040)="5e52d4884d83d9", 0x7}], 0x2}, 0x0) read$char_usb(r1, &(0x7f0000000180)=""/133, 0xfdef) 2.209881421s ago: executing program 2 (id=4501): prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4}) ioctl$FAT_IOCTL_GET_ATTRIBUTES(0xffffffffffffffff, 0x80047210, 0x0) r5 = socket(0x22, 0x2, 0x24) getsockname$packet(r5, 0x0, 0x0) ioctl$sock_rose_SIOCRSCLRRT(0xffffffffffffffff, 0x89e4) openat$incfs(0xffffffffffffff9c, &(0x7f0000000300)='.pending_reads\x00', 0x40, 0x81) syz_open_dev$usbfs(&(0x7f0000000340), 0x800000001fe, 0x802) syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000001240)=0x0, &(0x7f0000001340)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x8, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x1}) write(0xffffffffffffffff, 0x0, 0x0) 1.884088136s ago: executing program 5 (id=4502): r0 = socket$kcm(0x21, 0x2, 0xa) r1 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x180, 0x0) ioctl$TIOCGSOFTCAR(r2, 0x5414, &(0x7f0000000000)) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_freezer_state(r3, &(0x7f00000000c0), 0x2, 0x0) r5 = openat$cgroup_procs(r3, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000180), 0x12) write$cgroup_freezer_state(r4, &(0x7f0000000200)='THAWED\x00', 0x7) r6 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="500000001000370400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="c304010000000000280012800b000100697036746e6c00001800028014000300fc000000dd0000000000000000000000080004"], 0x50}, 0x1, 0x0, 0x0, 0x4c011}, 0x0) recvmsg$kcm(r1, &(0x7f0000000240)={&(0x7f00000000c0)=@ethernet={0x0, @broadcast}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000140)=""/130, 0x82}], 0x1}, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev, 0xfffffffd}}, 0x80, 0x0, 0x0, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000015000000"], 0x18}, 0xfc40) 1.666854278s ago: executing program 1 (id=4503): socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0xf8) creat(0x0, 0x28) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000580)={0x0, 0xf, 0x0, 0x8}, 0x10) ioctl$BTRFS_IOC_SYNC(0xffffffffffffffff, 0x9408, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d65746100000000140002800800014000000012080002400000", @ANYRES64], 0xc4}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.526422098s ago: executing program 5 (id=4504): r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x43, 0x0, 0x3}, 0x10) r2 = syz_open_dev$I2C(&(0x7f0000001640), 0x0, 0x102) ioctl$I2C_PEC(r2, 0x708, 0x7) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000001a40)={0x0, 0x0, 0x5, &(0x7f0000001a00)={0x1d, "68c1f8b6564defe9902d16c7afb3e7c0818831541830d5ed6d781cd0de4b75c401"}}) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x2, {0x1, 0x1, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xc084}, 0x24000080) r3 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r0}, 0x8) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=0x0], 0x0, 0xe2, 0x0, 0xfffffffe, 0x8000, 0x10000, @value=r3}, 0x28) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25GCALLUSERDATA(r5, 0x89e4, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'erspan0\x00', 0x0}) sendto$packet(r6, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000080086dd4803", 0x10300, 0x0, &(0x7f0000000140)={0x11, 0x0, r7}, 0x14) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x792, 0x2, 0xb8c1, 0x2, 0xffffffffffffffff, 0x9, '\x00', r7, r4, 0x0, 0x5, 0x3, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) ioctl$VIDIOC_REQBUFS(r9, 0xc0145608, &(0x7f0000000140)={0x405, 0xa, 0x1, 0x0, 0xcc}) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, 0x0, &(0x7f00000004c0), 0xce, r8}, 0x38) r10 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) r11 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5889, 0x0, 0x0, 0xfffffffc}, &(0x7f0000000400)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r12, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r11, 0x3516, 0x0, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r10, &(0x7f00000004c0)={0x29, 0x3, 0x0, {0x2, 0x8, 0x0, 'erspan0\x00'}}, 0x29) r14 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r14, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.159543851s ago: executing program 1 (id=4505): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$setregset(0x4205, r1, 0x204, &(0x7f00000000c0)={&(0x7f0000000140)="4f89b73dea68956ddfd5e078c66e616b06438054", 0x14}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x78, 0x24, 0xf0b, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x12, 0x0, {0x0, 0xfff2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0xff80, {{0x8, 0x5, 0x80000001, 0x4, 0x6ed9d8df}, 0x4, 0x1ac, 0x4, 0x2, 0x7, 0xb, 0x1c, 0x12, 0x6, 0x4, {0xb8e2, 0x5, 0x7ff, 0x6}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x4000010) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000480)={0x5, @win={{0x9, 0x8003, 0xb, 0x4}, 0x0, 0x101, 0x0, 0x6, 0x0, 0x4}}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000300)={'ipvlan0\x00', &(0x7f0000000080)=@ethtool_pauseparam={0x19, 0xaa7e, 0x4, 0x7}}) syz_usb_connect$cdc_ecm(0x2, 0x56, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000020000082505a5a4400000000101090244000101000000090400000302060000052406000005240000000d240f0100000000000000000009058103"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1d, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000008500000051000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000000)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2) sendmsg$nl_route(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYRES64=r5, @ANYRES64], 0x44}, 0x1, 0x0, 0x0, 0x4044000}, 0x404c054) 1.159218967s ago: executing program 6 (id=4506): pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000), 0x560c89bb) listen(r1, 0xffffffff) write$sequencer(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="8103039000000000ff03000005b4090805000000"], 0x14) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x9, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, 0xe) shutdown(r2, 0x1) recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) r4 = socket$packet(0x11, 0x3, 0x300) r5 = dup(r4) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r6, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000240)={0x1, 0x1, 0x0, &(0x7f0000000200)=""/51, 0x0}) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000340)) r8 = dup(r7) ioctl$VHOST_NET_SET_BACKEND(r6, 0x4008af30, &(0x7f0000000000)={0x1, r8}) ioctl$VHOST_NET_SET_BACKEND(r6, 0x4008af30, &(0x7f00000003c0)={0x1, r5}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r9 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 988.38353ms ago: executing program 5 (id=4507): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, 0x0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x5) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0xdb) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x1, @multicast1}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000100)={r3, 0x7}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000004c0)={r3, 0x2}, &(0x7f0000000500)=0x8) 512.571663ms ago: executing program 6 (id=4508): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x18000000000002a0, 0x10, 0x0, &(0x7f0000000080)="5aee41dea43e63a3f7fb7f110000ffff", 0x0, 0xf004, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 331.399663ms ago: executing program 6 (id=4509): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x57e, 0x2009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xd, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff, 0x4, 0x1}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0xb, {[@local=@item_4={0x3, 0x2, 0x9, "d5043c9d"}, @local=@item_4={0x3, 0x2, 0xa, ' u\b~'}, @main=@item_012={0x0, 0x0, 0x8}]}}, 0x0}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000030c0)=@newtaction={0xe70, 0x30, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [{0xe5c, 0x1, [@m_pedit={0xe58, 0x1, 0x0, 0x0, {{0xa}, {0xe2c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x0, 0x1000, 0x4, 0x4, 0x5}, 0x1, 0x2}, [{0xdc8, 0xffffffff, 0x1, 0x4, 0x101, 0x4}, {0x28d, 0x7ff, 0x8, 0x0, 0x9, 0x2}, {0x401, 0xfdfffff5, 0x4, 0x8, 0x3, 0x8}, {0xaff, 0x9, 0x4, 0x5, 0x3, 0x983c3b9}, {0x11, 0x7, 0xfffff770, 0x9, 0xc, 0x80000001}, {0x7, 0x9, 0x1, 0x7f, 0x10001, 0x2}, {0x4, 0xe3e, 0x4f, 0x4, 0x6}, {0x8ce, 0x8, 0x2, 0x4, 0x800, 0x8}, {0x3, 0x4, 0x0, 0x7dad, 0x7f, 0x6}, {0x1, 0x361, 0x7, 0x4, 0x2, 0x3}, {0x797e, 0x9, 0x1, 0xf56, 0x1, 0x8}, {0x5, 0x8, 0xff, 0x4ff537c1, 0x5, 0x5}, {0x4, 0xe8c, 0xcbf, 0x4, 0x4, 0x400}, {0x800, 0x4, 0xd4f7, 0x9, 0x400, 0xffffff00}, {0xffffffff, 0x4, 0xe546, 0x0, 0x300, 0xd789}, {0x5, 0x5, 0x7, 0x1, 0x7fffffff, 0x8}, {0x7fffffff, 0x401, 0x1, 0xffffffff, 0x380000, 0x2}, {0x1, 0x10000, 0xffffffff, 0x0, 0x17a, 0x6}, {0xff, 0x3ff, 0x91c7, 0x6cff, 0x40, 0x2}, {0x5, 0xffffff00, 0x0, 0x7f, 0x4010000, 0x10001}, {0x7, 0x5, 0x0, 0x1, 0x8, 0x4}, {0x6a7, 0x7, 0x5aa2, 0xb97, 0xb1fb, 0x4}, {0x9, 0x7fffffff, 0x2, 0x6, 0x1, 0x5}, {0xd, 0x3, 0xb3b0, 0x4, 0x80000000, 0x1}, {0xb, 0x0, 0x10000, 0x6, 0x5, 0xd}, {0x29, 0x7, 0x2, 0x1c0, 0x3, 0x10}, {0x5, 0x2, 0x401, 0x3, 0x0, 0x7a01}, {0x7, 0x1611c00, 0xfffffff3, 0x10000, 0x9, 0x101}, {0x1, 0x7, 0x4, 0x3, 0x7}, {0x3, 0x3, 0x2, 0x9, 0x6, 0x2}, {0x6bc5896b, 0x1, 0xb7, 0x4, 0x2, 0x9323}, {0x0, 0xfffffff8, 0x1, 0x7, 0xfffffff8, 0x480}, {0xf, 0x7, 0x8, 0x1ff, 0x7, 0x3}, {0x4, 0x5, 0x9, 0x2, 0x2, 0x401}, {0x922e, 0x0, 0x1944, 0x3, 0x9, 0x8}, {0x10001, 0xfffffffa, 0x9, 0x2, 0x3ff, 0xffffffff}, {0x2, 0x1eb8dd6d, 0x5, 0x8, 0x1, 0x6}, {0xa4, 0x7ff, 0xff, 0x1, 0xd1e5}, {0x0, 0x2, 0x0, 0x8, 0x5, 0x101}, {0x1000005, 0x1, 0x6, 0x7fffffff, 0x8, 0x7}, {0x3, 0x4, 0xadf, 0x10, 0x9, 0x5}, {0x4, 0x2, 0x2, 0x2, 0x7fff, 0x8}, {0x3, 0x8, 0x2, 0x38d9, 0x1, 0x4}, {0x0, 0x824c, 0x3, 0x3, 0xfff, 0x8}, {0x5, 0xc, 0x3, 0x80, 0x9, 0x8}, {0x10001, 0x1, 0x7, 0x4, 0x8, 0x7ff}, {0x7, 0xf34a, 0x9, 0x80000000, 0x2, 0x4}, {0x2, 0xe7, 0x8, 0x80000000, 0x0, 0x8001}, {0xb594, 0x0, 0x2, 0x2000, 0x1, 0x5}, {0x0, 0x5, 0x1, 0xbc, 0x8, 0x1}, {0x3, 0x401, 0x1, 0x6, 0x3, 0x80000001}, {0x4, 0xfff, 0x8, 0xb, 0x8, 0x9d6}, {0x5691221d, 0x5, 0x3ff, 0xa000, 0xd0e, 0x750e}, {0xd, 0x5, 0xfffffffc, 0x35ca, 0x1ff, 0x5}, {0x4, 0x0, 0x3fc, 0x5, 0x10, 0x4}, {0x0, 0x37, 0x5, 0x10, 0x1, 0x5f5ace3f}, {0xffffffff, 0xfffffffa, 0x227, 0x7fffffff, 0x8b, 0x2}, {0x7, 0x7, 0x0, 0x2, 0xfffffffd, 0x7}, {0x8001, 0xd1, 0xff4, 0xb, 0x0, 0x1}, {0x6, 0xc, 0xb, 0xe7, 0x7}, {0x3, 0x3, 0xffffff46, 0x8, 0x7, 0x8}, {0x7, 0x6, 0x4b48, 0x8, 0x6, 0x7}, {0xe5f, 0x10000, 0x4, 0x4, 0x9, 0xf1}, {0x401, 0xd, 0x3, 0x1, 0x80000000, 0x1}, {0x400, 0x3, 0xe8ce, 0x1, 0x8, 0x10}, {0x5, 0x8ee9, 0x2, 0x3, 0x0, 0xc}, {0x7, 0x24d476e8, 0x10200, 0x80000001, 0x6, 0x600000}, {0x6a8, 0x8, 0x3, 0xfffffffb, 0x8000, 0x9}, {0xab, 0x7, 0x7, 0x3, 0x5}, {0x0, 0xa8, 0x7fffffff, 0xfffffff8, 0x7d, 0x9}, {0x40, 0x9da5, 0x10, 0x8, 0x6}, {0x200, 0x6, 0x1, 0x1, 0x9, 0x7f}, {0x8, 0xfffffffa, 0x7e2, 0x7a, 0x6, 0x5}, {0x5e, 0x15ec, 0x1ba09691, 0x5, 0x7fffffff, 0x9}, {0x0, 0x5, 0x1, 0x0, 0xfffffffb, 0x4}, {0x40, 0x3, 0x5, 0x3ff, 0x10000, 0x254}, {0x5, 0xd5, 0x80000000, 0xf, 0x101, 0x5ca}, {0x6, 0x1, 0xf, 0x4, 0x9, 0x3cf1}, {0x7, 0x6000, 0x6, 0xff, 0xd42, 0x100}, {0x1, 0x10000, 0x9, 0x9, 0x7f, 0x1}, {0xf, 0xb, 0x6, 0x8, 0x402, 0x9}, {0x400, 0xbcb, 0x3, 0x9, 0x16b9, 0x3}, {0x1, 0xffffffff, 0x9, 0x1000, 0x80, 0x6}, {0x800, 0x9, 0xff, 0x7fffffff, 0x0, 0xe5}, {0x4, 0x6, 0x4, 0x3ff, 0x3, 0x1000}, {0x80000000, 0x9, 0x6, 0x2, 0x7, 0x5}, {0x80e0470, 0x0, 0x0, 0x1f, 0x2, 0xffff0001}, {0x9, 0x8, 0x4, 0x1, 0x0, 0xfffffffa}, {0xbb3, 0x7, 0x1, 0x7, 0x94, 0x3}, {0x4a, 0xf, 0x7, 0x3, 0xa3, 0x80000000}, {0x5, 0xfff, 0x20080, 0x9, 0x26, 0x10000}, {0x1, 0xb, 0x8, 0xffff, 0x0, 0x7}, {0x0, 0x7fffffff, 0x800, 0x6, 0x200f, 0x2}, {0xfffffffb, 0x7, 0x6, 0x8, 0x5, 0x3}, {0x5, 0xcf19, 0x8, 0x0, 0xfff, 0xfffffe00}, {0x2, 0x9, 0x2, 0x1, 0x4, 0x800}, {0xc000, 0x4, 0x807fff, 0x4, 0x1, 0x6}, {0xe37, 0x4, 0x1, 0x6, 0x67b9c8db, 0x4}, {0xac, 0xfffffffe, 0x8f, 0x8001, 0xd, 0x26}, {0xfffff800, 0x7, 0xffffffff, 0x2, 0xaa6, 0xd4}, {0x3, 0xffffc055, 0x5b6, 0x8, 0xa9, 0x63e}, {0x8, 0xfffffff8, 0xb, 0x7fd1, 0x6, 0x1750e18e}, {0x1000, 0x2, 0x1000, 0x6, 0x6887, 0x4}, {0x80000001, 0x3, 0x89bf, 0x8, 0xffffffff, 0x5}, {0x1, 0x18, 0x190, 0x8, 0xc}, {0x41e2e32, 0x6, 0x6, 0x2, 0x0, 0x4}, {0x0, 0x2, 0x5e, 0x1000, 0x6, 0x8}, {0x7, 0x80000000, 0x20000, 0x0, 0x7fffffff}, {0x2, 0x8001, 0x6, 0x3, 0x8, 0xfffffff7}, {0xe20, 0xc, 0x7, 0x9, 0x9, 0x20000009}, {0x6, 0x1000, 0x3, 0xfffffffb, 0x5267, 0x401}, {0x9a, 0x3, 0x8, 0xfffffff9, 0x2, 0x9}, {0x1, 0x8, 0xfffffffc, 0x1}, {0xac5a, 0xfffffffd, 0xa, 0x59f3, 0x2, 0x8}, {0x5, 0xeae, 0x5, 0xc1, 0x2e, 0x8}, {0x7fffffff, 0x9, 0x0, 0xfff, 0x3, 0x10}, {0x80000000, 0x9, 0x8211, 0x800, 0xace, 0xfffffff7}, {0x10000, 0x1e9d, 0xffff8d98, 0xe, 0xfffffffa}, {0x394cf3a4, 0x288, 0x7}, {0x6, 0xf4, 0x9, 0x3, 0x7fff, 0xf}, {0x10001, 0x8, 0x7, 0x2fe, 0x9, 0x4}, {0x7fffffff, 0x8, 0xb, 0x8af, 0x10001, 0xffffff47}, {0x6, 0x6, 0x2, 0x4, 0x0, 0xe}, {0x1, 0x5, 0x9a4, 0x8, 0x8000, 0xfffffbff}, {0x3718, 0x1000000, 0x43, 0x0, 0x56, 0x200}, {0x8, 0x9, 0xffffa3fa, 0x7, 0xcb88, 0x6}, {0x1, 0x4, 0x5, 0x6, 0x2, 0xfffffff9}, {0x5, 0xffffffff, 0x61b, 0x4, 0x4, 0x100}], [{0x4, 0x1}, {0x5}, {0x2, 0x1}, {}, {0x5}, {0x0, 0x1}, {0x5}, {0x2, 0x1}, {}, {0x4, 0x1}, {0x2, 0x1}, {}, {0x4, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x2}, {0x1, 0x1}, {0x3}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x4}, {0x2, 0x1}, {0x1}, {0x3, 0x1}, {0x5}, {0x4}, {0x1, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x5}, {0x2}, {0x2}, {0x0, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {}, {}, {}, {0x5}, {0x1, 0x1}, {0x2, 0x1}, {0x1}, {0x2}, {0x2, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x1}, {}, {0x2, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x3}, {0x2}, {0x3}, {}, {0x2, 0x1}, {0xac098f8bb5bf767, 0x1}, {0x0, 0x1}, {0x5, 0x2}, {0x0, 0x1}, {0x4}, {0x4, 0x1}, {0x4, 0x1}, {0x1}, {0x4, 0x33b46010c087959a}, {0x5, 0x1}, {0x4, 0x1}, {0x3}, {0x0, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {}, {0x2}, {0x3}, {0xe41e256834d3e794}, {0x2}, {0xdf8910d898f3408a, 0x1}, {0x0, 0x1}, {0x2}, {0x4, 0x1}, {0x2, 0x1}, {0x3}, {0x1, 0x1}, {}, {0x3, 0x1}, {0x4, 0x1}, {0x3}, {0x4, 0x1}, {0xbbd25ed3eb5771ef}, {0x0, 0x1}, {0x0, 0x1}, {0x3}, {0x1}, {0x2}, {0x5}, {0x2, 0x1}, {0x4}, {0x3, 0x3}, {0x5, 0x1}, {0x3, 0x1}, {}, {0x5}, {0x3}, {0x1, 0x1}, {0x1}, {0x1, 0x1}, {0x5}, {0x2}, {0x2, 0x1}, {0x3}, {0x6, 0x1}, {0x5, 0x1}, {}, {}, {0x5}, {0x1}, {0x4}, {0x1}, {0x3}, {}, {}, {0x3, 0xcf7dcf0528e1043}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x1, 0x1}]}}, @TCA_PEDIT_KEYS_EX={0x8, 0x5, 0x0, 0x1, [{0x4}]}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0xe70}, 0x1, 0x0, 0x0, 0x4081}, 0x2400c800) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000900)=ANY=[@ANYBLOB="2c0000003f00070dfeffffff00000000017c0000040077000c0003"], 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0x4044000) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000011c0)=ANY=[@ANYBLOB="3400000040000100feffff0a5ac99025017c0000040042800c00018006000600800a0000100002800c00178008000100", @ANYRES32=r3, @ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x48815}, 0x800c000) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x181242, 0x148) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xb, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071188e000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x22020600) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x242440, 0x0) connect$unix(r4, &(0x7f00000001c0)=@file={0x1, './file1\x00'}, 0x6e) open_by_handle_at(r5, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x71d73e48) r6 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x109000, 0x0) readv(r6, &(0x7f0000000040)=[{&(0x7f00000005c0)=""/4109, 0x100d}], 0x1) 127.245479ms ago: executing program 0 (id=4510): pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000000), 0x560c89bb) listen(r1, 0xffffffff) write$sequencer(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="8103039000000000ff03000005b4090805000000"], 0x14) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x9, 0x5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, 0xe) shutdown(r2, 0x1) recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) r4 = socket$packet(0x11, 0x3, 0x300) r5 = dup(r4) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r6, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000240)={0x1, 0x1, 0x0, &(0x7f0000000200)=""/51, 0x0}) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000340)) dup(r7) ioctl$VHOST_NET_SET_BACKEND(r6, 0x4008af30, &(0x7f00000003c0)={0x1, r5}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r8 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 27.767718ms ago: executing program 5 (id=4511): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="1400000016000b63d25a80648c2594f90224fc60", 0x14}], 0x1, 0x0, 0x0, 0x10}, 0x0) syz_usb_connect(0x1, 0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}]}) 0s ago: executing program 1 (id=4512): syz_open_dev$tty1(0xc, 0x4, 0x1) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x40000073, 0x0, 0x10000000000081}]}) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) mount(&(0x7f0000000080)=@nullb, &(0x7f0000000340)='.\x00', &(0x7f0000000000)='9p\x00', 0x11, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9902) r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x4}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0) kernel console output (not intermixed with test programs): re [ 925.081367][ T810] usb 6-1: USB disconnect, device number 33 [ 925.138682][T15736] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2986'. [ 925.380894][T15746] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2988'. [ 925.489049][T15750] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2989'. [ 925.573673][T15756] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2989'. [ 925.573714][T15756] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2989'. [ 925.697678][T15756] 8021q: VLANs not supported on ip6gre0 [ 925.745507][T15764] netlink: 64066 bytes leftover after parsing attributes in process `syz.5.2994'. [ 926.062134][T15774] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2991'. [ 926.082537][ T5873] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 926.232458][ T5873] usb 6-1: Using ep0 maxpacket: 32 [ 926.237290][ T5873] usb 6-1: unable to get BOS descriptor or descriptor too short [ 926.238624][ T5873] usb 6-1: config 56 has an invalid interface number: 216 but max is 0 [ 926.238653][ T5873] usb 6-1: config 56 has no interface number 0 [ 926.238688][ T5873] usb 6-1: config 56 interface 216 has no altsetting 0 [ 926.241337][ T5873] usb 6-1: New USB device found, idVendor=12d1, idProduct=554b, bcdDevice=5a.0b [ 926.241369][ T5873] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 926.241392][ T5873] usb 6-1: Product: syz [ 926.241407][ T5873] usb 6-1: Manufacturer: syz [ 926.241423][ T5873] usb 6-1: SerialNumber: syz [ 927.064961][T15802] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3004'. [ 928.416692][ T36] kauditd_printk_skb: 68 callbacks suppressed [ 928.416714][ T36] audit: type=1800 audit(1771800065.059:202): pid=15832 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.3014" name="nullb0" dev="tmpfs" ino=2296 res=0 errno=0 [ 928.620725][T15835] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3018'. [ 928.816728][ T5873] hub 6-1:56.216: bad descriptor, ignoring hub [ 928.816789][ T5873] hub 6-1:56.216: probe with driver hub failed with error -5 [ 928.818627][ T5873] option 6-1:56.216: GSM modem (1-port) converter detected [ 929.024490][ T5873] usb 6-1: USB disconnect, device number 34 [ 929.027905][ T5873] option 6-1:56.216: device disconnected [ 929.049340][T15840] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3017'. [ 929.343489][T15849] netlink: 'syz.2.3021': attribute type 2 has an invalid length. [ 930.566832][T15875] dvmrp0: entered allmulticast mode [ 930.631877][T15875] dvmrp0: left allmulticast mode [ 931.384652][T15878] : entered promiscuous mode [ 931.663435][T15891] fuse: Bad value for 'user_id' [ 931.663457][T15891] fuse: Bad value for 'user_id' [ 931.942460][ T810] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 932.092302][ T810] usb 6-1: Using ep0 maxpacket: 8 [ 932.094708][ T810] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 932.094763][ T810] usb 6-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00 [ 932.094790][ T810] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 932.136799][ T5873] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 932.159866][ T810] usb 6-1: config 0 descriptor?? [ 932.302458][ T5873] usb 2-1: Using ep0 maxpacket: 8 [ 932.409936][ T5873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 932.410060][ T5873] usb 2-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00 [ 932.410089][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 932.504887][ T5873] usb 2-1: config 0 descriptor?? [ 932.659928][T15915] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3041'. [ 932.659961][T15915] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3041'. [ 932.706862][ T810] nintendo 0003:057E:2009.0017: hidraw0: USB HID v80.0d Device [HID 057e:2009] on usb-dummy_hcd.5-1/input0 [ 932.762726][ T810] nintendo 0003:057E:2009.0017: Failed to get joycon info; ret=-38 [ 932.762758][ T810] nintendo 0003:057E:2009.0017: Failed to retrieve controller info; ret=-38 [ 932.762855][ T810] nintendo 0003:057E:2009.0017: Failed to initialize controller; ret=-38 [ 932.784167][T15892] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3034'. [ 932.851480][ T810] nintendo 0003:057E:2009.0017: probe - fail = -38 [ 932.851831][ T810] nintendo 0003:057E:2009.0017: probe with driver nintendo failed with error -38 [ 933.116398][ T5873] nintendo 0003:057E:2009.0018: hidraw0: USB HID v80.0d Device [HID 057e:2009] on usb-dummy_hcd.1-1/input0 [ 933.172857][ T5873] nintendo 0003:057E:2009.0018: Failed to get joycon info; ret=-38 [ 933.172888][ T5873] nintendo 0003:057E:2009.0018: Failed to retrieve controller info; ret=-38 [ 933.173133][ T5873] nintendo 0003:057E:2009.0018: Failed to initialize controller; ret=-38 [ 933.175990][T14734] udevd[14734]: setting mode of /dev/hidraw0 to 020600 failed: No such file or directory [ 933.176191][T14734] udevd[14734]: setting owner of /dev/hidraw0 to uid=0, gid=0 failed: No such file or directory [ 933.238310][ T5873] nintendo 0003:057E:2009.0018: probe - fail = -38 [ 933.238507][ T5873] nintendo 0003:057E:2009.0018: probe with driver nintendo failed with error -38 [ 933.387525][T15924] dvmrp0: entered allmulticast mode [ 933.387703][T15925] dvmrp0: left allmulticast mode [ 933.432040][ T5873] usb 6-1: USB disconnect, device number 35 [ 933.827418][ T810] usb 2-1: USB disconnect, device number 14 [ 934.034695][T15944] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3048'. [ 936.952781][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.952864][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.472312][ T5869] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 937.622332][ T5869] usb 6-1: Using ep0 maxpacket: 32 [ 937.626647][ T5869] usb 6-1: config 0 has an invalid interface number: 12 but max is 0 [ 937.626678][ T5869] usb 6-1: config 0 has no interface number 0 [ 937.626731][ T5869] usb 6-1: config 0 interface 12 has no altsetting 0 [ 937.631785][ T5869] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 937.631818][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 937.631839][ T5869] usb 6-1: Product: syz [ 937.631855][ T5869] usb 6-1: Manufacturer: syz [ 937.631870][ T5869] usb 6-1: SerialNumber: syz [ 937.703397][ T5869] usb 6-1: config 0 descriptor?? [ 938.922754][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 939.325686][ T5869] f81534 6-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71 [ 939.325765][ T5869] f81534 6-1:0.12: f81534_find_config_idx: read failed: -71 [ 939.325785][ T5869] f81534 6-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 939.325894][ T5869] f81534 6-1:0.12: probe with driver f81534 failed with error -71 [ 939.347071][ T5869] usb 6-1: USB disconnect, device number 36 [ 939.688029][T16013] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3071'. [ 940.243772][T16030] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3074'. [ 940.243802][T16030] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3074'. [ 940.888367][T16049] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3086'. [ 941.628074][T16072] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3094'. [ 941.824046][T16076] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3095'. [ 943.140310][T16086] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3099'. [ 943.393690][T16093] FAULT_INJECTION: forcing a failure. [ 943.393690][T16093] name failslab, interval 1, probability 0, space 0, times 1 [ 943.393733][T16093] CPU: 1 UID: 0 PID: 16093 Comm: syz.1.3101 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 943.393764][T16093] Tainted: [L]=SOFTLOCKUP [ 943.393772][T16093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 943.393785][T16093] Call Trace: [ 943.393794][T16093] [ 943.393803][T16093] dump_stack_lvl+0xe8/0x150 [ 943.393842][T16093] should_fail_ex+0x46b/0x600 [ 943.393883][T16093] should_failslab+0xa8/0x100 [ 943.393920][T16093] __kmalloc_noprof+0xdf/0x7b0 [ 943.393953][T16093] ? sk_prot_alloc+0xe7/0x210 [ 943.393990][T16093] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 943.394020][T16093] sk_prot_alloc+0xe7/0x210 [ 943.394046][T16093] ? sk_alloc+0x27/0x390 [ 943.394075][T16093] sk_alloc+0x3a/0x390 [ 943.394108][T16093] __netlink_create+0x65/0x260 [ 943.394144][T16093] ? __pfx_genl_release+0x10/0x10 [ 943.394173][T16093] netlink_create+0x3be/0x580 [ 943.394198][T16093] ? __pfx_genl_unbind+0x10/0x10 [ 943.394224][T16093] ? __pfx_genl_bind+0x10/0x10 [ 943.394255][T16093] __sock_create+0x4b2/0x9d0 [ 943.394289][T16093] __sys_socket+0xd6/0x1b0 [ 943.394317][T16093] __x64_sys_socket+0x7a/0x90 [ 943.394342][T16093] do_syscall_64+0x14d/0xf80 [ 943.394370][T16093] ? trace_irq_disable+0x3b/0x150 [ 943.394396][T16093] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.394424][T16093] ? clear_bhb_loop+0x40/0x90 [ 943.394452][T16093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.394475][T16093] RIP: 0033:0x7f1d7797dec7 [ 943.394497][T16093] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.394515][T16093] RSP: 002b:00007f1d75bccf98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 943.394539][T16093] RAX: ffffffffffffffda RBX: 00007f1d77bf5fa0 RCX: 00007f1d7797dec7 [ 943.394556][T16093] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 943.394570][T16093] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 943.394583][T16093] R10: 0000200000000080 R11: 0000000000000286 R12: 0000000000000001 [ 943.394607][T16093] R13: 00007f1d77bf6038 R14: 00007f1d77bf5fa0 R15: 00007ffc37f723f8 [ 943.394644][T16093] [ 943.479404][T16090] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 944.082673][T16100] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3103'. [ 944.434025][ T5925] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 944.468242][T16111] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3106'. [ 944.702316][ T5925] usb 6-1: Using ep0 maxpacket: 16 [ 945.606051][ T5925] usb 6-1: config 0 has an invalid interface number: 214 but max is 0 [ 945.606084][ T5925] usb 6-1: config 0 has no interface number 0 [ 945.606147][ T5925] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 247, changing to 11 [ 945.609183][ T5925] usb 6-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 945.609205][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 945.609217][ T5925] usb 6-1: Product: syz [ 945.609226][ T5925] usb 6-1: Manufacturer: syz [ 945.609235][ T5925] usb 6-1: SerialNumber: syz [ 945.617232][ T5925] usb 6-1: config 0 descriptor?? [ 945.794933][T16119] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3109'. [ 945.849256][T16100] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3103'. [ 946.544516][T16125] vlan2: entered promiscuous mode [ 946.544599][T16125] macvlan1: entered promiscuous mode [ 947.198183][ T5925] usbtouchscreen 6-1:0.214: Failed to read FW rev: -71 [ 947.198529][ T5925] usbtouchscreen 6-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 947.258257][ T5925] usb 6-1: USB disconnect, device number 37 [ 948.104311][T16142] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3115'. [ 948.104342][T16142] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3115'. [ 948.922393][ T5869] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 949.072405][ T5869] usb 2-1: Using ep0 maxpacket: 32 [ 949.076465][ T5869] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 949.076495][ T5869] usb 2-1: config 0 has no interface number 0 [ 949.076546][ T5869] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 949.112897][ T5869] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 949.112932][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 949.112953][ T5869] usb 2-1: Product: syz [ 949.112969][ T5869] usb 2-1: Manufacturer: syz [ 949.112985][ T5869] usb 2-1: SerialNumber: syz [ 949.118812][ T5869] usb 2-1: config 0 descriptor?? [ 949.174012][ T5869] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 949.174055][ T5869] em28xx 2-1:0.132: Video interface 132 found: [ 949.368750][T16164] fuse: Bad value for 'user_id' [ 949.368774][T16164] fuse: Bad value for 'user_id' [ 949.522790][ T5869] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 950.236516][ T5869] em28xx 2-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5) [ 950.236554][ T5869] em28xx 2-1:0.132: failed to read eeprom (err=-5) [ 950.236603][ T5869] em28xx 2-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 950.293756][ T5869] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 950.293791][ T5869] em28xx 2-1:0.132: analog set to bulk mode. [ 950.305847][T11647] em28xx 2-1:0.132: Registering V4L2 extension [ 950.341441][T16182] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3124'. [ 950.419857][ T5869] usb 2-1: USB disconnect, device number 15 [ 950.426077][ T5869] em28xx 2-1:0.132: Disconnecting em28xx [ 950.784768][T11647] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 950.784795][T11647] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 950.784811][T11647] em28xx 2-1:0.132: No AC97 audio processor [ 950.839883][T11647] usb 2-1: Decoder not found [ 950.839906][T11647] em28xx 2-1:0.132: failed to create media graph [ 950.839977][T11647] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 950.874116][T11647] em28xx 2-1:0.132: Remote control support is not available for this card. [ 950.874207][ T5869] em28xx 2-1:0.132: Closing input extension [ 950.927717][ T5869] em28xx 2-1:0.132: Freeing device [ 951.464445][T16212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3132'. [ 951.924153][T16227] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3138'. [ 952.335408][T16236] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3141'. [ 952.373963][T16238] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3142'. [ 952.791196][T16250] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3136'. [ 952.791225][T16250] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3136'. [ 953.437660][T16259] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3150'. [ 954.333877][T16290] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3164'. [ 954.605255][ T5925] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 954.764687][ T5925] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30 [ 954.764747][ T5925] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 954.764772][ T5925] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 954.764799][ T5925] usb 2-1: config 0 interface 0 has no altsetting 0 [ 954.764841][ T5925] usb 2-1: New USB device found, idVendor=05ac, idProduct=027d, bcdDevice= 0.00 [ 954.764865][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 954.848855][ T5925] usb 2-1: config 0 descriptor?? [ 954.938379][T16283] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3161'. [ 954.938462][T16283] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3161'. [ 955.283227][T16299] wg1 speed is unknown, defaulting to 1000 [ 955.546085][ T5925] apple 0003:05AC:027D.0019: ignoring exceeding usage max [ 955.563050][ T5925] apple 0003:05AC:027D.0019: hidraw0: USB HID v0.04 Device [HID 05ac:027d] on usb-dummy_hcd.1-1/input0 [ 956.144366][T16327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 956.144959][T16327] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 956.332445][ T5925] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 956.482488][ T5925] usb 6-1: Using ep0 maxpacket: 32 [ 956.484589][ T5925] usb 6-1: config 0 has an invalid interface number: 108 but max is 0 [ 956.484617][ T5925] usb 6-1: config 0 has no interface number 0 [ 956.487214][ T5925] usb 6-1: New USB device found, idVendor=0f11, idProduct=2000, bcdDevice= c.46 [ 956.487244][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 956.487266][ T5925] usb 6-1: Product: syz [ 956.487281][ T5925] usb 6-1: Manufacturer: syz [ 956.487295][ T5925] usb 6-1: SerialNumber: syz [ 956.502728][ T5925] usb 6-1: config 0 descriptor?? [ 956.694864][T16338] futex_wake_op: syz.2.3181 tries to shift op by -2048; fix this program [ 956.774957][ T5925] ldusb 6-1:0.108: Interrupt in endpoint not found [ 956.778651][ T5925] usb 6-1: USB disconnect, device number 38 [ 957.368265][ T5925] usb 2-1: USB disconnect, device number 16 [ 958.047830][T16348] __nla_validate_parse: 1 callbacks suppressed [ 958.047852][T16348] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3182'. [ 958.441813][T16357] fuse: Bad value for 'group_id' [ 958.441838][T16357] fuse: Bad value for 'group_id' [ 959.170769][T16363] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3187'. [ 960.511683][T16397] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3199'. [ 964.458490][T16441] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3214'. [ 964.459697][T16441] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 965.382470][T16454] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3217'. [ 967.093749][T16474] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3222'. [ 967.441289][ T36] audit: type=1326 audit(1771800104.079:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16479 comm="syz.6.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 967.441329][ T36] audit: type=1326 audit(1771800104.079:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16479 comm="syz.6.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 967.441354][ T36] audit: type=1326 audit(1771800104.079:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16479 comm="syz.6.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 967.441404][ T36] audit: type=1326 audit(1771800104.079:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16479 comm="syz.6.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 967.441430][ T36] audit: type=1326 audit(1771800104.079:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16479 comm="syz.6.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 967.441455][ T36] audit: type=1326 audit(1771800104.079:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16479 comm="syz.6.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 967.441480][ T36] audit: type=1326 audit(1771800104.079:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16479 comm="syz.6.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 967.487500][ T36] audit: type=1326 audit(1771800104.129:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16479 comm="syz.6.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 967.487559][ T36] audit: type=1326 audit(1771800104.129:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16479 comm="syz.6.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 967.487606][ T36] audit: type=1326 audit(1771800104.129:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16479 comm="syz.6.3223" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 969.862390][ T10] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 970.022640][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 970.025047][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 970.025099][ T10] usb 6-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00 [ 970.025123][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 970.040110][ T10] usb 6-1: config 0 descriptor?? [ 970.648017][T16524] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 972.702406][T16530] vlan2: entered promiscuous mode [ 972.702443][T16530] macvlan1: entered promiscuous mode [ 973.867374][T16532] vlan2: entered promiscuous mode [ 973.867401][T16532] macvlan1: entered promiscuous mode [ 974.174941][ T10] usbhid 6-1:0.0: can't add hid device: -71 [ 974.175082][ T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 974.199230][ T10] usb 6-1: USB disconnect, device number 39 [ 974.469568][T16551] futex_wake_op: syz.1.3242 tries to shift op by -2048; fix this program [ 974.487057][T16551] loop9: detected capacity change from 0 to 7 [ 974.498977][T16543] buffer_io_error: 10 callbacks suppressed [ 974.498997][T16543] Buffer I/O error on dev loop9, logical block 0, async page read [ 974.499044][T16543] Buffer I/O error on dev loop9, logical block 0, async page read [ 974.499077][T16543] Buffer I/O error on dev loop9, logical block 0, async page read [ 974.499106][T16543] Buffer I/O error on dev loop9, logical block 0, async page read [ 974.499158][T16543] Buffer I/O error on dev loop9, logical block 0, async page read [ 974.499205][T16543] Buffer I/O error on dev loop9, logical block 0, async page read [ 974.499235][T16543] Buffer I/O error on dev loop9, logical block 0, async page read [ 974.499252][T16543] ldm_validate_partition_table(): Disk read failed. [ 974.499278][T16543] Buffer I/O error on dev loop9, logical block 0, async page read [ 974.499307][T16543] Buffer I/O error on dev loop9, logical block 0, async page read [ 974.499338][T16543] Buffer I/O error on dev loop9, logical block 0, async page read [ 974.499377][T16543] Dev loop9: unable to read RDB block 0 [ 974.499553][T16543] loop9: unable to read partition table [ 974.499849][T16543] loop9: partition table beyond EOD, truncated [ 974.508740][T16551] ldm_validate_partition_table(): Disk read failed. [ 974.508833][T16551] Dev loop9: unable to read RDB block 0 [ 974.508906][T16551] loop9: unable to read partition table [ 974.509117][T16551] loop9: partition table beyond EOD, truncated [ 974.509136][T16551] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ â·û [ 974.509136][T16551] ) failed (rc=-5) [ 974.510379][T16551] ldm_validate_partition_table(): Disk read failed. [ 974.510465][T16551] Dev loop9: unable to read RDB block 0 [ 974.510545][T16551] loop9: unable to read partition table [ 974.510782][T16551] loop9: partition table beyond EOD, truncated [ 977.262720][T16576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3250'. [ 977.264020][T16576] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 978.739109][T16589] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3246'. [ 978.739139][T16589] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3246'. [ 979.232944][ T5869] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 979.336071][T16598] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3255'. [ 979.888285][ T5869] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 979.888348][ T5869] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 979.888377][ T5869] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 979.888400][ T5869] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 979.889938][ T5869] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 979.889967][ T5869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 979.889990][ T5869] usb 2-1: SerialNumber: syz [ 980.093485][ T5869] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 980.094433][ T5869] usb-storage 2-1:1.0: USB Mass Storage device detected [ 980.197254][ T5869] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 981.429106][ T10] usb 2-1: USB disconnect, device number 17 [ 984.419817][T16651] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3274'. [ 986.274103][ T5869] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 986.435168][ T5869] usb 2-1: config 1 has an invalid descriptor of length 37, skipping remainder of the config [ 986.435242][ T5869] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 986.435273][ T5869] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 986.435296][ T5869] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 986.438356][ T5869] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 986.438378][ T5869] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 986.438391][ T5869] usb 2-1: SerialNumber: syz [ 986.524314][ T5869] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 986.524740][ T5869] usb-storage 2-1:1.0: USB Mass Storage device detected [ 986.530034][ T5869] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 986.602500][ T10] usb 6-1: new full-speed USB device number 40 using dummy_hcd [ 986.720866][T11656] usb 2-1: USB disconnect, device number 18 [ 986.756524][ T10] usb 6-1: too many endpoints for config 0 interface 0 altsetting 2: 254, using maximum allowed: 30 [ 986.756576][ T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 986.756592][ T10] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 986.756607][ T10] usb 6-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 986.756623][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 986.756643][ T10] usb 6-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 986.756657][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 986.760746][ T10] usb 6-1: config 0 descriptor?? [ 987.476921][ T10] usbhid 6-1:0.0: can't add hid device: -71 [ 987.477061][ T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 987.582781][T16699] netlink: 124 bytes leftover after parsing attributes in process `syz.6.3289'. [ 987.584990][ T10] usb 6-1: USB disconnect, device number 40 [ 988.938819][T16717] vlan2: entered promiscuous mode [ 989.871157][T16716] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3290'. [ 989.871190][T16716] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3290'. [ 991.336275][T16742] futex_wake_op: syz.6.3305 tries to shift op by -2048; fix this program [ 991.866637][T16746] vlan2: entered promiscuous mode [ 991.866663][T16746] macvlan1: entered promiscuous mode [ 993.202560][ T5873] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 993.354597][ T5873] usb 2-1: too many endpoints for config 0 interface 0 altsetting 2: 254, using maximum allowed: 30 [ 993.354663][ T5873] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 993.354693][ T5873] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 993.354717][ T5873] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 993.354747][ T5873] usb 2-1: config 0 interface 0 has no altsetting 0 [ 993.354783][ T5873] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 993.354808][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 993.360748][ T5873] usb 2-1: config 0 descriptor?? [ 993.642523][ T10] usb 6-1: new full-speed USB device number 41 using dummy_hcd [ 993.691384][T16750] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 993.809552][ T5873] usbhid 2-1:0.0: can't add hid device: -71 [ 993.809694][ T5873] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 993.816354][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 993.816390][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 993.816429][ T10] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00 [ 993.816452][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 993.877692][ T5873] usb 2-1: USB disconnect, device number 19 [ 994.013772][ T10] usb 6-1: config 0 descriptor?? [ 995.479550][ T10] konepure 0003:1E7D:2DBE.001A: item fetching failed at offset 3/7 [ 995.485710][ T10] konepure 0003:1E7D:2DBE.001A: parse failed [ 995.485801][ T10] konepure 0003:1E7D:2DBE.001A: probe with driver konepure failed with error -22 [ 995.723093][ T5998] usb 6-1: USB disconnect, device number 41 [ 995.930636][T16799] dvmrp0: entered allmulticast mode [ 996.669713][T16814] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3327'. [ 997.952320][ T5998] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 999.111965][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 999.112062][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 999.154976][ T5998] usb 2-1: too many endpoints for config 0 interface 0 altsetting 2: 254, using maximum allowed: 30 [ 999.155034][ T5998] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 999.155073][ T5998] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 999.155097][ T5998] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 999.155126][ T5998] usb 2-1: config 0 interface 0 has no altsetting 0 [ 999.155163][ T5998] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 999.155189][ T5998] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 999.234864][ T5998] usb 2-1: config 0 descriptor?? [ 999.377485][ T5998] usbhid 2-1:0.0: can't add hid device: -71 [ 999.377625][ T5998] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 999.396691][ T5998] usb 2-1: USB disconnect, device number 20 [ 999.538057][T16839] FAULT_INJECTION: forcing a failure. [ 999.538057][T16839] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 999.538109][T16839] CPU: 1 UID: 0 PID: 16839 Comm: syz.1.3339 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 999.538139][T16839] Tainted: [L]=SOFTLOCKUP [ 999.538147][T16839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 999.538160][T16839] Call Trace: [ 999.538169][T16839] [ 999.538178][T16839] dump_stack_lvl+0xe8/0x150 [ 999.538216][T16839] should_fail_ex+0x46b/0x600 [ 999.538257][T16839] _copy_from_user+0x2d/0xb0 [ 999.538285][T16839] __sys_connect+0x156/0x450 [ 999.538316][T16839] ? __pfx___sys_connect+0x10/0x10 [ 999.538355][T16839] ? __pfx_ksys_write+0x10/0x10 [ 999.538396][T16839] __x64_sys_connect+0x7a/0x90 [ 999.538423][T16839] do_syscall_64+0x14d/0xf80 [ 999.538451][T16839] ? trace_irq_disable+0x3b/0x150 [ 999.538478][T16839] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 999.538501][T16839] ? clear_bhb_loop+0x40/0x90 [ 999.538529][T16839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 999.538551][T16839] RIP: 0033:0x7f1d7797c629 [ 999.538573][T16839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 999.538592][T16839] RSP: 002b:00007f1d75bad028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 999.538616][T16839] RAX: ffffffffffffffda RBX: 00007f1d77bf6090 RCX: 00007f1d7797c629 [ 999.538632][T16839] RDX: 000000000000006e RSI: 000020000057eff8 RDI: 0000000000000003 [ 999.538647][T16839] RBP: 00007f1d75bad090 R08: 0000000000000000 R09: 0000000000000000 [ 999.538661][T16839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 999.538674][T16839] R13: 00007f1d77bf6128 R14: 00007f1d77bf6090 R15: 00007ffc37f723f8 [ 999.538711][T16839] [ 1001.974612][ T5873] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 1002.124462][ T5873] usb 2-1: too many endpoints for config 0 interface 0 altsetting 2: 254, using maximum allowed: 30 [ 1002.124518][ T5873] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1002.124547][ T5873] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1002.124572][ T5873] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 1002.124601][ T5873] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1002.124638][ T5873] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 1002.124663][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1002.129886][ T5873] usb 2-1: config 0 descriptor?? [ 1002.470030][T16872] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 1002.597937][ T5873] usbhid 2-1:0.0: can't add hid device: -71 [ 1002.598101][ T5873] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1002.641187][ T5873] usb 2-1: USB disconnect, device number 21 [ 1003.442540][ T5873] usb 6-1: new full-speed USB device number 42 using dummy_hcd [ 1004.716858][ T5873] usb 6-1: config 1 has an invalid descriptor of length 37, skipping remainder of the config [ 1004.716924][ T5873] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1004.716954][ T5873] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1004.716978][ T5873] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1004.718546][ T5873] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 1004.718575][ T5873] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1004.718596][ T5873] usb 6-1: SerialNumber: syz [ 1004.872943][ T5873] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22 [ 1004.900761][ T5873] usb-storage 6-1:1.0: USB Mass Storage device detected [ 1004.975376][ T5873] usb-storage 6-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 1005.108252][ T5873] usb 6-1: USB disconnect, device number 42 [ 1008.953974][T16946] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3374'. [ 1010.392402][T11656] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 1010.564870][T11656] usb 2-1: config 1 has an invalid descriptor of length 37, skipping remainder of the config [ 1010.564935][T11656] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1010.564976][T11656] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1010.565001][T11656] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1010.566530][T11656] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 1010.566560][T11656] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1010.566581][T11656] usb 2-1: SerialNumber: syz [ 1010.633352][T11656] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 1010.634035][T11656] usb-storage 2-1:1.0: USB Mass Storage device detected [ 1010.680649][T11656] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 1010.962717][T11656] usb 2-1: USB disconnect, device number 22 [ 1011.102475][ T5925] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 1011.224804][T16967] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3381'. [ 1011.262438][ T5925] usb 6-1: Using ep0 maxpacket: 8 [ 1011.265015][ T5925] usb 6-1: config index 0 descriptor too short (expected 74, got 45) [ 1011.265092][ T5925] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 1011.265124][ T5925] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1011.265152][ T5925] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1011.265186][ T5925] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 1011.265212][ T5925] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1011.265258][ T5925] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1011.265283][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1011.338739][ T5925] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22 [ 1011.699452][T16968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1011.700110][T16968] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1011.790159][ T5873] usb 6-1: USB disconnect, device number 43 [ 1011.870854][T16984] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3387'. [ 1012.438219][T16986] vcan0: tx address claim with dlc 0 [ 1013.227732][T17002] futex_wake_op: syz.0.3396 tries to shift op by -2048; fix this program [ 1013.592538][T17008] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3397'. [ 1013.745666][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 1013.747365][T16981] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3389'. [ 1013.912319][ T5925] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 1014.066532][ T5925] usb 6-1: Using ep0 maxpacket: 32 [ 1014.069354][ T5925] usb 6-1: config 0 has an invalid interface number: 132 but max is 0 [ 1014.069374][ T5925] usb 6-1: config 0 has no interface number 0 [ 1014.069402][ T5925] usb 6-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1014.103879][ T5925] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 1014.103909][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1014.103922][ T5925] usb 6-1: Product: syz [ 1014.103932][ T5925] usb 6-1: Manufacturer: syz [ 1014.103940][ T5925] usb 6-1: SerialNumber: syz [ 1014.112001][ T5925] usb 6-1: config 0 descriptor?? [ 1014.174509][ T5925] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 1014.174536][ T5925] em28xx 6-1:0.132: Video interface 132 found: [ 1014.292346][T11656] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 1014.450273][T11656] usb 2-1: too many endpoints for config 0 interface 0 altsetting 2: 254, using maximum allowed: 30 [ 1014.450444][T11656] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1014.450475][T11656] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1014.450563][T11656] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 1014.450594][T11656] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1014.450632][T11656] usb 2-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 1014.450659][T11656] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1014.537204][ T5925] em28xx 6-1:0.132: unknown em28xx chip ID (0) [ 1014.550026][T11656] usb 2-1: config 0 descriptor?? [ 1014.874932][T17017] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 1015.138545][T11656] usbhid 2-1:0.0: can't add hid device: -71 [ 1015.138760][T11656] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1015.162334][ T5925] em28xx 6-1:0.132: failed to read eeprom (err=-110) [ 1015.162396][ T5925] em28xx 6-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-110] [ 1015.194614][T11656] usb 2-1: USB disconnect, device number 23 [ 1015.442699][T17020] mac80211_hwsim hwsim17 wlan1: entered promiscuous mode [ 1015.442743][T17020] mac80211_hwsim hwsim17 wlan1: entered allmulticast mode [ 1015.448183][T17020] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3401'. [ 1015.762455][ T5925] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 1015.762490][ T5925] em28xx 6-1:0.132: analog set to bulk mode. [ 1015.764178][ T5934] em28xx 6-1:0.132: Registering V4L2 extension [ 1015.822580][ T5925] usb 6-1: USB disconnect, device number 44 [ 1015.824967][ T5925] em28xx 6-1:0.132: Disconnecting em28xx [ 1016.030612][T17029] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3404'. [ 1016.230121][ T5934] em28xx 6-1:0.132: Config register raw data: 0xffffffed [ 1016.230152][ T5934] em28xx 6-1:0.132: AC97 chip type couldn't be determined [ 1016.230167][ T5934] em28xx 6-1:0.132: No AC97 audio processor [ 1016.257549][ T5934] usb 6-1: Decoder not found [ 1016.257571][ T5934] em28xx 6-1:0.132: failed to create media graph [ 1016.257609][ T5934] em28xx 6-1:0.132: V4L2 device video103 deregistered [ 1016.455558][ T5934] em28xx 6-1:0.132: Remote control support is not available for this card. [ 1016.456925][ T5925] em28xx 6-1:0.132: Closing input extension [ 1016.645049][ T5925] em28xx 6-1:0.132: Freeing device [ 1016.865045][T17044] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3410'. [ 1016.865073][T17044] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3410'. [ 1017.014378][T17049] fuse: Unknown parameter '‚Ùq…õJé«y¥‚íâÜõà [ 1017.014378][T17049] Ñ>– 3çf; «zò­ÐZþ¼OØuà§;[@Z*Åo2œ â'N’x¥øv\\fÔ­ýiwN:©*hJ' [ 1018.576320][T17085] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3423'. [ 1020.059127][T17113] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3434'. [ 1020.589703][T17118] vlan2: entered promiscuous mode [ 1023.699833][T17139] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3440'. [ 1025.108352][ T36] kauditd_printk_skb: 6 callbacks suppressed [ 1025.108376][ T36] audit: type=1326 audit(1771800161.739:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17135 comm="syz.6.3440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1025.108707][ T36] audit: type=1326 audit(1771800161.749:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17135 comm="syz.6.3440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1025.110148][ T36] audit: type=1326 audit(1771800161.749:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17135 comm="syz.6.3440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1025.110476][ T36] audit: type=1326 audit(1771800161.749:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17135 comm="syz.6.3440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1025.110758][ T36] audit: type=1326 audit(1771800161.749:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17135 comm="syz.6.3440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1025.118565][ T36] audit: type=1326 audit(1771800161.749:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17135 comm="syz.6.3440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1025.119101][ T36] audit: type=1326 audit(1771800161.759:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17135 comm="syz.6.3440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1025.119370][ T36] audit: type=1326 audit(1771800161.759:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17135 comm="syz.6.3440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1025.280455][ T36] audit: type=1326 audit(1771800161.919:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17135 comm="syz.6.3440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1025.280509][ T36] audit: type=1326 audit(1771800161.919:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17135 comm="syz.6.3440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1025.299482][T17142] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3442'. [ 1025.299507][T17142] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3442'. [ 1025.552431][ T5998] usb 6-1: new low-speed USB device number 45 using dummy_hcd [ 1025.704755][ T5998] usb 6-1: config 0 has an invalid interface number: 3 but max is 0 [ 1025.704788][ T5998] usb 6-1: config 0 has no interface number 0 [ 1025.704849][ T5998] usb 6-1: config 0 interface 3 altsetting 0 endpoint 0x6 has invalid maxpacket 64, setting to 8 [ 1025.704881][ T5998] usb 6-1: config 0 interface 3 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 8 [ 1025.704927][ T5998] usb 6-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 1025.704953][ T5998] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1025.731654][ T5998] usb 6-1: config 0 descriptor?? [ 1025.734989][T17142] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1025.738292][ T5998] hub 6-1:0.3: bad descriptor, ignoring hub [ 1025.738328][ T5998] hub 6-1:0.3: probe with driver hub failed with error -5 [ 1025.739897][ T5998] sierra 6-1:0.3: Sierra USB modem converter detected [ 1027.449816][ T5998] usb 6-1: Sierra USB modem converter now attached to ttyUSB0 [ 1027.520837][T17173] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3452'. [ 1027.804405][ T5998] usb 6-1: USB disconnect, device number 45 [ 1027.835630][ T5998] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 1027.837725][ T5998] sierra 6-1:0.3: device disconnected [ 1027.999632][T17175] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3447'. [ 1027.999662][T17175] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3447'. [ 1029.219991][T17186] bridge0: port 1(bridge_slave_0) entered disabled state [ 1029.258218][T17186] bridge0: port 2(bridge_slave_1) entered disabled state [ 1029.992103][T17188] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3455'. [ 1030.302372][ T5873] usb 6-1: new full-speed USB device number 46 using dummy_hcd [ 1030.395664][ T5998] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1030.402148][ T633] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1030.475254][ T5873] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 1030.475286][ T5873] usb 6-1: config 0 has no interface number 0 [ 1030.475334][ T5873] usb 6-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid maxpacket 37766, setting to 64 [ 1030.475362][ T5873] usb 6-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1030.475390][ T5873] usb 6-1: config 0 interface 1 has no altsetting 0 [ 1030.475425][ T5873] usb 6-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 1030.475449][ T5873] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1030.482061][ T5873] usb 6-1: config 0 descriptor?? [ 1030.483420][T17188] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1030.592532][ T5998] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1030.783050][T17200] dvmrp0: left allmulticast mode [ 1031.115952][ T5873] uclogic 0003:145F:0212.001B: pen parameters not found [ 1031.115981][ T5873] uclogic 0003:145F:0212.001B: interface is invalid, ignoring [ 1031.423096][ T1016] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1031.423315][ T1016] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1031.443531][T17209] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3464'. [ 1031.974738][T17226] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3470'. [ 1032.059275][T17223] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3470'. [ 1032.303664][ T5873] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1032.402431][ T5873] usb 6-1: USB disconnect, device number 46 [ 1033.106007][T17250] bridge0: port 1(bridge_slave_0) entered disabled state [ 1033.135025][T17250] bridge0: port 2(bridge_slave_1) entered disabled state [ 1034.493287][T17264] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3475'. [ 1034.493318][T17264] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3475'. [ 1035.082363][ T5934] usb 6-1: new low-speed USB device number 47 using dummy_hcd [ 1035.234643][ T5934] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 1035.234678][ T5934] usb 6-1: config 179 has no interface number 0 [ 1035.234728][ T5934] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 1035.234757][ T5934] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8 [ 1035.234788][ T5934] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 1035.234879][ T5934] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1035.234905][ T5934] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1035.234953][ T5934] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1035.234978][ T5934] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1035.247690][T17271] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1035.278133][ T5934] xpad 6-1:179.65: probe with driver xpad failed with error -5 [ 1035.422405][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1035.507085][ T5934] usb 6-1: USB disconnect, device number 47 [ 1036.643619][T17296] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3493'. [ 1036.645294][T17296] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1036.750219][T17292] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3490'. [ 1036.750253][T17292] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3490'. [ 1036.872400][ T5934] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 1036.956457][T17302] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 1037.032409][ T5934] usb 6-1: Using ep0 maxpacket: 16 [ 1037.053414][ T5934] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1037.053444][ T5934] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1037.053465][ T5934] usb 6-1: Product: syz [ 1037.053478][ T5934] usb 6-1: Manufacturer: syz [ 1037.053492][ T5934] usb 6-1: SerialNumber: syz [ 1037.068733][ T5934] r8152-cfgselector 6-1: Unknown version 0x0000 [ 1037.068758][ T5934] r8152-cfgselector 6-1: config 0 descriptor?? [ 1037.304791][ T5934] r8152-cfgselector 6-1: Needed 2 retries to read version [ 1037.529009][ T5925] r8152-cfgselector 6-1: USB disconnect, device number 48 [ 1040.336245][T17323] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3499'. [ 1040.336277][T17323] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3499'. [ 1040.632479][T17332] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3507'. [ 1040.638961][T17332] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1041.084623][T17340] bridge0: port 1(bridge_slave_0) entered disabled state [ 1041.087036][T17340] bridge0: port 2(bridge_slave_1) entered disabled state [ 1041.870035][T17347] vlan2: entered promiscuous mode [ 1041.870089][T17347] macvlan1: entered promiscuous mode [ 1043.823369][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1043.986511][T17356] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3516'. [ 1044.094744][T17356] macvtap1: entered promiscuous mode [ 1044.977112][T17371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3518'. [ 1045.449882][T17370] macvtap1: left promiscuous mode [ 1046.300244][T17384] tmpfs: Bad value for 'mpol' [ 1046.489053][T17385] vlan2: entered promiscuous mode [ 1050.205443][T17408] macvlan2: left promiscuous mode [ 1052.829452][T17411] bridge2: entered allmulticast mode [ 1052.833112][T17411] team0: Port device bridge2 added [ 1052.974780][T17411] bridge0: port 1(team0) entered blocking state [ 1052.974895][T17411] bridge0: port 1(team0) entered disabled state [ 1052.975075][T17411] team0: entered allmulticast mode [ 1052.975093][T17411] macvlan2: entered allmulticast mode [ 1052.975106][T17411] bond0: entered allmulticast mode [ 1052.976049][T17411] netdevsim netdevsim6 netdevsim0: entered allmulticast mode [ 1053.009251][T17411] team0: entered promiscuous mode [ 1053.009275][T17411] macvlan2: entered promiscuous mode [ 1053.009291][T17411] bond0: entered promiscuous mode [ 1053.010004][T17411] netdevsim netdevsim6 netdevsim0: entered promiscuous mode [ 1053.032699][T17411] bridge2: entered promiscuous mode [ 1053.320059][T17419] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3538'. [ 1055.140540][T17432] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3541'. [ 1058.448185][T17465] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3553'. [ 1060.264216][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1060.281317][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1060.281395][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1060.972352][ T5998] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 1061.142300][ T5998] usb 6-1: Using ep0 maxpacket: 8 [ 1061.147454][ T5998] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1061.148854][ T5998] usb 6-1: config 4 interface 0 has no altsetting 0 [ 1061.182462][ T5998] usb 6-1: string descriptor 0 read error: -22 [ 1061.182629][ T5998] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 1061.182656][ T5998] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1061.207383][ T5998] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 1061.281817][ T5998] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1061.293101][ T5998] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 1061.293185][ T5998] usb 6-1: media controller created [ 1061.411067][ T5998] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1061.760461][ T5998] zl10353_read_register: readreg error (reg=127, ret==0) [ 1062.016393][ T5998] usb 6-1: USB disconnect, device number 49 [ 1063.330531][T17502] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3564'. [ 1064.434675][T17523] mac80211_hwsim hwsim17 wlan1: left promiscuous mode [ 1064.454363][T17523] bond1: left promiscuous mode [ 1064.454423][T17523] bridge1: left promiscuous mode [ 1064.589249][ T5998] wg1 speed is unknown, defaulting to 1000 [ 1066.545761][T17546] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3582'. [ 1066.652888][T17546] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3582'. [ 1066.856023][ T5998] usb 6-1: new full-speed USB device number 50 using dummy_hcd [ 1067.246034][T17522] vlan2: entered promiscuous mode [ 1067.554764][ T5998] usb 6-1: too many endpoints for config 0 interface 0 altsetting 2: 254, using maximum allowed: 30 [ 1067.554821][ T5998] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1067.554852][ T5998] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1067.554877][ T5998] usb 6-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 1067.554908][ T5998] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1067.554945][ T5998] usb 6-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 1067.554971][ T5998] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1067.561288][ T5998] usb 6-1: config 0 descriptor?? [ 1067.969166][ T5998] usbhid 6-1:0.0: can't add hid device: -71 [ 1067.969301][ T5998] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1067.997768][ T5998] usb 6-1: USB disconnect, device number 50 [ 1069.429227][T17574] netlink: 'syz.2.3592': attribute type 5 has an invalid length. [ 1076.264188][T17610] 9p: Bad value for 'rfdno' [ 1078.008174][T17637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3616'. [ 1078.248861][T17642] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3614'. [ 1078.248941][T17642] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3614'. [ 1084.014057][T17667] netlink: 'syz.5.3624': attribute type 1 has an invalid length. [ 1085.753326][T17687] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3628'. [ 1085.759131][T17687] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3628'. [ 1086.454856][T17697] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3630'. [ 1086.454948][T17697] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3630'. [ 1087.529031][T17700] netlink: 264 bytes leftover after parsing attributes in process `syz.1.3631'. [ 1087.529062][T17700] openvswitch: netlink: Flow key attr not present in new flow. [ 1087.803295][T17704] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3633'. [ 1090.682883][T17758] vlan2: entered promiscuous mode [ 1091.491801][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1092.046173][T17767] vlan2: entered promiscuous mode [ 1096.576950][T17799] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3668'. [ 1096.712894][T17799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3668'. [ 1096.731978][T17799] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3668'. [ 1096.763059][T17799] netlink: 'syz.1.3668': attribute type 11 has an invalid length. [ 1096.786417][ T36] kauditd_printk_skb: 4 callbacks suppressed [ 1096.786439][ T36] audit: type=1326 audit(1771800233.429:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17801 comm="syz.6.3669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1096.788765][ T36] audit: type=1326 audit(1771800233.429:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17801 comm="syz.6.3669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1096.789582][ T36] audit: type=1326 audit(1771800233.429:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17801 comm="syz.6.3669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1096.789979][ T36] audit: type=1326 audit(1771800233.429:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17801 comm="syz.6.3669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1096.791711][ T36] audit: type=1326 audit(1771800233.429:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17801 comm="syz.6.3669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1096.806245][ T36] audit: type=1326 audit(1771800233.439:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17801 comm="syz.6.3669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1096.807391][ T36] audit: type=1326 audit(1771800233.449:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17801 comm="syz.6.3669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1096.807919][ T36] audit: type=1326 audit(1771800233.449:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17801 comm="syz.6.3669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1096.808476][ T36] audit: type=1326 audit(1771800233.449:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17801 comm="syz.6.3669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1096.810222][ T36] audit: type=1326 audit(1771800233.449:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17801 comm="syz.6.3669" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1097.647540][T17811] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3671'. [ 1097.647634][T17811] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3671'. [ 1098.527288][T17823] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3676'. [ 1098.528539][T17823] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1099.132317][ T5925] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 1101.509035][ T5925] usb 6-1: config 0 has an invalid interface number: 64 but max is 0 [ 1101.509078][ T5925] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1101.509098][ T5925] usb 6-1: config 0 has no interface number 0 [ 1101.537665][ T5925] usb 6-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 1101.537698][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.537721][ T5925] usb 6-1: Product: syz [ 1101.537738][ T5925] usb 6-1: Manufacturer: syz [ 1101.537753][ T5925] usb 6-1: SerialNumber: syz [ 1101.586775][ T5925] usb 6-1: config 0 descriptor?? [ 1101.904076][ T5925] uvcvideo 6-1:0.64: Found UVC 0.08 device syz (046d:0823) [ 1101.904185][ T5925] uvcvideo 6-1:0.64: No valid video chain found. [ 1101.928949][T17856] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3685'. [ 1101.929034][T17856] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3685'. [ 1102.682388][ T5925] usb 6-1: USB disconnect, device number 51 [ 1104.285000][T17875] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3692'. [ 1106.164896][ T5873] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 1106.512344][ T5873] usb 6-1: Using ep0 maxpacket: 16 [ 1106.514679][ T5873] usb 6-1: config 0 has an invalid interface number: 214 but max is 0 [ 1106.514709][ T5873] usb 6-1: config 0 has no interface number 0 [ 1106.514756][ T5873] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 247, changing to 11 [ 1106.517667][ T5873] usb 6-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1106.517698][ T5873] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1106.517719][ T5873] usb 6-1: Product: syz [ 1106.517810][ T5873] usb 6-1: Manufacturer: syz [ 1106.517820][ T5873] usb 6-1: SerialNumber: syz [ 1106.521575][ T5873] usb 6-1: config 0 descriptor?? [ 1106.820137][ T5873] usbtouchscreen 6-1:0.214: Failed to read FW rev: -71 [ 1106.820575][ T5873] usbtouchscreen 6-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 1106.873453][ T5873] usb 6-1: USB disconnect, device number 52 [ 1108.842005][ T36] kauditd_printk_skb: 40 callbacks suppressed [ 1108.842026][ T36] audit: type=1326 audit(1771800245.479:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17915 comm="syz.6.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1108.874082][ T36] audit: type=1326 audit(1771800245.519:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17915 comm="syz.6.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1108.882359][ T36] audit: type=1326 audit(1771800245.519:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17915 comm="syz.6.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1108.882416][ T36] audit: type=1326 audit(1771800245.519:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17915 comm="syz.6.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1108.882525][ T36] audit: type=1326 audit(1771800245.519:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17915 comm="syz.6.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1108.885449][ T36] audit: type=1326 audit(1771800245.529:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17915 comm="syz.6.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1108.885500][ T36] audit: type=1326 audit(1771800245.529:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17915 comm="syz.6.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1108.885553][ T36] audit: type=1326 audit(1771800245.529:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17915 comm="syz.6.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1108.885593][ T36] audit: type=1326 audit(1771800245.529:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17915 comm="syz.6.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1108.885634][ T36] audit: type=1326 audit(1771800245.529:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17915 comm="syz.6.3706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1109.788115][T17940] netlink: 'syz.2.3717': attribute type 21 has an invalid length. [ 1109.827971][T17941] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3716'. [ 1111.701856][T17965] cifs: Unknown parameter 'h}#úä [ 1111.701856][T17965] Ü[—Íñ¦bšÿÿÿITäŒ&¬æ:ÅèÙ"‚Õëï1:ºÃÃÓ­'Ä4,Zz-#FÇ<æõ]%gCžÊ [ 1111.701856][T17965] SÃȘØÈžZ§6ŸÂ' [ 1113.761955][T17997] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3734'. [ 1115.922245][ T5869] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 1116.122249][ T5869] usb 6-1: Using ep0 maxpacket: 16 [ 1116.135364][ T5869] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1116.135398][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1116.135580][ T5869] usb 6-1: Product: syz [ 1116.135598][ T5869] usb 6-1: Manufacturer: syz [ 1116.135778][ T5869] usb 6-1: SerialNumber: syz [ 1116.163013][ T5869] r8152-cfgselector 6-1: Unknown version 0x0000 [ 1116.163040][ T5869] r8152-cfgselector 6-1: config 0 descriptor?? [ 1116.375429][ T5869] r8152-cfgselector 6-1: Needed 2 retries to read version [ 1116.969915][ T5869] r8152-cfgselector 6-1: USB disconnect, device number 53 [ 1122.178837][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1122.178989][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1124.558997][ T5934] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 1124.902319][ T5934] usb 6-1: Using ep0 maxpacket: 16 [ 1124.904864][ T5934] usb 6-1: config 0 has an invalid interface number: 214 but max is 0 [ 1124.904893][ T5934] usb 6-1: config 0 has no interface number 0 [ 1124.904971][ T5934] usb 6-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 247, changing to 11 [ 1124.909478][ T5934] usb 6-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 1124.909509][ T5934] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1124.909532][ T5934] usb 6-1: Product: syz [ 1124.909547][ T5934] usb 6-1: Manufacturer: syz [ 1124.909563][ T5934] usb 6-1: SerialNumber: syz [ 1125.011575][ T5934] usb 6-1: config 0 descriptor?? [ 1125.232374][ T5934] usbtouchscreen 6-1:0.214: Failed to read FW rev: -71 [ 1125.232759][ T5934] usbtouchscreen 6-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 1125.266639][ T5934] usb 6-1: USB disconnect, device number 54 [ 1128.358415][ T36] kauditd_printk_skb: 32 callbacks suppressed [ 1128.358438][ T36] audit: type=1326 audit(1771800264.999:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18114 comm="syz.6.3778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1128.358492][ T36] audit: type=1326 audit(1771800264.999:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18114 comm="syz.6.3778" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1131.188299][ T36] audit: type=1326 audit(1771800267.829:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18148 comm="syz.1.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1131.549556][ T36] audit: type=1326 audit(1771800267.829:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18148 comm="syz.1.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1131.549774][ T36] audit: type=1326 audit(1771800267.859:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18148 comm="syz.1.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1131.549988][ T36] audit: type=1326 audit(1771800267.859:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18148 comm="syz.1.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1131.550352][ T36] audit: type=1326 audit(1771800267.859:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18148 comm="syz.1.3792" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1132.422283][ T36] audit: type=1326 audit(1771800269.029:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18149 comm="syz.6.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa32840c629 code=0x7ffc0000 [ 1135.031481][ T36] audit: type=1326 audit(1771800271.669:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18179 comm="syz.2.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1135.057575][ T36] audit: type=1326 audit(1771800271.669:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18179 comm="syz.2.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1135.100105][ T36] audit: type=1326 audit(1771800271.739:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18179 comm="syz.2.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1135.100167][ T36] audit: type=1326 audit(1771800271.739:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18179 comm="syz.2.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1135.100216][ T36] audit: type=1326 audit(1771800271.739:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18179 comm="syz.2.3803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1135.585141][T18187] netlink: 324 bytes leftover after parsing attributes in process `syz.2.3805'. [ 1137.647690][T18211] vlan2: entered promiscuous mode [ 1138.908356][T18225] netlink: 324 bytes leftover after parsing attributes in process `syz.0.3819'. [ 1139.572004][T18246] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.3827'. [ 1139.584531][T18246] netlink: 186652 bytes leftover after parsing attributes in process `syz.0.3827'. [ 1139.821982][T18256] netlink: 324 bytes leftover after parsing attributes in process `syz.5.3832'. [ 1140.532333][ T5934] usb 6-1: new high-speed USB device number 55 using dummy_hcd [ 1140.617054][T18284] dvmrp0: entered allmulticast mode [ 1140.677350][T18285] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 1140.695397][ T5934] usb 6-1: Using ep0 maxpacket: 8 [ 1140.697746][ T5934] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 1140.697802][ T5934] usb 6-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00 [ 1140.697829][ T5934] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1140.741708][ T5934] usb 6-1: config 0 descriptor?? [ 1141.376362][T18302] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3853'. [ 1141.497715][T18305] vlan2: entered promiscuous mode [ 1141.609893][T18306] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1142.090960][T18312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3857'. [ 1142.436060][ T5934] usbhid 6-1:0.0: can't add hid device: -71 [ 1142.436192][ T5934] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1142.465097][ T5934] usb 6-1: USB disconnect, device number 55 [ 1143.622294][ T5869] usb 6-1: new high-speed USB device number 56 using dummy_hcd [ 1143.772329][ T5869] usb 6-1: Using ep0 maxpacket: 16 [ 1143.841025][T18334] vlan2: entered promiscuous mode [ 1143.860279][ T5869] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1143.860306][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1143.860318][ T5869] usb 6-1: Product: syz [ 1143.860327][ T5869] usb 6-1: Manufacturer: syz [ 1143.860336][ T5869] usb 6-1: SerialNumber: syz [ 1144.062963][ T5869] r8152-cfgselector 6-1: Unknown version 0x0000 [ 1144.062991][ T5869] r8152-cfgselector 6-1: config 0 descriptor?? [ 1144.296803][ T5869] r8152-cfgselector 6-1: Needed 2 retries to read version [ 1144.514160][ T5934] r8152-cfgselector 6-1: USB disconnect, device number 56 [ 1145.419517][T18337] delete_channel: no stack [ 1145.991902][T18357] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1146.652852][T18373] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3879'. [ 1147.479373][T18389] dvmrp0: entered allmulticast mode [ 1147.481007][T18389] dvmrp0: left allmulticast mode [ 1148.664154][T18410] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 1148.868169][T18415] snd_dummy snd_dummy.0: control 4:4:4:syz0:4096 is already present [ 1148.869123][T18415] netlink: 'syz.0.3894': attribute type 62 has an invalid length. [ 1151.476007][T18457] vlan2: entered promiscuous mode [ 1151.579363][T18461] fuse: Bad value for 'fd' [ 1152.085534][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1152.198142][T18465] wg1 speed is unknown, defaulting to 1000 [ 1155.789885][T18496] delete_channel: no stack [ 1158.488252][T18542] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1158.636611][T18544] gretap1: entered promiscuous mode [ 1158.983033][ T5998] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 1158.991918][T18553] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1159.337029][T18560] netlink: 'syz.2.3946': attribute type 32 has an invalid length. [ 1159.465836][ T5998] usb 6-1: config index 0 descriptor too short (expected 1051, got 27) [ 1159.465868][ T5998] usb 6-1: config 0 has an invalid interface number: 0 but max is -1 [ 1159.465888][ T5998] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 1159.465938][ T5998] usb 6-1: config 0 interface 0 altsetting 12 bulk endpoint 0x87 has invalid maxpacket 149 [ 1159.465963][ T5998] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1159.468970][ T5998] usb 6-1: New USB device found, idVendor=06cd, idProduct=010a, bcdDevice=d9.c3 [ 1159.468998][ T5998] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1159.469018][ T5998] usb 6-1: Product: syz [ 1159.469032][ T5998] usb 6-1: Manufacturer: syz [ 1159.469046][ T5998] usb 6-1: SerialNumber: syz [ 1159.505220][ T5998] usb 6-1: config 0 descriptor?? [ 1159.506151][T18541] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1159.532154][T18561] vlan2: entered promiscuous mode [ 1160.548042][T18565] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1161.326212][ T5998] keyspan 6-1:0.0: Keyspan 4 port adapter converter detected [ 1161.326529][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 7 [ 1161.368150][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 81 [ 1161.368402][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 1 [ 1161.402664][ T5998] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 1161.410913][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 82 [ 1161.411023][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 2 [ 1161.440273][ T5998] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 1161.456064][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 83 [ 1161.456173][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 3 [ 1161.483617][ T5998] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 1161.486469][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 84 [ 1161.486581][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 4 [ 1161.519662][ T5998] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 1161.540968][ T5998] usb 6-1: USB disconnect, device number 57 [ 1161.565559][ T5998] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 1161.571981][ T5998] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 1161.598179][ T5998] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 1161.614090][ T5998] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 1161.615250][ T5998] keyspan 6-1:0.0: device disconnected [ 1163.235327][T18603] vlan2: entered promiscuous mode [ 1163.819038][T18607] netlink: 7060 bytes leftover after parsing attributes in process `syz.0.3962'. [ 1164.017419][T18604] IPVS: persistence engine module ip_vs_pe_ not found [ 1164.173584][T18612] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3963'. [ 1164.676339][T18617] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1165.132552][T18627] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3970'. [ 1166.793679][T18637] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1166.912419][T18643] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3976'. [ 1166.912452][T18643] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3976'. [ 1167.317385][T18665] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1167.473301][T18669] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3985'. [ 1167.674555][T18675] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1169.049597][T18685] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3991'. [ 1169.049628][T18685] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3991'. [ 1171.751891][T18721] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1171.995195][T18725] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4003'. [ 1171.995225][T18725] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4003'. [ 1172.007157][T18726] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1173.332466][T18737] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4008'. [ 1173.433611][ T36] audit: type=1800 audit(1771800310.079:338): pid=18741 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.4007" name="nullb0" dev="tmpfs" ino=2591 res=0 errno=0 [ 1173.439676][T18742] netlink: 'syz.2.4008': attribute type 4 has an invalid length. [ 1173.439701][T18742] netlink: 84 bytes leftover after parsing attributes in process `syz.2.4008'. [ 1173.485890][T18738] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4006'. [ 1174.171271][T18765] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4017'. [ 1174.285668][T18770] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1174.837769][T18786] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4023'. [ 1175.491891][T18788] wg1 speed is unknown, defaulting to 1000 [ 1177.976768][T18824] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4036'. [ 1178.622314][ T5925] usb 6-1: new high-speed USB device number 58 using dummy_hcd [ 1178.782506][ T5925] usb 6-1: Using ep0 maxpacket: 8 [ 1178.788907][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 1178.788965][ T5925] usb 6-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00 [ 1178.788991][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1178.794914][ T5925] usb 6-1: config 0 descriptor?? [ 1179.705448][T18840] delete_channel: no stack [ 1179.857823][T18846] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4042'. [ 1179.874182][T18846] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1180.178286][ T5925] nintendo 0003:057E:2009.001C: hidraw0: USB HID v80.0d Device [HID 057e:2009] on usb-dummy_hcd.5-1/input0 [ 1180.235484][ T5925] nintendo 0003:057E:2009.001C: Failed to get joycon info; ret=-38 [ 1180.235516][ T5925] nintendo 0003:057E:2009.001C: Failed to retrieve controller info; ret=-38 [ 1180.235538][ T5925] nintendo 0003:057E:2009.001C: Failed to initialize controller; ret=-38 [ 1180.289502][ T5925] nintendo 0003:057E:2009.001C: probe - fail = -38 [ 1180.289716][ T5925] nintendo 0003:057E:2009.001C: probe with driver nintendo failed with error -38 [ 1180.891913][ T36] audit: type=1326 audit(1771800317.529:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18863 comm="syz.2.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1180.891974][ T36] audit: type=1326 audit(1771800317.529:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18863 comm="syz.2.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1180.916139][ T36] audit: type=1326 audit(1771800317.559:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18863 comm="syz.2.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=256 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1180.916205][ T36] audit: type=1326 audit(1771800317.559:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18863 comm="syz.2.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1180.916248][ T36] audit: type=1326 audit(1771800317.559:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18863 comm="syz.2.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1180.916288][ T36] audit: type=1326 audit(1771800317.559:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18863 comm="syz.2.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1180.916327][ T36] audit: type=1326 audit(1771800317.559:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18863 comm="syz.2.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1180.916369][ T36] audit: type=1326 audit(1771800317.559:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18863 comm="syz.2.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1180.927516][ T36] audit: type=1326 audit(1771800317.569:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18863 comm="syz.2.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1180.927569][ T36] audit: type=1326 audit(1771800317.569:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18863 comm="syz.2.4050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1181.160514][ T5934] usb 6-1: USB disconnect, device number 58 [ 1181.366045][T18864] can: request_module (can-proto-5) failed. [ 1182.802908][T18883] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4051'. [ 1182.839120][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1182.839279][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1183.312814][T18884] vlan2: entered promiscuous mode [ 1185.420967][T18888] delete_channel: no stack [ 1186.579474][T18908] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1187.590868][T18920] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1189.527131][ T5925] usb 6-1: new full-speed USB device number 59 using dummy_hcd [ 1190.181762][ T5925] usb 6-1: config 1 has an invalid descriptor of length 37, skipping remainder of the config [ 1190.181849][ T5925] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1190.181880][ T5925] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1190.181905][ T5925] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1190.281526][ T5925] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 1190.281564][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1190.281586][ T5925] usb 6-1: SerialNumber: syz [ 1190.292838][T18961] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4081'. [ 1190.358034][ T5925] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22 [ 1190.358805][ T5925] usb-storage 6-1:1.0: USB Mass Storage device detected [ 1190.393957][ T5925] usb-storage 6-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 1191.301080][T18962] delete_channel: no stack [ 1191.596162][ T5925] usb 6-1: USB disconnect, device number 59 [ 1191.949583][T18985] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1192.088864][T18993] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1192.210266][T18995] netlink: 1584 bytes leftover after parsing attributes in process `syz.1.4091'. [ 1193.039082][T19002] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4094'. [ 1194.736374][T19026] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1195.106811][T19028] netlink: 'syz.5.4105': attribute type 10 has an invalid length. [ 1195.106857][T19028] ipvlan1: entered promiscuous mode [ 1195.113491][T19028] team0: Device ipvlan1 failed to register rx_handler [ 1195.312691][T19020] netlink: 116 bytes leftover after parsing attributes in process `syz.2.4102'. [ 1196.272694][T19032] delete_channel: no stack [ 1197.779508][T19057] netlink: 'syz.2.4116': attribute type 4 has an invalid length. [ 1197.854068][T19064] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4116'. [ 1197.977818][T19066] netlink: 'syz.2.4116': attribute type 4 has an invalid length. [ 1200.029831][T19064] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 1201.359363][T19101] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 1203.124767][T19124] netlink: 80 bytes leftover after parsing attributes in process `syz.0.4140'. [ 1203.302383][ T36] kauditd_printk_skb: 5 callbacks suppressed [ 1203.302406][ T36] audit: type=1326 audit(1771800339.909:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.2.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1203.302460][ T36] audit: type=1326 audit(1771800339.909:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.2.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1203.302508][ T36] audit: type=1326 audit(1771800339.909:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.2.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1203.302556][ T36] audit: type=1326 audit(1771800339.909:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.2.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1203.302613][ T36] audit: type=1326 audit(1771800339.909:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.2.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1203.302669][ T36] audit: type=1326 audit(1771800339.909:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.2.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1203.302723][ T36] audit: type=1326 audit(1771800339.909:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.2.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1203.302769][ T36] audit: type=1326 audit(1771800339.919:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.2.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f304c51cece code=0x7ffc0000 [ 1203.302816][ T36] audit: type=1326 audit(1771800339.919:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.2.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1203.302863][ T36] audit: type=1326 audit(1771800339.919:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.2.4141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f304c51cece code=0x7ffc0000 [ 1203.566727][ T5934] usb 6-1: new high-speed USB device number 60 using dummy_hcd [ 1203.802980][T19139] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4142'. [ 1203.915372][ T5934] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1203.915405][ T5934] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1203.918058][ T5934] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1203.918089][ T5934] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1203.918111][ T5934] usb 6-1: SerialNumber: syz [ 1204.511178][T19130] delete_channel: no stack [ 1204.791776][ T5934] usb 6-1: 0:2 : does not exist [ 1204.791886][ T5934] usb 6-1: unit 5: unexpected type 0x0a [ 1204.879229][ T5934] usb 6-1: USB disconnect, device number 60 [ 1204.940384][T19140] udevd[19140]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1204.995725][T19149] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1205.200069][T19156] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1206.801706][T19165] bridge0: entered promiscuous mode [ 1207.599735][T19176] wg1 speed is unknown, defaulting to 1000 [ 1207.632372][ T5925] usb 6-1: new full-speed USB device number 61 using dummy_hcd [ 1207.784489][ T5925] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1207.784510][ T5925] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1207.787030][ T5925] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1207.787063][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1207.787085][ T5925] usb 6-1: Product: syz [ 1207.787100][ T5925] usb 6-1: Manufacturer: syz [ 1207.787114][ T5925] usb 6-1: SerialNumber: syz [ 1208.226509][T19191] netlink: 792 bytes leftover after parsing attributes in process `syz.0.4161'. [ 1208.398428][T19195] macsec1: entered promiscuous mode [ 1208.398455][T19195] macvlan0: entered promiscuous mode [ 1208.467441][T19195] macvlan0: left promiscuous mode [ 1208.518838][T19162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1208.519460][T19162] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1208.682347][T19165] bridge0: left promiscuous mode [ 1208.942507][ T5934] usb 6-1: USB disconnect, device number 61 [ 1209.080026][T19217] netlink: 'syz.1.4170': attribute type 10 has an invalid length. [ 1209.080068][T19217] ipvlan1: entered promiscuous mode [ 1209.097495][T19217] team0: Device ipvlan1 failed to register rx_handler [ 1209.149884][T19219] netlink: 'syz.1.4171': attribute type 1 has an invalid length. [ 1209.381258][T19223] netlink: 'syz.6.4172': attribute type 4 has an invalid length. [ 1209.385412][T19223] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4172'. [ 1209.513264][T19227] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 1209.709685][T19231] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4176'. [ 1209.863096][T19236] netlink: 'syz.1.4177': attribute type 1 has an invalid length. [ 1210.367231][T19248] ipvlan1: left promiscuous mode [ 1211.502443][T19250] netlink: 'syz.6.4183': attribute type 4 has an invalid length. [ 1211.503488][T19250] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4183'. [ 1212.040687][T19258] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4187'. [ 1213.528638][T19258] bond_slave_0: entered promiscuous mode [ 1213.528701][T19258] bond_slave_1: entered promiscuous mode [ 1213.528861][T19258] macvlan2: entered promiscuous mode [ 1213.528876][T19258] bond0: entered promiscuous mode [ 1213.531165][T19258] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1214.666723][T19264] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1214.804305][T19264] bond1: (slave lo): Enslaving as an active interface with an up link [ 1215.487301][T19264] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1215.694678][T19273] ipvlan1: left promiscuous mode [ 1216.280098][T19277] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4192'. [ 1216.461933][T19282] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1216.680353][T19289] netlink: 'syz.5.4196': attribute type 4 has an invalid length. [ 1216.714979][T19289] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4196'. [ 1216.715032][T19289] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 1218.337823][T19315] netlink: 792 bytes leftover after parsing attributes in process `syz.6.4204'. [ 1218.405122][T19314] netdevsim netdevsim5 netdevsim0: left promiscuous mode [ 1218.583281][T19321] tmpfs: Unexpected value for 'inode32' [ 1220.079120][T19336] delete_channel: no stack [ 1220.780133][T19349] netlink: 792 bytes leftover after parsing attributes in process `syz.1.4216'. [ 1220.815325][T19348] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1220.971469][ T36] kauditd_printk_skb: 19 callbacks suppressed [ 1220.971490][ T36] audit: type=1326 audit(1771800357.609:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19351 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1220.973157][ T36] audit: type=1326 audit(1771800357.619:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19351 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1220.973729][ T36] audit: type=1326 audit(1771800357.619:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19351 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1220.973977][ T36] audit: type=1326 audit(1771800357.619:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19351 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1220.974240][ T36] audit: type=1326 audit(1771800357.619:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19351 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1220.974666][ T36] audit: type=1326 audit(1771800357.619:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19351 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f304c51cece code=0x7ffc0000 [ 1220.975228][ T36] audit: type=1326 audit(1771800357.619:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19351 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f304c51cece code=0x7ffc0000 [ 1220.975727][ T36] audit: type=1326 audit(1771800357.619:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19351 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f304c51cece code=0x7ffc0000 [ 1220.976182][ T36] audit: type=1326 audit(1771800357.619:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19351 comm="syz.2.4218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f304c55c629 code=0x7ffc0000 [ 1223.883758][T19364] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4221'. [ 1224.399431][T19381] netlink: 792 bytes leftover after parsing attributes in process `syz.6.4229'. [ 1224.625646][T19385] vlan2: entered promiscuous mode [ 1226.369409][T19387] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 1227.192891][T19403] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1227.628020][T19414] /dev/nullb0: Can't lookup blockdev [ 1230.672263][ T809] usb 6-1: new high-speed USB device number 62 using dummy_hcd [ 1231.321760][T19443] delete_channel: no stack [ 1231.325802][ T809] usb 6-1: device descriptor read/64, error -71 [ 1231.662429][ T809] usb 6-1: new high-speed USB device number 63 using dummy_hcd [ 1231.792213][ T809] usb 6-1: device descriptor read/64, error -71 [ 1231.851275][T19464] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1231.905561][ T809] usb usb6-port1: attempt power cycle [ 1232.005267][ T5802] kworker/0:5 (5802) used greatest stack depth: 15840 bytes left [ 1232.229506][T19467] netlink: 792 bytes leftover after parsing attributes in process `syz.6.4253'. [ 1232.302380][ T809] usb 6-1: new high-speed USB device number 64 using dummy_hcd [ 1232.322998][ T809] usb 6-1: device descriptor read/8, error -71 [ 1233.072867][ T809] usb 6-1: new high-speed USB device number 65 using dummy_hcd [ 1233.211434][ T809] usb 6-1: device descriptor read/8, error -71 [ 1233.280334][T19475] vlan2: entered allmulticast mode [ 1233.280361][T19475] hsr0: entered allmulticast mode [ 1233.280375][T19475] hsr_slave_0: entered allmulticast mode [ 1233.280397][T19475] hsr_slave_1: entered allmulticast mode [ 1233.312804][ T809] usb usb6-port1: unable to enumerate USB device [ 1235.294314][T19481] delete_channel: no stack [ 1235.461646][T19493] dvmrp0: entered allmulticast mode [ 1237.524361][T19519] gretap1: left promiscuous mode [ 1237.525538][T19519] macvlan2: left promiscuous mode [ 1237.525555][T19519] bond0: left promiscuous mode [ 1241.786209][ T5934] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 1242.791930][T19544] netlink: 'syz.0.4279': attribute type 4 has an invalid length. [ 1242.800246][ T5934] usb 6-1: device descriptor read/all, error -71 [ 1242.852917][T19544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4279'. [ 1242.852973][T19544] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 1243.157086][T19547] vlan2: entered promiscuous mode [ 1244.002620][T19549] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4280'. [ 1244.222330][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1244.222410][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1244.449563][T19567] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4286'. [ 1244.506020][T19567] macvtap2: entered promiscuous mode [ 1244.876309][T19574] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 1245.828403][T19583] netlink: 'syz.0.4294': attribute type 4 has an invalid length. [ 1245.829362][T19583] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4294'. [ 1247.776387][T19616] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4306'. [ 1248.996471][T19628] vlan2: entered promiscuous mode [ 1251.966747][T19633] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4311'. [ 1253.363116][T19651] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2 [ 1254.940814][T19663] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1255.722195][T19677] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1256.008531][T19679] netlink: 'syz.6.4328': attribute type 4 has an invalid length. [ 1256.009813][T19679] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4328'. [ 1258.344276][T19709] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4339'. [ 1260.943712][ T36] audit: type=1326 audit(1771800397.589:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19732 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519710c629 code=0x7ffc0000 [ 1260.943775][ T36] audit: type=1326 audit(1771800397.589:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19732 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519710c629 code=0x7ffc0000 [ 1260.967818][T19735] netlink: 'syz.5.4351': attribute type 4 has an invalid length. [ 1260.968529][T19735] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4351'. [ 1260.968566][T19735] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 1261.059828][ T36] audit: type=1326 audit(1771800397.699:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19732 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7f519710c629 code=0x7ffc0000 [ 1261.059893][ T36] audit: type=1326 audit(1771800397.699:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19732 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519710c629 code=0x7ffc0000 [ 1261.059944][ T36] audit: type=1326 audit(1771800397.699:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19732 comm="syz.0.4350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f519710c629 code=0x7ffc0000 [ 1261.193215][T19739] FAULT_INJECTION: forcing a failure. [ 1261.193215][T19739] name failslab, interval 1, probability 0, space 0, times 0 [ 1261.193258][T19739] CPU: 0 UID: 0 PID: 19739 Comm: syz.5.4354 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1261.193287][T19739] Tainted: [L]=SOFTLOCKUP [ 1261.193295][T19739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1261.193308][T19739] Call Trace: [ 1261.193317][T19739] [ 1261.193326][T19739] dump_stack_lvl+0xe8/0x150 [ 1261.193367][T19739] should_fail_ex+0x46b/0x600 [ 1261.193410][T19739] should_failslab+0xa8/0x100 [ 1261.193446][T19739] kmem_cache_alloc_noprof+0x87/0x680 [ 1261.193479][T19739] ? sctp_chunkify+0x5a/0x260 [ 1261.193507][T19739] sctp_chunkify+0x5a/0x260 [ 1261.193542][T19739] _sctp_make_chunk+0x122/0x290 [ 1261.193569][T19739] sctp_make_abort_user+0x97/0x630 [ 1261.193607][T19739] ? sctp_transport_put+0xd2/0x150 [ 1261.193640][T19739] ? __pfx_sctp_make_abort_user+0x10/0x10 [ 1261.193673][T19739] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 1261.193714][T19739] sctp_sendmsg_check_sflags+0x1cb/0x330 [ 1261.193748][T19739] sctp_sendmsg+0xc0e/0x2990 [ 1261.193792][T19739] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1261.193845][T19739] ? sock_rps_record_flow+0x19/0x400 [ 1261.193876][T19739] ? inet_sendmsg+0x2f4/0x370 [ 1261.193900][T19739] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1261.193936][T19739] ____sys_sendmsg+0x875/0xac0 [ 1261.193978][T19739] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1261.194020][T19739] ? import_iovec+0x73/0xa0 [ 1261.194051][T19739] ___sys_sendmsg+0x2a5/0x360 [ 1261.194087][T19739] ? __pfx____sys_sendmsg+0x10/0x10 [ 1261.194124][T19739] ? kstrtouint+0x6e/0xe0 [ 1261.194207][T19739] __sys_sendmmsg+0x282/0x4e0 [ 1261.194244][T19739] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1261.194304][T19739] ? ksys_write+0x202/0x270 [ 1261.194339][T19739] ? __pfx_ksys_write+0x10/0x10 [ 1261.194375][T19739] __x64_sys_sendmmsg+0xa0/0xc0 [ 1261.194406][T19739] do_syscall_64+0x14d/0xf80 [ 1261.194433][T19739] ? trace_irq_disable+0x3b/0x150 [ 1261.194457][T19739] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1261.194478][T19739] ? clear_bhb_loop+0x40/0x90 [ 1261.194506][T19739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1261.194537][T19739] RIP: 0033:0x7fd52a07c629 [ 1261.194558][T19739] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1261.194577][T19739] RSP: 002b:00007fd5282d6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1261.194602][T19739] RAX: ffffffffffffffda RBX: 00007fd52a2f5fa0 RCX: 00007fd52a07c629 [ 1261.194617][T19739] RDX: 0000000000000001 RSI: 00002000000032c0 RDI: 0000000000000004 [ 1261.194631][T19739] RBP: 00007fd5282d6090 R08: 0000000000000000 R09: 0000000000000000 [ 1261.194645][T19739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1261.194658][T19739] R13: 00007fd52a2f6038 R14: 00007fd52a2f5fa0 R15: 00007ffeae66b1e8 [ 1261.194695][T19739] [ 1261.321112][T19743] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4355'. [ 1261.410096][T19745] netlink: 44 bytes leftover after parsing attributes in process `syz.6.4356'. [ 1262.670819][T11656] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 1263.042210][T11656] usb 6-1: Using ep0 maxpacket: 8 [ 1263.046023][T11656] usb 6-1: config 0 has an invalid interface number: 31 but max is 0 [ 1263.046051][T11656] usb 6-1: config 0 has an invalid descriptor of length 95, skipping remainder of the config [ 1263.046072][T11656] usb 6-1: config 0 has no interface number 0 [ 1263.054707][T11656] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 1263.054742][T11656] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1263.054764][T11656] usb 6-1: Product: syz [ 1263.054780][T11656] usb 6-1: Manufacturer: syz [ 1263.054796][T11656] usb 6-1: SerialNumber: syz [ 1264.404002][T11656] usb 6-1: config 0 descriptor?? [ 1266.542772][T11656] uvcvideo 6-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 1266.542881][T11656] uvcvideo 6-1:0.31: No valid video chain found. [ 1266.601491][T11656] usb 6-1: USB disconnect, device number 68 [ 1266.767950][T19780] netlink: 36 bytes leftover after parsing attributes in process `syz.6.4368'. [ 1268.341873][T19794] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4374'. [ 1268.379781][T19795] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1269.742933][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 1269.819397][T19812] netlink: 'syz.2.4364': attribute type 4 has an invalid length. [ 1269.893060][T19813] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4364'. [ 1270.019346][T19813] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 1270.736652][T19820] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1271.611805][T19840] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4387'. [ 1271.727709][T19836] netlink: 196 bytes leftover after parsing attributes in process `syz.1.4388'. [ 1271.872310][ T5998] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 1272.037486][ T5998] usb 6-1: config index 0 descriptor too short (expected 1051, got 27) [ 1272.037520][ T5998] usb 6-1: config 0 has an invalid interface number: 0 but max is -1 [ 1272.037544][ T5998] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 1272.037600][ T5998] usb 6-1: config 0 interface 0 altsetting 12 bulk endpoint 0x87 has invalid maxpacket 149 [ 1272.037629][ T5998] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1272.041390][ T5998] usb 6-1: New USB device found, idVendor=06cd, idProduct=010a, bcdDevice=d9.c3 [ 1272.041423][ T5998] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1272.041444][ T5998] usb 6-1: Product: syz [ 1272.041537][ T5998] usb 6-1: Manufacturer: syz [ 1272.041560][ T5998] usb 6-1: SerialNumber: syz [ 1272.054725][ T5998] usb 6-1: config 0 descriptor?? [ 1272.100564][T19852] netlink: 'syz.2.4392': attribute type 4 has an invalid length. [ 1272.106801][T19852] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4392'. [ 1272.139207][T19838] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1274.376496][T19862] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 1274.397490][T19862] macvtap2: left promiscuous mode [ 1274.411762][T19862] vlan2: left promiscuous mode [ 1275.351400][ T5998] keyspan 6-1:0.0: Keyspan 4 port adapter converter detected [ 1275.351952][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 7 [ 1275.413964][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 81 [ 1275.414077][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 1 [ 1275.421378][ T5998] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 1275.444712][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 82 [ 1275.444824][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 2 [ 1275.498806][ T5998] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 1275.512587][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 83 [ 1275.512695][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 3 [ 1275.543117][ T5998] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 1275.549564][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 84 [ 1275.549671][ T5998] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 4 [ 1275.578202][ T5998] usb 6-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 1275.624108][ T5998] usb 6-1: USB disconnect, device number 69 [ 1275.645307][ T5998] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 1275.662632][ T5998] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 1275.669897][ T5998] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 1275.762612][ T5998] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 1275.763840][ T5998] keyspan 6-1:0.0: device disconnected [ 1275.766992][T19880] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4400'. [ 1278.345734][T19902] netlink: 'syz.2.4405': attribute type 4 has an invalid length. [ 1278.346713][T19902] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4405'. [ 1278.346756][T19902] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 1278.547831][T19907] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 1288.423253][T19920] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4413'. [ 1288.424649][T19920] openvswitch: netlink: Missing valid actions attribute. [ 1288.424682][T19920] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1288.561171][T19925] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4415'. [ 1288.561198][T19925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4415'. [ 1288.561211][T19925] tc_dump_action: action bad kind [ 1288.839046][T19930] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 1289.980101][T19940] mac80211_hwsim hwsim17 wlan1: entered promiscuous mode [ 1290.018939][T19938] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1292.930412][T19967] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1293.578457][T19973] mac80211_hwsim hwsim17 wlan1: left promiscuous mode [ 1295.689137][ T36] audit: type=1326 audit(1771800432.319:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19987 comm="syz.1.4432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1295.689207][ T36] audit: type=1326 audit(1771800432.319:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19987 comm="syz.1.4432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1295.699439][ T36] audit: type=1326 audit(1771800432.339:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19987 comm="syz.1.4432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1295.699877][ T36] audit: type=1326 audit(1771800432.339:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19987 comm="syz.1.4432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1295.700067][ T36] audit: type=1326 audit(1771800432.339:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19987 comm="syz.1.4432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1295.702324][ T36] audit: type=1326 audit(1771800432.349:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19987 comm="syz.1.4432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1295.702791][ T36] audit: type=1326 audit(1771800432.349:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19987 comm="syz.1.4432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1295.703318][ T36] audit: type=1326 audit(1771800432.349:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19987 comm="syz.1.4432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1295.712474][ T36] audit: type=1326 audit(1771800432.359:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19987 comm="syz.1.4432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1295.712875][ T36] audit: type=1326 audit(1771800432.359:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19987 comm="syz.1.4432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d7797c629 code=0x7ffc0000 [ 1296.223239][T19994] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4435'. [ 1296.223349][T19994] netlink: 7 bytes leftover after parsing attributes in process `syz.5.4435'. [ 1298.943491][T20015] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4439'. [ 1298.992260][ T5934] usb 6-1: new low-speed USB device number 70 using dummy_hcd [ 1299.142215][ T5934] usb 6-1: device descriptor read/64, error -71 [ 1299.362936][T20025] io-wq is not configured for unbound workers [ 1299.653425][T20035] netdevsim netdevsim5 netdevsim0: left promiscuous mode [ 1300.554612][T20036] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4445'. [ 1301.101376][ T36] kauditd_printk_skb: 13 callbacks suppressed [ 1301.101396][ T36] audit: type=1326 audit(1771800437.739:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20048 comm="syz.5.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52a07c629 code=0x7ffc0000 [ 1301.113081][ T36] audit: type=1326 audit(1771800437.739:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20048 comm="syz.5.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52a07c629 code=0x7ffc0000 [ 1301.188027][ T36] audit: type=1326 audit(1771800437.829:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20048 comm="syz.5.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd52a07c629 code=0x7ffc0000 [ 1301.188489][ T36] audit: type=1326 audit(1771800437.829:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20048 comm="syz.5.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52a07c629 code=0x7ffc0000 [ 1301.192244][ T36] audit: type=1326 audit(1771800437.829:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20048 comm="syz.5.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52a07c629 code=0x7ffc0000 [ 1301.192303][ T36] audit: type=1326 audit(1771800437.829:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20048 comm="syz.5.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fd52a07c629 code=0x7ffc0000 [ 1301.192349][ T36] audit: type=1326 audit(1771800437.829:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20048 comm="syz.5.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52a07c629 code=0x7ffc0000 [ 1301.192392][ T36] audit: type=1326 audit(1771800437.829:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20048 comm="syz.5.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52a07c629 code=0x7ffc0000 [ 1301.192432][ T36] audit: type=1326 audit(1771800437.829:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20048 comm="syz.5.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd52a07c629 code=0x7ffc0000 [ 1301.192474][ T36] audit: type=1326 audit(1771800437.829:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20048 comm="syz.5.4450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52a07c629 code=0x7ffc0000 [ 1301.643576][T20056] netlink: 340 bytes leftover after parsing attributes in process `syz.0.4454'. [ 1303.342175][ T5869] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 1303.494852][ T5869] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 1303.494892][ T5869] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 1303.498030][ T5869] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 1303.498063][ T5869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1303.498086][ T5869] usb 6-1: Product: syz [ 1303.498102][ T5869] usb 6-1: Manufacturer: syz [ 1303.498117][ T5869] usb 6-1: SerialNumber: syz [ 1303.558546][ T5869] usb 6-1: config 0 descriptor?? [ 1303.560660][T20074] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1303.560958][T20074] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1303.654322][T20080] lo: entered promiscuous mode [ 1303.654412][T20080] lo: entered allmulticast mode [ 1303.929263][T20073] delete_channel: no stack [ 1304.146173][T20074] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1304.146325][T20074] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1304.470798][ T5869] Error reading MAC address [ 1304.495609][ T5869] usb 6-1: USB disconnect, device number 72 [ 1304.936459][T20099] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 1305.862102][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 1305.865809][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 1306.471341][T20124] FAULT_INJECTION: forcing a failure. [ 1306.471341][T20124] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1306.471383][T20124] CPU: 0 UID: 0 PID: 20124 Comm: syz.5.4477 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1306.471413][T20124] Tainted: [L]=SOFTLOCKUP [ 1306.471421][T20124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1306.471433][T20124] Call Trace: [ 1306.471441][T20124] [ 1306.471451][T20124] dump_stack_lvl+0xe8/0x150 [ 1306.471490][T20124] should_fail_ex+0x46b/0x600 [ 1306.471532][T20124] _copy_to_user+0x31/0xb0 [ 1306.471561][T20124] simple_read_from_buffer+0xe1/0x170 [ 1306.471589][T20124] proc_fail_nth_read+0x1be/0x230 [ 1306.471618][T20124] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1306.471647][T20124] ? rw_verify_area+0x2ac/0x4e0 [ 1306.471676][T20124] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1306.471702][T20124] vfs_read+0x212/0xa80 [ 1306.471742][T20124] ? __pfx_vfs_read+0x10/0x10 [ 1306.471776][T20124] ? kmem_cache_free+0x185/0x6b0 [ 1306.471807][T20124] ? do_sys_openat2+0x14c/0x200 [ 1306.471837][T20124] ? fdget+0x14e/0x1f0 [ 1306.471872][T20124] ksys_read+0x156/0x270 [ 1306.471906][T20124] ? __pfx_ksys_read+0x10/0x10 [ 1306.471948][T20124] do_syscall_64+0x14d/0xf80 [ 1306.471976][T20124] ? trace_irq_disable+0x3b/0x150 [ 1306.472001][T20124] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1306.472024][T20124] ? clear_bhb_loop+0x40/0x90 [ 1306.472057][T20124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1306.472086][T20124] RIP: 0033:0x7fd52a03cece [ 1306.472107][T20124] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1306.472127][T20124] RSP: 002b:00007fd5282d5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1306.472150][T20124] RAX: ffffffffffffffda RBX: 00007fd5282d66c0 RCX: 00007fd52a03cece [ 1306.472167][T20124] RDX: 000000000000000f RSI: 00007fd5282d60a0 RDI: 0000000000000005 [ 1306.472181][T20124] RBP: 00007fd5282d6090 R08: 0000000000000000 R09: 0000000000000000 [ 1306.472195][T20124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1306.472208][T20124] R13: 00007fd52a2f6038 R14: 00007fd52a2f5fa0 R15: 00007ffeae66b1e8 [ 1306.472243][T20124] [ 1306.667106][T20107] delete_channel: no stack [ 1307.615309][T20131] delete_channel: no stack [ 1308.337466][T20154] FAULT_INJECTION: forcing a failure. [ 1308.337466][T20154] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1308.337509][T20154] CPU: 1 UID: 0 PID: 20154 Comm: syz.0.4484 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1308.337539][T20154] Tainted: [L]=SOFTLOCKUP [ 1308.337546][T20154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1308.337560][T20154] Call Trace: [ 1308.337567][T20154] [ 1308.337575][T20154] dump_stack_lvl+0xe8/0x150 [ 1308.337612][T20154] should_fail_ex+0x46b/0x600 [ 1308.337653][T20154] _copy_from_iter+0x1d3/0x1670 [ 1308.337686][T20154] ? trace_kmem_cache_alloc+0x29/0xf0 [ 1308.337716][T20154] ? __alloc_skb+0x27d/0x7d0 [ 1308.337760][T20154] ? __pfx__copy_from_iter+0x10/0x10 [ 1308.337782][T20154] ? kmem_cache_alloc_node_noprof+0x27c/0x6e0 [ 1308.337811][T20154] ? __alloc_skb+0x27d/0x7d0 [ 1308.337843][T20154] ? netlink_sendmsg+0x650/0xb40 [ 1308.337866][T20154] ? skb_put+0x11b/0x210 [ 1308.337897][T20154] netlink_sendmsg+0x6c0/0xb40 [ 1308.337930][T20154] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1308.337985][T20154] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1308.338021][T20154] ____sys_sendmsg+0xa4e/0xac0 [ 1308.338079][T20154] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1308.338125][T20154] ? import_iovec+0x73/0xa0 [ 1308.338157][T20154] ___sys_sendmsg+0x2a5/0x360 [ 1308.338192][T20154] ? __pfx____sys_sendmsg+0x10/0x10 [ 1308.338263][T20154] ? __fget_files+0x2a/0x420 [ 1308.338288][T20154] ? __fget_files+0x3a6/0x420 [ 1308.338327][T20154] __x64_sys_sendmsg+0x1c3/0x2a0 [ 1308.338359][T20154] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1308.338400][T20154] ? __pfx_ksys_write+0x10/0x10 [ 1308.338445][T20154] do_syscall_64+0x14d/0xf80 [ 1308.338472][T20154] ? trace_irq_disable+0x3b/0x150 [ 1308.338498][T20154] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1308.338522][T20154] ? clear_bhb_loop+0x40/0x90 [ 1308.338551][T20154] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1308.338574][T20154] RIP: 0033:0x7f519710c629 [ 1308.338596][T20154] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1308.338616][T20154] RSP: 002b:00007f519535e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1308.338642][T20154] RAX: ffffffffffffffda RBX: 00007f5197385fa0 RCX: 00007f519710c629 [ 1308.338657][T20154] RDX: 0000000000000010 RSI: 0000200000001b80 RDI: 0000000000000003 [ 1308.338671][T20154] RBP: 00007f519535e090 R08: 0000000000000000 R09: 0000000000000000 [ 1308.338685][T20154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1308.338698][T20154] R13: 00007f5197386038 R14: 00007f5197385fa0 R15: 00007ffe6c882cc8 [ 1308.338731][T20154] [ 1310.169262][T20171] netlink: 52 bytes leftover after parsing attributes in process `syz.6.4488'. [ 1310.502246][ T809] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 1310.668183][ T809] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1310.668246][ T809] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1310.668276][ T809] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1310.668300][ T809] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1310.668347][ T809] usb 6-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 1310.668373][ T809] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1311.145343][ T809] usb 6-1: config 0 descriptor?? [ 1311.383155][ T5869] usb 6-1: USB disconnect, device number 73 [ 1312.555691][T20200] delete_channel: no stack [ 1313.212415][T20224] mkiss: ax0: crc mode is auto. [ 1313.652362][T20230] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4509'. [ 1313.656879][T20230] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1313.959992][T20236] 9pnet_virtio: no channels available for device /dev/nullb0 [ 1313.960727][T20236] =========[ 1313.960727][T20236] ================================================================== [ 1313.960744][T20236] BUG: KASAN: slab-use-after-free in __list_add_valid_or_report+0x4e/0x130 [ 1313.960786][T20236] Read of size 8 at addr ffff8880296d1080 by task syz.1.4512/20236 [ 1313.960808][T20236] [ 1313.960824][T20236] CPU: 0 UID: 0 PID: 20236 Comm: syz.1.4512 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1313.960855][T20236] Tainted: [L]=SOFTLOCKUP [ 1313.960863][T20236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1313.960878][T20236] Call Trace: [ 1313.960887][T20236] [ 1313.960896][T20236] dump_stack_lvl+0xe8/0x150 [ 1313.960931][T20236] print_report+0xba/0x230 [ 1313.960961][T20236] ? __list_add_valid_or_report+0x4e/0x130 [ 1313.960993][T20236] kasan_report+0x117/0x150 [ 1313.961084][T20236] ? __list_add_valid_or_report+0x4e/0x130 [ 1313.961121][T20236] __list_add_valid_or_report+0x4e/0x130 [ 1313.961156][T20236] clone_mnt+0x447/0x9a0 [ 1313.961195][T20236] vfs_open_tree+0x507/0x1040 [ 1313.961232][T20236] ? __pfx_vfs_open_tree+0x10/0x10 [ 1313.961266][T20236] ? alloc_fd+0x64e/0x6c0 [ 1313.961297][T20236] __x64_sys_open_tree+0x96/0x110 [ 1313.961321][T20236] do_syscall_64+0x14d/0xf80 [ 1313.961352][T20236] ? trace_irq_disable+0x3b/0x150 [ 1313.961379][T20236] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.961408][T20236] ? clear_bhb_loop+0x40/0x90 [ 1313.961435][T20236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.961458][T20236] RIP: 0033:0x7f1d7797c629 [ 1313.961479][T20236] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1313.961500][T20236] RSP: 002b:00007f1d75bce028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 1313.961524][T20236] RAX: ffffffffffffffda RBX: 00007f1d77bf5fa0 RCX: 00007f1d7797c629 [ 1313.961541][T20236] RDX: 0000000000009902 RSI: 0000200000000640 RDI: ffffffffffffff9c [ 1313.961557][T20236] RBP: 00007f1d77a12b39 R08: 0000000000000000 R09: 0000000000000000 [ 1313.961573][T20236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1313.961587][T20236] R13: 00007f1d77bf6038 R14: 00007f1d77bf5fa0 R15: 00007ffc37f723f8 [ 1313.961613][T20236] [ 1313.961621][T20236] [ 1313.961626][T20236] Allocated by task 20152: [ 1313.961637][T20236] kasan_save_track+0x3e/0x80 [ 1313.961665][T20236] __kasan_slab_alloc+0x6c/0x80 [ 1313.961692][T20236] kmem_cache_alloc_noprof+0x33b/0x680 [ 1313.961721][T20236] alloc_vfsmnt+0x23/0x420 [ 1313.961751][T20236] clone_mnt+0x4b/0x9a0 [ 1313.961779][T20236] vfs_open_tree+0x507/0x1040 [ 1313.961808][T20236] __x64_sys_open_tree+0x96/0x110 [ 1313.961828][T20236] do_syscall_64+0x14d/0xf80 [ 1313.961853][T20236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.961873][T20236] [ 1313.961878][T20236] Freed by task 28: [ 1313.961888][T20236] kasan_save_track+0x3e/0x80 [ 1313.961914][T20236] kasan_save_free_info+0x46/0x50 [ 1313.961937][T20236] __kasan_slab_free+0x5c/0x80 [ 1313.961964][T20236] kmem_cache_free+0x185/0x6b0 [ 1313.961994][T20236] rcu_cpu_kthread+0x99e/0x1470 [ 1313.962022][T20236] smpboot_thread_fn+0x541/0xa50 [ 1313.962050][T20236] kthread+0x388/0x470 [ 1313.962068][T20236] ret_from_fork+0x51e/0xb90 [ 1313.962093][T20236] ret_from_fork_asm+0x1a/0x30 [ 1313.962111][T20236] [ 1313.962116][T20236] Last potentially related work creation: [ 1313.962124][T20236] kasan_save_stack+0x3e/0x60 [ 1313.962147][T20236] kasan_record_aux_stack+0xbd/0xd0 [ 1313.962169][T20236] call_rcu+0xee/0x890 [ 1313.962190][T20236] task_work_run+0x1d9/0x270 [ 1313.962213][T20236] exit_to_user_mode_loop+0xed/0x480 [ 1313.962244][T20236] do_syscall_64+0x32d/0xf80 [ 1313.962271][T20236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.962292][T20236] [ 1313.962298][T20236] Second to last potentially related work creation: [ 1313.962307][T20236] kasan_save_stack+0x3e/0x60 [ 1313.962332][T20236] kasan_record_aux_stack+0xbd/0xd0 [ 1313.962349][T20236] task_work_add+0xb6/0x440 [ 1313.962366][T20236] mntput_no_expire_slowpath+0x70c/0xbd0 [ 1313.962393][T20236] vfs_open_tree+0xe17/0x1040 [ 1313.962417][T20236] __x64_sys_open_tree+0x96/0x110 [ 1313.962435][T20236] do_syscall_64+0x14d/0xf80 [ 1313.962458][T20236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.962476][T20236] [ 1313.962481][T20236] The buggy address belongs to the object at ffff8880296d0fc0 [ 1313.962481][T20236] which belongs to the cache mnt_cache of size 352 [ 1313.962499][T20236] The buggy address is located 192 bytes inside of [ 1313.962499][T20236] freed 352-byte region [ffff8880296d0fc0, ffff8880296d1120) [ 1313.962521][T20236] [ 1313.962527][T20236] The buggy address belongs to the physical page: [ 1313.962537][T20236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880296d1c00 pfn:0x296d0 [ 1313.962560][T20236] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1313.962574][T20236] memcg:ffff8880296d0171 [ 1313.962582][T20236] flags: 0x80000000000240(workingset|head|node=0|zone=1) [ 1313.962601][T20236] page_type: f5(slab) [ 1313.962619][T20236] raw: 0080000000000240 ffff88801b2a0780 ffff88801b29df88 ffffea00010f1a90 [ 1313.962639][T20236] raw: ffff8880296d1c00 000001c00012000f 00000000f5000000 ffff8880296d0171 [ 1313.962660][T20236] head: 0080000000000240 ffff88801b2a0780 ffff88801b29df88 ffffea00010f1a90 [ 1313.962680][T20236] head: ffff8880296d1c00 000001c00012000f 00000000f5000000 ffff8880296d0171 [ 1313.962701][T20236] head: 0080000000000001 ffffea0000a5b401 00000000ffffffff 00000000ffffffff [ 1313.962719][T20236] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002 [ 1313.962731][T20236] page dumped because: kasan: bad access detected [ 1313.962742][T20236] page_owner tracks the page as allocated [ 1313.962750][T20236] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5798, tgid 5798 (syz-executor), ts 93051403250, free_ts 92923256117 [ 1313.962788][T20236] post_alloc_hook+0x231/0x280 [ 1313.962816][T20236] get_page_from_freelist+0x28bb/0x2950 [ 1313.962835][T20236] __alloc_frozen_pages_noprof+0x18d/0x380 [ 1313.962855][T20236] allocate_slab+0x77/0x660 [ 1313.962876][T20236] refill_objects+0x334/0x3c0 [ 1313.962896][T20236] __pcs_replace_empty_main+0x328/0x5f0 [ 1313.962919][T20236] kmem_cache_alloc_noprof+0x433/0x680 [ 1313.962948][T20236] alloc_vfsmnt+0x23/0x420 [ 1313.962977][T20236] clone_mnt+0x4b/0x9a0 [ 1313.963016][T20236] copy_tree+0xde/0x930 [ 1313.963033][T20236] do_loopback+0x386/0x6c0 [ 1313.963052][T20236] __se_sys_mount+0x31d/0x420 [ 1313.963074][T20236] do_syscall_64+0x14d/0xf80 [ 1313.963099][T20236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.963119][T20236] page last free pid 28 tgid 28 stack trace: [ 1313.963133][T20236] __free_frozen_pages+0xfe3/0x1170 [ 1313.963163][T20236] rcu_cpu_kthread+0x99e/0x1470 [ 1313.963180][T20236] smpboot_thread_fn+0x541/0xa50 [ 1313.963211][T20236] kthread+0x388/0x470 [ 1313.963230][T20236] ret_from_fork+0x51e/0xb90 [ 1313.963259][T20236] ret_from_fork_asm+0x1a/0x30 [ 1313.963278][T20236] [ 1313.963283][T20236] Memory state around the buggy address: [ 1313.963296][T20236] ffff8880296d0f80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 1313.963309][T20236] ffff8880296d1000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1313.963323][T20236] >ffff8880296d1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1313.963333][T20236] ^ [ 1313.963344][T20236] ffff8880296d1100: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 1313.963357][T20236] ffff8880296d1180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1313.963368][T20236] ================================================================== [ 1313.972313][T20236] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1313.972339][T20236] CPU: 1 UID: 0 PID: 20236 Comm: syz.1.4512 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 1313.972369][T20236] Tainted: [L]=SOFTLOCKUP [ 1313.972377][T20236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1313.972389][T20236] Call Trace: [ 1313.972398][T20236] [ 1313.972406][T20236] vpanic+0x56c/0xa60 [ 1313.972442][T20236] ? __pfx_vpanic+0x10/0x10 [ 1313.972470][T20236] ? __pfx___schedule+0x10/0x10 [ 1313.972496][T20236] panic+0xc5/0xd0 [ 1313.972524][T20236] ? __pfx_panic+0x10/0x10 [ 1313.972554][T20236] ? preempt_schedule_common+0x82/0xd0 [ 1313.972580][T20236] ? __list_add_valid_or_report+0x4e/0x130 [ 1313.972608][T20236] check_panic_on_warn+0x89/0xb0 [ 1313.972629][T20236] ? __list_add_valid_or_report+0x4e/0x130 [ 1313.972656][T20236] end_report+0x73/0x180 [ 1313.972684][T20236] ? __list_add_valid_or_report+0x4e/0x130 [ 1313.972710][T20236] kasan_report+0x128/0x150 [ 1313.972738][T20236] ? __list_add_valid_or_report+0x4e/0x130 [ 1313.972779][T20236] __list_add_valid_or_report+0x4e/0x130 [ 1313.972809][T20236] clone_mnt+0x447/0x9a0 [ 1313.972842][T20236] vfs_open_tree+0x507/0x1040 [ 1313.972873][T20236] ? __pfx_vfs_open_tree+0x10/0x10 [ 1313.972902][T20236] ? alloc_fd+0x64e/0x6c0 [ 1313.972929][T20236] __x64_sys_open_tree+0x96/0x110 [ 1313.972950][T20236] do_syscall_64+0x14d/0xf80 [ 1313.972976][T20236] ? trace_irq_disable+0x3b/0x150 [ 1313.972998][T20236] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.973018][T20236] ? clear_bhb_loop+0x40/0x90 [ 1313.973040][T20236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1313.973060][T20236] RIP: 0033:0x7f1d7797c629 [ 1313.973078][T20236] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1313.973096][T20236] RSP: 002b:00007f1d75bce028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac [ 1313.973118][T20236] RAX: ffffffffffffffda RBX: 00007f1d77bf5fa0 RCX: 00007f1d7797c629 [ 1313.973133][T20236] RDX: 0000000000009902 RSI: 0000200000000640 RDI: ffffffffffffff9c [ 1313.973148][T20236] RBP: 00007f1d77a12b39 R08: 0000000000000000 R09: 0000000000000000 [ 1313.973161][T20236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1313.973173][T20236] R13: 00007f1d77bf6038 R14: 00007f1d77bf5fa0 R15: 00007ffc37f723f8 [ 1313.973196][T20236] [ 1313.973742][T20236] Kernel Offset: disabled