last executing test programs: 34m1.528574264s ago: executing program 1 (id=44): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x7, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000180)=@keyring={'key_or_keyring:', 0x0, 0x2}) syz_init_net_socket$rose(0xb, 0x5, 0x0) r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000200)={r4, r4, r4}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={'sha384-avx\x00'}}) 33m58.783114282s ago: executing program 1 (id=48): r0 = syz_usb_connect$printer(0xc4f131a3c282abcb, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0x20, 0x9, [{{0x9, 0x4, 0x0, 0x22, 0x2, 0x7, 0x1, 0x2, 0x10, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x9, 0x42, 0x7}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0x4, 0x1, 0x9}}]}}}]}}]}}, &(0x7f0000000700)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x7, 0x0, 0x6, 0x20}, 0x50, &(0x7f0000000240)={0x5, 0xf, 0x50, 0x4, [@ssp_cap={0x20, 0x10, 0xa, 0x0, 0x5, 0x7, 0xf000, 0x3, [0x0, 0x0, 0xff00c0, 0x30, 0x0]}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "11be4d2f871044927a2ced6d56813a15"}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x4, 0x6, 0x7fff}, @ssp_cap={0x10, 0x10, 0xa, 0x0, 0x1, 0x9, 0xf, 0x1f9, [0x30]}]}, 0x6, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x455}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x416}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x614a3475b80944f7}}, {0xe5, &(0x7f0000000480)=@string={0xe5, 0x3, "430fab4a654358a75b6bfdc59e319c98c3995aaf0a878d042e045dd03f727ea901648bbdc5cd184c6d480599bc8b6c7150747fb6e0bcdf8fc0dbc98e2ec6e6ea6f7c921b687d26ac2e76c445532724aa37f4c714bb86a763da1f3e52f3f597038f5c9d4d6a495c6d5ba659c574de86d47aacfe5ee17e374ffbd89fe2566ff74696a30be30b565be067e792775a245f20c123ff0e7be4e8c7c2214116404b450f35aa2e630de8069d99675c7abb81a27f442ab912da5b22b1274b529c784813a74af1dd90ffa8869b794ee210daffd84bc97bb506e2f8499cb033ab63ef41a161692386"}}, {0x57, &(0x7f0000000580)=@string={0x57, 0x3, "8f101c57fd863acc54494e02b872a53b6e1ff2d82adb36aeed83e258513bc9b530ca34f874a617d00d853f4716829efbab8b5de4209318b3d8b8ac0c65cf3a53f292176034ee9f8d965f02c49f4ebbfcd4ac3038a9"}}, {0xc9, &(0x7f0000000600)=@string={0xc9, 0x3, "9f7d154874a73de9500bfe99a57c8059ff59e5e15d58ebcb4cd8cfd8681c447f46879d367fb86d70a3bdf0007877118dde6c632007f817fcaa9cc9671a9db3f7c11746082f6472a466012a5336e0edc485b55518dc1bdcb5ee723e7d5fb1e9ac8462e60758c4279fad6ab847e222de8a55c5c3aa270493d971b6cfeaf4058073b9f4176abe715a881a9190cc22efe9be1e797c4f687ebde1e3bfd2c4470230cd6736592333d19ccbb73657bc213d712872adb601b1cf69f2104b319eb1ecb93a6f5d679ce3d74f"}}]}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000380)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r1, 0x3) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x6f, &(0x7f0000000180)=ANY=[@ANYRES32=0x41424344, @ANYBLOB], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x3, &(0x7f0000000200)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000840)={'syztnl0\x00', &(0x7f0000000800)={'syztnl1\x00', 0x0, 0x80, 0x1, 0x4, 0x7ff, {{0x7, 0x4, 0x0, 0x6, 0x1c, 0x67, 0x0, 0x6, 0x4, 0x0, @multicast2, @multicast2, {[@rr={0x7, 0x7, 0x6, [@multicast1]}, @noop]}}}}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) sendmsg$MPTCP_PM_CMD_ANNOUNCE(r2, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000880)={0x40, 0x0, 0x420, 0x70bd27, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xbf}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7fffffff}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x80}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}, @MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x4000004) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r4, 0xc0189376, 0x0) 33m57.3584138s ago: executing program 1 (id=51): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x12, 0x80801) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x0, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0xfffffffffffffffe, 0x2, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r4 = dup(r2) fallocate(r4, 0x11, 0x0, 0x74000) ioctl$USBDEVFS_CONNECTINFO(r0, 0x40085511, &(0x7f0000001980)) 33m56.801991554s ago: executing program 2 (id=54): r0 = io_uring_setup(0x2248, &(0x7f00000001c0)={0x0, 0x0, 0x2, 0x3, 0x10032f}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$EXT4_IOC_GETSTATE(0xffffffffffffffff, 0x40046629, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)}, 0x0, 0x40000103}) io_uring_enter(0xffffffffffffffff, 0x46f6, 0x0, 0x0, 0x0, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r4, &(0x7f0000000080), 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 33m55.806851541s ago: executing program 2 (id=58): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x11, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x10, 0x0, 0x0, 0x9, [0x5, 0x3, 0xfffffff9]}, @timestamp_prespec={0x44, 0x4, 0xc0, 0x3, 0x1}, @timestamp_prespec={0x44, 0x4, 0x0, 0x3, 0x8}, @noop, @noop, @lsrr={0x83, 0x7, 0xdc, [@multicast1]}, @rr={0x7, 0xf, 0x0, [@dev, @multicast1, @private=0xa010102]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = getpid() process_vm_readv(r5, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 33m55.400858581s ago: executing program 1 (id=61): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='romfs\x00', 0x5, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) 33m54.858940598s ago: executing program 2 (id=64): ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) socket$inet_tcp(0x2, 0x1, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000040c0)={0x8, {"24783e245402fd60273e14c3eb090723ac476c7538b5ea19588c28b06516b72c6d73315762a6555c17a6d5554aaacc942d2328f17bd1c1121342c854847f3de3f12ce9d138093f6a5df3c89a72cb4e7b08827e473a39dffaab7929106845137921fc23a872ad3bf6cfcecbab32d6936e26f52c5ad8b0afd9102d54eec650987b229e64deac8e9aaa9c38229a701259d2b4211012b3eee1d382e7fce9a55a458c4fab7878d594718a47681c915f7fd7c502d1099140cc71538582497de53482f60ec3e66f21cab92485ed154f7283e05539487e211cf750c461ef2c76315064df74415bcdfa867d8b27fa63b3bba3230a1a9605d3091204dba17ca4b55d4f721607521f5e45c791bb45de35eb1917c1e9c1f65bdcca8822a03a1d2ef1118681e258c7e20e8bbdbdbae0b2d015d019428cc9742e92151bb7c4b2b0a36b9042249028b7b2a068b87b9dfbdd8dbd4b7e4e74801b9e2e4e112462ed6f14e2196778e27c041a3c7f6bcbf0ff4d30f692af0c8d160414d4e22427bafa7a8c2f6c8bd9883a3b70aa510654a5441343489d94ee314da0f3886e76b43c028e47138899d2ba84776eaf60da2f8340169152b42df69eb0f583d5cc986112b23650d1d8ed7310a445db4be5cd9918bb5a806a2c7ae870f3b4b1ac46dc42cbe74b51b25da2805d72b61493bdc2e04e4477978b40fd9a965bfa742224adeaae6277f57ad0b695d997a2239c2fd46eb430df27849b1a65d92e1900a1e48225f94f737f9d8c5284f2205df5732afd59bd0b3b1934c7db1581ec4684c3bcd5381e0e3be00cdfc21ba691c45c4537e9690708b68fa700814d27cb50df2b1be14a7a3e3981d6c6044a73ecbe40f2304b724ba10133ffec218b242ae97a52f16984247c28fe950d49dc7900475b777b37813e61d0cfd6da391f07ab622dec7b121967e80d67c8c7db77e05e37712b92aee01230ca29badfd714db3c03bea8e840d5dafc6a27fa98c7a6179ad39df582088e31e17ee283a76c5c9a05d0a0b4fc95a6aa46104947bac4f50b0e57925e3be186df0409e5c2c5b775347e83c9c8829e95623541603ce68589e942d3724ab7963731167f0954faa87b98aba0336469a127f3377a5d0cb91d11749d1489226c9da6abe765c2f1206ca7be3b9f7e116b7bc1baad37b14b842cbb89c348147e493a615f1972ef9baf03cc353c979865573bc40b84ac6cecf673985479ebaf24f2ad9d905874249bed88ed0c69479a0a7b53ecad68cff344866d03e4eb0cf80610af2465d64d3dceaf4fd6a5ee2eda719233fb33ef043b6019fec948bf5d0295a4f7af154475cbb3461650f7fcfc66c03db610ce8244ad432157ba91df573f3e13b430d4272d60b9a9a454bc1cafa87f1aa9c289ab6dae4f0e81f496d6767bf1bb503aebbd8a58e7dba9f643ab02e000d5f01e896e4c1d6e5b9771faacec322aa2b121d679c7941469dc233adfc5a83fe218a8ea686750e1426eb81fdd86ec193102bae34eb7e48986a18d05284ec1cffeae698ef739181f94a0c91a754f333cd44bc9053144c3f1491fc31684376a382b33e8c3d70eedbf5245dc63d86033c739c6f0f4ebab3007075c4dc66d7a8c93a718a7ec03d811b0ee727b0e695ebbc507d410f7e88204bb209beeef2b6fd0b4db48cd33a0b6591d91caf6676a4a74125afc3a04ea7eac3ce2662694999e891e77ef72ee4ec64b92b8918a3cb53cee960caf02b2cfb5449a64ad7ce57a5aa931a898d8adfc25c36d03861d5504772624b69ce823597b4488882e88a0f90362f604d4b722f9255220c3528a547b1c2d73aeb6034e549706fc467072adfd6a951b6a788b1e40a0c12cdc10f4be0e7cbb2b47704a8a684aeaf74d9e08bef07e3be8aed8ac00f398ff9f4e7cac9c5dbaadfdb0858d6d98dcfbddd609d5489e3f18b5db69aeff479281a976d30905eaf78121cf6365ff43e063e768cddd88040cc49c6961ba276f48b7e92419d0eadbf79cf8304ec48f51c5ca311d9530b6ade8702640c88ebe2f99ce88e8dc25b1373fee1aee3ca8e6a5905209205e0033ff02afcb4d1e08bfb0566ba2b07abaa07f48c37ccc147fcb627262391aa59df48450476aeaf85c6b82c3faca07679268f27260bae1ccfeaffa3af472bdd92c0b84dee9b857b2d0d72895db5e87527747fefb9906eeb4e9fc98c5d89937134a8650e1dc6a2abe84859302da2854000152043da9a8d09b4cb34ba15a6bd031cc116db6fbd5d50afaf6f7169af9794235de346b70f638e8c46a8a4c80da4844c0589e3eba83eecf0efcbab54b577448038134d169bb66fd4028c7dba7eb869a0de8ca9337633a784dcd6693c2a55621ecbb0ef025f69f234508df53d23e8bb11ff9399dc79aa79adcbbc969e55ed2e7b0a606e024457209cec002f38b18a7abf2aae9a178194ed70080f59350a44ffdc1d89332cae9923e13f36ae05d73fffd41281a0cdc6a95740082a3742350ab95b4065340154e3efaf044ee867e1b66f656bdd8c2273c03aeff9f655457863cb3419656f8f144b592b6ba56d4d2bdc4aee710e5871a10f560a237c3e357902ac150ffc23f78e81a2c71543bd89c3ed6d1e57cacae6f5141a84849d90e0e5df1ee86d18993dbb272bd2d54713c9f222802e22ee2976174caf00abe8fdd6d432dd2993b74cbb16839f11d6393c1b291c7e7f501ecc9edd433f21b80c8890883fb7b591c6486be7ed48402b618518b10445edfdc3a4ad8d3ce4b2439a1def220ba384e7cb3e69b782035087598c546bc68a72f4fe51e95ffae21091552849d02ebb1b0dda26bc3477cb3d74360587bb8712d85c6e458cf334b4c65823c22ca818dd0e81d20b6050cb8590452486ea641e6dc4c61efc3675517cdb820debd0f66f78ca88efdc6dc1679ab95a52fb85d78e43de6409805c43f63bd516610c17782377f4e6659a803e725742c05aa251d7236c8b5d45009aa62e17697f31735a3a3a56839d8ef0d68501d3f584283ce80cc371dfa0ab0724c3265429456ea4c9a27759f49e02a7b9d5028b4eda3836876a4567758ea1d5136db27be77b1656de90792c939fa3e9572bd6f7fa6662223f4d8b5c88cc7d3605b9489cf7afacdb34b04527a3d1448ab4011bc92b5ae8521b93b657a90ecba6e6a89472e31c22ae31cbb046c2964204ed9fcfcef49d0f1f96f239cf9997b70d9cffdbfca813dd723fed1d95ee994b6094e6e57905544d60e605533acc921bae751aca79515cdbb2dcc7828968252421308d95fe68dbb136ad5b611ea37912f75df2aee792b8a387f5cad76a6157a7363ef567d77b1bc476d35768079a868733513985b26f7cf79ce76c807eace09146558e85dd1bb867996500a99fc26129a16496bff1ddebd97db54bd7f78b35003a1b702c51bfceb2abc0a5fd55cb02f67458c93b0cbecb086dbf8a066a7771b29953a50089812b28901acc0d97845e6a9ade6b366b8c880753080e6c73c99165aae12ce51b723ec366cd6730634a81fabaa1f0b01c750458bf365e60dfeb605b86bd7a37b6492c483dd74e3a2fa6d152d0e230cee186f1259f97d6b9ff615fe012f58a382c2809a8e63334230b93b24de8fdd1dba7bc9f623c82f1a8e81287d08555f71e2af0aad9202e9352058e66771d813b7fb68fce040b06cc168c2c7d9fcf3bd5cdec5bd8ce2b338cedbfb6cfad342973aa2e2faedde11efc2466896c81f7842cbf25f78403e1f0f5ca5544cbecd7bba70b616f29a4388fc4896428a23d8772dc21794c20d76f55439fa66b94c56c7e01ac016820caca23f42de23c309d86b2cb207dcd096d6a44d2f681c7bc725d3f81cc6a08c2ae82ca55228125034f312fe04f2befb4c4ef6fcb803c1474988a7e07810e60d0d38d1934b135015d39b49fa48bfee6ad4ad0298bc5e66e8d357ee47fe61f215f7326de507addbf4ababa0cb928c947e91354ed232332cbde85e5dc3e173fdbc4d4dd96786bd6dce83cf1ea099b06f2a4f18dc0394951e6ee2eb72dfa6a013713590aebdeda149bc06b64ad40fa64538edd9afd408bb013d38b3cbf17c265f0295b0e085112dc490230322b1eecaf727d0fc3e67226e0f8a50af7025e960072c336d0a9838f328a68ed1d6551a5743d10504193f0e32ced3ba98b8a21b3c431efb8dd3a2cadf10e12daf461d5d9171d2ca7ae218c0bb868c363feb0487d8ffac4a654c6c551a3725902c7ebc55ed822605c039363f4e4e24ea4b3d7dfd21d07c9228a3b37c31b7124aea3faaa5930dd138ca433069a7c3807c1828dcab13ab9ff0afa6a3ff63d5811269913e4f9774a59ff9df2dbe7ff2c29e599253324b5514f4c2b634996fcd421797712b159896e9f3ba234d6ebb658c792dee2aa26001b5b6427dc311924b24264ec2155a0a32d8f51205925fe80e5fea15d957c327165791e7571b74fed1003e680b6f743fa6fa91f8e423b5cb68e86eb2e13f6b6a94ee4b992b59f6a4978d93a60ee207986bb5be365740b990d98f1866e58d5182532312b570daa8d1f9a8d0ae551480e0fad001aec5a17dc64b0ab5704780c0408b5fb1dc69a55f29514facae81b7f6e6503fea6a75a912a966f6f20ce7ee726be01c698ebd81cd81d972fd6278ff9591e4def2877cdcaee3ea046911cb5a6abc16197eda0a850f8c6acd59e845dae487e4427694fdd50b1bdf9da7e662ad05ef239e8ecb9e3156d1cf27b6b0579745f046a163eabf6e385bb617cbbf77e93bfba6a422c44d6e60bfd03928c32837e991cad562b8db3a21777b1f7b1496c1774d202a0b63f80d3f3bdcba0b8ae06ce357a6a88de0b98a4fa0bcba5e9b2cece271fbf4476b606ae02299ecb88d527af0db95e306279dc0ee14127a780586b4821b0aa0456df345e1034de046623bf53496ba41fdc2897996a90e315b9c9fd23be0e38f80e233d7cf42566e0ed721364bb8685b5bef438c136fb3a2fe1cd36a18fe1384adf503ae9c3a50f5c7c8610145b63de52183ceccb49b55940ab504943cd8b0df6bc52a47bbbec418b4af2f29ebdc8fe09460f2ca409519a10c45ecccb3e3342ea8c30152ef43416fca25a2b79b8815295fc802dd80a5f6ba72f32e54b8166dd8c9079d3ba0f06e00020b691d7d49cdde6e65f5b61624404d52509fd34a9430bb85085bda9df7f98d890d53e559ebf3c024ea90b68c32fe7b149ddd12b7386c9a6b441453f91ce3d351d0c64185795befae6bb9ce2646af1319a6b8f4daf1904c2684ebae533a3939c83b1be1bfb5f3ffb34b00532df06337f520bafe1c4bee4c2854ddfd7867a94c9a660c1311e1da75876406e8a2372bc521ef178ca0e0a6b3f587493a31aafc46490dfedb0283b3d2ba0536bc3f76ca685cad56b28499da509a925d769dad43264260ca857436a8b28e3067a70d07c87988fb30f069773b40bcfe0552f392e5c5508efde3b303231f991d6c14fc5639347bb11315237ba57fb81d4acf5f5a17f31debf3c3e69df45f5f46e34b1f8af4d712cd65d4da93634bb878eb044381f29935972b835b2fd7a75082dd67f67c94a073ebba59d57c8a828cc21ce7875c5ab42b6b342303fddad0852ab24caeaf33af93c9ba023d2b1e7eb4fcd91a8ef680d7d641dea186a5c7f20401be0c26ce5ab44d5efd932ee0dfff62ab58408e0aaa6ec1d68c9d56c3f47c2ce2df2c9e342208e8c653ef850dd622e1e7cfe70b3b23e353746a076736c3addb9247384e4424754ccfc181f60c24f940ae4b17bf8c5710cb97a28b493edad712240bf420acdf9fc2e232056558c62894c10836ea6476d751", 0x1000}}, 0x1006) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) fchdir(0xffffffffffffffff) mount(0x0, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x75809, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x2020) close(0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map, r3, 0x26, 0x0, 0x0, @void, @value}, 0x10) recvmsg$unix(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)}, 0x0) 33m53.29718208s ago: executing program 1 (id=66): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079104800000000006104000000000000950000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) close(r0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) bind$llc(0xffffffffffffffff, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000180)="308edc7974b1", 0x6}], 0x1) syz_genetlink_get_family_id$wireguard(&(0x7f00000002c0), 0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYBLOB], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) r2 = socket$inet_icmp(0x2, 0x2, 0x1) getsockopt$sock_buf(r2, 0x1, 0x13, &(0x7f00000000c0)=""/154, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r3 = msgget$private(0x0, 0x0) msgctl$IPC_RMID(r3, 0x0) socketpair(0x23, 0x3, 0x8, &(0x7f0000000180)) 33m52.778920179s ago: executing program 2 (id=68): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000140)=ANY=[]) openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x20840, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00'}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000140)=ANY=[]) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x4, @remote, 0x5}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002940), 0x4000000000000c8, 0x40894) 33m52.747371988s ago: executing program 1 (id=69): syz_init_net_socket$netrom(0x6, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="3800000055000100000000000000000007000000", @ANYRES32, @ANYBLOB="20000100ff14ab0f"], 0x38}}, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(0xffffffffffffffff, 0xc0405665, &(0x7f0000000280)={0x5, 0x2, 0x200000c, 0x1, 0xffffffff, 0x80000, 0x2}) r1 = socket$inet6(0xa, 0x3, 0x3c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000400)="d8b5fa274ef561b965ef49db4b78ca442104128d0622487641e0138ce5af7cab9cfda9f6584ef8d95adfe68c4ef87b47c0fcbce8bea6d950795406d3f77bde45471879430dd249fdfced93b8935caa7829ab782d390e6fe2b157d305601a75448484c107ef2bd8554f480795754c1f1a88f9345120d0d65c0b2a181bbc2af0982ff5bedde3f9e77b812217561c7a7437c4e2dc835a71053ae69666f510fd3c37398a8cf2a06a8f48ba6552b94a2e618b8e1745f9482dd14d4e6b4281c92d00a203161f2cf6556de18aacbbbdb9e557882503698e8b5f22e21e81d4502eeea807ccd8400b610ef4fb71289899195929640f27980a9264b32995cf99ae219ba07eb3dad61166015ac27b5b1b3d4e46f2f2e77a13e8973b30d64053090cbc9b97ff971749144978402fa58f252976580ed2ff7ce4e2cd0b0fda01b4650d1bd598c576b7d2892089993006283692604008089e3b7e576119b6b15e795ab5ed856eb54c1eba44d3ee3e5448cfa3959927568efa4fdb7f52146ec1f1b47d40f95f4dde6ea308c5545e25f859cb3d3a749db4778b54fc33afcda80eb30fce282232a1655e8a2f72ed608cee124730783f9943f81b5118c0ec11203b9ac86d176f576e255a0b75a59e38fcb32aa95eb299917ef4e8cfeb752c39d4ddd4cbbaae865f2ff1bcdf5db4774b7e70eab5e2605bbcb06511de04800089daf91766b2571b42594c3769eab219adac78132e5d89a1c1642dcacf9f1af24648c435bd239ca4f6bce9aae27018bab08d8c319466e7bbb467e547338fd67757e9ea6d427c0375bd46337a0e6c88622da91436bc0d74891f5240d63012bc51fca4b6f224cdd7bb5816e0be9862cc4dc2d21ca0a754a52db8c98fba5eacc0661c6580355c5c894416d2f38ba34633ce4aedc9a1d740cb3974a60edb2b8cc66b2eae9e4d609f35b653e2fb9004980906f9caa4fb47c86284ccabca11d6b769805d423e45e54c9192b5ddc77cdc5907ecc5666f83a15de3648f72f71f8e5c9675759408de43c41add892aaeeaa6adcf6f14b555ffec22d629fb96f4d39862b8257d85650750aaf35d98f3eaf09ed0a4ea90d2955f6920fd867ccde8647c6333dfeafbfbe356b027b6a1636844eafc966f5f27d370f17add81fb7fe2ed1371fc78dc92ac0e05e594d664bc34be873ff1e46b535b1306dc955c9e22565a1219ffed16563ee4d06a2f0f2a9d051bad4178beacbe20110d611b1eae4afd5bd180fa087d99126fa9b31141c4b860a70373f638a74c0a0f5b86d2e253e8d2707086143fde25ef7d06e55ba1d23a1dc6adb5ac50045fb5c783f30075be5c80370e5bf922bdaa281d55fcb6e7f382f7e9cb1b8b58bfb28b0de97ae6b8e943d717585cab1c5b87572400e25643b26ee09b2754b1f49a6eeed31b7d39b89100b503e6da5c9c17226865ce144409ca60f47e030a4f19b26b97ac38c9ea8ca0900f3c085ebdb50bcb6c5dcd819055f4a128f3d921026bdb9d25a4410849b935964b382f5f29cf433dfc9e2a9f003cb1ec3bc14bc8e847f74d7d61f066405087cace13c2083f7abf656ac1c65df8d8b6eb59c045c532ac998e6a6c42590cf0745768d5bbc734be0670f4dd35aa0511db97f4e0ccea3baa960acaa7d5916fc6a9aaff9437d9ea4d2292b94d8c5efb90298663e0ddf8e941e9f35bab8b7a6e7bf313104ed86a06a9f5bb51d9945bae588c9f1a189adba8bcf5d94bcf72fb296eb0833c55968b82a7bd40e7e86a73bffc8bdccf7b5d8c2bf60a24282f64cc1bcbe9c1490c28eebfe0a339bb4f7351338d9a8d90ba9befe05566bc1daf2d309911b49572cb366c8aac5bf0b17df8ca5c9f69680dec95104a831c7b4e0ebab0e51fc7ecc0b65070967800e37b69685ce6d2e4e480f2e5ffce3d84993de9c001c9fbd3a5c0d32403ed65cd5c55cd0be3c4d84471ba6ce467f2d04d54c4d4e1c3e374a59e4fd52378a51ca89472c01c6a10ad54dc9c52d1513694e5d9e0e657132c0191bd850852c863183d4218d08c6a68d382de6887d328be55a17da5bf2a22bb99b380e076fadce5ff9727d82b15bb8a9919f92ebd905028b36815cd5f3aaf7a5da38afaec9994e426550749f583833cee27112a3fc88cc429f3c850436e3d5512e55d4d3f0171cc0a1bf9a12f14c06eee050787f7c1d53ec43f58003f4273c6f2e91ac59f1594129dff8fda72ace4178c94ac7f3de6c1c54a5fe7fe9bf8de8345e341806548412ca50a749f4ff111f3978da887e70a026431e6efb797e6a21477d39ae766cc419be55fedfe0bfd050a935cc724c4de731ca0d165088e97f66f656954adc3cba11dfe9bbab291557219d816cd9229f626e480bace38b3c9662445439f14cbb1fa217ad1e2780b86584fddeecd7fd0d03a105a65baa40836cdbaef9e51f12a8f13a37dbb0b3f6c1d22fa71850d40263b2c897e8d02941b8522acfef181ceea85c40e2e235df2020940c155f4986ac6d6d43f7b3020af1e86f249e69827a56119b3dae6bcad16dca269cd7e98483e2a38eab3b5fd77a42caa833b620116555f61c87e347f9131959bf1cc529103335f7bbe5108774b5f4c6ed553c80fd00115c86869828a47cf680eb8da0e22b2bcddf2743836c932a3041c0ddcdd59d7b4afd6cae2086aa23e2ae81a2fae0564548256ad9602a27c9d2c3b9616bf29ce935a316920789083e30158f395d9cd764043d316243979eac86c423b91e1c4d684e3998d9ee4643637a110af39082ac492f9cb8037a6140fcb390c4f542383afa0a3d4bea0deb7bb88b0ebfaa6ff6058bdd59282e3f0d280df212f01979f10d4e2649ee0493113ffc2b18595cf00db8dd49f3cbb59f40804434a163542531379a1bd8f3aec7dbd49f03b88efc6ccc401ae788ad7097b64616c40ff5d0280fe79be38061dea4adcd6a3bae8351c555b30d3e6af897be6494cf06c45154e6fdc8cefccf360e5a60fc040e2cfabc47ad93a10caa18c925d4ada8a3ea564cbbf6c6ff2be4fbe7e542f6b62b8c48afbe2e4e0ce7684158e22606be1809eae0c18c9ca046917694a96927cef49105323aa6ba80c791cf6b37f608e1edbe0db39781a4ddc898400bc2fae1939ba7e35d31f894cbe8fe5febe85d31ccd1d4425270ca2112a5e3b66669793121ac93e16e3b1eaa7737f17f05f7143c04a20a65b5f0f530e1c8877af807eaa8412359349d9ad6da3fdd98a826104ff4cb38b17a9db13a0ef59859a5d362ad7810fcaa366123020924a72f7a09452386151270943de641db62c3e8b2d54c486a4ce8a63f9ce888d3fa0fa65909c774d71f129dc94330ed6291a58aabeb89e443c4ff9ac066b42084752c6a133db15c6bfdfc7d519915ca17e9c297d7b734e0a60b72ca773e36408ab9a2aa902737ccbd4980c3b00ecfcf83a3f2f3e03490db392007c716a019e1cfc2a7f286871c2e2f1c85e1f631b327b6dbdd5e286783ec630f72c94baea5c2bd72bcefdbc378661521d55c75b132cf63efb9459c80629271147b63873d32c71f794800bd2690814303e556054d60d807d02a5e83769eff526c1a2133b342d859451f09e9ce8fa6873f05470252a9e84f18697672966c63a37eec33b50b205d732e92406d2034a39a3ba1c19f78995e0c1361e31987e4c0ec1113d21af433fbddb8bbec06e1d274466c5fe8bfb99df5c70a33edaafc1af770f2277beac940f9baac9561403b3c1a38787662eee5a7ebca904e2008db0995eb7fb68b69ce6565e50f7260186f6d8b076a1b689aaf4e2ddc7e4a148934d50536f8e80425855472ccc21efb9b9ea935aa4ff4592c0dadd2a0cc91ddf0d0f808322d49809e3ddf46c8b385f6275e3c318516e9d905f7a56cc1e967b8c7c1067f1c40ae2e0c23df80cc5b580a9e7ea67940892e565458c9df77560abea5669fb84047a4ea983ff41b58cf71f9b9bb7ca7e1302a27e4db44f7b611dd6f05acb9613a22d6f8a4444b4ea42806c9525ae3ae3085432e8625d55170291258b6c69965d546cf933fda9733d53404d0f900ac20c58e1b89881be964eda63036d41edc8ab569b594764a806825a4a2ec03cb3c1fc2b9b3a219abf35fff43063b34b2e8a43b3512acc411f7a10061bfc8395e0e8fbb0de04ab9500030c8a8e8254554b7d7c7e0105b0583282217dc1", 0xb80, 0x20048800, &(0x7f0000001400)={0xa, 0x4e22, 0xfffffffc, @empty, 0x3}, 0x1c) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x4) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000002c0)={r1}) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x18) 33m51.391267572s ago: executing program 2 (id=72): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080), 0x4) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000004c0)={r2, 0x20, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0}}, 0x10) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) rt_sigtimedwait(&(0x7f00000001c0)={[0x80]}, &(0x7f00000005c0), &(0x7f0000000340)={0x0, 0x989680}, 0x8) r5 = syz_open_dev$evdev(&(0x7f00000001c0), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r5, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xf773, "00207d2000000000201b14700c1e0ac74f000000001200000000000900"}) 33m48.537125911s ago: executing program 2 (id=75): rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') r0 = userfaultfd(0x80001) open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) timerfd_settime(0xffffffffffffffff, 0x3, 0x0, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, 0x0) r2 = syz_io_uring_setup(0x10e, &(0x7f00000003c0)={0x0, 0x5885, 0x8, 0x1, 0x110}, &(0x7f00000007c0)=0x0, &(0x7f0000000880)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 33m37.372020336s ago: executing program 32 (id=69): syz_init_net_socket$netrom(0x6, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="3800000055000100000000000000000007000000", @ANYRES32, @ANYBLOB="20000100ff14ab0f"], 0x38}}, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(0xffffffffffffffff, 0xc0405665, &(0x7f0000000280)={0x5, 0x2, 0x200000c, 0x1, 0xffffffff, 0x80000, 0x2}) r1 = socket$inet6(0xa, 0x3, 0x3c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000400)="d8b5fa274ef561b965ef49db4b78ca442104128d0622487641e0138ce5af7cab9cfda9f6584ef8d95adfe68c4ef87b47c0fcbce8bea6d950795406d3f77bde45471879430dd249fdfced93b8935caa7829ab782d390e6fe2b157d305601a75448484c107ef2bd8554f480795754c1f1a88f9345120d0d65c0b2a181bbc2af0982ff5bedde3f9e77b812217561c7a7437c4e2dc835a71053ae69666f510fd3c37398a8cf2a06a8f48ba6552b94a2e618b8e1745f9482dd14d4e6b4281c92d00a203161f2cf6556de18aacbbbdb9e557882503698e8b5f22e21e81d4502eeea807ccd8400b610ef4fb71289899195929640f27980a9264b32995cf99ae219ba07eb3dad61166015ac27b5b1b3d4e46f2f2e77a13e8973b30d64053090cbc9b97ff971749144978402fa58f252976580ed2ff7ce4e2cd0b0fda01b4650d1bd598c576b7d2892089993006283692604008089e3b7e576119b6b15e795ab5ed856eb54c1eba44d3ee3e5448cfa3959927568efa4fdb7f52146ec1f1b47d40f95f4dde6ea308c5545e25f859cb3d3a749db4778b54fc33afcda80eb30fce282232a1655e8a2f72ed608cee124730783f9943f81b5118c0ec11203b9ac86d176f576e255a0b75a59e38fcb32aa95eb299917ef4e8cfeb752c39d4ddd4cbbaae865f2ff1bcdf5db4774b7e70eab5e2605bbcb06511de04800089daf91766b2571b42594c3769eab219adac78132e5d89a1c1642dcacf9f1af24648c435bd239ca4f6bce9aae27018bab08d8c319466e7bbb467e547338fd67757e9ea6d427c0375bd46337a0e6c88622da91436bc0d74891f5240d63012bc51fca4b6f224cdd7bb5816e0be9862cc4dc2d21ca0a754a52db8c98fba5eacc0661c6580355c5c894416d2f38ba34633ce4aedc9a1d740cb3974a60edb2b8cc66b2eae9e4d609f35b653e2fb9004980906f9caa4fb47c86284ccabca11d6b769805d423e45e54c9192b5ddc77cdc5907ecc5666f83a15de3648f72f71f8e5c9675759408de43c41add892aaeeaa6adcf6f14b555ffec22d629fb96f4d39862b8257d85650750aaf35d98f3eaf09ed0a4ea90d2955f6920fd867ccde8647c6333dfeafbfbe356b027b6a1636844eafc966f5f27d370f17add81fb7fe2ed1371fc78dc92ac0e05e594d664bc34be873ff1e46b535b1306dc955c9e22565a1219ffed16563ee4d06a2f0f2a9d051bad4178beacbe20110d611b1eae4afd5bd180fa087d99126fa9b31141c4b860a70373f638a74c0a0f5b86d2e253e8d2707086143fde25ef7d06e55ba1d23a1dc6adb5ac50045fb5c783f30075be5c80370e5bf922bdaa281d55fcb6e7f382f7e9cb1b8b58bfb28b0de97ae6b8e943d717585cab1c5b87572400e25643b26ee09b2754b1f49a6eeed31b7d39b89100b503e6da5c9c17226865ce144409ca60f47e030a4f19b26b97ac38c9ea8ca0900f3c085ebdb50bcb6c5dcd819055f4a128f3d921026bdb9d25a4410849b935964b382f5f29cf433dfc9e2a9f003cb1ec3bc14bc8e847f74d7d61f066405087cace13c2083f7abf656ac1c65df8d8b6eb59c045c532ac998e6a6c42590cf0745768d5bbc734be0670f4dd35aa0511db97f4e0ccea3baa960acaa7d5916fc6a9aaff9437d9ea4d2292b94d8c5efb90298663e0ddf8e941e9f35bab8b7a6e7bf313104ed86a06a9f5bb51d9945bae588c9f1a189adba8bcf5d94bcf72fb296eb0833c55968b82a7bd40e7e86a73bffc8bdccf7b5d8c2bf60a24282f64cc1bcbe9c1490c28eebfe0a339bb4f7351338d9a8d90ba9befe05566bc1daf2d309911b49572cb366c8aac5bf0b17df8ca5c9f69680dec95104a831c7b4e0ebab0e51fc7ecc0b65070967800e37b69685ce6d2e4e480f2e5ffce3d84993de9c001c9fbd3a5c0d32403ed65cd5c55cd0be3c4d84471ba6ce467f2d04d54c4d4e1c3e374a59e4fd52378a51ca89472c01c6a10ad54dc9c52d1513694e5d9e0e657132c0191bd850852c863183d4218d08c6a68d382de6887d328be55a17da5bf2a22bb99b380e076fadce5ff9727d82b15bb8a9919f92ebd905028b36815cd5f3aaf7a5da38afaec9994e426550749f583833cee27112a3fc88cc429f3c850436e3d5512e55d4d3f0171cc0a1bf9a12f14c06eee050787f7c1d53ec43f58003f4273c6f2e91ac59f1594129dff8fda72ace4178c94ac7f3de6c1c54a5fe7fe9bf8de8345e341806548412ca50a749f4ff111f3978da887e70a026431e6efb797e6a21477d39ae766cc419be55fedfe0bfd050a935cc724c4de731ca0d165088e97f66f656954adc3cba11dfe9bbab291557219d816cd9229f626e480bace38b3c9662445439f14cbb1fa217ad1e2780b86584fddeecd7fd0d03a105a65baa40836cdbaef9e51f12a8f13a37dbb0b3f6c1d22fa71850d40263b2c897e8d02941b8522acfef181ceea85c40e2e235df2020940c155f4986ac6d6d43f7b3020af1e86f249e69827a56119b3dae6bcad16dca269cd7e98483e2a38eab3b5fd77a42caa833b620116555f61c87e347f9131959bf1cc529103335f7bbe5108774b5f4c6ed553c80fd00115c86869828a47cf680eb8da0e22b2bcddf2743836c932a3041c0ddcdd59d7b4afd6cae2086aa23e2ae81a2fae0564548256ad9602a27c9d2c3b9616bf29ce935a316920789083e30158f395d9cd764043d316243979eac86c423b91e1c4d684e3998d9ee4643637a110af39082ac492f9cb8037a6140fcb390c4f542383afa0a3d4bea0deb7bb88b0ebfaa6ff6058bdd59282e3f0d280df212f01979f10d4e2649ee0493113ffc2b18595cf00db8dd49f3cbb59f40804434a163542531379a1bd8f3aec7dbd49f03b88efc6ccc401ae788ad7097b64616c40ff5d0280fe79be38061dea4adcd6a3bae8351c555b30d3e6af897be6494cf06c45154e6fdc8cefccf360e5a60fc040e2cfabc47ad93a10caa18c925d4ada8a3ea564cbbf6c6ff2be4fbe7e542f6b62b8c48afbe2e4e0ce7684158e22606be1809eae0c18c9ca046917694a96927cef49105323aa6ba80c791cf6b37f608e1edbe0db39781a4ddc898400bc2fae1939ba7e35d31f894cbe8fe5febe85d31ccd1d4425270ca2112a5e3b66669793121ac93e16e3b1eaa7737f17f05f7143c04a20a65b5f0f530e1c8877af807eaa8412359349d9ad6da3fdd98a826104ff4cb38b17a9db13a0ef59859a5d362ad7810fcaa366123020924a72f7a09452386151270943de641db62c3e8b2d54c486a4ce8a63f9ce888d3fa0fa65909c774d71f129dc94330ed6291a58aabeb89e443c4ff9ac066b42084752c6a133db15c6bfdfc7d519915ca17e9c297d7b734e0a60b72ca773e36408ab9a2aa902737ccbd4980c3b00ecfcf83a3f2f3e03490db392007c716a019e1cfc2a7f286871c2e2f1c85e1f631b327b6dbdd5e286783ec630f72c94baea5c2bd72bcefdbc378661521d55c75b132cf63efb9459c80629271147b63873d32c71f794800bd2690814303e556054d60d807d02a5e83769eff526c1a2133b342d859451f09e9ce8fa6873f05470252a9e84f18697672966c63a37eec33b50b205d732e92406d2034a39a3ba1c19f78995e0c1361e31987e4c0ec1113d21af433fbddb8bbec06e1d274466c5fe8bfb99df5c70a33edaafc1af770f2277beac940f9baac9561403b3c1a38787662eee5a7ebca904e2008db0995eb7fb68b69ce6565e50f7260186f6d8b076a1b689aaf4e2ddc7e4a148934d50536f8e80425855472ccc21efb9b9ea935aa4ff4592c0dadd2a0cc91ddf0d0f808322d49809e3ddf46c8b385f6275e3c318516e9d905f7a56cc1e967b8c7c1067f1c40ae2e0c23df80cc5b580a9e7ea67940892e565458c9df77560abea5669fb84047a4ea983ff41b58cf71f9b9bb7ca7e1302a27e4db44f7b611dd6f05acb9613a22d6f8a4444b4ea42806c9525ae3ae3085432e8625d55170291258b6c69965d546cf933fda9733d53404d0f900ac20c58e1b89881be964eda63036d41edc8ab569b594764a806825a4a2ec03cb3c1fc2b9b3a219abf35fff43063b34b2e8a43b3512acc411f7a10061bfc8395e0e8fbb0de04ab9500030c8a8e8254554b7d7c7e0105b0583282217dc1", 0xb80, 0x20048800, &(0x7f0000001400)={0xa, 0x4e22, 0xfffffffc, @empty, 0x3}, 0x1c) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x4) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f00000002c0)={r1}) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x18) 33m33.369960935s ago: executing program 33 (id=75): rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') r0 = userfaultfd(0x80001) open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) timerfd_settime(0xffffffffffffffff, 0x3, 0x0, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, 0x0) r2 = syz_io_uring_setup(0x10e, &(0x7f00000003c0)={0x0, 0x5885, 0x8, 0x1, 0x110}, &(0x7f00000007c0)=0x0, &(0x7f0000000880)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) 18m38.208573303s ago: executing program 3 (id=1929): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000001c80)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822a0269a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7ae22e16c6c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bba3d005585bf07d70e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37bc21cfdc8180c7d09c35d130d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56bd86acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd6e19946b18a45333df51d78f735999aadfcda64488160c4ae6ba9dcef0c144e3de7be7fdc1ead6a425ff6128fab1517630c1d9507e0685488a57f85298b4e4382842c0730"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r0, r0, 0x2f, 0x8, 0x0, @void, @value}, 0x20) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180)={0x0, 0x0}, 0x0) r2 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r1, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000140)={r2, 0xffffffffffffffff, 0x4, r0}, 0x98) 18m38.036660797s ago: executing program 3 (id=1930): syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3c, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @multicast1}, {0x4e24, 0x17c1, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0xfc, 0x0, @void}}}}}}}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) pipe2(&(0x7f0000000080), 0x80800) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xda6, @void, @value}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f0000000280)) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000480)={0x1, 0x0, [{0x400, 0x2, 0x2, 0x0, @sint={0x5, 0x7ff}}]}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 18m36.85347805s ago: executing program 3 (id=1934): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in6=@remote, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0x0, 0x7fffffe}, {}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x20}, [@algo_auth={0x48, 0x1, {{'hmac(sha1)\x00'}}}]}, 0x138}, 0x1, 0xe}, 0x10) (fail_nth: 5) 18m35.952625628s ago: executing program 3 (id=1937): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000002c0), 0x6) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0)=0x0) prlimit64(r1, 0xe, &(0x7f0000000140)={0x6, 0x400000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mkdir(&(0x7f0000000140)='./control\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) syz_io_uring_setup(0x239, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) bind$inet6(r3, 0x0, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f000005e600)=""/102392, 0x18ff8) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) 18m33.956057174s ago: executing program 3 (id=1944): syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3c, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @multicast1}, {0x4e24, 0x17c1, 0xc, 0x0, @gue={{0x1, 0x0, 0x3, 0xfc, 0x0, @void}}}}}}}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) pipe2(&(0x7f0000000080), 0x80800) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xda6, @void, @value}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f0000000280)) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000480)={0x1, 0x0, [{0x400, 0x2, 0x2, 0x0, @sint={0x5, 0x7ff}}]}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x6, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 18m33.616179675s ago: executing program 3 (id=1945): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet6(r0, &(0x7f0000000580)={&(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)=' ', 0x1}], 0x1}, 0x0) shutdown(r0, 0x1) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2719, &(0x7f0000000600)=""/4, &(0x7f00000006c0)=0x4) r2 = add_key(0x0, 0x0, &(0x7f0000000080), 0x0, 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4) preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x18}, 0x44) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r5, @ANYBLOB="010000000000000000003b0000000800", @ANYRES32=r6, @ANYBLOB="99003300800000000802110000010802110000005050505050500000000000020000000000001450000100000001000000000000000000055204ae00b1c63dd7b491c177437106ee993b2fea6481428d6527ca2e7de1304562418971140f333d67d150364234b3364c3f2cdfc554649b0a1b937587cb6010de5a210a89207e0c48d9eab32923619bbf252d25030000002a01003c040003a1040000009c404f215f56e5a5e6fbb5"], 0xb8}}, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e23, @empty}, {0x1, @broadcast}, 0x8, {0x2, 0x4e21, @broadcast}, 'dummy0\x00'}) r8 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r8, 0x29, 0x1a, &(0x7f0000000040)=0x9, 0x4) syz_emit_ethernet(0x4e, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x8, &(0x7f0000000300)=ANY=[@ANYRESDEC=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 18m33.161956066s ago: executing program 34 (id=1945): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet6(r0, &(0x7f0000000580)={&(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)=' ', 0x1}], 0x1}, 0x0) shutdown(r0, 0x1) openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2719, &(0x7f0000000600)=""/4, &(0x7f00000006c0)=0x4) r2 = add_key(0x0, 0x0, &(0x7f0000000080), 0x0, 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000080), &(0x7f0000000100)=0x4) preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r3 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=r3], 0x18}, 0x44) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)=ANY=[@ANYBLOB="b8000000", @ANYRES16=r5, @ANYBLOB="010000000000000000003b0000000800", @ANYRES32=r6, @ANYBLOB="99003300800000000802110000010802110000005050505050500000000000020000000000001450000100000001000000000000000000055204ae00b1c63dd7b491c177437106ee993b2fea6481428d6527ca2e7de1304562418971140f333d67d150364234b3364c3f2cdfc554649b0a1b937587cb6010de5a210a89207e0c48d9eab32923619bbf252d25030000002a01003c040003a1040000009c404f215f56e5a5e6fbb5"], 0xb8}}, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e23, @empty}, {0x1, @broadcast}, 0x8, {0x2, 0x4e21, @broadcast}, 'dummy0\x00'}) r8 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r8, 0x29, 0x1a, &(0x7f0000000040)=0x9, 0x4) syz_emit_ethernet(0x4e, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x8, &(0x7f0000000300)=ANY=[@ANYRESDEC=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 17m47.53223364s ago: executing program 4 (id=2153): openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000200)={0x0, 0x0, 0x80000}, 0x20) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000d80)=[{{&(0x7f0000000040)={0xa, 0x4e22, 0x0, @private1}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000800)='P', 0x1}], 0x1}}], 0x1, 0x20000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip6_tables_targets\x00') mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd600a8435001c0600000000000000000000a652ff00000000fe80000000aa000004"], 0x0) r2 = syz_open_dev$vivid(&(0x7f0000000200), 0x2, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f0000000780)={0xa, @sdr={0x39565559}}) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000"], 0xb8}}, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7e9, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000100)={0x6, 0x1, 0x0, "abd657bebbdd23613cfda38214fc0e59299e701cef6329784aa62d2f521ee9cc"}) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r5, &(0x7f0000000880)="5cba91ff890d4027881b2e39e14c40157713f9036c5373e68c35e68bebedbddfe1db69f38db5cd3d780bd3841c9cdb1634ca8c32f434c922e86592f720d36a6615cd30bb922ce9fb64a44060956549a9ba672bf5d97a0de23f92da6b75a7167d2acc0b56e0470b5d5c3a0a3399b82fe4401bf4c7ff2e14497f1f14df8dd195449e7510f1456e835ac5b18da9bbccd6f691d080c132", 0x95) ioctl$SNDCTL_DSP_SYNC(r5, 0x5001, 0x0) io_uring_setup(0x4e83, &(0x7f00000002c0)={0x0, 0x20, 0x0, 0x2, 0x40000000}) ioctl$SNDCTL_DSP_STEREO(r5, 0x40045010, &(0x7f0000000080)) ioctl$SNDCTL_DSP_SPEED(r5, 0xc0045002, &(0x7f0000000180)=0xfffffff9) ioctl$SNDCTL_DSP_GETOSPACE(r5, 0x8010500c, &(0x7f0000000240)) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 17m46.953837758s ago: executing program 4 (id=2158): r0 = socket$pppoe(0x18, 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$TCFLSH(r2, 0x40045436, 0x14) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x7}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x20000800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x80800, &(0x7f0000000500)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705ff153941c68f45dc4c9c7f29888f9c3b382988d6ace38d68f73f701841a1797e2c62dbee8ffdcbe1e85a7920141a7dd7cbf00b2e04e6169c367ea0667ef0110188783c64dcf5e405497a00d17535aafbf7513e4d11ce6b70d047d7bbe2eb21b8dd8bfd2b31d493497a47b7ae7a799fb1e5178b1c7321903ab2aff4bdd6f351c463c415726634291899757c97c09e450faec8aa7676b6e369c73f40c9e58b1e134a32c1be3daac45cc68b0e285dc1e726962e1ee97a3af0c4868dd70e5720015bc6f2ae124e4835df0261f94891252bfc355bc48f57d", @ANYRESDEC, @ANYBLOB=',max_read=0x0000000000000003,default_permissions,max_read=0x0000000000000004,default_permissions,allow_other,blksize=0x0000000000001a00,blksize=0x0000000000000800,dont_appraise,euid=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) userfaultfd(0x801) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x18) mount(&(0x7f0000000000)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='ufs\x00', 0x18642, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)=@rc={0x1f, @any, 0x2}, 0x80, 0x0, 0x0, &(0x7f0000000240)=[@txtime={{0x18, 0x1, 0x3d, 0x81}}, @timestamping={{0x14, 0x1, 0x25, 0x8}}], 0x30}, 0x40) r6 = socket$inet(0xa, 0x5, 0x84) connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000001080)={0x0, 0x3}, &(0x7f00000010c0)=0x8) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x400452c9, &(0x7f0000000100)) 17m45.780690389s ago: executing program 4 (id=2162): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000800)=@ipv6_delrule={0x2c, 0x21, 0x11, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_L3MDEV={0x5, 0x13, 0x1}, @FIB_RULE_POLICY=@FRA_TABLE={0x8}]}, 0x2c}}, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder1\x00') r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x200080, 0x0) fsetxattr$security_ima(r3, &(0x7f0000000080), &(0x7f0000000140)=@sha1={0x1, "03a3d6cbeb89accff8e52eee7af1936b336f9dff"}, 0x15, 0x3) write$UHID_INPUT(r2, 0x0, 0x0) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r2, 0x7a5, &(0x7f0000000000)={{@local, 0x8}, 0x0, 0x2, 0x6}) 17m44.807957582s ago: executing program 4 (id=2167): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r1 = socket$kcm(0x10, 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="d800000018008111e00212ba0d8105040a020000030f000b067c55a1bc000900b8000699030000000500160002008178a8001500080001400200000901ac040000d67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e970300000000000000000000000000000000000000008dc5fb510162", 0xd8}], 0x1}, 0x20000044) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r2 = syz_usb_connect$cdc_ncm(0x3, 0x7d, &(0x7f0000000240)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6b, 0x2, 0x1, 0x1, 0xa0, 0xf7, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x7, 0x24, 0x6, 0x0, 0x1, "9e3f"}, {0x5, 0x24, 0x0, 0x1}, {0xd, 0x24, 0xf, 0x1, 0x7fffffff, 0xe, 0x4836}, {0x6, 0x24, 0x1a, 0x1563, 0xa}, [@mbim_extended={0x8, 0x24, 0x1c, 0x4, 0x1, 0x1}, @obex={0x5, 0x24, 0x15, 0xb58a}]}, {{0x9, 0x5, 0x81, 0x3, 0x0, 0x6, 0x6, 0x18}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0x2, 0x51, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x1, 0x6, 0xb}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x110, 0x4, 0x5, 0x5, 0xff, 0xba}, 0xf, &(0x7f0000000440)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x6, 0x6, 0x2}]}, 0x1, [{0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x437}}]}) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000640)={0x14, &(0x7f0000000500)={0x0, 0x9, 0xe5, {0xe5, 0xb, "0ba3028e130d0c5b3084b804de8f278cd7f29e17df6bd7509ae16b3cbb9a754ecfc1fe263e3514b0ce514324690af0d5213bff1591abaaf3d737b6176be2c30cf01b43b134274a95d57f097669db3640310c6969bc74ad62b764b7ff58c8cdd82c86a8c76fbb28ecbc77daf38cc6b149a5da600195d52c1e189a5024078deb140cdfd778ee8bda9f4f2e5b9be4adecfb78c86ad20c78e878362fcf68d494cf719844faf97652aea878704bbbbaf9d32acf22d138841b27bd5c44dd7ff7470e46106911bdce65af82bb08afea245650b7024fe5e81bb9a7c73510b425c887e141c3ff6a"}}, &(0x7f0000000600)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000880)={0x44, &(0x7f0000000680)={0x0, 0x9, 0xd, "0a83d18c187dd12d451806f3d9"}, &(0x7f00000006c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0xef}, &(0x7f0000000740)={0x20, 0x80, 0x1c, {0x81, 0x589, 0x9, 0x5, 0x6, 0x8, 0x2, 0x3, 0x200, 0x2, 0x0, 0xe}}, &(0x7f0000000780)={0x20, 0x85, 0x4, 0x17b}, &(0x7f00000007c0)={0x20, 0x83, 0x2}, &(0x7f0000000800)={0x20, 0x87, 0x2, 0x8}, &(0x7f0000000840)={0x20, 0x89, 0x2, 0x1}}) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) umount2(&(0x7f0000000180)='./bus\x00', 0x8) socket$nl_generic(0x10, 0x3, 0x10) syz_80211_inject_frame(&(0x7f00000000c0), &(0x7f0000000900)=@mgmt_frame=@beacon={{{}, {}, @device_a, @device_a, @from_mac=@device_b, {0x0, 0xffe}}, 0x10000, @random=0xbd6, 0x8a01, @val={0x0, 0x6, @default_ibss_ssid}, @val, @void, @void, @void, @void, @void, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @void, @val={0x2d, 0x1a, {0x10, 0x0, 0x3, 0x0, {0x5, 0x9, 0x0, 0xf, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x800, 0xfffff07b, 0x6}}, @void, @void, @void}, 0x4d) 17m43.004552344s ago: executing program 4 (id=2172): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount_setattr(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000200)={0x0, 0x0, 0x80000}, 0x20) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000d80)=[{{&(0x7f0000000040)={0xa, 0x4e22, 0x0, @private1}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000800)='P', 0x1}], 0x1}}], 0x1, 0x20000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip6_tables_targets\x00') mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) syz_emit_ethernet(0x52, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd600a8435001c0600000000000000000000a652ff00000000fe80000000aa000004"], 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x2a, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7e9, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000100)={0x6, 0x1, 0x0, "abd657bebbdd23613cfda38214fc0e59299e701cef6329784aa62d2f521ee9cc"}) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) 17m42.550147111s ago: executing program 4 (id=2175): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ppoll(&(0x7f0000000100)=[{r1}, {r1}], 0x2, &(0x7f0000000180), 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000014060000240008000000000000656e0000000500090000000000"], 0x44}, 0x9}, 0x0) 17m41.619255538s ago: executing program 35 (id=2175): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ppoll(&(0x7f0000000100)=[{r1}, {r1}], 0x2, &(0x7f0000000180), 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000014060000240008000000000000656e0000000500090000000000"], 0x44}, 0x9}, 0x0) 16m58.308590553s ago: executing program 8 (id=2345): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) fgetxattr(0xffffffffffffffff, &(0x7f0000000040)=@known='security.selinux\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r2, 0x4b52, &(0x7f0000000040)={0xfdfd, 0x0}) 16m58.231601488s ago: executing program 8 (id=2346): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) fgetxattr(0xffffffffffffffff, &(0x7f0000000040)=@known='security.selinux\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000004c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r2}, 0x10) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r3, 0x4b52, &(0x7f0000000040)={0xfdfd, 0x0}) 16m57.906924066s ago: executing program 8 (id=2351): r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f0000000280), 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x20000010, &(0x7f0000000540)={0x2, 0x400, @empty}, 0x10) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {0x0, @dev}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 16m57.692858043s ago: executing program 8 (id=2353): mkdir(&(0x7f0000000000)='./file0\x00', 0x8d) r0 = openat$dir(0xffffff9c, &(0x7f0000000280)='./file0\x00', 0x0, 0x20) symlinkat(&(0x7f0000000200)='./file0\x00', r0, 0x0) ioctl$F2FS_IOC_RESIZE_FS(0xffffffffffffffff, 0x4008f510, &(0x7f0000000040)=0x2) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) linkat(r1, 0x0, r1, &(0x7f0000000240)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0xc008ae88, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000e497f36c3b91ceb4a45653d1000018010040"]) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0xfff) syz_emit_ethernet(0xcb, &(0x7f0000000440)={@multicast, @empty, @void, {@ipv6={0x86dd, @tipc_packet={0xf, 0x6, "e29658", 0x95, 0x6, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[@routing={0x62, 0xc, 0x2, 0xbb, 0x0, [@remote, @private2, @loopback, @loopback, @remote, @empty]}], @payload_named={{{{{0x2d, 0x0, 0x1, 0x0, 0x1, 0xa, 0x3, 0x2, 0xc, 0x0, 0x0, 0xa, 0xdda69d93e591afc3, 0x2, 0x80, 0x8, 0x0, 0x4e23, 0x4e24}, 0x3, 0x3}, 0x3, 0x4}}, [0x0, 0x0, 0x0, 0x0, 0x0]}}}}}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f00000002c0)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a3ff2", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x14, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}]}}}}}}}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = socket$unix(0x1, 0x5, 0x0) r7 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r7, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r7, 0x29, 0x2a, &(0x7f0000000200)={0x6, {{0xa, 0x0, 0x80, @mcast1={0xff, 0x7}, 0x8}}, {{0xa, 0x4e20, 0xffffffff, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0xde, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(r7, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}}, 0x108) r8 = dup2(r6, 0xffffffffffffffff) close_range(r8, 0xffffffffffffffff, 0x0) 16m56.537079929s ago: executing program 8 (id=2358): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000001c80)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822a0269a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7ae22e16c6c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bba3d005585bf07d70e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37bc21cfdc8180c7d09c35d130d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56bd86acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd6e19946b18a45333df51d78f735999aadfcda64488160c4ae6ba9dcef0c144e3de7be7fdc1ead6a425ff6128fab1517630c1d9507e0685488a57f85298b4e4382842c0730"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r0, r0, 0x2f, 0x8, 0x0, @void, @value}, 0x20) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180)={0x0, 0x0}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)={0x20, 0x1, 0x2, 0x401, 0x0, 0x0, {}, [@CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}]}, 0x20}}, 0x20040000) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f0000000280)={{0x5, 0x0, 0x3, 0x0, 'syz1\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffc, 0xe, 0x0, 0x3, 0x3ffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffffffffffa, 0x0, 0x4000000000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x400000000, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0x8]}) r4 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r1, 0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r5}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000140)={r4, r5, 0x4, r0}, 0x10) 16m56.448373741s ago: executing program 8 (id=2360): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r1, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)=@usbdevfs_disconnect={0x20}) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5']) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000280)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f00000000c0), 0x6db6e559) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005580)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_DPORT={0x6, 0x10}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 16m40.909167155s ago: executing program 36 (id=2360): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r1, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f0000000200)=@usbdevfs_disconnect={0x20}) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5']) r3 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000280)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f00000000c0), 0x6db6e559) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005580)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_DPORT={0x6, 0x10}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 12.710621007s ago: executing program 0 (id=5593): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x1ffffffffffffe99, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket(0x10, 0x80003, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1800000016000119"], 0x78}, 0x1, 0x0, 0x0, 0x44010}, 0xc0) recvmmsg(r3, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) 9.296728421s ago: executing program 7 (id=5599): syz_usb_connect(0x6, 0x2d, 0x0, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0xa441, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x0, 0x0, 0x0}) 8.486437564s ago: executing program 0 (id=5601): socket$nl_netfilter(0x10, 0x3, 0xc) 8.310631012s ago: executing program 0 (id=5603): r0 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000100)=ANY=[@ANYRES64=r0, @ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000640)=0x4) kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000580)={[], [{@smackfsdef={'smackfsdef', 0x3d, '$^\\'}}, {@appraise}, {@measure}, {@measure}, {@fowner_lt}, {@fsname}]}) 6.8265228s ago: executing program 0 (id=5606): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000180)="270302005a0214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e570000002b21c90b000000000000721a5dbb56a3d9e16e7c2179c9b5b24722944820e624fc5b17d0822ca4232c98a9936ba722475ca5", 0x72}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b700c9e37eed5653ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d33330e2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb00"/135, 0x87}, {&(0x7f0000001400)="7f4ba13c5a27118dc920175650f0c9ba1809dd13a6e2d5b38f40adfa278c09e0e3bd05add4d780cd753b50f06f3b51f43761c7783f38ceaefc2dad57889d8b3a2d21314410f64ec2fa92e3a14b0141b39c020021d1edd011fbccb808a317fff4cf49aab12da619d67102048ec43c76cdb9d395e8b7b6e589d788aeeecb5080fc3d5ec6ccd656e49c0a642671d3fc363b46240bbc46ad965399b71db3c8f2b269b20870a3d2a6a8de5213b0f9d41c510c827056b7284391da244ec7653648b670f9a3483b314d861992ed7fb369eda093e1643c300b94d996fc592adb22c379be070ce5cd806da85a492dd4199cceb4c5b750222485325cf1073bf87e93bdf7da8af8f5f626541afd142e24ee8f4be9f038453c0edf500deabfe4d1a7a9de51df012bc2f3b767b3c03be6ace8c37ad571323cd363116e01f98a8ff8148d3900a65b788e99ddf9d9a2383f1730c7868d2dd031034bce5a77bd1ef3385105968be7bd830bde788092f657be36f89ea55ced486e18982d01339ed04a934a43c7b3be5e6bd03cbe773a938f621809345ec07cfceb013e3d76d500d97c8bee6ff54980ac3d221fcb35724ba64adb29ae8db909e097d78ff9542196635a14266944b850c9d436e96cc806a88090cbfc9db7ce83231bc043ded67966cfd68b800f6030a85f6bb070a2a5b372be2dacea7884b42e76e164af04e47f90ce0694623dce23cd1471f1a6029f68331317073e1a2d8cfb16f821c867d35a609649cf36aa781fa0a381f934844366d4e3ab8dd239c6ec35c15f307a7ed07869aacec38d787fd9c08e9dda1a28bf1a15b004bb1d88aa429ee8e927f5a1e1445685d8923cad92c90c79726d5e73dfe741de35498842cf51a4f09b97b1c14d33213705b95e84a8853fab4e1ced6faecea9d9203b038594bceb202a9d47f862c4f1853db9a0a7bf98ed9d2e3012358b38d092bd1ed7efb1a9e582ac5ef30c9b476e185f537f40ae8189528b480436122a939967e8d862e01172245ebced9f5251dd302e7e974c1db40be1e9e79799c27384caf6485e7c469b77cd6b28f71e39f84d2adbe074dd2bed6636e6853655adc3d1a47eff697e8edba53e6b281aea94798d82da7d3e86d09d869e5e345316eeeced4e15fc39234a0b0104e0b205c95eda632d0e86b095b284f441a62cb0e7262bc1967ee75f5c2d459011b0c15f4c85b02150a8834eda7f84cc96dde04e4abbdf5985a9c7218797820251b5804cae80c9a726afddf36793ae52cfb38e4e19740d6e07e4ed7c01001ab87b7fb12d5b70a75938d234c83d863b1763aec37b41d204fc319c6e802734ed681ea179fe6cad4857c3ca0e236e7b9867688d8bd7749e919f2d4f57f2249c9ccaf76a23760569b0fbde2db12ca0169e74982c1f4f0494aae13f4838b3f50d9ab0f6e328250d6fc34c0156e4b754c5c648b4ef8af32c91859f9706048f029634cefd0d767e8b7743262cb8a468", 0x41c}, {&(0x7f0000000240)="185a3bfb706bfa0c", 0x8}], 0x4}, 0x2) 6.803820259s ago: executing program 5 (id=5607): syz_emit_ethernet(0x11, &(0x7f00000000c0)={@multicast, @local, @void, {@x25={0x805, {0x2, 0xff, 0x13}}}}, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x200000, 0x0) listen(r0, 0x7) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x4000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xff55, 0x3}, 0x20) 6.739811764s ago: executing program 7 (id=5608): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000000c0)={0x800f}, 0x10) write(r0, &(0x7f0000000100)="1b0000001e005f0234fffffffffffff81600"/27, 0x1b) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="06"], 0x20) syz_usb_connect$uac1(0x0, 0xb1, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029f0003010000000904000000010100000a24010000000201020d240600000308000000001b000c24020201010608000010000c24020000000300000000000924060006010000000924030000000005000924060500010000000904010000010200000904010101010200000905010900004000020725010000800009040200000102000009040201010102200009058209"], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x78, r2, 0x5, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x44, 0xe, {{{}, {}, @device_a, @device_b}, 0x0, @default, 0x0, @void, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @val={0x5, 0x3, {0x10, 0x18, 0x2}}, @val={0x25, 0x3, {0x0, 0x34, 0x10}}, @void, @val={0x3c, 0x4, {0x1, 0x6, 0xb8, 0x8}}, @void, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x400}]}, 0x78}, 0x1, 0x0, 0x0, 0x90}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xcd00bdcb563d602d}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x2c, r2, 0x8, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x6, 0x59}}}}, [@NL80211_ATTR_TWT_RESPONDER={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008800}, 0x10) 6.660042401s ago: executing program 5 (id=5609): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) io_setup(0x9, &(0x7f0000000740)=0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) io_cancel(r1, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x6, 0x2, r0, &(0x7f0000000780)="08882d36096001e6046bd7fd5388781ce34638e6e00eda71d1ccad4d49f81eadd4c1a031bb3f7d352555895a706c5b418e4169121e464a02f152519f9ac70707384d0362acf99b871080748d063657e5b1438cd6ab258a849cf3c2cd3431919877ea4ecc387c8a82c73e17f6fe5f645b31560ad5d30bc1020bceb6af1c6852fdbbd89afdff84368df616eae3fe591bedbc71bca05f5fd8e97a7796941eb17b523aef7ba2c8e8c143914b55cc68", 0xad, 0xa, 0x0, 0x1, r2}, &(0x7f0000000880)) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r0, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r4, 0xffffffffffffffff}, &(0x7f0000000680), &(0x7f00000001c0)=r0, 0x11}, 0x20) r6 = dup(r0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0xfffffffe, {0x0, 0x0, 0x0, 0x0, 0x8007}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_MODE={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r9}]}, 0x44}}, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r6, 0x114, 0x1, &(0x7f00000008c0)={0x2, 0x4e24, @broadcast}, 0x10) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffe}]}) r11 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x9c37611dc13d0ca8) fchown(r11, 0xee01, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x29, 0xff, 0x0, 0x8001, 0x4, @local, @mcast1, 0x80, 0x8, 0xc, 0x200}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'ip6tnl0\x00', 0x0, 0x0, 0x33, 0x3, 0x69, 0xa2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @local, 0x8, 0x7800, 0x2}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000380)={'syztnl2\x00', 0x0, 0x29, 0x7, 0x50, 0x9, 0x5, @private2, @remote, 0x8, 0x10, 0x43a}}) getpeername$packet(0xffffffffffffffff, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000440)=0x14) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000480)={@broadcast, @loopback, 0x0}, &(0x7f0000000540)=0xc) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000600)={'ip6_vti0\x00', &(0x7f0000000580)={'ip6_vti0\x00', 0x0, 0x2f, 0xdf, 0x2, 0x7, 0x28, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8000, 0x10, 0x2, 0x9a3}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f0000000640)={'erspan0\x00', &(0x7f00000006c0)={'erspan0\x00', 0x0, 0x8000, 0x20, 0x8, 0x3, {{0xa, 0x4, 0x1, 0x1d, 0x28, 0x67, 0x0, 0x7, 0x2f, 0x0, @empty, @rand_addr=0x64010101, {[@generic={0x94, 0x12, "1632d4fae9835fc2fb2b4829ddbffcf0"}]}}}}}) sendmsg$ETHTOOL_MSG_WOL_GET(r6, &(0x7f0000000940)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000900)={&(0x7f0000000980)={0x1b8, 0x0, 0x800, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0x7c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r18}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x814}, 0x40000) 6.651098427s ago: executing program 0 (id=5610): unshare(0x68060200) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) close(0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x2, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x1400}}, 0x1c}}, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000140)=@sg0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ubifs\x00', 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) io_setup(0x8, &(0x7f0000004200)=0x0) io_submit(r2, 0x5f, &(0x7f0000000900)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f00000000c0)='P', 0x1}]) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@ipv4_newroute={0x1c, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x4, 0xff, 0x0, 0x0, 0x6}}, 0x1c}}, 0x0) 6.475950894s ago: executing program 9 (id=5611): bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16, @ANYBLOB='/\x00'/12, @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180)={0x0, 0x0}, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) shmget(0xffffffffffffffff, 0x1000, 0x800, &(0x7f0000ffe000/0x1000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$setregs(0xd, r4, 0x2, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r4, 0x200, &(0x7f0000000080)={0x0}) r5 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r0, 0x4) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000253ebcf82a645f0808932d96c4c2416df0aa0e09e751301aca3c6d3892b10e7edc812e"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r6}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000140)={r5, r6, 0x4}, 0x10) 6.429624948s ago: executing program 5 (id=5612): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x1ffffffffffffe99, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket(0x10, 0x80003, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1800000016000119"], 0x78}, 0x1, 0x0, 0x0, 0x44010}, 0xc0) recvmmsg(r3, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) 5.028586288s ago: executing program 6 (id=5613): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b0000"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="10"], 0x10) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3]) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 4.975684012s ago: executing program 5 (id=5614): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x4924b68, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="08000559cd523300"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)={0x1148, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_IE={0x1092, 0x2a, [@measure_req={0x26, 0x1003, {0x80, 0x6, 0x4, "f4411582dd17be764ca0bafd7a4d2fb7325844d173d270190063b4c2a06aa31d0a9c8e6c9c9da2ac4ea8e2d4948d1de8d6aa6ff92ccb46d6d737b2bf5a7a8c956b87374036b5c11d1b2322da94aba9bd5d4ce85da2c61f2e26f38e8d72a5758badaba4c73601920fa3c4d2142283a08350c6046d222bbd53b7feb0c51a9789ab3cfad6d0334e9998c76ac20e0c509615be88fe39c91b92f4bb8909f3c626364e5ac138538552e6ffaf8128cfaa89febf1cf93bd256792169a34199831fd50f6d4527187c33f717a774529391cc3a39357b0acea07308ec27ea1edbc14e16ca6f1ee6614c493ee8c8c0f1413a06cfbd88f2c86fe7c123d17d498b1330ac83ba9e302e3f65d62a0a4095d35f7b91658657e3bf15c5ee71f41ade40cb0418ba65c76d586061b8fe39f0136aff61b3ade3b58b59e49d36db70f93a0bc61cfc008929f3af95f7712617c83514a5138fbe377b489b6600fac5463d04f61052416455cbb9412382533cdf7f605331cd897f8fb3e4d04c0722375c9b6ec74f0ff0dcc1aefd66dae3e6e067c25c47da61321e11b86fdef23886902f6ce6fe06f77b310701df3ba4169881e1735316ec4c166dfcf59839b6bc4e2c5e3f520a27c98002b55a7a0834aae070f34a5fd3273a5defb85954919fcb72614c2f1dcfbadfa464b1ebcc1c16c08efe72325b8e3345cfc5759243ad299b022d9b6024a84b2918c055ac38f6354e80f609764d29721a291c62863035a4b74246235272da446238a5bb335df065263512f71d3478f8e613d1538de3fe9f609fce335a51e856c0c558f730fbe69f5c05abc2f3131411177614da14000ea44b1146ce378f0c0e1c497f102bbd5e1e4417b83b92ddbef38ba0701c8823fe139654c356e0e31516d1382d9c9a4f733ce9a5c4e4ab44509ce39d0dc598596c6006ae2cb63ffa0e0735dbbfb37d40a61e28ee48ad4a8f08d89ba324ee644dc79846dcb8b00767e2a45ff28cf9a9a03c01ecbee03c0103251e494d208505207e7657d69dc3ab48109841d2e79bf5542a62d21a0cfa1499dfdec7303a796f74cb56e0dc21f32ebb6581fa6c0513d0547c00afede82d4ae14c77f5b2167f71a573c88bc7a15facb7e6ac91f03989a7ae49b2d8af5aee97a4066c109c72db373d2b90d92f223ae13b0f3947fddd417174454ae99f8796f44b93225d8f82e0e9f96acd6180d7280c7f2644bd9b30b30b4340737a751b86630aee88a081d0d6f4ebd2230db50bd31ad3a9c20c46063889e0845fcb948eb3694be377c97e1be228f3341073c416be1eb60a6d98e42737b847ef63d12dc6f4ec549f2196f4133bfc18a6a619ee3585b240a05b19fff9efa8a6704aec83bc37115b98b02dde813fde7aec4424241a7caac953340e260ecf826cfb625c383e601ff22371cb5fe39f0ad34662e8634978e012a0d759f8373b58ab19e1ef61bd954745a8b2986868faab0a0b394fdc4b287f550915f8f86771fa7ada1ea8fbbbebbf80df210a81a892dd394d15253afc890b675fe610744e5ea75453ec1fd8a255966f6f55090d736f851e9ee04d163be8bb9d97bd3a1de52f19df2eb84d57894d7535f1406ddafdb7e441e8f8b6c1996ef83e4f51c0453d0333e451f95920ad290792cc8fd5de99931b8780e5fe9ac8e80551a2a33c22764bdd0e9391161e8709d132c822e3acbf3b38c7ec3a7518fbfd83f963bc6a16053ef85b37ebbed22ac76370342bfc8a1b8113a6b9079fafda9d1b26716ae85b7b1b8e51b6d6eae809c6c0fb6536d21ceba728efcd011188ef7d5a2efa594c8b1360dfb1f16f5131119407e9eb3b7a7ee79c89204460bea711c5fc29e908a42461129ae80bf8f82f184d2ca5735262187e6d9278f032f446bf6634cf1920f3f11c9de6089b203031341023eb4526164beebdd373aa34c841cbd011fcf169c10e2043c4021e4dce364386ca07148c70519d56d48ca8ba80eeb736055ce28331a663a4652df4c0a810af3012ffaa60ed322075405f752a287b5a8e6517cc138db3200a0861d269858631bd349874ff33bf03604548dbf411ed479388f77786bd1360cb7e793a67af909e5f087281033e3bedf92aca7e44a1caa5449b0d33407202c2a5619705859c2d6344e8fe9e3be9043da30ec3622a9a00a7287dcb68fe1bf954a4ef17529e2fd77ddbd1fa4f914e5fc6107986580b5d86b7c3d5a845053b746e9042fa6a30e37bdf222195da17e725633f8d872c2f1d12abc2177fd9827871e701da8ddb4c6a32a6df595841e480d79127702d6b848379a91522c3c29f1f4d874669ec559a9585d61215b9ae89d12a09cc4dcf3c6e291a5ec3dbd31c0c84d7c397d1afaa51b63bd977b6e47ded04da3941ddb34219fba49abb9872e5bbd53b90c8c9944b9502cad1f1fdd46cd5200023a528a6421f7fc06eec5acb56af1d18ee1c3f7301284c9b3abcc97a38e560bacb440c6772f02848fe979e57c342497b3e21de7bc4d7644ef3add7679c091e0b95dd2ce17c041f651668958aa2db5e5f501bb1a15478482209785a45ed4babda358d6bdb51c7b62bd401d435b6baa7539ebe6bb17116dd874e1a3409d4418f57f58136fc0109e0be18fa499300c3726241f291445e161826d96cbd7db5ac9f631810f0a78fecd459af000d53b28d6f933870d8629cbcb5950eb1ff0eff3d1d06e91066ad4c1341a74bd23cfec253ad333da4b559c7349d41678a684e267f2503455510c1e19e9776a20e47cf0571de2178204979d3724a2fb4bda6dd99fb06c3f9633b74c814d6ce9be2edef3e2ee44143e7a847f41055c34639f36f58c601ba6fc2a9e82e811704d14019acfd6a8bc45f307201281a01d879119648b7b17469f07f8053a5ec53bfdc58c4a37b2abc3f169d3fff4a028a50224a010a8ad59a62bf95638d9666668fb6926fd2cbaa5f0ba5b406a5420158558bdd735638f4f5944cc889e9f512e083cce927674a464351fc57193c819e36430201f9e7cfe9c7b00650b5f36ef917bf4e5637257bd1a6f30707274246bec3523481fa5de400ed36a3b2f6306efa426c58e35944133ab18b962c0ad0de308e21ca6c681616a9791073cb2ce289e44749047f0942d19ff10d041fe2eb0e4bd13e55fb6688b485497048e94eb5fd57ecf444d781697cb8498d096350900e5e99ace0b09b9c781059ee0e91b6e4b51e2ab487210c107cdd9ec45140725339e4bdf17b872596990244c5053de4b41a23be9b9411847c038ded0532ba14cce8a8b724b0da2d31799c2adfe53e44811ecac2f93c7c1657baa7ee887eff0965b5e201a14c800ca8b72b652a50b21b78966b4a56ec29353798827033b52a444dc15a60d430a351c4706952d92f29399640a0034dac988b9bc32d4817cbb8f20a6cb61b2138a99b247126abdb8072e3790afcea985309b6b1178c538bf50f6368474c8290878ced2e85a292a70dcd280cdabeefa71b13ff68da880cba03040f8bf9a20b20b5c2fcbfef7002091df4c771d8e3a4803e634e1916241981e0204beb71b3ecfaa543e580a69abe329d6f119da44f05e57f1daf5df025439793c4ea7e195360923ff070338fa1e0e419620253f2d15a5fffc3572a087824bce64fb6b826655273583bef1d770950e7696d2edce0bf7752069ec96b605ede6ec68d863891748e083230eb6e1ebb625d4b27e737e6cde6d2e1652c0a1243efc55bc2b443939844c3688372ede80dec61b3367ee93a15193d2cf546cdef2da868766e288498cbf12597ada216705d8f08ad2f458870d246d2b3a77b66cfd03251908718267a62527676c75fefa60d21a0547ef8597a27cf4e7aaff43774c9f48fff2709a9aa1102f1a814fbce51a138130ab8f87d8410625977ece8789095640a1145360d309c35d90239c03319035abd34d751bae5b41f45deff88f9bb5826555fa840efce3370cf51e734c6076936b762c0a67362609c6412483341d281afe404fc4e119ec30fb05b664b0bb051e86ca53404b40f1359974adaa46cd5c097594abafe3c3b7a6b5803a23a417cb94dedff7d723c56bc29162a3f40674cbc80b49ebd7b211ca4be625a06fcc60d5608f5023f77cf665233d8d5ecff757ad6121e1bc7036792f13aca175927c069190c8da7bbf0474f5bc52ea2ae055cbe5ee50e07b794fb6a72739252c050339234fa8304ab00af91c4b93e9fabfef7711641d7ca98ccbab3dbfb00f1cc7465a0c7a223b938be4a4aad5eae8933b0befc9ab904cbfcc26434a0319a021211599f3c70e47df4be410a1b3588e3b9ebd8c06d8e4fcc973f98066844a7d2cb2d0e9c4e00342287b51aaebdda8ce3514f0e4e132439bb714b9f166d8152260e0822b2d58accd8cb6e26f443444e13aa7f612fc9d3c98df11f7667fc0effdb305b4b0694f334c95b57a28c405fea75b2002a67bf50e0b1e9fb8b8fb64f68069a72d0092da09916a1106ef27704bd25b131043e3113ef44b8f79e34b9c58c13c409767fcabd7c8c49a4e32609434168e0c5871f4887d31a2ef382bcde64f75e8e1d231821bc3136efef7bc8514554f87ecb627681f95645b8ef9347d58822c21198e7045e77f40d498206cfcd1828f638996392482f1992e2bd56163cd3f65b2c4a211c8ba26733118433367a72e5427e79e029d18e006c961b39a45c91ab4f42a991e5e10de2cec5f1bac0d5b6bf57c703a1d790ddff5b2c305f2cb0ae82a1df20a1b087262ef2b4eecfaf78c7f83e0e8699b716df9c120fd89ec22a1c4787d3de9964898707a0dfab052a8742edfe632a17a42de952dd0a4b25d5fd10b1d1a97908949d77b2a0575d5dec2c1b61b039dc4451b811a49664b2af310128602471bce156279eb823496c07b18e511067b831df37162407368a85df5d926146e4a32241416c3586508d6a4a3ee5f48e369ff669e098d55beeb1100b2087b39f5bf545d8b97f76fc95bc8756e57bae5e0ec18713bd177c92bb10b114f7099730821df9037d9fd5d7d482290cb1db6a76a461890880019aaa1ec70defa5aa0dc4a692b10c15245592ac6c46acfe5d9b30574e3a1ba826b9d87a9a7fa496bcd6a88bcb2ca36979b3963819777b0d8a5e38b6529d1c3b6a8bf22bb5182270e012c90b4f6825d627fb5d91d050e2b9f8b2ff0072ab9e06f3d9539fe077b16d6e2e14b92b71c665a4610cda9224f9e3b08af30221b8c71bb8d73323ecf673cb6e7e4270b95c8e19dc85ea70048ba7f2764f3b0aa4d3ecab29f02caa42bfd403bf8d2c41c20437732b4bed638e2d1220bd7cd7f9e4cd8901914de6704b19fa018e4efb29a970ff968132ecfcff2003832444d9518df9830acc6ebbb58d5abc0fab08c123183807dd7a9408dc5ff4d81e3b4b001147a5184b0472f005c804e6ea15d3c904c185a12a3c33d0990d42d640eaff054371f4288d0f7a9a4b9bff8d82877f5d42ef353f791f1ac721fca04f71aee4cce1242fbeec98924678f6708db7e180ba640073b9a8ded1be03b0e84f9ce2c65448853092f7642867f4ac0af53f4aa30242aa04918013d5a719909a3887242e86dbbccd495642a4bc390af251a991322bd222c2684e42e7c9e712bca6ec9267bd51f65213a5f97997f948a34ed10fbdd70fe83d37763231900b5547e95b45ac8b906bd9a8645d7e28f7aeb4030f316e4e8172ed61277844ee3ecea906261cf0ff3405eec2b8a826c851afae5105ab84694a0d6e4faba985920522940c4a61bc6f7a54f7701e0182cb93623f526a80822fa33388e684818bc27e6f1243ccdfa40969fa2b6539ff972282aa19"}}, @random_vendor={0xdd, 0x60, "5afa884aada7040b1057d2f2e50930e58e1fca02f357f5b2d6d8d311985909df67eadb27ac5dc26f66c8a20222692157251bed09f3bb4288ef8511a08ef9aaa76ce6f99145b64cf7d5d33a590853da7bfb517dc5acb739eb5042993530f45dcc"}, @supported_rates={0x1, 0x6, [{0x5}, {0x24, 0x1}, {0x12, 0x1}, {0x6, 0x1}, {0x7}, {0x1b, 0x1}]}, @link_id={0x65, 0x12, {@initial, @device_b, @broadcast}}, @supported_rates={0x1, 0x1, [{0x60, 0x1}]}, @ssid={0x0, 0x6, @default_ap_ssid}]}, @NL80211_ATTR_IE={0x4e, 0x2a, [@perr={0x84, 0x48, {0xe, 0x4, [{{}, @device_a, 0x8, @void, 0x28}, {{0x0, 0x1}, @device_b, 0x0, @value=@device_b, 0xe}, {{0x0, 0x1}, @device_a, 0x9, @value=@device_b, 0x17}, {{0x0, 0x1}, @device_b, 0x0, @value=@broadcast, 0x17}]}}]}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x300, {0x3, 0xfff7, 0x7ff, 0xb}}}, @NL80211_ATTR_MAC_HINT={0xa, 0xc8, @from_mac=@device_b}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0xc, 0x1, 0x7, 0x0, {0x3, 0x691, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x51c, 0x30}}]}, 0x1148}, 0x1, 0x0, 0x0, 0x84}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000400)=0xc) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000440)={0x6, 0xb, {0xffffffffffffffff}, {0xee01}, 0x4, 0xfff}) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000480)='ns/ipc\x00') 4.899587206s ago: executing program 6 (id=5615): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r5, 0xc0505350, &(0x7f0000000480)={{}, {}, 0x4, 0x5}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x44, 0x7, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4008}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) 4.772574815s ago: executing program 7 (id=5616): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000140), 0x4924b68, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x11, &(0x7f0000000280)={&(0x7f0000000580)={0x64, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC_HINT={0xa, 0xc8, @random="a0b08d9d386b"}, @NL80211_ATTR_IE={0xa, 0x2a, [@chsw_timing={0x68, 0x4, {0x1, 0x4}}]}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x300, {0x3, 0xfff7, 0x7ff, 0xb}}}, @NL80211_ATTR_MAC_HINT={0xa, 0xc8, @from_mac=@device_b}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000400)=0xc) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000440)={0x6, 0xb, {0xffffffffffffffff}, {0xee01}, 0x4, 0xfff}) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000480)='ns/ipc\x00') 4.771667339s ago: executing program 9 (id=5617): ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) fcntl$dupfd(r0, 0x406, r0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r3, 0xb01}, 0x14}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003500), 0x0, 0x44004) r5 = socket(0xa, 0x40000000002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000280)=@nat={'nat\x00', 0x19, 0x2, 0x208, [0x20000600, 0x0, 0x0, 0x20000630, 0x20000660], 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0200000005000000000000000000766574683098c76f5f7465616d00000064756d6d79300000000000000000000064756d0004300000000000000000000073797a6b616c6c8279a7e00000000000ffffffffffff000000000000ffffffff7fff00000000000000087000000070000000a000000072656469726563740000000000000000000000000000000000000000000000000800000000000000ffffffff000000000b00000000000000000073797a6b616c6c65723100000000000067726574617030000000000000000000766c616e30000000000000000000000064756d6d7930000000000000000000000180c2000000000000000000aaaaaaaaaabb00000000000000007000000070000000a8000000736e6174000000000000000000000000000000000000000001b70000000000001000"/512]}, 0x278) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) 3.599798127s ago: executing program 5 (id=5618): r0 = syz_open_procfs(0x0, 0x0) sendmsg$key(r0, 0x0, 0x20000000) socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) alarm(0x9) alarm(0x1) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x40) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000080)={0xf0f041}) close_range(r4, 0xffffffffffffffff, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) brk(0x75555ede6001) alarm(0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000000000/0x4000)=nil) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) 2.84955571s ago: executing program 7 (id=5619): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000000c0)={0x6, "1f938a7b853b3a9b0b00000000000000008900", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1ff, "1f138a91b80f3795181800c70511603979e1ef3b3a9b0b8c7d6a2ef124708900", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"50edd24983fde74e78682dbc67d293c19050af5f39c0ce29436807917da2c17e", r2}) r3 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_S_PARM(r3, 0xc0cc5616, &(0x7f0000000240)={0xb, @raw_data="0c1c85afcb4121253cca36a28374ac23e6b698741c9adc36489f3bd49dae1eef66900fcd26faab419c8c29ec92cddd3bd5e120631c943fd43d7349d424b0cad51bccb1ea665f6c7eb3c9508e649ee3e8a9d77fd1afa13d274bcfd2b2c6ea073371aa6e5ef1b62d42bb56c7eafa5621b8255a930ac2eae10d61f9abea299e50922c89a97dc4a03a6e4de07071cb4f672afec467932e0ce1bc110f94c597731c5b2c38fe7886801b38d3c2a9722089cc8f0386d6d6d3341aae2e3256f90ec84f6e9f31aa5f3c2ec774"}) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000001180)='./bus\x00') r6 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) io_setup(0x1, &(0x7f0000000200)=0x0) io_submit(r7, 0x9f, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x6, 0x1, 0x0, r6, &(0x7f0000000000), 0x4000, 0x8800000}]) ioctl$TIOCL_SETSEL(r5, 0x541c, &(0x7f0000000000)={0x2, {0x2, 0x13d, 0x8000, 0x9, 0xfc}}) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r8}, 0x10) semop(0x0, &(0x7f0000000180)=[{0x4, 0x3, 0x1000}, {0x1, 0x5, 0x1000}, {0x1, 0x8000, 0x1800}], 0x3) 2.847996609s ago: executing program 9 (id=5620): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listxattr(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)=""/101, 0x65) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) write$sysctl(r2, &(0x7f0000000040)='5\x00', 0x2) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000200)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x10, 0xfff, {0x0, 0x2710}, {0x4, 0x2, 0x3, 0x0, 0x0, 0x80, "58ed2e85"}, 0x3, 0x1, {0x0}, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000080)=0x2) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) 2.521183215s ago: executing program 6 (id=5621): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newlink={0x54, 0x10, 0x439, 0x70bd2c, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x40083}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @sit={{0x8}, {0x28, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_PREFIX={0x14, 0xb, @local}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8, 0xc, 0x6}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x19}}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) (fail_nth: 6) 2.300140652s ago: executing program 7 (id=5622): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="3504000010000511d25a80648c63940d0324fc60040035400c0002000200002037153e370c040180060410004500", 0x2e}, {&(0x7f0000000a40)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc2261c238a5159ea98db9c00aeef644ae98a8cb8da3ff3b7ba14d7971910b559623af829524d83bf19f18628464076329140e0203fc75859185ccd019302afb784e41e16cf2d31db7aba83d0f500ce25fc2d7f524a04cfaa0015ea8a297477a5517f8a4ac167083a321c78070974afc897fb738fbcfeac369844fd7fc11fff502c02b7607007ead2007a18006a6ca8dc2d0119f01d7083c2ab5760ac7b24d7bf26b9030cf455a08385f9e662cbe0c3ca6e6fd4ac0c8566c0fca986c68ef7016a11d3e44253b6f2d07d53505ed58b8ad410f89425046321b4a9b27b5e767bdfa0ebf7abf3d91b319129c48853d8e5cbc4a2c5c560b007eafe03e3332f6017f3164c7f602180aad23dfe5e770fe8855f45925e342b7dfd7ddaa68b65065465cdf4d5b8d995d6e6a7042ebea3d139c6a616232eb4efd1a50d0e6db3188a8e98375fda2a7ebd4cd59b9ea626c13685b05e6cf4d484e32869fd7c7167dbfa48b1529e5dd5f5a02673ccc7dbedfd75e34f3f9eb3c7833734a59acada6dd2ff364475e03f2219deedb5d0c941f2177a23167adcc5a15f4e5441ed537f26a1620df057aeb55b2ad3a00a77e23d304ed6034dd5ec9b2cfe777ca21ec4f48abdafa0d66a78d653068ef871bdc6598fd32edcba60c675a1e8f4e81e83f73414c179bfb7f329d71fe6e291fb2eaa59b9636cb6a74d0deb46a18c77f37abf0894a7083e0e4c237ff7c24872668ac40e307569a975b2765af8d3268d11b473d5d7544edd1ed0e507c319e128daf7e75c349c9b3de603580d52a6c118acf924216130364bfab8d59969e4dbee0a9208adb7bfa855556be06a666334a0612e4ff3fc6f4ddb9a0c209301081f34824496480d688ae9bd0c3c28ea8ecfe01a2b86dcb3750686a89891d9abf0d584c854b4bc6096293fbc8707312f424996361ef9261ef3ba7cd2ddffb0e3c81e6b962d680e02f7a672dc2643cc24ad64d86fb4780827ca784a8af3376c2567bfde74dc50e16c81b71450af026459e2c37d94b8461b56ff944edc1a8cd93d0258fcc2f094615c152be66884103af11ff46315cdc9f", 0x407}], 0x2}, 0x0) r1 = openat2(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x480, 0x21, 0x29}, 0x18) clock_gettime(0x0, &(0x7f0000000400)={0x0, 0x0}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r4, &(0x7f00000004c0)="000000000000000000008000", 0xc, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x400}, 0xffffffffffffff59) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000340)={0x0, 0x2c, &(0x7f0000000240)=[@in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e24, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}]}, &(0x7f0000000380)=0x10) ppoll(&(0x7f00000003c0)=[{r1, 0x200}], 0x1, &(0x7f0000000440)={r2, r3+10000000}, &(0x7f0000000480)={[0x4]}, 0x8) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x0, 0x142, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6) accept(r8, 0x0, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r9}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_getattr(r5, &(0x7f0000000300)={0x38}, 0xff32, 0x0) r10 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x6) ioctl$sock_bt_hci(r10, 0x400448c8, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r11, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="0928bf6c", @ANYRES16=r12, @ANYBLOB="050000000000000000001300000008000300000000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x3c}}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000012c0), 0x0, 0x11, 0x0, 0x0) 1.707680907s ago: executing program 0 (id=5623): mremap(&(0x7f0000812000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000580)='fscache_relinquish\x00'}, 0xffffff24) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff0000000002000000"], 0x7c}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)=@x86={0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) (fail_nth: 8) 1.676517765s ago: executing program 6 (id=5624): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x1ffffffffffffe99, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket(0x10, 0x80003, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1800000016000119"], 0x78}, 0x1, 0x0, 0x0, 0x44010}, 0xc0) recvmmsg(r3, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) 868.570117ms ago: executing program 9 (id=5625): mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b0000"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="10"], 0x10) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3]) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 739.221155ms ago: executing program 5 (id=5626): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000000c0)={0x800f}, 0x10) write(r0, &(0x7f0000000100)="1b0000001e005f0234fffffffffffff81600"/27, 0x1b) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000400)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="06"], 0x20) syz_usb_connect$uac1(0x0, 0xb1, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029f0003010000000904000000010100000a24010000000201020d240600000308000000001b000c24020201010608000010000c24020000000300000000000924060006010000000924030000000005000924060500010000000904010000010200000904010101010200000905010900004000020725010000800009040200000102000009040201010102200009058209"], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x78, r2, 0x5, 0x0, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x44, 0xe, {{{}, {}, @device_a, @device_b}, 0x0, @default, 0x0, @void, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @val={0x5, 0x3, {0x10, 0x18, 0x2}}, @val={0x25, 0x3, {0x0, 0x34, 0x10}}, @void, @val={0x3c, 0x4, {0x1, 0x6, 0xb8, 0x8}}, @void, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x400}]}, 0x78}, 0x1, 0x0, 0x0, 0x90}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xcd00bdcb563d602d}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x2c, r2, 0x8, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x6, 0x59}}}}, [@NL80211_ATTR_TWT_RESPONDER={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008800}, 0x10) 658.516331ms ago: executing program 6 (id=5627): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {}, {0x2, 0xffff}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x1ff}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40014}, 0x10) sendmsg$nl_route(r1, 0x0, 0x4000000) 629.10188ms ago: executing program 9 (id=5628): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYBLOB="010000000000000000001d00000008000300", @ANYRES32=r1, @ANYBLOB="38002f80080001000056"], 0x54}}, 0x0) 369.828182ms ago: executing program 6 (id=5629): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) r2 = timerfd_create(0x0, 0x0) timerfd_settime(r2, 0x3, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) clock_gettime(0x6, &(0x7f0000000080)={0x0, 0x0}) timerfd_settime(r2, 0x3, &(0x7f0000000000)={{}, {r3, r4+60000000}}, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="38238b6b2c443beba41672276d000000", @ANYRES16=r1, @ANYBLOB="010000040000feffffff14000000240009800800010008000000080002000800000008000100ffffff7f08000100feffffff"], 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) syz_emit_ethernet(0x9e, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x68, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, {[@sack={0x5, 0x1a, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @timestamp={0x8, 0xa}, @md5sig={0x13, 0x12, "d082e275205e556149a021cc13c33d89"}, @window={0x3, 0x3}, @window={0x3, 0x3}, @sack_perm={0x4, 0x2}, @sack_perm={0x4, 0x2}, @md5sig={0x13, 0x12, "27406263e43d5959a166a23bd1116edc"}]}}}}}}}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x20004000, &(0x7f0000000180)={0xa, 0x4e34, 0x100, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xd}, 0x1c) setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) r6 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r7 = syz_io_uring_setup(0x23d, &(0x7f0000001140)={0x0, 0x0, 0x2}, &(0x7f0000000000), &(0x7f00000001c0)) io_uring_enter(r7, 0x4866, 0x0, 0xb, 0x0, 0x0) ioctl$VIDIOC_S_PARM(r6, 0xc0cc5616, &(0x7f0000000240)={0xb, @raw_data="0c1c85afcb4121253cca36a28374ac23e6b698741c9adc36489f3bd49dae1eef66900fcd26faab419c8829ec92cddd3bd5e120631c943fd43d7349d424b0cad51bccb1ea665f6c7eb3c9508e649ee3e8a9d77fd1aba13d00000000000000bb56c7eafa5621b8255a930ac2ea97ff61f9abea299e50922c89a97dc4a03a6e4de07071cb4f672afec467932e0ce1bc110f94c597731c5b2c38fe7886801b38d3c2a9722089cc8f0386d6d6d3341aae2e3256f90ec84f6e9f31aa5f3c2ec77400"}) sendto$inet6(r5, &(0x7f00000000c0)="04", 0x1, 0x20000045, &(0x7f0000b63fe4)={0xa, 0x2, 0xfffffffe}, 0x1c) 191.15465ms ago: executing program 7 (id=5630): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r3, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000780)=@NCI_OP_NFCEE_MODE_SET_RSP={0x2, 0x1, 0x2, 0x1, 0x9, 0x1}, 0x4) 0s ago: executing program 9 (id=5631): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="500100001000130427bd70000000000020010000000000000000000000000001e0000001000000000000000000000000000000000003000a00000000000000003cd7a32043d850dceac34a59bc653b30cc0d533059bfd3cdb1baf98cd923750fb1434a29e2e728cdc9aa83345ef1e4444a8e84ae426116d63b1fb316b8ee244119e355782fae8591e6c99fef1742bebf8edcb5b0fbff4eb5e797d73fac9fbd7def03b224ecaf7e4d445f911900ba68e05b0a0832bfad2b894b5a546b84024d", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="000000000000000000000000000000010000000032000000fe880000000000000000000000000101000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000004000000000000002000000400000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000006000000025cac5216d1c8af0a976902918bf448c5d9f5459"], 0x150}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe050000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, @void, @value}, 0x94) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r4, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x14000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)={0xa4, 0x7, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4008}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x5}, @NFTA_RULE_EXPRESSIONS={0x60, 0x4, 0x0, 0x1, [{0x5c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x4c, 0x2, 0x0, 0x1, [@NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x3}, @NFTA_XFRM_DIR={0x5, 0x3, 0x2}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_XFRM_KEY={0x8}, @NFTA_XFRM_SPNUM={0x8, 0x4, 0x1, 0x0, 0x5}]}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) kernel console output (not intermixed with test programs): e: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1748.292491][T22917] RSP: 002b:00007f090bf62038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1748.300933][T22917] RAX: ffffffffffffffda RBX: 00007f090b375fa0 RCX: 00007f090b185d29 [ 1748.308932][T22917] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1748.316930][T22917] RBP: 00007f090bf62090 R08: 0000000000000000 R09: 0000000000000000 [ 1748.324934][T22917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1748.332942][T22917] R13: 0000000000000000 R14: 00007f090b375fa0 R15: 00007ffd8cbd6bb8 [ 1748.341050][T22917] [ 1748.941258][T22927] overlayfs: failed to clone upperpath [ 1749.385005][T22923] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4587'. [ 1749.796564][T22934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1749.812010][T22934] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1749.926612][T22940] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1749.934507][T22940] IPv6: NLM_F_CREATE should be set when creating new route [ 1749.941761][T22940] IPv6: NLM_F_CREATE should be set when creating new route [ 1750.008254][T22941] vivid-001: disconnect [ 1750.013075][T22941] vivid-001: reconnect [ 1750.507788][T22949] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4593'. [ 1751.165366][T22953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1751.175335][T22953] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1753.999156][T22987] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4603'. [ 1756.884913][ T1205] usb 10-1: new high-speed USB device number 72 using dummy_hcd [ 1758.560224][ T1205] usb 10-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1758.569757][ T1205] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1758.580815][ T1205] usb 10-1: Product: syz [ 1758.585281][ T1205] usb 10-1: Manufacturer: syz [ 1758.592185][ T1205] usb 10-1: SerialNumber: syz [ 1758.672072][ T1205] usb 10-1: config 0 descriptor?? [ 1758.901759][ T1205] usb 10-1: Firmware version (0.0) predates our first public release. [ 1759.124082][ T1205] usb 10-1: Please update to version 0.2 or newer [ 1759.312911][T23028] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1759.333225][T23028] bond0: (slave bond2): Enslaving as an active interface with an up link [ 1759.368733][T23034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1759.384400][T23034] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1760.415544][ T1205] usb 10-1: USB disconnect, device number 72 [ 1761.834633][T23051] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4617'. [ 1762.648710][T23051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1762.664725][T23051] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1762.820341][T23051] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1762.921220][T23051] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1763.033440][T23051] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1763.250496][T23051] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1763.405579][T23051] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1763.448295][T23051] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1763.546636][T23051] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1763.581414][T23051] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1764.015382][T23080] vivid-004: disconnect [ 1764.022896][T23080] vivid-004: reconnect [ 1764.730027][T23083] netlink: 44 bytes leftover after parsing attributes in process `syz.7.4626'. [ 1765.656404][T23088] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1765.666609][T23088] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1768.954769][T23105] trusted_key: syz.0.4628 sent an empty control message without MSG_MORE. [ 1769.934116][T23110] binder: BINDER_SET_CONTEXT_MGR already set [ 1769.943067][T23108] netlink: 'syz.0.4632': attribute type 12 has an invalid length. [ 1769.965349][T23110] binder: 23109:23110 ioctl 4018620d 200002c0 returned -16 [ 1770.138327][T23114] binder: 23109:23114 unknown command 0 [ 1770.150200][T23114] binder: 23109:23114 ioctl c0306201 200004c0 returned -22 [ 1770.159259][T23116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1770.168077][T23116] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1771.151337][T23121] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4638'. [ 1771.369288][T23129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1771.379507][T23129] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1773.052869][T23144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1773.063606][T23144] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1773.084529][T23141] syz.5.4641 (23141) used greatest stack depth: 17648 bytes left [ 1773.544986][T23151] syz.5.4644 (23151): drop_caches: 2 [ 1774.956740][T23172] FAULT_INJECTION: forcing a failure. [ 1774.956740][T23172] name failslab, interval 1, probability 0, space 0, times 0 [ 1774.981062][T23172] CPU: 0 UID: 0 PID: 23172 Comm: syz.9.4652 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1774.991973][T23172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1775.002045][T23172] Call Trace: [ 1775.005329][T23172] [ 1775.008282][T23172] dump_stack_lvl+0x241/0x360 [ 1775.013008][T23172] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1775.018238][T23172] ? __pfx__printk+0x10/0x10 [ 1775.022846][T23172] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 1775.028244][T23172] ? __pfx___might_resched+0x10/0x10 [ 1775.033547][T23172] should_fail_ex+0x3b0/0x4e0 [ 1775.038251][T23172] should_failslab+0xac/0x100 [ 1775.042949][T23172] __kmalloc_node_noprof+0xe1/0x4d0 [ 1775.048147][T23172] ? crypto_create_tfm_node+0x88/0x3d0 [ 1775.053611][T23172] crypto_create_tfm_node+0x88/0x3d0 [ 1775.058897][T23172] crypto_alloc_tfm_node+0x161/0x360 [ 1775.064186][T23172] __keyctl_dh_compute+0x5c6/0xf50 [ 1775.069307][T23172] ? __pfx___keyctl_dh_compute+0x10/0x10 [ 1775.075296][T23172] ? __pfx___might_resched+0x10/0x10 [ 1775.080594][T23172] ? __might_fault+0xc6/0x120 [ 1775.085272][T23172] keyctl_dh_compute+0x107/0x160 [ 1775.090214][T23172] ? __pfx_keyctl_dh_compute+0x10/0x10 [ 1775.095678][T23172] ? vfs_write+0x730/0xd30 [ 1775.100095][T23172] __se_sys_keyctl+0x3f3/0x910 [ 1775.104858][T23172] ? __mutex_unlock_slowpath+0x21e/0x790 [ 1775.110490][T23172] ? __pfx___se_sys_keyctl+0x10/0x10 [ 1775.115784][T23172] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1775.121853][T23172] ? __fget_files+0x2a/0x410 [ 1775.126451][T23172] ? __fget_files+0x2a/0x410 [ 1775.131044][T23172] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1775.137026][T23172] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1775.143366][T23172] ? do_syscall_64+0x100/0x230 [ 1775.148134][T23172] ? __x64_sys_keyctl+0x20/0xc0 [ 1775.152984][T23172] do_syscall_64+0xf3/0x230 [ 1775.157487][T23172] ? clear_bhb_loop+0x35/0x90 [ 1775.162159][T23172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1775.168072][T23172] RIP: 0033:0x7f5714785d29 [ 1775.172483][T23172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1775.192086][T23172] RSP: 002b:00007f571563c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1775.200499][T23172] RAX: ffffffffffffffda RBX: 00007f5714975fa0 RCX: 00007f5714785d29 [ 1775.208466][T23172] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000017 [ 1775.216433][T23172] RBP: 00007f571563c090 R08: 00000000200000c0 R09: 0000000000000000 [ 1775.224398][T23172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1775.232363][T23172] R13: 0000000000000000 R14: 00007f5714975fa0 R15: 00007fffd67854e8 [ 1775.240341][T23172] [ 1775.478553][ T29] kauditd_printk_skb: 36 callbacks suppressed [ 1775.494125][ T29] audit: type=1326 audit(1734623576.692:18569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23179 comm="syz.5.4654" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f090b185d29 code=0x0 [ 1777.069581][T23193] netlink: 1788 bytes leftover after parsing attributes in process `syz.0.4657'. [ 1777.884721][ T29] audit: type=1400 audit(1734623578.382:18570): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=23187 comm="syz.6.4656" [ 1778.926096][T23222] vivid-001: disconnect [ 1779.441609][T23218] vivid-001: reconnect [ 1779.712245][T23224] netlink: 136 bytes leftover after parsing attributes in process `syz.5.4665'. [ 1779.748222][T23224] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 1782.207827][T23253] overlayfs: failed to clone upperpath [ 1784.338915][T23276] delete_channel: no stack [ 1784.343654][T23276] FAULT_INJECTION: forcing a failure. [ 1784.343654][T23276] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1784.356966][T23276] CPU: 0 UID: 0 PID: 23276 Comm: syz.9.4680 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1784.367772][T23276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1784.377853][T23276] Call Trace: [ 1784.381159][T23276] [ 1784.384105][T23276] dump_stack_lvl+0x241/0x360 [ 1784.388815][T23276] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1784.394035][T23276] ? __pfx__printk+0x10/0x10 [ 1784.398646][T23276] ? snprintf+0xda/0x120 [ 1784.402909][T23276] should_fail_ex+0x3b0/0x4e0 [ 1784.407602][T23276] _copy_to_user+0x31/0xb0 [ 1784.412041][T23276] simple_read_from_buffer+0xca/0x150 [ 1784.417443][T23276] proc_fail_nth_read+0x1e9/0x250 [ 1784.422490][T23276] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1784.428071][T23276] ? rw_verify_area+0x55e/0x6f0 [ 1784.432949][T23276] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1784.438531][T23276] vfs_read+0x1fc/0xb70 [ 1784.442802][T23276] ? __pfx___mutex_lock+0x10/0x10 [ 1784.447852][T23276] ? __pfx_vfs_read+0x10/0x10 [ 1784.452564][T23276] ? __fget_files+0x2a/0x410 [ 1784.457179][T23276] ? __fget_files+0x395/0x410 [ 1784.461887][T23276] ? __fget_files+0x2a/0x410 [ 1784.466518][T23276] ksys_read+0x18f/0x2b0 [ 1784.470785][T23276] ? __pfx_ksys_read+0x10/0x10 [ 1784.475569][T23276] ? do_syscall_64+0x100/0x230 [ 1784.480357][T23276] ? do_syscall_64+0xb6/0x230 [ 1784.485060][T23276] do_syscall_64+0xf3/0x230 [ 1784.489588][T23276] ? clear_bhb_loop+0x35/0x90 [ 1784.494288][T23276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1784.500205][T23276] RIP: 0033:0x7f571478473c [ 1784.504635][T23276] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1784.524262][T23276] RSP: 002b:00007f571563c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1784.532679][T23276] RAX: ffffffffffffffda RBX: 00007f5714975fa0 RCX: 00007f571478473c [ 1784.540652][T23276] RDX: 000000000000000f RSI: 00007f571563c0a0 RDI: 0000000000000005 [ 1784.548617][T23276] RBP: 00007f571563c090 R08: 0000000000000000 R09: 0000000000000000 [ 1784.556583][T23276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1784.564557][T23276] R13: 0000000000000000 R14: 00007f5714975fa0 R15: 00007fffd67854e8 [ 1784.572544][T23276] [ 1784.575680][ C0] vkms_vblank_simulate: vblank timer overrun [ 1784.668019][T23275] delete_channel: no stack [ 1785.283461][T23284] ipt_ECN: cannot use operation on non-tcp rule [ 1787.424463][T23314] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4691'. [ 1789.019639][ T29] audit: type=1400 audit(1734623590.172:18571): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=23319 comm="syz.0.4692" [ 1789.604327][T23327] netlink: 96 bytes leftover after parsing attributes in process `syz.6.4694'. [ 1789.632448][T23329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1789.641214][T23329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1790.743470][T23337] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4697'. [ 1790.949486][T23335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1790.958844][T23335] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1791.148951][T23339] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1791.159082][T23339] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1791.961331][T23345] netlink: 16 bytes leftover after parsing attributes in process `syz.9.4700'. [ 1792.042590][T23346] netlink: 'syz.7.4693': attribute type 1 has an invalid length. [ 1792.062828][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1792.234003][ T5868] usb 10-1: new high-speed USB device number 73 using dummy_hcd [ 1792.394008][ T5868] usb 10-1: Using ep0 maxpacket: 32 [ 1792.401224][ T5868] usb 10-1: config 0 has an invalid interface number: 151 but max is 0 [ 1792.410480][ T5868] usb 10-1: config 0 has no interface number 0 [ 1792.416952][ T5868] usb 10-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 1792.428361][ T5868] usb 10-1: config 0 interface 151 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 1792.440837][ T5868] usb 10-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 1792.450182][ T5868] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1792.458702][ T5868] usb 10-1: Product: syz [ 1792.463111][ T5868] usb 10-1: Manufacturer: syz [ 1792.467862][ T5868] usb 10-1: SerialNumber: syz [ 1792.474224][ T5868] usb 10-1: config 0 descriptor?? [ 1792.744923][T23345] netdevsim netdevsim9 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1792.815695][T23350] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1792.922646][T23345] netdevsim netdevsim9 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1793.001841][T23350] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1793.064561][T23345] netdevsim netdevsim9 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1794.070614][T23350] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1794.192882][T23345] netdevsim netdevsim9 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1794.246694][T23350] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1795.240976][T23345] netdevsim netdevsim9 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1795.332858][T23345] netdevsim netdevsim9 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1795.412239][T23345] netdevsim netdevsim9 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1795.496661][T23345] netdevsim netdevsim9 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1795.622821][T23350] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1795.666855][T23350] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1795.681303][ T5868] usb 10-1: USB disconnect, device number 73 [ 1795.722565][T23371] overlayfs: failed to get inode (-116) [ 1795.731924][T23350] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1795.749932][T23371] overlayfs: failed to get inode (-116) [ 1795.759564][T23375] netlink: 'syz.9.4710': attribute type 12 has an invalid length. [ 1795.767904][T23371] overlayfs: failed to get inode (-116) [ 1795.791317][T23371] overlayfs: failed to get inode (-116) [ 1795.810559][T23350] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1797.238560][T23394] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4715'. [ 1798.106384][T23398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1798.115014][T23398] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1798.726311][T22393] Bluetooth: hci4: unexpected event for opcode 0x0406 [ 1798.773464][T23396] netlink: 'syz.7.4712': attribute type 12 has an invalid length. [ 1798.776590][T23396] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4712'. [ 1799.849412][T23414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1799.899856][T23414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1801.114858][ T29] audit: type=1400 audit(1734623602.292:18572): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=23415 comm="syz.5.4721" [ 1803.847347][T23445] loop2: detected capacity change from 0 to 7 [ 1803.870879][T23445] Dev loop2: unable to read RDB block 7 [ 1803.889570][T23445] loop2: AHDI p2 p3 p4 [ 1803.909612][T23445] loop2: partition table partially beyond EOD, truncated [ 1803.949775][T23445] loop2: p2 start 131072 is beyond EOD, truncated [ 1803.971831][T23445] loop2: p3 size 150995200 extends beyond EOD, truncated [ 1804.747095][T23472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1804.784647][T23472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1804.962675][T23477] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4739'. [ 1805.787331][T23489] netlink: 'syz.6.4743': attribute type 12 has an invalid length. [ 1808.015139][T23501] binder: 23499:23501 ioctl c0306201 20000140 returned -14 [ 1812.420947][T23532] netlink: 'syz.5.4754': attribute type 12 has an invalid length. [ 1812.801157][T17958] usb 10-1: new high-speed USB device number 74 using dummy_hcd [ 1813.024238][T17958] usb 10-1: Using ep0 maxpacket: 16 [ 1813.049663][T17958] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1813.200152][T17958] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 1813.502116][T17958] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1813.512055][T17958] usb 10-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1813.571050][T17958] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1813.580423][T17958] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1813.605877][T17958] usb 10-1: Product: syz [ 1813.613205][T17958] usb 10-1: Manufacturer: syz [ 1813.620381][T17958] usb 10-1: SerialNumber: syz [ 1813.768417][T23547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1813.783772][T23547] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1814.363079][T17958] usb 10-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1814.423978][T17958] usb 10-1: USB disconnect, device number 74 [ 1815.783085][T23568] netlink: 8 bytes leftover after parsing attributes in process `syz.9.4762'. [ 1816.551874][T22393] Bluetooth: hci4: unexpected event for opcode 0x0406 [ 1820.386189][ T29] audit: type=1400 audit(1734623621.602:18573): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=23605 comm="syz.6.4774" dest=20004 [ 1820.895617][ T5868] usb 10-1: new high-speed USB device number 75 using dummy_hcd [ 1821.251139][ T5868] usb 10-1: config 15 has too many interfaces: 197, using maximum allowed: 32 [ 1821.260405][ T5868] usb 10-1: config 15 has an invalid descriptor of length 0, skipping remainder of the config [ 1821.271026][ T5868] usb 10-1: config 15 has 0 interfaces, different from the descriptor's value: 197 [ 1821.291709][ T5868] usb 10-1: New USB device found, idVendor=12d1, idProduct=8869, bcdDevice=3b.15 [ 1821.304424][ T5868] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1821.312813][ T5868] usb 10-1: Product: syz [ 1821.318053][ T5868] usb 10-1: Manufacturer: syz [ 1821.323428][ T5868] usb 10-1: SerialNumber: syz [ 1822.739850][T23642] overlayfs: failed to clone upperpath [ 1823.419988][T23649] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1823.435912][ T910] usb 10-1: USB disconnect, device number 75 [ 1823.500841][ T29] audit: type=1400 audit(1734623624.702:18574): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=23647 comm="syz.5.4785" dest=20001 [ 1823.564630][T23652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1823.573197][T23652] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1823.850008][T23661] netlink: 35 bytes leftover after parsing attributes in process `syz.5.4785'. [ 1824.665960][ T910] usb 10-1: new high-speed USB device number 76 using dummy_hcd [ 1824.863612][ T910] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1825.123653][ T910] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 1825.279187][ T910] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de [ 1825.507307][ T910] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1825.524135][ T910] usb 10-1: config 0 descriptor?? [ 1825.561693][T23678] FAULT_INJECTION: forcing a failure. [ 1825.561693][T23678] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1825.576202][T23678] CPU: 0 UID: 0 PID: 23678 Comm: syz.7.4793 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1825.587014][T23678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1825.597105][T23678] Call Trace: [ 1825.600402][T23678] [ 1825.603358][T23678] dump_stack_lvl+0x241/0x360 [ 1825.608066][T23678] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1825.613289][T23678] ? __pfx__printk+0x10/0x10 [ 1825.617899][T23678] ? __pfx_lock_release+0x10/0x10 [ 1825.622938][T23678] should_fail_ex+0x3b0/0x4e0 [ 1825.627631][T23678] _copy_from_user+0x2f/0xc0 [ 1825.632252][T23678] copy_msghdr_from_user+0xae/0x680 [ 1825.637477][T23678] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1825.643301][T23678] ? __fget_files+0x2a/0x410 [ 1825.647911][T23678] ? __fget_files+0x2a/0x410 [ 1825.652526][T23678] __sys_sendmsg+0x209/0x350 [ 1825.657130][T23678] ? __pfx_lock_release+0x10/0x10 [ 1825.662199][T23678] ? __pfx___sys_sendmsg+0x10/0x10 [ 1825.667333][T23678] ? __pfx_vfs_write+0x10/0x10 [ 1825.672136][T23678] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1825.678511][T23678] ? do_syscall_64+0x100/0x230 [ 1825.683337][T23678] ? do_syscall_64+0xb6/0x230 [ 1825.688035][T23678] do_syscall_64+0xf3/0x230 [ 1825.692557][T23678] ? clear_bhb_loop+0x35/0x90 [ 1825.697245][T23678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1825.703191][T23678] RIP: 0033:0x7fd1e4185d29 [ 1825.707620][T23678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1825.727241][T23678] RSP: 002b:00007fd1e50a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1825.735675][T23678] RAX: ffffffffffffffda RBX: 00007fd1e4375fa0 RCX: 00007fd1e4185d29 [ 1825.743677][T23678] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 1825.751674][T23678] RBP: 00007fd1e50a3090 R08: 0000000000000000 R09: 0000000000000000 [ 1825.759667][T23678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1825.767654][T23678] R13: 0000000000000000 R14: 00007fd1e4375fa0 R15: 00007ffcef761f88 [ 1825.775661][T23678] [ 1826.232606][T23685] FAULT_INJECTION: forcing a failure. [ 1826.232606][T23685] name failslab, interval 1, probability 0, space 0, times 0 [ 1826.263527][T23689] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1826.282653][T23689] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1826.288928][T23685] CPU: 0 UID: 0 PID: 23685 Comm: syz.7.4795 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1826.301212][T23685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1826.311294][T23685] Call Trace: [ 1826.314597][T23685] [ 1826.317559][T23685] dump_stack_lvl+0x241/0x360 [ 1826.322275][T23685] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1826.327509][T23685] ? __pfx__printk+0x10/0x10 [ 1826.332144][T23685] ? kmem_cache_alloc_noprof+0x48/0x380 [ 1826.337737][T23685] ? __pfx___might_resched+0x10/0x10 [ 1826.343846][T23685] should_fail_ex+0x3b0/0x4e0 [ 1826.348550][T23685] should_failslab+0xac/0x100 [ 1826.353267][T23685] ? __kvm_mmu_topup_memory_cache+0x1e3/0x6b0 [ 1826.359355][T23685] kmem_cache_alloc_noprof+0x70/0x380 [ 1826.364763][T23685] __kvm_mmu_topup_memory_cache+0x1e3/0x6b0 [ 1826.370697][T23685] kvm_mmu_load+0x115/0x2820 [ 1826.375320][T23685] ? __pfx_lock_release+0x10/0x10 [ 1826.380374][T23685] ? __pfx_kvm_mmu_load+0x10/0x10 [ 1826.385448][T23685] ? folio_mark_accessed+0x25d/0x9c0 [ 1826.390770][T23685] ? do_raw_read_unlock+0x3c/0x80 [ 1826.395824][T23685] ? _raw_read_unlock+0x28/0x50 [ 1826.400700][T23685] ? vmx_set_apic_access_page_addr+0x6e7/0x940 [ 1826.406889][T23685] ? vmx_get_rflags+0x1ff/0x3e0 [ 1826.411766][T23685] ? kvm_apic_has_interrupt+0x4bc/0xa70 [ 1826.417345][T23685] ? vmx_enable_irq_window+0x89/0x130 [ 1826.422750][T23685] vcpu_run+0x5c40/0x8a90 [ 1826.427197][T23685] ? __pfx_vcpu_run+0x10/0x10 [ 1826.428924][T23649] netlink: 16 bytes leftover after parsing attributes in process `syz.9.4787'. [ 1826.431886][T23685] ? __local_bh_enable_ip+0x168/0x200 [ 1826.431917][T23685] ? lockdep_hardirqs_on+0x99/0x150 [ 1826.451672][T23685] ? __pfx_lock_acquire+0x10/0x10 [ 1826.456721][T23685] ? fpu_swap_kvm_fpstate+0x82/0x460 [ 1826.462041][T23685] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1826.467798][T23685] ? xfd_validate_state+0x6e/0x150 [ 1826.472944][T23685] ? rcu_is_watching+0x15/0xb0 [ 1826.477748][T23685] ? rcu_is_watching+0x15/0xb0 [ 1826.482542][T23685] kvm_arch_vcpu_ioctl_run+0xa76/0x19d0 [ 1826.488218][T23685] ? mark_lock+0x9a/0x360 [ 1826.492599][T23685] ? kvm_arch_vcpu_ioctl_run+0x1cc/0x19d0 [ 1826.498368][T23685] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 1826.504416][T23685] ? __pfx_lock_acquire+0x10/0x10 [ 1826.509481][T23685] ? kvm_vcpu_ioctl+0xd71/0xea0 [ 1826.514371][T23685] ? __pfx_lock_release+0x10/0x10 [ 1826.519440][T23685] ? do_raw_write_lock+0x148/0x4f0 [ 1826.524593][T23685] ? __pfx_do_raw_write_lock+0x10/0x10 [ 1826.530098][T23685] kvm_vcpu_ioctl+0x920/0xea0 [ 1826.534813][T23685] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1826.540045][T23685] ? smack_file_ioctl+0x353/0x3a0 [ 1826.545099][T23685] ? __pfx_smack_file_ioctl+0x10/0x10 [ 1826.550505][T23685] ? __fget_files+0x2a/0x410 [ 1826.555133][T23685] ? __fget_files+0x2a/0x410 [ 1826.559751][T23685] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1826.564982][T23685] __se_sys_ioctl+0xf5/0x170 [ 1826.569612][T23685] do_syscall_64+0xf3/0x230 [ 1826.574155][T23685] ? clear_bhb_loop+0x35/0x90 [ 1826.578864][T23685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1826.584793][T23685] RIP: 0033:0x7fd1e4185d29 [ 1826.589223][T23685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1826.608842][T23685] RSP: 002b:00007fd1e50a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1826.617259][T23685] RAX: ffffffffffffffda RBX: 00007fd1e4375fa0 RCX: 00007fd1e4185d29 [ 1826.625233][T23685] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 1826.633204][T23685] RBP: 00007fd1e50a3090 R08: 0000000000000000 R09: 0000000000000000 [ 1826.641182][T23685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1826.649170][T23685] R13: 0000000000000000 R14: 00007fd1e4375fa0 R15: 00007ffcef761f88 [ 1826.657161][T23685] [ 1826.697605][ T910] ath6kl: Failed to submit usb control message: -110 [ 1826.717264][ T910] ath6kl: unable to send the bmi data to the device: -110 [ 1826.732984][ T910] ath6kl: Unable to send get target info: -110 [ 1826.758374][ T910] ath6kl: Failed to init ath6kl core: -110 [ 1826.769601][ T910] ath6kl_usb 10-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 1826.846989][T23697] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1826.855947][T23697] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1827.136764][T23703] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1827.146074][T23703] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1827.625415][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805fadf000: rx timeout, send abort [ 1827.670225][T23710] vivid-001: disconnect [ 1827.690351][T23710] vivid-001: reconnect [ 1827.803087][ T5871] usb 10-1: USB disconnect, device number 76 [ 1828.130789][T23712] netlink: 44 bytes leftover after parsing attributes in process `syz.9.4801'. [ 1828.172519][T23712] netlink: 28 bytes leftover after parsing attributes in process `syz.9.4801'. [ 1829.384923][ T1205] usb 10-1: new high-speed USB device number 77 using dummy_hcd [ 1829.545025][ T1205] usb 10-1: Using ep0 maxpacket: 16 [ 1830.226395][ T1205] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1830.262629][ T1205] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1830.455103][ T1205] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1830.483425][ T1205] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1830.604020][T23734] cgroup: Unknown subsys name 'permit_directio' [ 1830.669531][ T1205] usb 10-1: Product: syz [ 1830.676141][ T1205] usb 10-1: Manufacturer: syz [ 1830.684389][ T1205] usb 10-1: SerialNumber: syz [ 1830.872454][ T1205] usb 10-1: config 0 descriptor?? [ 1831.601739][ T1205] usb 10-1: can't set config #0, error -71 [ 1831.608950][ T1205] usb 10-1: USB disconnect, device number 77 [ 1831.737043][T23744] FAULT_INJECTION: forcing a failure. [ 1831.737043][T23744] name failslab, interval 1, probability 0, space 0, times 0 [ 1831.749929][T23744] CPU: 1 UID: 0 PID: 23744 Comm: syz.5.4809 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1831.760726][T23744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1831.770809][T23744] Call Trace: [ 1831.774103][T23744] [ 1831.777046][T23744] dump_stack_lvl+0x241/0x360 [ 1831.781751][T23744] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1831.786973][T23744] ? __pfx__printk+0x10/0x10 [ 1831.791586][T23744] ? __kmalloc_node_noprof+0xb9/0x4d0 [ 1831.796976][T23744] ? __pfx___might_resched+0x10/0x10 [ 1831.802285][T23744] should_fail_ex+0x3b0/0x4e0 [ 1831.806980][T23744] should_failslab+0xac/0x100 [ 1831.811681][T23744] __kmalloc_node_noprof+0xe1/0x4d0 [ 1831.816899][T23744] ? __kvmalloc_node_noprof+0x72/0x190 [ 1831.822385][T23744] __kvmalloc_node_noprof+0x72/0x190 [ 1831.827688][T23744] alloc_fdtable+0xdf/0x2a0 [ 1831.832209][T23744] ? dup_fd+0xa5e/0xd40 [ 1831.836384][T23744] dup_fd+0xa65/0xd40 [ 1831.840395][T23744] ? ksys_unshare+0x154/0xa70 [ 1831.845087][T23744] ? ksys_unshare+0x21b/0xa70 [ 1831.849792][T23744] ksys_unshare+0x4d0/0xa70 [ 1831.854322][T23744] ? __pfx_ksys_unshare+0x10/0x10 [ 1831.859359][T23744] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1831.865699][T23744] ? do_syscall_64+0x100/0x230 [ 1831.870488][T23744] __x64_sys_unshare+0x38/0x40 [ 1831.875352][T23744] do_syscall_64+0xf3/0x230 [ 1831.879873][T23744] ? clear_bhb_loop+0x35/0x90 [ 1831.884565][T23744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1831.890473][T23744] RIP: 0033:0x7f090b185d29 [ 1831.894909][T23744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1831.914624][T23744] RSP: 002b:00007f090bf20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1831.923059][T23744] RAX: ffffffffffffffda RBX: 00007f090b376160 RCX: 00007f090b185d29 [ 1831.931044][T23744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000024020400 [ 1831.939025][T23744] RBP: 00007f090bf20090 R08: 0000000000000000 R09: 0000000000000000 [ 1831.947007][T23744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1831.954987][T23744] R13: 0000000000000000 R14: 00007f090b376160 R15: 00007ffd8cbd6bb8 [ 1831.962987][T23744] [ 1832.067783][T23745] FAULT_INJECTION: forcing a failure. [ 1832.067783][T23745] name failslab, interval 1, probability 0, space 0, times 0 [ 1832.080621][T23745] CPU: 1 UID: 0 PID: 23745 Comm: syz.0.4808 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1832.091423][T23745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1832.101501][T23745] Call Trace: [ 1832.104796][T23745] [ 1832.107743][T23745] dump_stack_lvl+0x241/0x360 [ 1832.112465][T23745] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1832.117678][T23745] ? __pfx__printk+0x10/0x10 [ 1832.122323][T23745] should_fail_ex+0x3b0/0x4e0 [ 1832.127036][T23745] should_failslab+0xac/0x100 [ 1832.131748][T23745] ? skb_clone+0x20c/0x390 [ 1832.136179][T23745] kmem_cache_alloc_noprof+0x70/0x380 [ 1832.141589][T23745] skb_clone+0x20c/0x390 [ 1832.145840][T23745] __netlink_deliver_tap+0x3cc/0x7f0 [ 1832.151133][T23745] ? netlink_deliver_tap+0x2e/0x1b0 [ 1832.156331][T23745] netlink_deliver_tap+0x19d/0x1b0 [ 1832.161439][T23745] netlink_unicast+0x7c4/0x990 [ 1832.166216][T23745] ? __pfx_netlink_unicast+0x10/0x10 [ 1832.171511][T23745] ? __virt_addr_valid+0x45f/0x530 [ 1832.176630][T23745] ? __phys_addr_symbol+0x2f/0x70 [ 1832.181653][T23745] ? __check_object_size+0x47a/0x730 [ 1832.187032][T23745] netlink_sendmsg+0x8e4/0xcb0 [ 1832.191804][T23745] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1832.197101][T23745] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1832.202377][T23745] __sock_sendmsg+0x221/0x270 [ 1832.207059][T23745] ____sys_sendmsg+0x52a/0x7e0 [ 1832.211838][T23745] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1832.217123][T23745] ? __fget_files+0x2a/0x410 [ 1832.221711][T23745] ? __fget_files+0x2a/0x410 [ 1832.226305][T23745] __sys_sendmsg+0x269/0x350 [ 1832.230893][T23745] ? __pfx_lock_release+0x10/0x10 [ 1832.235920][T23745] ? __pfx___sys_sendmsg+0x10/0x10 [ 1832.241037][T23745] ? __pfx_vfs_write+0x10/0x10 [ 1832.245822][T23745] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1832.252144][T23745] ? do_syscall_64+0x100/0x230 [ 1832.256924][T23745] ? do_syscall_64+0xb6/0x230 [ 1832.261603][T23745] do_syscall_64+0xf3/0x230 [ 1832.266108][T23745] ? clear_bhb_loop+0x35/0x90 [ 1832.270786][T23745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1832.276679][T23745] RIP: 0033:0x7f5cbaf85d29 [ 1832.281087][T23745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1832.300695][T23745] RSP: 002b:00007f5cb8dd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1832.309196][T23745] RAX: ffffffffffffffda RBX: 00007f5cbb176080 RCX: 00007f5cbaf85d29 [ 1832.317165][T23745] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000006 [ 1832.325220][T23745] RBP: 00007f5cb8dd5090 R08: 0000000000000000 R09: 0000000000000000 [ 1832.333205][T23745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1832.341259][T23745] R13: 0000000000000000 R14: 00007f5cbb176080 R15: 00007ffeec119b28 [ 1832.349250][T23745] [ 1832.485212][T23745] netlink: 165 bytes leftover after parsing attributes in process `syz.0.4808'. [ 1833.114653][T23753] overlayfs: failed to clone upperpath [ 1833.912152][T23765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1833.920864][T23765] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1834.339208][T23764] vivid-001: disconnect [ 1834.450422][T23761] vivid-001: reconnect [ 1835.126171][T23774] netlink: 165 bytes leftover after parsing attributes in process `syz.0.4818'. [ 1835.421835][T23780] loop2: detected capacity change from 0 to 7 [ 1835.430205][T23780] Dev loop2: unable to read RDB block 7 [ 1835.436168][T23780] loop2: unable to read partition table [ 1835.442129][T23780] loop2: partition table beyond EOD, truncated [ 1835.450545][T23780] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1837.554753][T23794] overlayfs: failed to resolve './file0': -2 [ 1840.613095][T23815] vivid-001: disconnect [ 1840.896639][T23808] vivid-001: reconnect [ 1841.615776][T23831] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1841.624638][T23831] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1842.500927][T23843] overlay: Unknown parameter 'uid' [ 1842.908765][T23849] overlayfs: failed to resolve './file0': -2 [ 1845.261507][T23868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1845.270141][T23868] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1846.596823][T23879] vivid-000: disconnect [ 1846.824660][T23873] vivid-000: reconnect [ 1847.592303][T23886] netlink: 44 bytes leftover after parsing attributes in process `syz.9.4850'. [ 1847.659740][T23887] vivid-001: disconnect [ 1847.665802][T23887] vivid-001: reconnect [ 1848.904140][ T1205] usb 10-1: new high-speed USB device number 78 using dummy_hcd [ 1849.044144][ T1205] usb 10-1: device descriptor read/64, error -71 [ 1849.316958][ T1205] usb 10-1: new high-speed USB device number 79 using dummy_hcd [ 1849.922162][ T1205] usb 10-1: device descriptor read/64, error -71 [ 1850.296957][ T1205] usb usb10-port1: attempt power cycle [ 1850.760046][ T1205] usb 10-1: new high-speed USB device number 80 using dummy_hcd [ 1851.056695][ T1205] usb 10-1: device descriptor read/8, error -71 [ 1851.125753][T23924] 9pnet_fd: Insufficient options for proto=fd [ 1853.488750][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1854.412927][T23965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1854.427182][T23965] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1854.575304][T23962] bridge_slave_0: entered promiscuous mode [ 1855.038381][T23969] vivid-001: disconnect [ 1855.044093][T23969] vivid-001: reconnect [ 1855.936112][T23979] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1857.660934][T24007] overlayfs: failed to clone upperpath [ 1863.080781][ T29] audit: type=1326 audit(1734623664.292:18575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24041 comm="syz.9.4896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5714785d29 code=0x7ffc0000 [ 1863.227176][ T29] audit: type=1326 audit(1734623664.442:18576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24041 comm="syz.9.4896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5714785d29 code=0x7ffc0000 [ 1863.408166][ T29] audit: type=1326 audit(1734623664.622:18577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24041 comm="syz.9.4896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f5714785d29 code=0x7ffc0000 [ 1863.982325][ T29] audit: type=1326 audit(1734623664.822:18578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24041 comm="syz.9.4896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5714785d29 code=0x7ffc0000 [ 1864.118526][ T29] audit: type=1326 audit(1734623664.832:18579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24041 comm="syz.9.4896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5714785d29 code=0x7ffc0000 [ 1864.140959][ T29] audit: type=1326 audit(1734623664.872:18580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24041 comm="syz.9.4896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f5714785d29 code=0x7ffc0000 [ 1864.224009][ T29] audit: type=1326 audit(1734623664.892:18581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24041 comm="syz.9.4896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5714785d29 code=0x7ffc0000 [ 1864.246059][ T29] audit: type=1326 audit(1734623664.912:18582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24041 comm="syz.9.4896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5714785d29 code=0x7ffc0000 [ 1864.267896][ T29] audit: type=1326 audit(1734623665.082:18583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24041 comm="syz.9.4896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f5714785d29 code=0x7ffc0000 [ 1864.289688][ T29] audit: type=1326 audit(1734623665.142:18584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24041 comm="syz.9.4896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5714785d29 code=0x7ffc0000 [ 1864.631340][T24061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1864.640126][T24061] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1868.352224][T24079] delete_channel: no stack [ 1868.639897][T24088] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1868.648509][T24088] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1870.844717][T24114] overlayfs: failed to resolve './file1': -2 [ 1871.809752][T24122] overlayfs: missing 'lowerdir' [ 1872.523107][T24126] input: syz0 as /devices/virtual/input/input17 [ 1873.737880][T24131] netlink: 16 bytes leftover after parsing attributes in process `syz.7.4920'. [ 1873.861238][T24131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1873.899930][T24131] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1874.059283][T24131] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1875.475911][T24131] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1876.020871][T24131] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1876.155902][T24131] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1876.786497][T24156] overlayfs: failed to resolve './file1': -2 [ 1877.525212][T24131] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1877.590855][T24131] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1877.631680][T24131] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1877.677879][T24131] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1879.792397][T24179] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1879.803455][T24179] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1881.002085][T24200] overlayfs: missing 'lowerdir' [ 1882.632839][T24213] overlayfs: failed to resolve './file1': -2 [ 1883.823155][T24224] loop2: detected capacity change from 0 to 7 [ 1883.870106][T24224] Dev loop2: unable to read RDB block 7 [ 1883.900206][T24224] loop2: AHDI p2 p3 p4 [ 1883.915317][T24224] loop2: partition table partially beyond EOD, truncated [ 1883.945553][T24224] loop2: p2 start 131072 is beyond EOD, truncated [ 1883.965306][T24224] loop2: p3 size 150995200 extends beyond EOD, truncated [ 1884.080252][T24236] 9pnet_fd: Insufficient options for proto=fd [ 1884.721819][T24245] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4952'. [ 1884.789795][T24245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1884.820076][T24245] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1885.003453][T24245] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1885.114349][T24251] netlink: 'syz.6.4954': attribute type 12 has an invalid length. [ 1885.167418][T24245] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1885.486034][T24245] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1885.750871][T24245] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1886.639324][T24245] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1886.707141][T24245] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1886.773626][T24245] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1886.826458][T24245] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1886.844505][T24268] overlayfs: missing 'lowerdir' [ 1888.485385][T24270] netlink: 'syz.6.4959': attribute type 12 has an invalid length. [ 1888.506437][T24270] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4959'. [ 1888.534116][T24270] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4959'. [ 1888.925753][T24288] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4964'. [ 1890.720894][T24306] loop2: detected capacity change from 0 to 7 [ 1890.734332][T24306] Dev loop2: unable to read RDB block 7 [ 1890.740311][T24306] loop2: AHDI p2 p3 p4 [ 1890.744773][T24306] loop2: partition table partially beyond EOD, truncated [ 1890.751899][T24306] loop2: p2 start 131072 is beyond EOD, truncated [ 1890.758697][T24306] loop2: p3 size 150995200 extends beyond EOD, truncated [ 1891.422959][T24318] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4973'. [ 1892.486572][T24330] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1892.647876][T24330] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1893.217595][T24342] overlayfs: missing 'lowerdir' [ 1896.746403][ T29] kauditd_printk_skb: 103 callbacks suppressed [ 1896.746426][ T29] audit: type=1400 audit(1734623697.482:18688): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=24359 comm="syz.5.4983" dest=20001 [ 1898.144648][T24368] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4985'. [ 1900.565336][T22393] Bluetooth: hci5: command 0x0406 tx timeout [ 1901.132346][ T9788] Bluetooth: hci5: Opcode 0x206a failed: -110 [ 1902.103389][T24419] netlink: 28 bytes leftover after parsing attributes in process `syz.9.4992'. [ 1903.144075][T24419] netlink: 'syz.9.4992': attribute type 7 has an invalid length. [ 1903.152101][T24419] netlink: 'syz.9.4992': attribute type 8 has an invalid length. [ 1903.340612][T24419] netlink: 4 bytes leftover after parsing attributes in process `syz.9.4992'. [ 1905.633712][T24446] overlayfs: missing 'lowerdir' [ 1906.030738][T24452] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5007'. [ 1906.790838][T24464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1906.940189][T24464] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1907.010258][T24464] netlink: 372 bytes leftover after parsing attributes in process `syz.5.5010'. [ 1907.646335][T24472] netlink: 212 bytes leftover after parsing attributes in process `syz.9.5013'. [ 1907.982361][T24477] overlayfs: failed to resolve './file1': -2 [ 1910.995210][T24498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1911.024131][T24498] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1911.144003][ T9788] Bluetooth: hci4: unexpected event for opcode 0x0406 [ 1912.802262][T24530] overlayfs: missing 'lowerdir' [ 1912.819652][ T29] audit: type=1400 audit(1734623714.032:18689): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=24516 comm="syz.5.5024" daddr=::ffff:172.20.20.187 dest=20001 [ 1914.385424][T24543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1914.419985][T24543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1914.688415][T24543] netlink: 'syz.5.5030': attribute type 12 has an invalid length. [ 1914.930355][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1915.599609][T24566] overlayfs: failed to clone upperpath [ 1916.350613][T24571] FAULT_INJECTION: forcing a failure. [ 1916.350613][T24571] name failslab, interval 1, probability 0, space 0, times 0 [ 1916.389989][T24571] CPU: 1 UID: 0 PID: 24571 Comm: syz.9.5036 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1916.400824][T24571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1916.410918][T24571] Call Trace: [ 1916.414254][T24571] [ 1916.417209][T24571] dump_stack_lvl+0x241/0x360 [ 1916.421929][T24571] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1916.427247][T24571] ? __pfx__printk+0x10/0x10 [ 1916.431865][T24571] ? kmem_cache_alloc_noprof+0x48/0x380 [ 1916.437446][T24571] ? __pfx___might_resched+0x10/0x10 [ 1916.442781][T24571] should_fail_ex+0x3b0/0x4e0 [ 1916.447494][T24571] should_failslab+0xac/0x100 [ 1916.452208][T24571] ? security_file_alloc+0x32/0x310 [ 1916.457443][T24571] kmem_cache_alloc_noprof+0x70/0x380 [ 1916.462854][T24571] security_file_alloc+0x32/0x310 [ 1916.467910][T24571] init_file+0x91/0x280 [ 1916.472089][T24571] alloc_empty_file+0xb8/0x1d0 [ 1916.476876][T24571] path_openat+0x107/0x3590 [ 1916.481410][T24571] ? mark_lock+0x9a/0x360 [ 1916.485763][T24571] ? __pfx_stack_trace_save+0x10/0x10 [ 1916.491172][T24571] ? __lock_acquire+0x1397/0x2100 [ 1916.496223][T24571] ? __pfx_path_openat+0x10/0x10 [ 1916.501205][T24571] do_filp_open+0x27f/0x4e0 [ 1916.505735][T24571] ? __pfx_do_filp_open+0x10/0x10 [ 1916.510782][T24571] ? do_raw_spin_lock+0x14f/0x370 [ 1916.515866][T24571] do_sys_openat2+0x13e/0x1d0 [ 1916.520564][T24571] ? __pfx_do_sys_openat2+0x10/0x10 [ 1916.525793][T24571] __x64_sys_openat+0x247/0x2a0 [ 1916.530665][T24571] ? __pfx___x64_sys_openat+0x10/0x10 [ 1916.536057][T24571] ? exc_page_fault+0x590/0x8b0 [ 1916.540930][T24571] ? do_syscall_64+0xb6/0x230 [ 1916.545632][T24571] do_syscall_64+0xf3/0x230 [ 1916.550156][T24571] ? clear_bhb_loop+0x35/0x90 [ 1916.554849][T24571] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1916.560763][T24571] RIP: 0033:0x7f5714784690 [ 1916.565195][T24571] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 1916.584832][T24571] RSP: 002b:00007f5715618ef0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1916.593269][T24571] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5714784690 [ 1916.601259][T24571] RDX: 0000000000000002 RSI: 00007f571480178c RDI: 00000000ffffff9c [ 1916.609246][T24571] RBP: 00007f571480178c R08: 0000000000000000 R09: 0000000000000000 [ 1916.617321][T24571] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 1916.625306][T24571] R13: 000000000000006e R14: 0000000020000100 R15: 00007fffd67854e8 [ 1916.633309][T24571] [ 1917.845913][T24592] netlink: 204 bytes leftover after parsing attributes in process `syz.9.5043'. [ 1917.871360][T24586] loop2: detected capacity change from 0 to 7 [ 1917.878954][T24586] Dev loop2: unable to read RDB block 7 [ 1917.892932][T24586] loop2: AHDI p2 p3 p4 [ 1917.942473][T24586] loop2: partition table partially beyond EOD, truncated [ 1917.964643][T24599] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1917.973451][T24599] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1918.037310][T24586] loop2: p2 start 131072 is beyond EOD, truncated [ 1918.074652][T24586] loop2: p3 size 150995200 extends beyond EOD, truncated [ 1921.604200][T24628] netlink: 'syz.0.5051': attribute type 1 has an invalid length. [ 1922.826905][T24648] FAULT_INJECTION: forcing a failure. [ 1922.826905][T24648] name failslab, interval 1, probability 0, space 0, times 0 [ 1922.839712][T24648] CPU: 0 UID: 0 PID: 24648 Comm: syz.7.5057 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1922.850497][T24648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1922.860584][T24648] Call Trace: [ 1922.863881][T24648] [ 1922.866821][T24648] dump_stack_lvl+0x241/0x360 [ 1922.871521][T24648] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1922.876733][T24648] ? __pfx__printk+0x10/0x10 [ 1922.881350][T24648] should_fail_ex+0x3b0/0x4e0 [ 1922.886043][T24648] should_failslab+0xac/0x100 [ 1922.890739][T24648] __kmalloc_node_noprof+0xe1/0x4d0 [ 1922.895952][T24648] ? __kvmalloc_node_noprof+0x72/0x190 [ 1922.901431][T24648] __kvmalloc_node_noprof+0x72/0x190 [ 1922.906733][T24648] alloc_fdtable+0x152/0x2a0 [ 1922.911346][T24648] dup_fd+0xa65/0xd40 [ 1922.915360][T24648] ksys_unshare+0x4d0/0xa70 [ 1922.919880][T24648] ? __pfx_ksys_unshare+0x10/0x10 [ 1922.924927][T24648] __x64_sys_unshare+0x38/0x40 [ 1922.929698][T24648] do_syscall_64+0xf3/0x230 [ 1922.934218][T24648] ? clear_bhb_loop+0x35/0x90 [ 1922.938963][T24648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1922.944902][T24648] RIP: 0033:0x7fd1e4185d29 [ 1922.949350][T24648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1922.968999][T24648] RSP: 002b:00007fd1e5061038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1922.977441][T24648] RAX: ffffffffffffffda RBX: 00007fd1e4376160 RCX: 00007fd1e4185d29 [ 1922.985430][T24648] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000024020400 [ 1922.993419][T24648] RBP: 00007fd1e5061090 R08: 0000000000000000 R09: 0000000000000000 [ 1923.001414][T24648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1923.009396][T24648] R13: 0000000000000000 R14: 00007fd1e4376160 R15: 00007ffcef761f88 [ 1923.017399][T24648] [ 1924.030602][T24660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1924.050476][T24660] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1924.184128][ T1205] usb 10-1: new high-speed USB device number 82 using dummy_hcd [ 1924.338849][ T1205] usb 10-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1924.348647][ T1205] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1924.356980][ T1205] usb 10-1: Product: syz [ 1924.361429][ T1205] usb 10-1: Manufacturer: syz [ 1924.366336][ T1205] usb 10-1: SerialNumber: syz [ 1924.376100][ T1205] usb 10-1: config 0 descriptor?? [ 1924.499989][T24677] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1924.508818][T24677] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1924.928278][ T1205] usb 10-1: Firmware version (0.0) predates our first public release. [ 1924.937378][ T1205] usb 10-1: Please update to version 0.2 or newer [ 1926.346804][T24690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1926.361373][T24690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1926.384731][ T1205] usb 10-1: USB disconnect, device number 82 [ 1927.521730][T24709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1927.536586][T24709] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1927.757655][T24713] hsr0: entered promiscuous mode [ 1927.763349][T24713] vlan2: entered promiscuous mode [ 1927.784220][T24713] vlan2: entered allmulticast mode [ 1927.789380][T24713] hsr0: entered allmulticast mode [ 1927.809669][T24713] hsr_slave_0: entered allmulticast mode [ 1927.824177][T24713] hsr_slave_1: entered allmulticast mode [ 1927.835165][T24713] hsr0: left allmulticast mode [ 1927.843948][T24713] hsr_slave_0: left allmulticast mode [ 1927.853945][T24713] hsr_slave_1: left allmulticast mode [ 1928.241489][T24725] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1928.250410][T24725] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1928.445279][ T9788] Bluetooth: hci3: command 0x0406 tx timeout [ 1929.498339][T24733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1929.507073][T24733] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1930.011558][T24742] overlayfs: failed to resolve './file1': -2 [ 1932.941268][T24754] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1932.951279][T24754] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1934.013969][ T5871] usb 10-1: new high-speed USB device number 83 using dummy_hcd [ 1934.168022][ T5871] usb 10-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1934.190350][ T5871] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1934.206148][ T5871] usb 10-1: Product: syz [ 1934.213934][ T5871] usb 10-1: Manufacturer: syz [ 1934.223987][ T5871] usb 10-1: SerialNumber: syz [ 1934.236706][ T5871] usb 10-1: config 0 descriptor?? [ 1934.620066][ T5871] usb-storage 10-1:0.0: USB Mass Storage device detected [ 1935.665282][T24763] netlink: 12 bytes leftover after parsing attributes in process `syz.9.5089'. [ 1936.422201][T24781] netlink: 136 bytes leftover after parsing attributes in process `syz.6.5094'. [ 1936.439195][T24781] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 1936.489038][T24782] netlink: 168 bytes leftover after parsing attributes in process `syz.0.5093'. [ 1937.475623][ T5868] usb 10-1: USB disconnect, device number 83 [ 1937.639347][T24788] loop2: detected capacity change from 0 to 7 [ 1937.663327][T24788] Dev loop2: unable to read RDB block 7 [ 1937.671326][T24788] loop2: AHDI p1 p4 [ 1937.680920][T24788] loop2: partition table partially beyond EOD, truncated [ 1937.688347][T24788] loop2: p1 size 10 extends beyond EOD, truncated [ 1937.840235][T24807] overlayfs: missing 'lowerdir' [ 1937.881482][ T29] audit: type=1400 audit(1734623739.092:18690): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=24794 comm="syz.9.5098" daddr=::ffff:172.20.20.187 dest=20001 [ 1939.839906][T24829] netlink: 168 bytes leftover after parsing attributes in process `syz.0.5106'. [ 1939.880638][T17958] libceph: connect (1)[c::]:6789 error -101 [ 1939.887102][T17958] libceph: mon0 (1)[c::]:6789 connect error [ 1939.959988][T24828] ceph: No mds server is up or the cluster is laggy [ 1940.642031][T24845] overlayfs: failed to get inode (-116) [ 1940.650274][T24845] overlayfs: failed to get inode (-116) [ 1940.659801][T24845] overlayfs: failed to get inode (-116) [ 1940.752471][T24845] overlayfs: failed to get inode (-116) [ 1940.760495][T24845] FAULT_INJECTION: forcing a failure. [ 1940.760495][T24845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1940.801972][T24845] CPU: 0 UID: 0 PID: 24845 Comm: syz.0.5110 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1940.812808][T24845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1940.822901][T24845] Call Trace: [ 1940.826195][T24845] [ 1940.829141][T24845] dump_stack_lvl+0x241/0x360 [ 1940.833860][T24845] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1940.839094][T24845] ? __pfx__printk+0x10/0x10 [ 1940.843718][T24845] ? snprintf+0xda/0x120 [ 1940.847995][T24845] should_fail_ex+0x3b0/0x4e0 [ 1940.852697][T24845] _copy_to_user+0x31/0xb0 [ 1940.857139][T24845] simple_read_from_buffer+0xca/0x150 [ 1940.862536][T24845] proc_fail_nth_read+0x1e9/0x250 [ 1940.867591][T24845] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1940.873166][T24845] ? rw_verify_area+0x55e/0x6f0 [ 1940.878042][T24845] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1940.883633][T24845] vfs_read+0x1fc/0xb70 [ 1940.887822][T24845] ? __pfx___mutex_lock+0x10/0x10 [ 1940.892891][T24845] ? __pfx_vfs_read+0x10/0x10 [ 1940.897593][T24845] ? __fget_files+0x2a/0x410 [ 1940.902204][T24845] ? __fget_files+0x395/0x410 [ 1940.906903][T24845] ? __fget_files+0x2a/0x410 [ 1940.911523][T24845] ksys_read+0x18f/0x2b0 [ 1940.915790][T24845] ? __pfx_ksys_read+0x10/0x10 [ 1940.920577][T24845] ? do_syscall_64+0x100/0x230 [ 1940.925366][T24845] ? do_syscall_64+0xb6/0x230 [ 1940.930069][T24845] do_syscall_64+0xf3/0x230 [ 1940.934603][T24845] ? clear_bhb_loop+0x35/0x90 [ 1940.939301][T24845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1940.945227][T24845] RIP: 0033:0x7f5cbaf8473c [ 1940.949659][T24845] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1940.969295][T24845] RSP: 002b:00007f5cb8df6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1940.977821][T24845] RAX: ffffffffffffffda RBX: 00007f5cbb175fa0 RCX: 00007f5cbaf8473c [ 1940.985812][T24845] RDX: 000000000000000f RSI: 00007f5cb8df60a0 RDI: 0000000000000007 [ 1940.993797][T24845] RBP: 00007f5cb8df6090 R08: 0000000000000000 R09: 0000000000000000 [ 1941.001884][T24845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1941.009868][T24845] R13: 0000000000000000 R14: 00007f5cbb175fa0 R15: 00007ffeec119b28 [ 1941.017877][T24845] [ 1942.074779][T24853] overlayfs: missing 'lowerdir' [ 1943.014842][T24867] selection: kmalloc() failed [ 1944.000456][T24886] netlink: 168 bytes leftover after parsing attributes in process `syz.5.5120'. [ 1944.344430][T24890] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5123'. [ 1944.423529][T24890] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1944.444777][T24890] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1944.460453][T24894] overlayfs: missing 'lowerdir' [ 1944.593578][T24890] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1945.457611][T24890] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1945.665864][ T29] audit: type=1400 audit(1734623746.632:18691): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=24896 comm="syz.5.5122" daddr=::ffff:172.20.20.187 dest=20001 [ 1945.815983][T24919] overlayfs: missing 'lowerdir' [ 1946.598163][T24890] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1946.654061][T24926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1946.692981][T24926] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1946.713501][T24890] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1947.395942][T24926] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5129'. [ 1947.482405][T24890] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1947.499057][T24890] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1947.516546][T24890] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1947.532504][T24890] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1948.696944][T24944] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1949.390933][ T29] audit: type=1400 audit(1734623750.602:18692): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=24952 comm="syz.7.5138" daddr=::ffff:172.20.20.187 dest=20001 [ 1949.393786][T24960] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5139'. [ 1949.636147][T24960] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5139'. [ 1949.928314][T24971] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5141'. [ 1949.970880][T24971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1949.999868][T24971] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1950.145328][T24971] netdevsim netdevsim7 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1950.395680][T24971] netdevsim netdevsim7 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1950.486006][T24971] netdevsim netdevsim7 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1950.560253][T24971] netdevsim netdevsim7 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1950.668039][T24984] overlayfs: missing 'lowerdir' [ 1950.749497][T24971] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1950.808369][T24971] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1950.882149][T24971] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1950.965617][T24971] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1950.997298][T24986] netlink: 'syz.5.5144': attribute type 1 has an invalid length. [ 1951.868896][T24991] syz.5.5145: attempt to access beyond end of device [ 1951.868896][T24991] nbd5: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1951.883045][T24991] XFS (nbd5): SB validate failed with error -5. [ 1953.765946][T25014] loop2: detected capacity change from 0 to 7 [ 1953.788097][T25014] Dev loop2: unable to read RDB block 7 [ 1953.874518][T25014] loop2: unable to read partition table [ 1953.880380][T25014] loop2: partition table beyond EOD, truncated [ 1953.924919][T25014] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1954.033366][T25027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1954.066698][T25027] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1955.926026][T25058] overlayfs: missing 'workdir' [ 1957.549843][ T29] audit: type=1400 audit(1734623758.762:18693): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=25071 comm="syz.0.5163" daddr=::ffff:172.20.20.187 dest=20001 [ 1957.738507][ T29] audit: type=1400 audit(1734623758.952:18694): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=25080 comm="syz.7.5164" daddr=::ffff:172.20.20.187 dest=20001 [ 1958.046650][T25089] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5165'. [ 1958.901932][T25100] vivid-004: disconnect [ 1959.045168][T25107] Invalid option length (167) for dns_resolver key [ 1959.510503][T25098] vivid-004: reconnect [ 1961.139904][T25131] 9p: Unknown access argument 18446744073709551615: -34 [ 1961.331106][ T5871] usb 10-1: new high-speed USB device number 84 using dummy_hcd [ 1962.208398][ T5871] usb 10-1: Using ep0 maxpacket: 32 [ 1962.226911][ T5871] usb 10-1: config 0 has an invalid interface number: 250 but max is 0 [ 1962.235675][ T5871] usb 10-1: config 0 has no interface number 0 [ 1962.248337][ T5871] usb 10-1: New USB device found, idVendor=04f1, idProduct=1001, bcdDevice=19.63 [ 1962.259094][ T5871] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1962.277360][ T5871] usb 10-1: Product: syz [ 1962.281663][ T5871] usb 10-1: Manufacturer: syz [ 1962.291942][ T5871] usb 10-1: SerialNumber: syz [ 1962.320255][ T5871] usb 10-1: config 0 descriptor?? [ 1962.352045][ T5871] gspca_main: sunplus-2.14.0 probing 04f1:1001 [ 1962.655318][ T29] audit: type=1400 audit(1734623763.872:18695): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=25136 comm="syz.7.5176" daddr=::ffff:172.20.20.187 dest=20001 [ 1962.874418][ T5871] gspca_sunplus: reg_w_riv err -110 [ 1962.880077][ T5871] sunplus 10-1:0.250: probe with driver sunplus failed with error -110 [ 1963.687349][T25159] overlayfs: missing 'workdir' [ 1964.845754][T25171] netlink: 'syz.5.5184': attribute type 1 has an invalid length. [ 1965.002208][T25180] 9p: Unknown access argument 18446744073709551615: -34 [ 1966.012515][ T910] usb 10-1: USB disconnect, device number 84 [ 1966.220370][T25203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1966.323529][T25203] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1971.080907][ T29] audit: type=1400 audit(1734623772.292:18696): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=25254 comm="syz.6.5207" daddr=::1c9a:e7ff:fe9a:6f34 [ 1971.142769][ T29] audit: type=1400 audit(1734623772.292:18697): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=25254 comm="syz.6.5207" daddr=::1c9a:e7ff:fe9a:6f34 [ 1972.367912][T25271] Bluetooth: hci1: Frame reassembly failed (-84) [ 1972.411570][T25271] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5209'. [ 1974.878887][ T9788] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 1976.169111][T25310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1976.194353][T25310] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1976.707519][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1976.756068][T25311] mkiss: ax0: crc mode is auto. [ 1980.503970][T17958] usb 10-1: new high-speed USB device number 85 using dummy_hcd [ 1980.533007][T25348] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1980.563316][T25350] loop2: detected capacity change from 0 to 7 [ 1980.577166][T25350] Dev loop2: unable to read RDB block 7 [ 1980.583148][T25350] loop2: AHDI p1 p4 [ 1980.591300][T25350] loop2: partition table partially beyond EOD, truncated [ 1980.607985][T25350] loop2: p1 size 10 extends beyond EOD, truncated [ 1980.654453][T17958] usb 10-1: device descriptor read/64, error -71 [ 1980.696124][T25348] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1980.825126][T25348] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1980.922930][T25358] loop2: detected capacity change from 0 to 7 [ 1980.951551][T25358] Dev loop2: unable to read RDB block 7 [ 1981.446460][T25358] loop2: AHDI p2 p3 p4 [ 1981.456204][T25358] loop2: partition table partially beyond EOD, truncated [ 1981.463522][T25358] loop2: p2 start 131072 is beyond EOD, truncated [ 1981.470094][T25358] loop2: p3 size 150995200 extends beyond EOD, truncated [ 1981.576473][T25366] overlayfs: missing 'lowerdir' [ 1982.452294][T25348] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1982.692265][T25348] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1983.019541][T25348] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1983.046584][T25348] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1983.081308][T25348] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1983.277997][T25371] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1543511462 (24696183392 ns) > initial count (19957873440 ns). Using initial count to start timer. [ 1983.359906][T25384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1983.368862][T25384] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1986.137269][T25409] FAULT_INJECTION: forcing a failure. [ 1986.137269][T25409] name failslab, interval 1, probability 0, space 0, times 0 [ 1986.216156][T25409] CPU: 1 UID: 0 PID: 25409 Comm: syz.0.5248 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1986.226994][T25409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1986.237073][T25409] Call Trace: [ 1986.240452][T25409] [ 1986.243394][T25409] dump_stack_lvl+0x241/0x360 [ 1986.248100][T25409] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1986.253317][T25409] ? __pfx__printk+0x10/0x10 [ 1986.257934][T25409] ? kmem_cache_alloc_noprof+0x48/0x380 [ 1986.263505][T25409] ? __pfx___might_resched+0x10/0x10 [ 1986.268824][T25409] should_fail_ex+0x3b0/0x4e0 [ 1986.273519][T25409] should_failslab+0xac/0x100 [ 1986.278226][T25409] ? ptlock_alloc+0x20/0x70 [ 1986.282772][T25409] kmem_cache_alloc_noprof+0x70/0x380 [ 1986.288193][T25409] ptlock_alloc+0x20/0x70 [ 1986.292566][T25409] pte_alloc_one+0xd3/0x510 [ 1986.297100][T25409] ? __pfx_validate_chain+0x10/0x10 [ 1986.302329][T25409] ? __pfx_pte_alloc_one+0x10/0x10 [ 1986.307475][T25409] ? unwind_next_frame+0x18e6/0x22d0 [ 1986.312798][T25409] ? mark_lock+0x9a/0x360 [ 1986.317155][T25409] handle_pte_fault+0x2913/0x5ed0 [ 1986.322234][T25409] ? mark_lock+0x9a/0x360 [ 1986.326597][T25409] ? _parse_integer_limit+0x1b5/0x200 [ 1986.332001][T25409] ? __pfx_handle_pte_fault+0x10/0x10 [ 1986.337413][T25409] ? __lock_acquire+0x1397/0x2100 [ 1986.342498][T25409] ? __thp_vma_allowable_orders+0x8ff/0x9c0 [ 1986.348447][T25409] handle_mm_fault+0x1053/0x1ad0 [ 1986.353449][T25409] ? __pfx_handle_mm_fault+0x10/0x10 [ 1986.358786][T25409] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1986.365143][T25409] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 1986.370454][T25409] exc_page_fault+0x2b9/0x8b0 [ 1986.375168][T25409] asm_exc_page_fault+0x26/0x30 [ 1986.380049][T25409] RIP: 0010:__get_user_8+0x1a/0x30 [ 1986.385186][T25409] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 ba 00 f0 ff ff ff 7f 00 00 48 39 c2 48 19 d2 48 09 d0 0f 01 cb <48> 8b 10 31 c0 0f 01 ca c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 [ 1986.404819][T25409] RSP: 0018:ffffc9000cda7ed8 EFLAGS: 00050206 [ 1986.410921][T25409] RAX: 0000000020000100 RBX: ffffc9000cda7f10 RCX: ffffc9000cda7e03 [ 1986.418917][T25409] RDX: 0000000000000000 RSI: ffffffff8c0aa960 RDI: ffffffff8c5edb60 [ 1986.426998][T25409] RBP: ffffc9000cda7f48 R08: ffffffff90185137 R09: 1ffffffff2030a26 [ 1986.435001][T25409] R10: dffffc0000000000 R11: fffffbfff2030a27 R12: 0000000080000000 [ 1986.443089][T25409] R13: 0000000000000000 R14: ffffc9000cda7f58 R15: 0000000020000100 [ 1986.451100][T25409] __se_sys_io_setup+0x2d/0x1a0 [ 1986.455974][T25409] do_syscall_64+0xf3/0x230 [ 1986.460530][T25409] ? clear_bhb_loop+0x35/0x90 [ 1986.465223][T25409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1986.471135][T25409] RIP: 0033:0x7f5cbaf85d29 [ 1986.475563][T25409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1986.495263][T25409] RSP: 002b:00007f5cb8df6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 1986.503689][T25409] RAX: ffffffffffffffda RBX: 00007f5cbb175fa0 RCX: 00007f5cbaf85d29 [ 1986.511669][T25409] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000080000000 [ 1986.519902][T25409] RBP: 00007f5cb8df6090 R08: 0000000000000000 R09: 0000000000000000 [ 1986.527874][T25409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1986.535843][T25409] R13: 0000000000000000 R14: 00007f5cbb175fa0 R15: 00007ffeec119b28 [ 1986.543826][T25409] [ 1990.632909][T25466] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5260'. [ 1990.658899][T25466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1990.667656][T25466] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1990.681499][T25466] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1990.780404][T25466] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1990.852782][T25466] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1990.904126][ T910] usb 10-1: new high-speed USB device number 87 using dummy_hcd [ 1990.906009][T25466] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1991.013577][T25466] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1991.041025][T25466] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1991.057503][T25466] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1991.082790][T25466] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1991.092988][ T910] usb 10-1: Using ep0 maxpacket: 16 [ 1991.100154][ T910] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDC, changing to 0x8C [ 1991.112858][ T910] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid maxpacket 26000, setting to 1024 [ 1991.129629][ T910] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 1024 [ 1991.160841][ T910] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1991.216204][ T910] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1991.267125][ T910] usb 10-1: Product: syz [ 1991.289522][ T910] usb 10-1: Manufacturer: syz [ 1991.318434][ T910] usb 10-1: SerialNumber: syz [ 1991.367675][ T910] usb 10-1: config 0 descriptor?? [ 1992.088549][ T910] usb 10-1: USB disconnect, device number 87 [ 1992.160806][ T9788] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1993.040149][T25496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1993.050986][T25496] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1993.446519][T25499] netlink: 40 bytes leftover after parsing attributes in process `syz.6.5271'. [ 1993.484914][T25501] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1993.505068][T25501] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1993.568877][T25503] FAULT_INJECTION: forcing a failure. [ 1993.568877][T25503] name failslab, interval 1, probability 0, space 0, times 0 [ 1993.591488][T25503] CPU: 1 UID: 0 PID: 25503 Comm: syz.9.5273 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 1993.602317][T25503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 1993.612400][T25503] Call Trace: [ 1993.615706][T25503] [ 1993.618664][T25503] dump_stack_lvl+0x241/0x360 [ 1993.623377][T25503] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1993.628604][T25503] ? __pfx__printk+0x10/0x10 [ 1993.633225][T25503] ? fs_reclaim_acquire+0x93/0x130 [ 1993.638365][T25503] ? __pfx___might_resched+0x10/0x10 [ 1993.643683][T25503] should_fail_ex+0x3b0/0x4e0 [ 1993.648382][T25503] should_failslab+0xac/0x100 [ 1993.653072][T25503] __kmalloc_noprof+0xdd/0x4c0 [ 1993.657837][T25503] ? kstrtouint_from_user+0x128/0x190 [ 1993.663208][T25503] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 1993.668942][T25503] tomoyo_realpath_from_path+0xcf/0x5e0 [ 1993.674497][T25503] tomoyo_path_number_perm+0x236/0x860 [ 1993.679963][T25503] ? __lock_acquire+0x1397/0x2100 [ 1993.684988][T25503] ? tomoyo_path_number_perm+0x206/0x860 [ 1993.690618][T25503] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1993.696626][T25503] ? __fget_files+0x2a/0x410 [ 1993.701225][T25503] ? __fget_files+0x2a/0x410 [ 1993.705813][T25503] security_file_ioctl+0xc6/0x2a0 [ 1993.710836][T25503] __se_sys_ioctl+0x46/0x170 [ 1993.715432][T25503] do_syscall_64+0xf3/0x230 [ 1993.719944][T25503] ? clear_bhb_loop+0x35/0x90 [ 1993.724638][T25503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1993.730559][T25503] RIP: 0033:0x7f5714785d29 [ 1993.734983][T25503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1993.754683][T25503] RSP: 002b:00007f571563c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1993.763110][T25503] RAX: ffffffffffffffda RBX: 00007f5714975fa0 RCX: 00007f5714785d29 [ 1993.771088][T25503] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 1993.779056][T25503] RBP: 00007f571563c090 R08: 0000000000000000 R09: 0000000000000000 [ 1993.787023][T25503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1993.794991][T25503] R13: 0000000000000000 R14: 00007f5714975fa0 R15: 00007fffd67854e8 [ 1993.802970][T25503] [ 1993.822754][T25503] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1995.674701][T25529] netlink: 44 bytes leftover after parsing attributes in process `syz.9.5282'. [ 1996.991380][ T29] audit: type=1804 audit(1734623798.192:18698): pid=25540 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.5.5285" name="/newroot/973/bus/bus" dev="overlay" ino=5404 res=1 errno=0 [ 1997.020324][T25549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1997.047055][T25549] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1998.681352][T25567] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5292'. [ 1998.830148][T25570] overlayfs: failed to clone upperpath [ 1999.077468][T25572] Invalid ELF header magic: != ELF [ 1999.265085][T25574] netlink: 44 bytes leftover after parsing attributes in process `syz.9.5294'. [ 2000.043965][T25583] overlayfs: failed to resolve './file0': -2 [ 2000.237989][T25584] netlink: 20 bytes leftover after parsing attributes in process `syz.6.5296'. [ 2000.775280][T25588] overlayfs: missing 'lowerdir' [ 2002.798384][T25608] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2002.895303][T25609] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2003.655015][T25618] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5304'. [ 2005.074269][ T29] audit: type=1804 audit(1734623805.912:18699): pid=25632 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.5307" name="/newroot/658/bus/bus" dev="overlay" ino=3954 res=1 errno=0 [ 2005.284222][T25632] Invalid ELF header magic: != ELF [ 2006.341566][T25638] overlayfs: missing 'lowerdir' [ 2006.720789][T25639] netlink: 'syz.5.5312': attribute type 1 has an invalid length. [ 2006.742287][T25639] FAULT_INJECTION: forcing a failure. [ 2006.742287][T25639] name failslab, interval 1, probability 0, space 0, times 0 [ 2006.762074][T25639] CPU: 0 UID: 0 PID: 25639 Comm: syz.5.5312 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 2006.772878][T25639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 2006.782958][T25639] Call Trace: [ 2006.786343][T25639] [ 2006.789288][T25639] dump_stack_lvl+0x241/0x360 [ 2006.793989][T25639] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2006.799205][T25639] ? __pfx__printk+0x10/0x10 [ 2006.803810][T25639] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 2006.809823][T25639] ? __pfx___might_resched+0x10/0x10 [ 2006.815151][T25639] should_fail_ex+0x3b0/0x4e0 [ 2006.819860][T25639] should_failslab+0xac/0x100 [ 2006.824566][T25639] kmem_cache_alloc_node_noprof+0x77/0x380 [ 2006.830398][T25639] ? __alloc_skb+0x1c3/0x440 [ 2006.835029][T25639] __alloc_skb+0x1c3/0x440 [ 2006.839494][T25639] ? __pfx___alloc_skb+0x10/0x10 [ 2006.844443][T25639] ? netlink_ack_tlv_len+0x6e/0x200 [ 2006.849653][T25639] netlink_ack+0x145/0xa50 [ 2006.854083][T25639] netlink_rcv_skb+0x262/0x430 [ 2006.858844][T25639] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2006.864306][T25639] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2006.869605][T25639] ? netlink_deliver_tap+0x2e/0x1b0 [ 2006.874805][T25639] netlink_unicast+0x7f6/0x990 [ 2006.879576][T25639] ? __pfx_netlink_unicast+0x10/0x10 [ 2006.884861][T25639] ? __virt_addr_valid+0x45f/0x530 [ 2006.889973][T25639] ? __phys_addr_symbol+0x2f/0x70 [ 2006.894995][T25639] ? __check_object_size+0x47a/0x730 [ 2006.900282][T25639] netlink_sendmsg+0x8e4/0xcb0 [ 2006.905041][T25639] ? mark_lock+0x9a/0x360 [ 2006.909373][T25639] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2006.914666][T25639] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2006.919943][T25639] __sock_sendmsg+0x221/0x270 [ 2006.924627][T25639] sock_write_iter+0x2d7/0x3f0 [ 2006.929392][T25639] ? __pfx_sock_write_iter+0x10/0x10 [ 2006.934699][T25639] do_iter_readv_writev+0x600/0x880 [ 2006.939901][T25639] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 2006.945621][T25639] ? bpf_lsm_file_permission+0x9/0x10 [ 2006.950991][T25639] ? security_file_permission+0x74/0x280 [ 2006.956617][T25639] ? rw_verify_area+0x1c3/0x6f0 [ 2006.961470][T25639] vfs_writev+0x376/0xba0 [ 2006.965801][T25639] ? __pfx_lock_acquire+0x10/0x10 [ 2006.970823][T25639] ? __pfx_vfs_writev+0x10/0x10 [ 2006.975683][T25639] ? __pfx_vfs_write+0x10/0x10 [ 2006.980534][T25639] ? __fget_files+0x2a/0x410 [ 2006.985121][T25639] ? __fget_files+0x395/0x410 [ 2006.989795][T25639] ? __fget_files+0x2a/0x410 [ 2006.994387][T25639] do_writev+0x1b6/0x360 [ 2006.998630][T25639] ? __pfx_do_writev+0x10/0x10 [ 2007.003388][T25639] ? do_syscall_64+0x100/0x230 [ 2007.008156][T25639] ? do_syscall_64+0xb6/0x230 [ 2007.012835][T25639] do_syscall_64+0xf3/0x230 [ 2007.017339][T25639] ? clear_bhb_loop+0x35/0x90 [ 2007.022012][T25639] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2007.027905][T25639] RIP: 0033:0x7f090b185d29 [ 2007.032316][T25639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2007.052178][T25639] RSP: 002b:00007f090bf62038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 2007.060590][T25639] RAX: ffffffffffffffda RBX: 00007f090b375fa0 RCX: 00007f090b185d29 [ 2007.068649][T25639] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 0000000000000004 [ 2007.076704][T25639] RBP: 00007f090bf62090 R08: 0000000000000000 R09: 0000000000000000 [ 2007.084675][T25639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2007.092648][T25639] R13: 0000000000000000 R14: 00007f090b375fa0 R15: 00007ffd8cbd6bb8 [ 2007.100629][T25639] [ 2007.729706][T25655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2007.740283][T25655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2008.350964][T25671] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5320'. [ 2009.104208][ T5871] usb 10-1: new high-speed USB device number 88 using dummy_hcd [ 2010.212803][ T5871] usb 10-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 2011.114261][T25694] overlayfs: missing 'lowerdir' [ 2011.183462][ T5871] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2011.193901][ T5871] usb 10-1: Product: syz [ 2011.198187][ T5871] usb 10-1: Manufacturer: syz [ 2011.213674][ T5871] usb 10-1: SerialNumber: syz [ 2011.224681][ T5871] usb 10-1: config 0 descriptor?? [ 2011.412534][ T5871] usb 10-1: can't set config #0, error -71 [ 2011.421014][ T5871] usb 10-1: USB disconnect, device number 88 [ 2011.593920][T25700] overlay: Unknown parameter 'appraise' [ 2012.630064][T25709] overlay: Unknown parameter 'appraise' [ 2013.303917][T25715] overlay: Unknown parameter 'appraise' [ 2015.124035][ T5871] usb 10-1: new high-speed USB device number 89 using dummy_hcd [ 2015.341497][ T5871] usb 10-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 2015.475744][ T5871] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2015.511448][T25725] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5333'. [ 2015.545945][ T5871] usb 10-1: Product: syz [ 2015.550520][ T5871] usb 10-1: Manufacturer: syz [ 2015.555405][ T5871] usb 10-1: SerialNumber: syz [ 2015.575225][ T5871] usb 10-1: config 0 descriptor?? [ 2015.595873][ T5871] usb 10-1: can't set config #0, error -71 [ 2015.635196][ T5871] usb 10-1: USB disconnect, device number 89 [ 2017.477081][T25745] overlayfs: missing 'lowerdir' [ 2019.387115][T25756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2019.397750][T25756] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2020.035974][T25767] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5341'. [ 2020.048687][T25767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2020.057740][T25767] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2020.071214][T25767] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2020.082980][T25768] overlay: Unknown parameter 'appraise' [ 2020.161233][T25767] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2020.259622][ T1205] usb 10-1: new high-speed USB device number 90 using dummy_hcd [ 2020.300716][T25767] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2021.379913][ T1205] usb 10-1: Using ep0 maxpacket: 8 [ 2021.389162][T25767] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2021.391741][ T1205] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 2021.699970][T25779] Bluetooth: hci1: Frame reassembly failed (-84) [ 2021.733534][T25779] netlink: 52 bytes leftover after parsing attributes in process `syz.7.5347'. [ 2022.127570][ T1205] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 2022.166247][ T1205] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2022.203030][ T1205] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2022.327345][ T1205] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 2022.357347][ T1205] usb 10-1: config 168 descriptor has 1 excess byte, ignoring [ 2022.367037][ T1205] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 2022.378532][ T1205] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2022.390782][ T1205] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2022.402225][ T1205] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 2023.048555][T25767] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2023.130027][ T1205] usb 10-1: unable to read config index 2 descriptor/start: -71 [ 2023.138743][T25767] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2023.150622][ T1205] usb 10-1: can't read configurations, error -71 [ 2023.182216][T25767] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2023.200798][T25767] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2024.184511][T25795] overlayfs: failed to resolve './file0': -2 [ 2024.364035][T22393] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 2024.482492][T25796] netlink: 20 bytes leftover after parsing attributes in process `syz.9.5349'. [ 2025.957135][ T29] audit: type=1804 audit(1734623827.122:18700): pid=25806 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.5351" name="/newroot/666/bus/bus" dev="overlay" ino=4017 res=1 errno=0 [ 2025.978329][ C0] vkms_vblank_simulate: vblank timer overrun [ 2026.655058][T25814] FAULT_INJECTION: forcing a failure. [ 2026.655058][T25814] name failslab, interval 1, probability 0, space 0, times 0 [ 2026.967608][T25818] overlay: Unknown parameter 'appraise' [ 2027.179356][T25814] CPU: 1 UID: 0 PID: 25814 Comm: syz.0.5355 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 2027.190188][T25814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 2027.200258][T25814] Call Trace: [ 2027.203555][T25814] [ 2027.206502][T25814] dump_stack_lvl+0x241/0x360 [ 2027.211203][T25814] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2027.216416][T25814] ? __pfx__printk+0x10/0x10 [ 2027.221019][T25814] ? fs_reclaim_acquire+0x93/0x130 [ 2027.226153][T25814] ? __pfx___might_resched+0x10/0x10 [ 2027.231459][T25814] should_fail_ex+0x3b0/0x4e0 [ 2027.236155][T25814] should_failslab+0xac/0x100 [ 2027.240848][T25814] __kmalloc_noprof+0xdd/0x4c0 [ 2027.245620][T25814] ? kstrtouint_from_user+0x128/0x190 [ 2027.251000][T25814] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 2027.256743][T25814] tomoyo_realpath_from_path+0xcf/0x5e0 [ 2027.262313][T25814] tomoyo_path_number_perm+0x236/0x860 [ 2027.267794][T25814] ? rcu_read_lock_any_held+0xb7/0x160 [ 2027.273284][T25814] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 2027.279206][T25814] ? tomoyo_path_number_perm+0x206/0x860 [ 2027.284861][T25814] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2027.290526][T25814] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 2027.296527][T25814] ? sb_end_write+0xe9/0x1c0 [ 2027.301133][T25814] ? vfs_write+0x730/0xd30 [ 2027.305580][T25814] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2027.311573][T25814] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2027.318004][T25814] security_file_ioctl+0xc6/0x2a0 [ 2027.323058][T25814] __se_sys_ioctl+0x46/0x170 [ 2027.327693][T25814] do_syscall_64+0xf3/0x230 [ 2027.332233][T25814] ? clear_bhb_loop+0x35/0x90 [ 2027.336940][T25814] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2027.342857][T25814] RIP: 0033:0x7f5cbaf85d29 [ 2027.347290][T25814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2027.366956][T25814] RSP: 002b:00007f5cb8df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2027.375404][T25814] RAX: ffffffffffffffda RBX: 00007f5cbb175fa0 RCX: 00007f5cbaf85d29 [ 2027.383443][T25814] RDX: 00000000200002c0 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 2027.391448][T25814] RBP: 00007f5cb8df6090 R08: 0000000000000000 R09: 0000000000000000 [ 2027.399443][T25814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2027.407466][T25814] R13: 0000000000000000 R14: 00007f5cbb175fa0 R15: 00007ffeec119b28 [ 2027.415477][T25814] [ 2027.522663][T25814] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2028.465290][T25836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2028.474134][T25836] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2028.515307][T25839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2028.524045][T25839] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2028.644637][ T910] usb 10-1: new high-speed USB device number 92 using dummy_hcd [ 2028.877094][ T910] usb 10-1: config 0 has an invalid descriptor of length 178, skipping remainder of the config [ 2028.897163][ T910] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2028.952055][ T910] usb 10-1: New USB device found, idVendor=014c, idProduct=024b, bcdDevice= 0.00 [ 2028.972657][ T910] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=8 [ 2028.994231][ T910] usb 10-1: SerialNumber: syz [ 2029.049584][ T910] usb 10-1: config 0 descriptor?? [ 2029.388755][T25846] overlayfs: failed to resolve './file0': -2 [ 2029.443577][T25846] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5363'. [ 2030.091134][T25851] netlink: 52 bytes leftover after parsing attributes in process `syz.5.5364'. [ 2030.114510][ T910] usb 10-1: USB disconnect, device number 92 [ 2030.172621][T25853] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2030.194237][T25853] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2030.546667][T25858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2030.555345][T25858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2030.567335][T25858] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5368'. [ 2030.672679][T25780] Bluetooth: hci4: unexpected event for opcode 0x0406 [ 2032.055779][T25884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2032.105203][T25884] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2033.422020][T25896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2033.430643][T25896] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2033.656149][T25897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2033.668220][T25897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2034.377037][ T29] audit: type=1400 audit(1734623835.592:18701): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=25907 comm="syz.6.5381" daddr=::ffff:172.20.20.187 [ 2034.600227][ T29] audit: type=1400 audit(1734623835.792:18702): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=25910 comm="syz.9.5382" daddr=::ffff:172.20.20.187 [ 2035.517296][T25924] input: syz0 as /devices/virtual/input/input18 [ 2036.458521][T25933] Cannot find set identified by id 0 to match [ 2036.525051][T25934] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5388'. [ 2037.109237][T25942] loop2: detected capacity change from 0 to 7 [ 2037.280894][ T29] audit: type=1400 audit(1734623837.922:18703): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=25935 comm="syz.5.5390" daddr=::ffff:172.20.20.187 [ 2037.378151][T25942] Dev loop2: unable to read RDB block 7 [ 2037.400136][T25942] loop2: AHDI p2 p3 p4 [ 2037.430632][ T29] audit: type=1400 audit(1734623838.632:18704): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=25946 comm="syz.0.5393" daddr=::ffff:172.20.20.187 [ 2037.442733][T25942] loop2: partition table partially beyond EOD, truncated [ 2037.493371][T25942] loop2: p2 start 131072 is beyond EOD, truncated [ 2037.500183][T25942] loop2: p3 size 150995200 extends beyond EOD, truncated [ 2037.598592][T25958] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5395'. [ 2037.608633][T25958] netlink: 'syz.0.5395': attribute type 7 has an invalid length. [ 2037.620502][T25958] netlink: 'syz.0.5395': attribute type 8 has an invalid length. [ 2037.664455][T25958] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5395'. [ 2037.864654][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 2039.831857][T25986] loop2: detected capacity change from 0 to 7 [ 2040.007039][T25986] Dev loop2: unable to read RDB block 7 [ 2040.012662][T25986] loop2: AHDI p2 p3 [ 2040.016822][T25986] loop2: partition table partially beyond EOD, truncated [ 2040.861017][T25986] loop2: p2 start 131072 is beyond EOD, truncated [ 2042.144979][T26003] loop2: detected capacity change from 0 to 7 [ 2042.177000][T26003] Dev loop2: unable to read RDB block 7 [ 2042.221007][T26003] loop2: AHDI p2 p3 p4 [ 2042.232303][T26003] loop2: partition table partially beyond EOD, truncated [ 2042.398958][T26003] loop2: p2 start 131072 is beyond EOD, truncated [ 2042.515026][T26003] loop2: p3 size 150995200 extends beyond EOD, truncated [ 2042.864010][T26011] overlayfs: failed to resolve './file0': -2 [ 2042.922875][T26011] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5409'. [ 2043.095353][T26011] netlink: 'syz.5.5409': attribute type 7 has an invalid length. [ 2043.144060][T26011] netlink: 'syz.5.5409': attribute type 8 has an invalid length. [ 2043.157270][T26011] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5409'. [ 2043.925003][T26011] bridge0: entered promiscuous mode [ 2044.124972][T26011] batadv_slave_1: entered promiscuous mode [ 2044.164404][T26011] gretap0: entered promiscuous mode [ 2044.463462][T26029] netlink: 52 bytes leftover after parsing attributes in process `syz.6.5413'. [ 2044.495570][ T5868] libceph: connect (1)[c::]:6789 error -101 [ 2044.517149][T26032] ceph: No mds server is up or the cluster is laggy [ 2044.555164][ T5868] libceph: mon0 (1)[c::]:6789 connect error [ 2045.117737][ T46] libceph: connect (1)[c::]:6789 error -101 [ 2045.125430][ T46] libceph: mon0 (1)[c::]:6789 connect error [ 2045.859107][ T46] libceph: connect (1)[c::]:6789 error -101 [ 2045.865396][ T46] libceph: mon0 (1)[c::]:6789 connect error [ 2046.516338][ T29] audit: type=1400 audit(1734623847.732:18705): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26058 comm="syz.7.5419" daddr=::ffff:172.20.20.187 [ 2047.540116][T26076] overlayfs: missing 'lowerdir' [ 2050.778894][T26095] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nbd5": -EINTR [ 2051.347476][T26116] FAULT_INJECTION: forcing a failure. [ 2051.347476][T26116] name failslab, interval 1, probability 0, space 0, times 0 [ 2051.370077][T26116] CPU: 0 UID: 0 PID: 26116 Comm: syz.0.5431 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 2051.380881][T26116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 2051.390963][T26116] Call Trace: [ 2051.394259][T26116] [ 2051.397211][T26116] dump_stack_lvl+0x241/0x360 [ 2051.402002][T26116] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2051.407229][T26116] ? __pfx__printk+0x10/0x10 [ 2051.411849][T26116] should_fail_ex+0x3b0/0x4e0 [ 2051.416551][T26116] should_failslab+0xac/0x100 [ 2051.421260][T26116] ? skb_clone+0x20c/0x390 [ 2051.425691][T26116] kmem_cache_alloc_noprof+0x70/0x380 [ 2051.431077][T26116] skb_clone+0x20c/0x390 [ 2051.435325][T26116] __netlink_deliver_tap+0x3cc/0x7f0 [ 2051.440615][T26116] ? netlink_deliver_tap+0x2e/0x1b0 [ 2051.445899][T26116] netlink_deliver_tap+0x19d/0x1b0 [ 2051.451012][T26116] netlink_unicast+0x7c4/0x990 [ 2051.455885][T26116] ? __pfx_netlink_unicast+0x10/0x10 [ 2051.461287][T26116] ? __virt_addr_valid+0x45f/0x530 [ 2051.466629][T26116] ? __phys_addr_symbol+0x2f/0x70 [ 2051.471650][T26116] ? __check_object_size+0x47a/0x730 [ 2051.476941][T26116] netlink_sendmsg+0x8e4/0xcb0 [ 2051.481716][T26116] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2051.487008][T26116] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2051.492296][T26116] __sock_sendmsg+0x221/0x270 [ 2051.496986][T26116] ____sys_sendmsg+0x52a/0x7e0 [ 2051.501754][T26116] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2051.507035][T26116] ? __fget_files+0x2a/0x410 [ 2051.511629][T26116] ? __fget_files+0x2a/0x410 [ 2051.516224][T26116] __sys_sendmsg+0x269/0x350 [ 2051.520815][T26116] ? __pfx_lock_release+0x10/0x10 [ 2051.525847][T26116] ? __pfx___sys_sendmsg+0x10/0x10 [ 2051.530963][T26116] ? __pfx_vfs_write+0x10/0x10 [ 2051.535837][T26116] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2051.542168][T26116] ? do_syscall_64+0x100/0x230 [ 2051.546933][T26116] ? do_syscall_64+0xb6/0x230 [ 2051.551612][T26116] do_syscall_64+0xf3/0x230 [ 2051.556124][T26116] ? clear_bhb_loop+0x35/0x90 [ 2051.560798][T26116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2051.566693][T26116] RIP: 0033:0x7f5cbaf85d29 [ 2051.571104][T26116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2051.590906][T26116] RSP: 002b:00007f5cb8df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2051.599330][T26116] RAX: ffffffffffffffda RBX: 00007f5cbb175fa0 RCX: 00007f5cbaf85d29 [ 2051.607306][T26116] RDX: 0000000000004084 RSI: 0000000020000740 RDI: 0000000000000003 [ 2051.615283][T26116] RBP: 00007f5cb8df6090 R08: 0000000000000000 R09: 0000000000000000 [ 2051.623288][T26116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2051.631257][T26116] R13: 0000000000000000 R14: 00007f5cbb175fa0 R15: 00007ffeec119b28 [ 2051.639281][T26116] [ 2051.769628][ T29] audit: type=1400 audit(1734623852.982:18706): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26113 comm="syz.6.5433" daddr=::ffff:172.20.20.187 [ 2052.266965][T26120] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2052.312619][T26120] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2052.384536][T26124] netlink: 96 bytes leftover after parsing attributes in process `syz.9.5436'. [ 2052.773404][T26128] Bluetooth: hci1: Frame reassembly failed (-84) [ 2052.794099][T26128] netlink: 52 bytes leftover after parsing attributes in process `syz.5.5435'. [ 2053.360074][T26126] overlayfs: failed to clone upperpath [ 2053.375091][T26126] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5437'. [ 2053.384566][T26126] netlink: 'syz.6.5437': attribute type 7 has an invalid length. [ 2053.392324][T26126] netlink: 'syz.6.5437': attribute type 8 has an invalid length. [ 2053.400487][T26126] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5437'. [ 2055.484313][T22393] Bluetooth: hci1: command 0xfc11 tx timeout [ 2055.491046][T25780] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 2056.767820][T26158] loop2: detected capacity change from 0 to 7 [ 2056.772218][T26162] syz.5.5445: attempt to access beyond end of device [ 2056.772218][T26162] nbd5: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 2056.805009][T26158] Dev loop2: unable to read RDB block 7 [ 2056.840623][ T910] usb 10-1: new high-speed USB device number 93 using dummy_hcd [ 2056.864426][T26158] loop2: AHDI p2 p3 p4 [ 2056.868705][T26158] loop2: partition table partially beyond EOD, truncated [ 2056.904417][T26158] loop2: p2 start 131072 is beyond EOD, truncated [ 2056.912280][T26158] loop2: p3 size 150995200 extends beyond EOD, truncated [ 2056.972068][T26169] netlink: 96 bytes leftover after parsing attributes in process `syz.5.5448'. [ 2057.112502][ T29] audit: type=1400 audit(1734623858.322:18707): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26167 comm="syz.0.5447" daddr=::ffff:172.20.20.187 [ 2057.164865][ T910] usb 10-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 2057.268477][ T910] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2057.387282][ T910] usb 10-1: Product: syz [ 2057.472229][ T910] usb 10-1: Manufacturer: syz [ 2057.648363][ T910] usb 10-1: SerialNumber: syz [ 2057.682804][ T910] usb 10-1: config 0 descriptor?? [ 2057.715300][T26176] input: syz0 as /devices/virtual/input/input20 [ 2057.718354][ T910] usb 10-1: can't set config #0, error -71 [ 2057.730083][ T910] usb 10-1: USB disconnect, device number 93 [ 2058.808292][T26198] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5455'. [ 2058.946666][T26198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2059.017919][T26198] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2059.075632][T26198] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2059.160002][T26198] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2059.326843][T26198] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2059.441385][T26198] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2060.290315][T26216] FAULT_INJECTION: forcing a failure. [ 2060.290315][T26216] name failslab, interval 1, probability 0, space 0, times 0 [ 2060.330216][T26216] CPU: 0 UID: 0 PID: 26216 Comm: syz.7.5458 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 2060.341051][T26216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 2060.351129][T26216] Call Trace: [ 2060.354426][T26216] [ 2060.357378][T26216] dump_stack_lvl+0x241/0x360 [ 2060.362091][T26216] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2060.367324][T26216] ? __pfx__printk+0x10/0x10 [ 2060.371954][T26216] ? fs_reclaim_acquire+0x93/0x130 [ 2060.377103][T26216] ? __pfx___might_resched+0x10/0x10 [ 2060.382427][T26216] should_fail_ex+0x3b0/0x4e0 [ 2060.387140][T26216] should_failslab+0xac/0x100 [ 2060.391851][T26216] __kmalloc_noprof+0xdd/0x4c0 [ 2060.396640][T26216] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 2060.402394][T26216] tomoyo_realpath_from_path+0xcf/0x5e0 [ 2060.407989][T26216] tomoyo_path_number_perm+0x236/0x860 [ 2060.413478][T26216] ? __lock_acquire+0x1397/0x2100 [ 2060.418624][T26216] ? tomoyo_path_number_perm+0x206/0x860 [ 2060.424288][T26216] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 2060.430432][T26216] ? __pfx_lock_release+0x10/0x10 [ 2060.435471][T26216] ? __fget_files+0x2a/0x410 [ 2060.440068][T26216] ? __fget_files+0x2a/0x410 [ 2060.444663][T26216] security_file_ioctl+0xc6/0x2a0 [ 2060.449688][T26216] __se_sys_ioctl+0x46/0x170 [ 2060.454284][T26216] do_syscall_64+0xf3/0x230 [ 2060.458790][T26216] ? clear_bhb_loop+0x35/0x90 [ 2060.463552][T26216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2060.469446][T26216] RIP: 0033:0x7fd1e4185d29 [ 2060.473865][T26216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2060.493468][T26216] RSP: 002b:00007fd1e50a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2060.501968][T26216] RAX: ffffffffffffffda RBX: 00007fd1e4375fa0 RCX: 00007fd1e4185d29 [ 2060.509938][T26216] RDX: 00000000200001c0 RSI: 00000000c008ae88 RDI: 0000000000000006 [ 2060.517907][T26216] RBP: 00007fd1e50a3090 R08: 0000000000000000 R09: 0000000000000000 [ 2060.525873][T26216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2060.533856][T26216] R13: 0000000000000000 R14: 00007fd1e4375fa0 R15: 00007ffcef761f88 [ 2060.541947][T26216] [ 2060.657003][T26198] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2060.714613][T26198] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2060.724010][T26216] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2060.772469][T26198] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2060.788312][T26198] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2061.680122][T26224] FAULT_INJECTION: forcing a failure. [ 2061.680122][T26224] name failslab, interval 1, probability 0, space 0, times 0 [ 2061.730210][T26226] netlink: 96 bytes leftover after parsing attributes in process `syz.5.5461'. [ 2061.755247][T26224] CPU: 1 UID: 0 PID: 26224 Comm: syz.7.5460 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 2061.766090][T26224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 2061.776178][T26224] Call Trace: [ 2061.779478][T26224] [ 2061.782427][T26224] dump_stack_lvl+0x241/0x360 [ 2061.787141][T26224] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2061.792369][T26224] ? __pfx__printk+0x10/0x10 [ 2061.797861][T26224] ? __kmalloc_noprof+0xb5/0x4c0 [ 2061.802837][T26224] ? __pfx___might_resched+0x10/0x10 [ 2061.808166][T26224] should_fail_ex+0x3b0/0x4e0 [ 2061.812872][T26224] should_failslab+0xac/0x100 [ 2061.817592][T26224] __kmalloc_noprof+0xdd/0x4c0 [ 2061.822382][T26224] ? cap_capable+0x1b4/0x250 [ 2061.827085][T26224] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 2061.833360][T26224] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 2061.839466][T26224] genl_rcv_msg+0x802/0xec0 [ 2061.844004][T26224] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2061.849074][T26224] ? __pfx_lock_acquire+0x10/0x10 [ 2061.854120][T26224] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 2061.857675][ T29] audit: type=1400 audit(1734623863.032:18708): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26227 comm="syz.9.5462" daddr=::ffff:172.20.20.187 [ 2061.860040][T26224] ? __pfx___might_resched+0x10/0x10 [ 2061.883256][T26224] netlink_rcv_skb+0x1e3/0x430 [ 2061.888050][T26224] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2061.893079][T26224] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2061.898377][T26224] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 2061.903847][T26224] genl_rcv+0x28/0x40 [ 2061.907829][T26224] netlink_unicast+0x7f6/0x990 [ 2061.912600][T26224] ? __pfx_netlink_unicast+0x10/0x10 [ 2061.917882][T26224] ? __virt_addr_valid+0x45f/0x530 [ 2061.922990][T26224] ? __phys_addr_symbol+0x2f/0x70 [ 2061.928025][T26224] ? __check_object_size+0x47a/0x730 [ 2061.933320][T26224] netlink_sendmsg+0x8e4/0xcb0 [ 2061.938094][T26224] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2061.943395][T26224] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2061.948675][T26224] __sock_sendmsg+0x221/0x270 [ 2061.953402][T26224] ____sys_sendmsg+0x52a/0x7e0 [ 2061.958171][T26224] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2061.963454][T26224] ? __fget_files+0x2a/0x410 [ 2061.968045][T26224] ? __fget_files+0x2a/0x410 [ 2061.972639][T26224] __sys_sendmsg+0x269/0x350 [ 2061.977254][T26224] ? __pfx_lock_release+0x10/0x10 [ 2061.982467][T26224] ? __pfx___sys_sendmsg+0x10/0x10 [ 2061.987601][T26224] ? __pfx_vfs_write+0x10/0x10 [ 2061.992394][T26224] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2061.998729][T26224] ? do_syscall_64+0x100/0x230 [ 2062.003505][T26224] ? do_syscall_64+0xb6/0x230 [ 2062.008187][T26224] do_syscall_64+0xf3/0x230 [ 2062.012714][T26224] ? clear_bhb_loop+0x35/0x90 [ 2062.017423][T26224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2062.023332][T26224] RIP: 0033:0x7fd1e4185d29 [ 2062.027750][T26224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2062.047456][T26224] RSP: 002b:00007fd1e50a3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2062.055871][T26224] RAX: ffffffffffffffda RBX: 00007fd1e4375fa0 RCX: 00007fd1e4185d29 [ 2062.063841][T26224] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 2062.071898][T26224] RBP: 00007fd1e50a3090 R08: 0000000000000000 R09: 0000000000000000 [ 2062.079867][T26224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2062.087835][T26224] R13: 0000000000000000 R14: 00007fd1e4375fa0 R15: 00007ffcef761f88 [ 2062.095817][T26224] [ 2062.098935][ C1] vkms_vblank_simulate: vblank timer overrun [ 2062.243141][T26237] input: syz0 as /devices/virtual/input/input21 [ 2063.899318][T26261] netlink: 96 bytes leftover after parsing attributes in process `syz.7.5473'. [ 2065.649472][T26277] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5477'. [ 2065.959655][ T29] audit: type=1400 audit(1734623867.172:18709): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26281 comm="syz.7.5478" daddr=::ffff:172.20.20.187 [ 2067.833151][T26300] input: syz0 as /devices/virtual/input/input22 [ 2068.556953][T26308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2068.567740][T26308] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2068.998059][T26313] netlink: 96 bytes leftover after parsing attributes in process `syz.6.5486'. [ 2071.536216][T26325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2071.544915][T26325] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2071.758943][ T29] audit: type=1400 audit(1734623872.972:18710): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26330 comm="syz.7.5490" daddr=::ffff:172.20.20.187 [ 2075.031255][T26361] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5498'. [ 2079.060815][ T29] audit: type=1400 audit(1734623880.012:18711): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26389 comm="syz.6.5506" daddr=::ffff:172.20.20.187 [ 2079.397128][T26399] autofs: Unknown parameter '0x0000000000000000' [ 2079.650494][T26413] futex_wake_op: syz.5.5511 tries to shift op by 32; fix this program [ 2079.702068][T26417] futex_wake_op: syz.5.5511 tries to shift op by 32; fix this program [ 2079.858671][T26424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2079.874621][T26424] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2079.916161][T26424] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5513'. [ 2083.696639][T26452] Invalid ELF header magic: != ELF [ 2084.159079][ T29] audit: type=1804 audit(1734623884.842:18712): pid=26452 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.5518" name="/newroot/695/bus/bus" dev="overlay" ino=4189 res=1 errno=0 [ 2084.204774][T26449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2084.213339][T26449] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2084.766569][T26459] netlink: 52 bytes leftover after parsing attributes in process `syz.7.5521'. [ 2086.804890][T26474] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5524'. [ 2086.814539][T26474] netlink: 'syz.7.5524': attribute type 7 has an invalid length. [ 2086.822327][T26474] netlink: 'syz.7.5524': attribute type 8 has an invalid length. [ 2086.830390][T26474] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5524'. [ 2089.125198][T26493] netlink: 52 bytes leftover after parsing attributes in process `syz.6.5528'. [ 2089.718890][T26503] netlink: 44 bytes leftover after parsing attributes in process `syz.5.5530'. [ 2090.210390][T26515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2090.218991][T26515] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2091.356550][T26512] netlink: 252 bytes leftover after parsing attributes in process `syz.9.5532'. [ 2092.417357][T26531] Bluetooth: hci1: Frame reassembly failed (-84) [ 2092.457776][T26531] netlink: 52 bytes leftover after parsing attributes in process `syz.7.5535'. [ 2093.104439][T26535] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5538'. [ 2093.114341][T26535] netlink: 'syz.0.5538': attribute type 7 has an invalid length. [ 2093.122259][T26535] netlink: 'syz.0.5538': attribute type 8 has an invalid length. [ 2093.131414][T26535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5538'. [ 2093.482975][T26544] overlayfs: failed to clone upperpath [ 2094.622948][T26561] overlayfs: failed to clone upperpath [ 2094.679850][T26562] Invalid ELF header magic: != ELF [ 2094.950948][T26563] Bluetooth: hci6: Frame reassembly failed (-84) [ 2094.970892][T26563] netlink: 52 bytes leftover after parsing attributes in process `syz.0.5542'. [ 2095.534606][T25780] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 2097.929153][T22393] Bluetooth: hci6: command 0xfc11 tx timeout [ 2097.937378][T25780] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 2098.272601][T26590] netlink: 28 bytes leftover after parsing attributes in process `syz.9.5552'. [ 2098.281762][T26590] netlink: 'syz.9.5552': attribute type 7 has an invalid length. [ 2098.289840][T26590] netlink: 'syz.9.5552': attribute type 8 has an invalid length. [ 2098.297792][T26590] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5552'. [ 2099.256894][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 2101.298518][T26622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2101.318644][T26622] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2101.360058][T26601] Invalid source name [ 2101.377380][T26601] UBIFS error (pid: 26601): cannot open "/dev/sg0", error -22 [ 2101.634066][ T5871] usb 10-1: new high-speed USB device number 94 using dummy_hcd [ 2101.804032][ T5871] usb 10-1: device descriptor read/64, error -71 [ 2101.896399][T26633] netdevsim netdevsim6 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2101.984931][T26633] netdevsim netdevsim6 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2102.073986][ T5871] usb 10-1: new high-speed USB device number 95 using dummy_hcd [ 2102.128239][T26633] netdevsim netdevsim6 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2102.446294][T26641] Bluetooth: hci1: Frame reassembly failed (-84) [ 2102.466089][T26641] netlink: 52 bytes leftover after parsing attributes in process `syz.7.5560'. [ 2102.990321][ T5871] usb 10-1: device descriptor read/64, error -71 [ 2103.018976][T26643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2103.045433][T26643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2103.056023][T26633] netdevsim netdevsim6 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2103.104175][ T5871] usb usb10-port1: attempt power cycle [ 2103.152621][T26633] netdevsim netdevsim6 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2103.189684][T26633] netdevsim netdevsim6 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2103.302058][T26633] netdevsim netdevsim6 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2103.336462][T26633] netdevsim netdevsim6 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2103.474159][ T5871] usb 10-1: new high-speed USB device number 96 using dummy_hcd [ 2103.501245][ T5871] usb 10-1: device descriptor read/8, error -71 [ 2104.272171][T26651] syz.0.5566: attempt to access beyond end of device [ 2104.272171][T26651] nbd0: rw=2048, sector=2, nr_sectors = 1 limit=0 [ 2104.384081][ T5871] usb 10-1: new high-speed USB device number 97 using dummy_hcd [ 2105.034991][T22393] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 2105.195643][ T5871] usb 10-1: device not accepting address 97, error -71 [ 2105.694151][ T5871] usb usb10-port1: unable to enumerate USB device [ 2106.068506][T26684] overlay: Unknown parameter 'appraise' [ 2106.910575][T26689] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2106.924082][T26689] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2106.954073][ T5871] usb 10-1: new high-speed USB device number 98 using dummy_hcd [ 2107.126150][T26696] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5580'. [ 2107.183984][ T5871] usb 10-1: Using ep0 maxpacket: 16 [ 2107.209070][T26696] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2107.218971][T26696] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2107.226849][ T5871] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2107.239727][ T5871] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 2107.268016][ T5871] usb 10-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 2107.290620][T26696] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2107.317759][ T5871] usb 10-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 2107.348990][ T5871] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2107.362711][ T5871] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2107.393400][T26696] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2107.403867][ T5871] usb 10-1: Product: syz [ 2107.415228][ T5871] usb 10-1: Manufacturer: syz [ 2107.419959][ T5871] usb 10-1: SerialNumber: syz [ 2107.491774][T26696] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2107.610857][T26696] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2107.665397][T26702] loop2: detected capacity change from 0 to 7 [ 2107.685354][T26702] Dev loop2: unable to read RDB block 7 [ 2107.710331][T26702] loop2: AHDI p1 p4 [ 2107.727279][T26702] loop2: partition table partially beyond EOD, truncated [ 2107.743529][ T5871] usb 10-1: USB disconnect, device number 98 [ 2107.759941][T26702] loop2: p1 size 10 extends beyond EOD, truncated [ 2107.836825][T26696] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2107.883540][T26696] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2107.927609][T26696] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2107.987647][T26696] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2111.347262][ T29] audit: type=1400 audit(1734623912.552:18713): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26735 comm="syz.9.5590" daddr=::ffff:172.20.20.187 [ 2111.890873][T26742] netlink: 60 bytes leftover after parsing attributes in process `syz.5.5592'. [ 2111.923948][T26742] netlink: 60 bytes leftover after parsing attributes in process `syz.5.5592'. [ 2111.952747][T26738] netlink: 44 bytes leftover after parsing attributes in process `syz.6.5591'. [ 2113.431952][T26762] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2113.494078][T26762] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2116.201332][T26789] vivid-001: disconnect [ 2116.207627][T26789] vivid-001: reconnect [ 2116.768216][T26791] overlay: Unknown parameter 'appraise' [ 2117.536809][T26803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2117.587173][T26803] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2123.039286][T26848] vivid-001: disconnect [ 2123.044521][T26848] vivid-001: reconnect [ 2123.177552][T26851] netlink: 'syz.7.5622': attribute type 1 has an invalid length. [ 2123.233043][T26851] netlink: 5 bytes leftover after parsing attributes in process `syz.7.5622'. [ 2123.516390][T26861] FAULT_INJECTION: forcing a failure. [ 2123.516390][T26861] name failslab, interval 1, probability 0, space 0, times 0 [ 2123.546885][T26868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2123.575852][T26868] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2123.584021][T26861] CPU: 0 UID: 0 PID: 26861 Comm: syz.0.5623 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 2123.594822][T26861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 2123.604904][T26861] Call Trace: [ 2123.608202][T26861] [ 2123.611149][T26861] dump_stack_lvl+0x241/0x360 [ 2123.615854][T26861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2123.621061][T26861] ? __pfx__printk+0x10/0x10 [ 2123.625651][T26861] ? kmem_cache_alloc_noprof+0x48/0x380 [ 2123.631197][T26861] ? __pfx___might_resched+0x10/0x10 [ 2123.636490][T26861] should_fail_ex+0x3b0/0x4e0 [ 2123.641164][T26861] should_failslab+0xac/0x100 [ 2123.645842][T26861] ? __kvm_mmu_topup_memory_cache+0x1e3/0x6b0 [ 2123.651905][T26861] kmem_cache_alloc_noprof+0x70/0x380 [ 2123.657285][T26861] __kvm_mmu_topup_memory_cache+0x1e3/0x6b0 [ 2123.663182][T26861] kvm_mmu_load+0x115/0x2820 [ 2123.667775][T26861] ? __pfx_lock_release+0x10/0x10 [ 2123.672798][T26861] ? __pfx_kvm_mmu_load+0x10/0x10 [ 2123.677828][T26861] ? folio_mark_accessed+0x25d/0x9c0 [ 2123.683117][T26861] ? do_raw_read_unlock+0x3c/0x80 [ 2123.688140][T26861] ? _raw_read_unlock+0x28/0x50 [ 2123.692985][T26861] ? vmx_set_apic_access_page_addr+0x6e7/0x940 [ 2123.699160][T26861] ? vmx_get_rflags+0x1ff/0x3e0 [ 2123.704040][T26861] ? kvm_apic_has_interrupt+0x4bc/0xa70 [ 2123.709606][T26861] ? vmx_enable_irq_window+0x89/0x130 [ 2123.714992][T26861] vcpu_run+0x5c40/0x8a90 [ 2123.719395][T26861] ? __pfx_vcpu_run+0x10/0x10 [ 2123.724080][T26861] ? __local_bh_enable_ip+0x168/0x200 [ 2123.729456][T26861] ? lockdep_hardirqs_on+0x99/0x150 [ 2123.734656][T26861] ? __pfx_lock_acquire+0x10/0x10 [ 2123.739676][T26861] ? fpu_swap_kvm_fpstate+0x82/0x460 [ 2123.744960][T26861] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 2123.750680][T26861] ? xfd_validate_state+0x6e/0x150 [ 2123.755814][T26861] ? rcu_is_watching+0x15/0xb0 [ 2123.760612][T26861] ? rcu_is_watching+0x15/0xb0 [ 2123.765393][T26861] kvm_arch_vcpu_ioctl_run+0xa76/0x19d0 [ 2123.770955][T26861] ? mark_lock+0x9a/0x360 [ 2123.775299][T26861] ? kvm_arch_vcpu_ioctl_run+0x1cc/0x19d0 [ 2123.781031][T26861] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 2123.787059][T26861] ? __pfx_lock_acquire+0x10/0x10 [ 2123.792089][T26861] ? kvm_vcpu_ioctl+0xd71/0xea0 [ 2123.796945][T26861] ? __pfx_lock_release+0x10/0x10 [ 2123.801970][T26861] ? do_raw_write_lock+0x148/0x4f0 [ 2123.807095][T26861] ? __pfx_do_raw_write_lock+0x10/0x10 [ 2123.812565][T26861] kvm_vcpu_ioctl+0x920/0xea0 [ 2123.817365][T26861] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 2123.822570][T26861] ? smack_file_ioctl+0x353/0x3a0 [ 2123.827595][T26861] ? __pfx_smack_file_ioctl+0x10/0x10 [ 2123.832967][T26861] ? __fget_files+0x2a/0x410 [ 2123.837645][T26861] ? __fget_files+0x2a/0x410 [ 2123.842230][T26861] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 2123.847468][T26861] __se_sys_ioctl+0xf5/0x170 [ 2123.852075][T26861] do_syscall_64+0xf3/0x230 [ 2123.856585][T26861] ? clear_bhb_loop+0x35/0x90 [ 2123.861257][T26861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2123.867149][T26861] RIP: 0033:0x7f5cbaf85d29 [ 2123.871562][T26861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2123.891167][T26861] RSP: 002b:00007f5cb8df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2123.899582][T26861] RAX: ffffffffffffffda RBX: 00007f5cbb175fa0 RCX: 00007f5cbaf85d29 [ 2123.907547][T26861] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 2123.915511][T26861] RBP: 00007f5cb8df6090 R08: 0000000000000000 R09: 0000000000000000 [ 2123.923475][T26861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2123.931442][T26861] R13: 0000000000000000 R14: 00007f5cbb175fa0 R15: 00007ffeec119b28 [ 2123.939426][T26861] [ 2124.047874][ T29] audit: type=1400 audit(2000000000.010:18714): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=26872 comm="syz.6.5629" daddr=::ffff:224.0.0.1 dest=20020 [ 2229.043700][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 2229.050715][ C1] rcu: 0-...!: (0 ticks this GP) idle=e43c/1/0x4000000000000000 softirq=110296/110296 fqs=0 [ 2229.063029][ C1] rcu: (detected by 1, t=10502 jiffies, g=112957, q=113 ncpus=2) [ 2229.070870][ C1] Sending NMI from CPU 1 to CPUs 0: [ 2229.070909][ C0] NMI backtrace for cpu 0 [ 2229.070925][ C0] CPU: 0 UID: 0 PID: 26875 Comm: syz.7.5630 Not tainted 6.13.0-rc3-syzkaller-00073-geabcdba3ad40 #0 [ 2229.070950][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 2229.070962][ C0] RIP: 0010:debug_lockdep_rcu_enabled+0x21/0x40 [ 2229.070993][ C0] Code: 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 31 c0 83 3d b7 b0 57 04 00 74 1e 83 3d 4a e2 57 04 00 74 15 65 48 8b 0c 25 80 d4 03 00 <31> c0 83 b9 dc 0a 00 00 00 0f 94 c0 c3 cc cc cc cc 66 2e 0f 1f 84 [ 2229.071008][ C0] RSP: 0018:ffffc90000007c68 EFLAGS: 00000002 [ 2229.071025][ C0] RAX: 0000000000000000 RBX: ffffffff89c5aa42 RCX: ffff888028549e00 [ 2229.071038][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0aa960 RDI: ffffffff8c5edb60 [ 2229.071051][ C0] RBP: ffff888011ee20c8 R08: ffffffff94270887 R09: 1ffffffff284e110 [ 2229.071064][ C0] R10: dffffc0000000000 R11: fffffbfff284e111 R12: dffffc0000000000 [ 2229.071078][ C0] R13: ffff888011ee2008 R14: ffff888011ee2000 R15: ffff888024b97360 [ 2229.071092][ C0] FS: 00005555873f9500(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 2229.071107][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2229.071120][ C0] CR2: 00007fd1e50a2f98 CR3: 000000004ba0a000 CR4: 00000000003526f0 [ 2229.071135][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2229.071146][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2229.071157][ C0] Call Trace: [ 2229.071165][ C0] [ 2229.071176][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 2229.071215][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 2229.071257][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 2229.071297][ C0] ? nmi_handle+0x2a/0x5a0 [ 2229.071352][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 2229.071399][ C0] ? nmi_handle+0x14f/0x5a0 [ 2229.071434][ C0] ? nmi_handle+0x2a/0x5a0 [ 2229.071453][ C0] ? debug_lockdep_rcu_enabled+0x21/0x40 [ 2229.071475][ C0] ? default_do_nmi+0x63/0x160 [ 2229.071493][ C0] ? exc_nmi+0x123/0x1f0 [ 2229.071511][ C0] ? end_repeat_nmi+0xf/0x53 [ 2229.071528][ C0] ? advance_sched+0xa02/0xca0 [ 2229.071552][ C0] ? debug_lockdep_rcu_enabled+0x21/0x40 [ 2229.071575][ C0] ? debug_lockdep_rcu_enabled+0x21/0x40 [ 2229.071599][ C0] ? debug_lockdep_rcu_enabled+0x21/0x40 [ 2229.071622][ C0] [ 2229.071628][ C0] [ 2229.071634][ C0] advance_sched+0xa27/0xca0 [ 2229.071660][ C0] ? __pfx_advance_sched+0x10/0x10 [ 2229.071680][ C0] __hrtimer_run_queues+0x59b/0xd30 [ 2229.071711][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 2229.071732][ C0] ? sched_clock+0x4a/0x70 [ 2229.071755][ C0] ? read_tsc+0x9/0x20 [ 2229.071776][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 2229.071798][ C0] hrtimer_interrupt+0x403/0xa40 [ 2229.071830][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 2229.071851][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 2229.071874][ C0] [ 2229.071880][ C0] [ 2229.071887][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2229.071912][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 2229.071940][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 2e ed 3f f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 d3 26 aa f5 65 8b 05 44 79 40 74 85 c0 74 43 48 c7 04 24 0e 36 [ 2229.071955][ C0] RSP: 0018:ffffc9000bf9fae0 EFLAGS: 00000206 [ 2229.071970][ C0] RAX: c09abf273b6aff00 RBX: 1ffff920017f3f60 RCX: ffffffff9a377903 [ 2229.071983][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0a9760 RDI: 0000000000000001 [ 2229.071996][ C0] RBP: ffffc9000bf9fb70 R08: ffffffff90185137 R09: 1ffffffff2030a26 [ 2229.072009][ C0] R10: dffffc0000000000 R11: fffffbfff2030a27 R12: dffffc0000000000 [ 2229.072022][ C0] R13: 1ffff920017f3f5c R14: ffffc9000bf9fb00 R15: 0000000000000246 [ 2229.072043][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 2229.072070][ C0] hrtimer_try_to_cancel+0x3b6/0x410 [ 2229.072094][ C0] hrtimer_cancel+0x16/0x50 [ 2229.072114][ C0] futex_wait+0x115/0x360 [ 2229.072134][ C0] ? __pfx_futex_wait+0x10/0x10 [ 2229.072151][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2229.072170][ C0] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 2229.072194][ C0] ? ktime_get+0x3e/0x1f0 [ 2229.072217][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 2229.072240][ C0] do_futex+0x33b/0x560 [ 2229.072266][ C0] ? __pfx_do_futex+0x10/0x10 [ 2229.072291][ C0] ? read_tsc+0x9/0x20 [ 2229.072314][ C0] __se_sys_futex+0x3f9/0x480 [ 2229.072341][ C0] ? __pfx___se_sys_futex+0x10/0x10 [ 2229.072365][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2229.072383][ C0] ? exc_page_fault+0x590/0x8b0 [ 2229.072405][ C0] ? __x64_sys_futex+0x21/0xf0 [ 2229.072430][ C0] do_syscall_64+0xf3/0x230 [ 2229.072454][ C0] ? clear_bhb_loop+0x35/0x90 [ 2229.072471][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2229.072494][ C0] RIP: 0033:0x7fd1e4185d29 [ 2229.072511][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2229.072525][ C0] RSP: 002b:00007ffcef7620e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2229.072542][ C0] RAX: ffffffffffffffda RBX: 00007ffcef762210 RCX: 00007fd1e4185d29 [ 2229.072555][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd1e4375fac [ 2229.072566][ C0] RBP: 00007fd1e4375fac R08: 7fffffffffffffff R09: 00007ffcef7623df [ 2229.072578][ C0] R10: 00007ffcef7621f0 R11: 0000000000000246 R12: 0000000000206910 [ 2229.072590][ C0] R13: 00007ffcef7621f0 R14: 0000000000000032 R15: 00000000002068de [ 2229.072610][ C0] [ 2229.072901][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g112957 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 2229.623510][ C1] rcu: Possible timer handling issue on cpu=0 timer-softirq=159403 [ 2229.631491][ C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g112957 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 2229.642951][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 2229.652920][ C1] rcu: RCU grace-period kthread stack dump: [ 2229.658811][ C1] task:rcu_preempt state:I stack:24624 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 2229.669028][ C1] Call Trace: [ 2229.672328][ C1] [ 2229.675280][ C1] __schedule+0x17fb/0x4be0 [ 2229.679845][ C1] ? __pfx___schedule+0x10/0x10 [ 2229.684725][ C1] ? __pfx_lock_release+0x10/0x10 [ 2229.689780][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2229.696125][ C1] ? schedule+0x90/0x320 [ 2229.700383][ C1] schedule+0x14b/0x320 [ 2229.704559][ C1] schedule_timeout+0x15a/0x290 [ 2229.709425][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 2229.714898][ C1] ? __pfx_process_timeout+0x10/0x10 [ 2229.720204][ C1] ? prepare_to_swait_event+0x330/0x350 [ 2229.725765][ C1] rcu_gp_fqs_loop+0x2df/0x1330 [ 2229.730811][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 2229.736139][ C1] ? rcu_gp_init+0x1256/0x1630 [ 2229.740935][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 2229.745891][ C1] ? __pfx_rcu_watching_snap_save+0x10/0x10 [ 2229.751803][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 2229.757104][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2229.763020][ C1] ? finish_swait+0xd4/0x1e0 [ 2229.767646][ C1] rcu_gp_kthread+0xa7/0x3b0 [ 2229.772255][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 2229.777464][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2229.783374][ C1] ? __kthread_parkme+0x169/0x1d0 [ 2229.788421][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 2229.793672][ C1] kthread+0x2f0/0x390 [ 2229.797761][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 2229.802970][ C1] ? __pfx_kthread+0x10/0x10 [ 2229.807576][ C1] ret_from_fork+0x4b/0x80 [ 2229.812005][ C1] ? __pfx_kthread+0x10/0x10 [ 2229.816607][ C1] ret_from_fork_asm+0x1a/0x30 [ 2229.821409][ C1]