last executing test programs: 14m0.220048108s ago: executing program 2 (id=399): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) (async, rerun: 32) syz_clone(0x800100, 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32) 13m58.750043258s ago: executing program 2 (id=401): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002500)=ANY=[@ANYBLOB="bf16000000000000b707000000ff00004870000000000000400000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72f85304ef8d14f8bbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340bdc8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d3682a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd56eee5798041358a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cca6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed154be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9000000006a370e9eb56b3d790b98f2bd0db1e5de6a3040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce993c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436362dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73a20aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f10f615c87c441dc970ec896a5af6bf69b50a244bc138a1cae9868c3079bafe601fb695a9769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10000000000000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f00000002c0), &(0x7f0000000240)=r1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="18080000000000000000000000000a0018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f0000000600)={0x871, 0x4, 0x4, 0x401, 0x5}) 13m54.207253406s ago: executing program 2 (id=412): openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x12, r1, 0x0) syz_clone(0x81000000, 0x0, 0x0, 0x0, 0x0, 0x0) ftruncate(r1, 0xc17a) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a200040b5766b01040000000000000000010080030900010073797a31000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a32000000008c000000060a010400000000000000000100000008000b400000000070000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000380001800c000100626974776973650028000280080003400000000408000140000000170800024000000012040005800800048004000280140000001100010000000000000000"], 0x100}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x8031, r1, 0x1342e000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x400c0c0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000240), 0x141802, 0x0) r4 = fsopen(&(0x7f0000000040)='binder\x00', 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x1, 0x4, 0x8}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x1, 0x9}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000b0000000000000000850000002e00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) close(r4) socket$nl_netfilter(0x10, 0x3, 0xc) 13m47.286021694s ago: executing program 2 (id=439): openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x12, r1, 0x0) syz_clone(0x81000000, 0x0, 0x0, 0x0, 0x0, 0x0) ftruncate(r1, 0xc17a) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a200040b5766b01040000000000000000010080030900010073797a31000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a32000000008c000000060a010400000000000000000100000008000b400000000070000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000380001800c000100626974776973650028000280080003400000000408000140000000170800024000000012040005800800048004000280140000001100010000000000000000"], 0x100}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x8031, r1, 0x1342e000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x400c0c0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000240), 0x141802, 0x0) r4 = fsopen(&(0x7f0000000040)='binder\x00', 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x1, 0x4, 0x8}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x1, 0x9}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000d0000000000000000850000002e00000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x0, &(0x7f00000008c0), 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) close(r4) socket$nl_netfilter(0x10, 0x3, 0xc) 13m37.17119379s ago: executing program 2 (id=500): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 32) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) (rerun: 32) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x44, r3, 0xd55319eec59dfa33, 0x70bd2b, 0x25dfdbfb, {{}, {@void, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x0, 0x68}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'veth0_virt_wifi\x00'}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x81}]}, 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0x20004880) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) (async) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) (async, rerun: 64) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) (async, rerun: 64) r5 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r5, 0x84, 0x6, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0x2, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}}}, 0x84) (async, rerun: 32) openat$kvm(0xffffffffffffff9c, 0x0, 0x80141, 0x0) (rerun: 32) read$FUSE(0xffffffffffffffff, &(0x7f00000013c0)={0x2020}, 0x2020) (async) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48) syz_emit_ethernet(0x46, 0x0, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) (async, rerun: 32) ioctl$BLKRAGET(0xffffffffffffffff, 0x1263, &(0x7f0000000180)) (async, rerun: 32) r7 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r7, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) (async) socket$inet_udp(0x2, 0x2, 0x0) socket$inet6(0xa, 0x80802, 0x0) (async) r8 = syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r8, 0x7b1, 0x0) 13m33.778016677s ago: executing program 2 (id=521): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6a) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x20000632) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x3) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r4, &(0x7f0000004100)={0x2020}, 0x2020) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="40000000100009", @ANYRES32=0x0, @ANYBLOB="a7ffa88800000000200012800900010069706970000000fa0f000280040013000500090000000008f33a5798cb485f3a9776f093ab3e544599d87862ad961fa67f7215b55c42d37b9a100eb2ec063287898534c013c8f11d376156badd398f094e0e3b0cae09b813a27158392211de2312f2526854a5a004cb08da"], 0x40}}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) socket(0x400000000010, 0x3, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002640)={0x2020}, 0x2020) sendmsg$nl_route(r5, 0x0, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, 0x0, 0x10) 13m17.377229994s ago: executing program 32 (id=521): r0 = creat(&(0x7f0000000000)='./file0\x00', 0x6a) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x20000632) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda0000200018"], 0x69) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x3) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r4, &(0x7f0000004100)={0x2020}, 0x2020) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="40000000100009", @ANYRES32=0x0, @ANYBLOB="a7ffa88800000000200012800900010069706970000000fa0f000280040013000500090000000008f33a5798cb485f3a9776f093ab3e544599d87862ad961fa67f7215b55c42d37b9a100eb2ec063287898534c013c8f11d376156badd398f094e0e3b0cae09b813a27158392211de2312f2526854a5a004cb08da"], 0x40}}, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000680)={'bridge0\x00'}) socket(0x400000000010, 0x3, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002640)={0x2020}, 0x2020) sendmsg$nl_route(r5, 0x0, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, 0x0, 0x10) 2m43.875558636s ago: executing program 0 (id=3806): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) sendmsg$NL80211_CMD_GET_MPATH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r1, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x20}, 0x1, 0x0, 0x0, 0x40008d1}, 0x4048080) 2m43.755827833s ago: executing program 0 (id=3807): fsopen(&(0x7f0000000580)='overlay\x00', 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) modify_ldt$write2(0x11, &(0x7f0000000200)={0xd8a, 0x20000800, 0x2000, 0x0, 0x3, 0x1, 0x1, 0x1}, 0x10) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000640)=@filter={'filter\x00', 0x42, 0x4, 0x348, 0xffffffff, 0x1b8, 0x0, 0x1b8, 0xffffffff, 0xffffffff, 0x2b0, 0x2b0, 0x2b0, 0xffffffff, 0x4, 0x0, {[{{@ip={@empty, @loopback, 0x0, 0x0, 'veth0_to_batadv\x00', 'wlan0\x00', {}, {}, 0x11}, 0x0, 0xd0, 0xf8, 0x0, {0x100000000000000}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0xf}}, @common=@unspec=@connmark={{0x30}, {0x5}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@unspec=@state={{0x28}, {0x7}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x8}}}, {{@ip={@multicast2, @private=0xa010102, 0x0, 0x0, 'veth1_virt_wifi\x00', '\x00', {}, {}, 0x0, 0x1}, 0x0, 0xb8, 0xf8, 0x0, {}, [@common=@unspec=@connlabel={{0x28}, {0xf, 0x2}}, @common=@socket0={{0x20}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3a8) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x80800) setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f00000014c0)=0x10000b, 0x4) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/88, 0x58}, {&(0x7f0000000740)=""/105, 0xfffffe0b}], 0x2}, 0x0) 2m42.794206497s ago: executing program 0 (id=3813): syz_emit_ethernet(0x46, &(0x7f00000003c0)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7}}}}}}, 0x0) 2m42.707807415s ago: executing program 0 (id=3814): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080) (async) r3 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080) ioctl$LOOP_SET_FD(r3, 0x4c00, r2) ioctl$LOOP_SET_FD(r3, 0x4c05, r3) dup2(r2, r0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@rand_addr=0x64010102, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4e20, 0x0, 0x4e22, 0xc, 0x2, 0x0, 0x0, 0x89, 0x0, 0xee01}, {0x2e6, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x4, 0x4, 0x2, 0xfe, 0x800000000}, {0x1, 0x0, 0x0, 0x1ffffffffe}, 0x20}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x3, 0x0, 0x0, 0xfffffc01, 0xfd3, 0x86}}, 0xe8) (async) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@rand_addr=0x64010102, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4e20, 0x0, 0x4e22, 0xc, 0x2, 0x0, 0x0, 0x89, 0x0, 0xee01}, {0x2e6, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x4, 0x4, 0x2, 0xfe, 0x800000000}, {0x1, 0x0, 0x0, 0x1ffffffffe}, 0x20}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in=@broadcast, 0x0, 0x3, 0x0, 0x0, 0xfffffc01, 0xfd3, 0x86}}, 0xe8) listen(r4, 0x0) (async) listen(r4, 0x0) syz_emit_ethernet(0xb4, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv4={0x800, @tipc={{0x21, 0x4, 0x3, 0x3, 0xa6, 0x65, 0x0, 0x4, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, {[@ra={0x94, 0x4}, @ssrr={0x89, 0x2b, 0xf4, [@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @empty, @private=0xa010101, @broadcast, @rand_addr=0x64010101, @loopback, @local, @dev={0xac, 0x14, 0x14, 0x1d}]}, @timestamp_prespec={0x44, 0x1c, 0x97, 0x3, 0x6, [{@dev={0xac, 0x14, 0x14, 0x44}, 0x2}, {@local, 0x6}, {@empty, 0x3}]}, @timestamp_prespec={0x44, 0x14, 0xc3, 0x3, 0x1, [{@multicast2, 0x5}, {@broadcast, 0x193c00}]}, @timestamp={0x44, 0x10, 0x4c, 0x0, 0x2, [0x6, 0x6, 0x4]}]}}, @payload_direct={{{{0x22, 0x0, 0x1, 0x1, 0x0, 0x8, 0x2, 0x2, 0x3, 0x0, 0x0, 0x6, 0x2, 0x3, 0x8, 0x80, 0x3, 0x4e24, 0x4e22}, 0x0, 0x3}}, [0x0, 0x0]}}}}}, 0x0) (async) syz_emit_ethernet(0xb4, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv4={0x800, @tipc={{0x21, 0x4, 0x3, 0x3, 0xa6, 0x65, 0x0, 0x4, 0x6, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local, {[@ra={0x94, 0x4}, @ssrr={0x89, 0x2b, 0xf4, [@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @empty, @private=0xa010101, @broadcast, @rand_addr=0x64010101, @loopback, @local, @dev={0xac, 0x14, 0x14, 0x1d}]}, @timestamp_prespec={0x44, 0x1c, 0x97, 0x3, 0x6, [{@dev={0xac, 0x14, 0x14, 0x44}, 0x2}, {@local, 0x6}, {@empty, 0x3}]}, @timestamp_prespec={0x44, 0x14, 0xc3, 0x3, 0x1, [{@multicast2, 0x5}, {@broadcast, 0x193c00}]}, @timestamp={0x44, 0x10, 0x4c, 0x0, 0x2, [0x6, 0x6, 0x4]}]}}, @payload_direct={{{{0x22, 0x0, 0x1, 0x1, 0x0, 0x8, 0x2, 0x2, 0x3, 0x0, 0x0, 0x6, 0x2, 0x3, 0x8, 0x80, 0x3, 0x4e24, 0x4e22}, 0x0, 0x3}}, [0x0, 0x0]}}}}}, 0x0) 2m42.428069448s ago: executing program 0 (id=3815): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000080)={0x0, 0x2, 0x1, "fa"}, 0x9) 2m42.246499062s ago: executing program 0 (id=3817): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0xa, 0x300) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0xffffffffffffffb9, &(0x7f0000000300)={&(0x7f00000006c0)=@newtfilter={0x74, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x6, 0x8}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_EMATCHES={0x40, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x30, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_DATA={0x0, 0x5, "a7ae0a4336c85b3d602f041d43ce8b191962e541af380a2076a8d423a019c00fb50673b8368ec8eee1ccaacf1198015faaae386478328109878c589525c8cd9415daf7cfd2c0a7442041fb52f41dbcec8066ac629ea7a02df603cdfc84d96af6947ce902a7582facb54737125ad3da447473d2ede8d5a99aa22fe41118fac493a452e71dfd09367b977765f99222cc638682df3659869f827e2460528c3914dfafe4430c1bbb515c9475fa85671a1337555833474576a39c8f21546f270d597dfc2267ee715484105aa50bfb08938b77e9e9dd0624c3f5f9ac"}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}]}}]}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x2408c0d4) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002800)=[{{0x0, 0x0, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000100)="91641a", 0x3}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0}}], 0x2, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r6 = socket$inet6(0xa, 0x3, 0x3c) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x5000, 0x80000001, @remote, 0x7}, 0x1c) r8 = socket(0x10, 0x3, 0x400) sendmsg$nl_route(r8, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYRESHEX=0x0], 0x24}}, 0x4004094) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) syz_emit_ethernet(0x7e, &(0x7f0000000880)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b88ef", 0xa7, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "bdd7c3", 0x0, 0x33, 0x0, @loopback, @local, [@dstopts={0x29, 0x1, '\x00', [@calipso={0x7, 0x8, {0x2, 0x0, 0xb, 0x4}}]}]}}}}}}}, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 2m42.012999574s ago: executing program 33 (id=3817): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0xa, 0x300) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0xffffffffffffffb9, &(0x7f0000000300)={&(0x7f00000006c0)=@newtfilter={0x74, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x6, 0x8}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_EMATCHES={0x40, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2}}, @TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x30, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x3}, @TCA_EM_IPT_MATCH_DATA={0x0, 0x5, "a7ae0a4336c85b3d602f041d43ce8b191962e541af380a2076a8d423a019c00fb50673b8368ec8eee1ccaacf1198015faaae386478328109878c589525c8cd9415daf7cfd2c0a7442041fb52f41dbcec8066ac629ea7a02df603cdfc84d96af6947ce902a7582facb54737125ad3da447473d2ede8d5a99aa22fe41118fac493a452e71dfd09367b977765f99222cc638682df3659869f827e2460528c3914dfafe4430c1bbb515c9475fa85671a1337555833474576a39c8f21546f270d597dfc2267ee715484105aa50bfb08938b77e9e9dd0624c3f5f9ac"}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x2}]}}]}]}]}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x2408c0d4) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002800)=[{{0x0, 0x0, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000100)="91641a", 0x3}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10, 0x0}}], 0x2, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r6 = socket$inet6(0xa, 0x3, 0x3c) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x5000, 0x80000001, @remote, 0x7}, 0x1c) r8 = socket(0x10, 0x3, 0x400) sendmsg$nl_route(r8, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYRESHEX=0x0], 0x24}}, 0x4004094) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) syz_emit_ethernet(0x7e, &(0x7f0000000880)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b88ef", 0xa7, 0x3a, 0x0, @private1, @local, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "bdd7c3", 0x0, 0x33, 0x0, @loopback, @local, [@dstopts={0x29, 0x1, '\x00', [@calipso={0x7, 0x8, {0x2, 0x0, 0xb, 0x4}}]}]}}}}}}}, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 9.097285201s ago: executing program 4 (id=4580): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x3) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',rootmode=0', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/sctp\x00') getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, 0x0, 0x0) read$FUSE(r2, &(0x7f0000004100)={0x2020}, 0x2020) socket$nl_route(0x10, 0x3, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643d1441770c998d5a804c562af6ec17b4f423cee2b1b063423685d2ff7dc3b5196b8815b2aa67fc948fe66c0428b93b2913e457320838b594fe1826346f34bd8a7e5361aaea18a4ec58dd9d6ff09bf3987096266153bec66d724a0d8d88fd1f35218d7f55e5e35ea5df461c9c4000"/130, @ANYRES8=r3]) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000400)='b[', 0x2}], 0x1) r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000880)={'filter\x00', 0x7fffffe, 0x4, 0x410, 0x0, 0x130, 0x218, 0x328, 0x130, 0x328, 0x4, 0x0, {[{{@arp={@remote, @private=0xa010101, 0x0, 0xffffff00, 0x4, 0x7, {@empty, {[0xff, 0xff, 0x0, 0x0, 0xff, 0xff]}}, {@empty, {[0xff, 0x0, 0xff, 0x0, 0xff]}}, 0x4, 0x8, 0xd, 0x8, 0xe8, 0x6, 'wg2\x00', 'bridge_slave_0\x00', {}, {}, 0x0, 0x4}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x10000, 0x6, 0xff0c, 0x0, 0x0, "2e3db46bbd54492c3b8b94a26d2b6f09949a2c5d377e1886c36b8e355354a160d73a311a2ee6b7547689bb9a515857b39523fadabc9d55f111b9f1dbe8567b8a"}}}, {{@arp={@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xff000000, 0xff, 0xd, 0x5, {@empty, {[0xff, 0x0, 0xff]}}, {@empty, {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x6, 0x8a2d, 0x1002, 0x100, 0xa, 0x64c, 'sit0\x00', 'team0\x00', {0xff}, {}, 0x0, 0x290}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x81, 0xff03}}}, {{@arp={@multicast2, @local, 0x0, 0xff000000, 0x0, 0x0, {@empty, {[0x0, 0x0, 0x0, 0xff]}}, {@mac=@link_local, {[0x0, 0xff, 0x0, 0xff]}}, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 'xfrm0\x00', 'pim6reg\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x460) sendmsg$nl_route(r4, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) r6 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000400)={0x93de, 0x1, 0x0, 0x3, 0x1ff, 0x7, 0xdff8, 0xb, r7}, 0x20) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f00000000c0)=r7, 0x4) socket(0x400000000010, 0x3, 0x0) ptrace$pokeuser(0x6, 0x0, 0x5, 0x3) read$FUSE(0xffffffffffffffff, &(0x7f0000002640)={0x2020}, 0x2020) 8.058883406s ago: executing program 1 (id=4583): splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x3) r0 = syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x1, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800}) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9dc10000", @ANYRES16, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffffff00000000000000000d000100756470"], 0x54}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x2200000000000000, 0x2, 0x700, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x31]}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r2, 0xc0884123, 0x0) 7.767776238s ago: executing program 1 (id=4584): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c00000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001d3d1d3abb700000000"], 0x3c}, 0x1, 0x0, 0x0, 0x8014}, 0x40c0) 6.963548851s ago: executing program 1 (id=4586): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0100001000130700000000fedbdf256401010100000000000000000000000020010000000000000019000000000002000000004e1d0002020000001d000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff000000000000000000000000000000fe320000000000000000000000000000000000000000000000000000000000000000000000fdffffffffffffff53ffffffffffffff01000000000000000900000000000000ffffff7f0000000043050000000000000400000000000000feffffffffffff7f0000000000000000000000000000000002000000000000000000a7e039814f4489f900000200000050000000000000001c00040007004e244e2000000a01010000000000000000000000000060001200726663343130362867636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000600000"], 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0) 6.889364487s ago: executing program 3 (id=4587): r0 = socket$tipc(0x1e, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e24, 0xfffffffe, @loopback}, 0x1c) r2 = io_uring_setup(0x2e03, &(0x7f0000000400)={0x0, 0x9a16, 0x1000, 0x2}) r3 = syz_open_dev$loop(&(0x7f0000000140), 0x5, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000000c0)={0x0, 0x60, "c443d201cab13c73a34e86b87b26b2b3313c6f3fce57850034b8ac56a373a3e1fd2c1ee99bcfdf24eee109fa49c09db7654c6cc7bba9cc3a678ffbb4fbc537b66ac0c6598ac9872ba7efe73b6b147320d42967b3f7146c5f03e514deee604cc9"}, &(0x7f0000000040)=0x68) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000180)={r4, 0x7, 0x9, 0x7f, 0x7}, &(0x7f00000001c0)=0x14) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.freeze\x00', 0x275a, 0x0) write$binfmt_misc(r5, &(0x7f0000000000)="180c4552", 0x4) write$P9_RREADLINK(r5, &(0x7f0000000080)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) write$binfmt_misc(r5, &(0x7f0000000040), 0xe09) socket$unix(0x1, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000880)={0x806, 0x4, 0x6, 0x100007}, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000520001000000000000000000020000000c00", @ANYRES16=r6], 0x20}}, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000900)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x1, 0x800040000000208, 0x0, 0x0, 0x2, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de27d610000cc0080b8785d96000100000000020000ffffffffff0000000000000000000000ffffffffffffbeda", "2809e8dbe108598948224ad54afac11d875397bd3c5240f45f819e01177d2d458dd4992861ac00", "90be8b1c55080021000c547d03d8a0f4bd00", [0x0, 0x6]}}) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000200)=@gcm_256={{0x304}, "b5d4c27c5c778dd0", "5f128fd81908609c81286d4f6a539024ffb7007ed672afb4be7aec5ca3d27dbf", '\x00', "b690a3fabf2cb970"}, 0x38) write$binfmt_script(r1, &(0x7f0000000a80), 0x4) recvmmsg(r1, 0x0, 0x0, 0x40000002, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r5, 0xc0189376, &(0x7f0000000300)={{0x1, 0x1, 0x18, r2, {0x2}}, './file0\x00'}) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000540)="6f6642ded370af281b9461a3a6f0ba8f903d22e37953b92fe80adfc71333b10f14200d112ba4494626c15634f346a8cf1d1649567033013a8a6ba2c889cd32b37052b508d92598855aacde61ff76021d6e1b5abfad17e85a4412176126f746636a718bf9e9af07aad71327eda7", 0x6d}, {&(0x7f00000005c0)="72229758246a55afbcdba4b85e6a4b570fb3dcc52e49261f893107eacb239b693e23201a289753f4411ae888aecb618f114c750223e7167afc5ed5736c7bac0206a0e7dd8164d9805626124fe297d0883214432867107dd78dd46e2820412fe98c6574aa4e96f9d21b949f643cbea8e9c999de359341d78c41d049751bd5d98aec87d9f4d742c2bcf0601d848a0b1b5b847d108f4c72ed7e73724dedc5ce7381b0d37ffd9fb94b0ad4e38064c54b56fa7450186f26610891bc0b475412360ed27d", 0xc1}, {&(0x7f00000006c0)="78cd9fa44035adbf8a433c2a705c267ad0c15ecac62a0c6b5be1491942f159221274bb2ae977b62f2f4dcabe65bd107229b6d5bfb4be1cb9cf87da85c65f35696fbf6ff93f39f4c131f177e37a124b5670d6f745293bf00e820a6996c2cf1b4d2c620c32970631405b64805bfc067dc64d38f56781e8f952d00be10fb1c3dbb92c620ed296429c7367ff82420539771c41653cba8c1a60ff127003a4bb6dba38c1209d871d4d8042ee28c64faa3843aacc8a2e3de0dc61a5046d99a14ff203807eaf4e0802bc93166c18416efce8ecda05c7aef78e74135b", 0xd8}, {0x0}], 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) socket(0x10, 0x3, 0x0) 6.857534588s ago: executing program 4 (id=4588): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(0xffffffffffffffff, 0x7b0, 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r4 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r5 = socket$inet(0xa, 0x801, 0x84) setsockopt$IPT_SO_SET_ADD_COUNTERS(r5, 0x29, 0x41, 0x0, 0x48) shutdown(0xffffffffffffffff, 0x0) r6 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) ftruncate(r6, 0x1000006) fcntl$addseals(r6, 0x409, 0x7) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r6, 0x0, 0x0, 0x1000000}) 6.715402068s ago: executing program 1 (id=4590): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$xdp(0x2c, 0x3, 0x0) bind$xdp(r2, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$SG_SET_DEBUG(r4, 0x227e, &(0x7f00000000c0)) read$FUSE(0xffffffffffffffff, &(0x7f00000002c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x0, 0x9, 0x5, 0x0, 0x7043, r5}) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xc}, 0x44004) sendmsg$NFT_BATCH(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a3200000000140000001100", @ANYRES8], 0x54}, 0x1, 0x0, 0x0, 0x24068045}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000080a01010000000000000000020000000900010073797a300000000038000000060a17d50000000000000000020000000900020073797a32000000000900010073797a30000000000c0003"], 0xcdc}, 0x1, 0x0, 0x0, 0x20000050}, 0x0) r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) rt_sigqueueinfo(0x0, 0x11, 0x0) syz_usb_control_io$hid(r8, 0x0, 0x0) ioctl$HIDIOCGUSAGE(0xffffffffffffffff, 0xc018480b, 0x0) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r10 = syz_open_dev$vim2m(&(0x7f0000000380), 0x7f, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r10, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="b6bc5c1dceda7e83c18b5c6824f8121533bb741593170ac8016ceee2ded66f1344afe4adb00783e1b0dda34675fc02fe128734c55d40c6ca4faabc23be57f0f5b806d929d2c206f61436f7d89f53d4ac5d26f30d1a228ac7d73b909720ee70535d576e8e0c4dd861e2c62f7fb3f18334bc44fa736f2e98149cd62a7a64033a6ad0541af48ecef2719e2cb0a845a71e5472fc004bf694f5816930a5152e92fb2a724cbcf3ec04c18b5e2104a566ff9acd32c57ff89c5a30dde794997a2d22660f4eb67ad70994a7e9"}) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[], 0x24}}, 0x0) close_range(r9, 0xffffffffffffffff, 0x0) 6.665906346s ago: executing program 3 (id=4591): socket$inet_udp(0x2, 0x2, 0x0) socket$kcm(0x2, 0xa, 0x2) socketpair$unix(0x1, 0x2, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000007c0)={0xffffffffffffffff, 0x0, 0x0}, 0x20) connect$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_io_uring_setup(0x8d2, &(0x7f00000001c0)={0x0, 0x54a5, 0x400, 0x1, 0x37a}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x4, 0x4}, 0x50) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_enter(r0, 0x47ba, 0x3e82, 0x60, 0x0, 0x0) (fail_nth: 29) read(0xffffffffffffffff, 0x0, 0x0) 6.005318791s ago: executing program 3 (id=4594): set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0x9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0xcd0b3000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]}) getrusage(0x1, &(0x7f00000001c0)) syz_pidfd_open(0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) unshare(0x6020400) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'veth1_macvtap\x00'}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newtfilter={0x2c, 0x2c, 0xd27, 0x71bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x5}, {}, {0xffff, 0x4}}, [@TCA_CHAIN={0x8, 0xb, 0x7fffffff}]}, 0x2c}}, 0x20000040) socket(0x10, 0x80002, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000180)=0x68) fsetxattr$trusted_overlay_nlink(r0, &(0x7f00000018c0), 0x0, 0x0, 0x1) munlock(&(0x7f0000ff1000/0xe000)=nil, 0xe000) 5.378921255s ago: executing program 4 (id=4596): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) syz_clone(0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0xb, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0}) ioctl$TCSETSF2(r2, 0x402c542d, &(0x7f0000000580)={0x100, 0x10000, 0x911, 0x6, 0x5, "298df9fd9795058eb999cc70a753d0ebda6da6", 0x3, 0x66}) r3 = request_key(&(0x7f0000000100)='rxrpc\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='./binderfs/binder0\x00', 0xfffffffffffffffb) r4 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) socket$inet6(0xa, 0x3, 0x87) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00') preadv(r6, &(0x7f0000000040)=[{&(0x7f0000000680)=""/193, 0xc1}], 0x1, 0xda, 0x3) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r5, 0x5760, 0x14) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0x100000000000f7) r7 = add_key$user(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000280)="f9bf35da8177f5655d57b8b4f91a74facf1543890b4f0e67e907e4d659d46ddceee9afb1a9761f634101aaa3a59de150da2a78a3277c2308396d5c065d82474ab9dd77c58c72df2390fe3dc5aac0342d9abaa2c03a40c6a5ca938b5c0a5b29e54759e82d5b7dc4d48fb03eb665aabb8554f01798260b1bacfc275a87fc3baa03d2f8b32d94f10ca759d372fc7e4252c184cb9cdca177cb172cf06e072e8c8b4c9b0a94ed401fbc9aabaf0db084d03772573564320e4e327f", 0xb8, 0xfffffffffffffffc) keyctl$dh_compute(0x17, &(0x7f0000000340)={r3, r4, r7}, &(0x7f0000000380)=""/53, 0x35, &(0x7f0000000540)={&(0x7f00000003c0)={'blake2b-160-generic\x00'}, &(0x7f00000004c0)="96992f35f6f2ed34cc0ce1f34bc42a748cc297879e97d2b3f2a349d33e253080e22a6b2df0b42239fd4f1c579026202ed52eda47d42e2ff55ecb4ac713fec15a9874be0c52a50faf24a40e35e504a2a351fabd1c58c891d5460b4920", 0x5c}) ioctl$TIOCMBIC(r6, 0x5417, &(0x7f00000005c0)=0x2) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0x0, 0x0, 0x0}) 4.720194427s ago: executing program 4 (id=4598): r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0) ioctl$TCXONC(r1, 0x540a, 0x3) r2 = socket(0x2, 0x80805, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) ioctl$SNDRV_PCM_IOCTL_START(r1, 0x4142, 0x0) ioctl$AUTOFS_IOC_CATATONIC(r1, 0x9362, 0x0) close(0x3) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0, 0x7fffffff}, 0x8) 4.255549274s ago: executing program 5 (id=4601): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60001, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@newtaction={0x14, 0x30, 0x8, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4004004}, 0x4008000) write$tun(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="080086dd0001280004000003a60c6eec00be00442ffffe8000000000000000000000000000aaff020000000000000004000000000001042022eb"], 0xfdef) 4.251953336s ago: executing program 3 (id=4602): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async) r0 = gettid() (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x3) (async) fcntl$setsig(r1, 0xa, 0x12) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000a10501002abd7000fedbdf250b0000000800f400", @ANYRES32=r0, @ANYBLOB="b54d8399fa05ac0f744993acecc86bed8f61d5b639d42bfdeee1609b51437187884202fbe78b14a7ae48ec78018e84dcbbfca693ce76b7218f911a0606ebbd763cbbf3798eeed0a9495071a9fa6b1dac1be69d9aa153dc28904ffb45ba0102b1bc0aa1d83f96fddde61543af93dcb342a8ea5c50777437f2e7d9a74fbf9b7a9d62b94c40dde024cd592aaf6f418d333720ac5250f2ae688878dc954b880c937ab45d12680690c35291f5b897d1276659e2abb7314adf0a8d0c820165f1c22ffeddd2665039c7939d237cff445579920e5b7c0b6f3a63ef852b8fdb6bd9713293329c25d84bf0469b78debe4ad0cc0d"], 0x1c}, 0x1, 0x0, 0x0, 0x4044019}, 0x20000004) (async) poll(&(0x7f0000000580)=[{r2}], 0x12, 0xffbffff6) r4 = dup2(r1, r2) (async) fcntl$setown(r1, 0x8, r0) tkill(r0, 0x13) getsockopt$TIPC_SOCK_RECVQ_DEPTH(0xffffffffffffffff, 0x10f, 0x84, 0x0, &(0x7f0000000200)) (async) unshare(0x2a020400) (async) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000040)) (async) socket$xdp(0x2c, 0x3, 0x0) syz_usb_control_io$sierra_net(0xffffffffffffffff, 0x0, 0x0) (async) syz_usb_control_io$sierra_net(0xffffffffffffffff, &(0x7f0000000100)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="0e210800000811e4ff14eca81f"], 0x0}, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) r6 = socket(0x1e, 0x80000, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6) (async) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000840)=0x14) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'batadv_slave_0\x00', 0x100}) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) (async) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_netfilter(r4, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x3962dd5858bb57e9}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x14, 0x8, 0x3294301b4d9311c5, 0x201, 0x70bd26, 0x25dfdbfe, {0xa, 0x0, 0xa}, [@typed={0x0, 0xc0, 0x0, 0x0, @uid}]}, 0xfffffffffffffebe}, 0x1, 0x0, 0x0, 0x4c850}, 0x40000) (async) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x6, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0x800005de, 0x3}, [@TCA_NETEM_RATE={0x14, 0x6, {0x6, 0x4, 0x3, 0x8d7a}}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40088c1}, 0x8000) 4.070159561s ago: executing program 4 (id=4603): r0 = socket(0x10, 0x803, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='net/ip_tables_matches\x00') r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x30) symlinkat(&(0x7f0000003800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r2, &(0x7f0000005880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') statx(r1, &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000, 0x1, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000002040)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000a00)=""/178, 0xb2}], 0x1}, 0x2}], 0x1, 0x40000022, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_sctp(0x2, 0x1, 0x84) r5 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) read(r5, &(0x7f0000000180)=""/247, 0xf7) r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0) syz_usb_control_io(r6, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="201006000000065f01"], 0x0, 0x0, 0x0, 0x0}, 0x0) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) read$midi(r5, &(0x7f00000012c0)=""/232, 0xe8) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDCTL_SEQ_PANIC(r7, 0x5100) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) r9 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r9) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r9, 0x40, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000002c0)={r8, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f00000003c0)=0x9c) syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000100)={0x0, 0x1}, &(0x7f00000006c0)=0x8) sendmmsg$inet_sctp(r0, &(0x7f0000003140)=[{&(0x7f0000000000)=@in={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000040)="66dca8fafe113d62f1d5b90b7668f32821b055aef1e3d77010938dc59f12b4caa1260655e62415c910b4527b08326d3780456180adcc97d5502cb0137427a0b40722a04c7e2107a64483c37205f142df593b98e26191f4fdfa78c9163d5dd90b58b086ca924180e539e5a1419d266af26f29d193dd2dae1a2386321cea61c101220d40d0d50ba31157ca1442de790b", 0x8f}, {&(0x7f0000000780)="74ac287a9b2ebcb140df801f6fb4442533d8b9b9e6b6b40a72b8820c79aa01e6fec49d20ea934c211d7de87bb5bfdbaa36e3d7de65ea1eb0708b43a5d5c15b7dc228ff637e2a5e4015e190352418983a2f54c390e6a1dbba1e47ef8be9a63ff233ede6cd660c6ad63074979d10bcf68eabcf3ed000704b2683469d0d4589d83abba90ddd4a83024d84a22ae3d2ad90357175ff6de7e4798f18cca66a9e75df76f6c22ce1937355f72d", 0xa9}, {&(0x7f0000000840)="0fc192b11edbeef8d191c2493570d27d94ede6934890cfe5eb3d0b9fbc70163a6874764ab013903854e83b2e3e485e138e70975ea1f71167538423d92d1bde92365dff5ad8471ff77873e3debd1bf1015c947f010175ded1bb83ab4bcb02bcf6e4be3e8a2a969170678909e6dfcd0b0a44f01397f774fad92ea494b88f6dff0b638335bb2b23", 0x86}, {&(0x7f0000000ac0)="1f70a2867762e8f3a0ee874b828c934de4200be83dc5ab064faf39a3d09b28dd97040b65ba95cde00741991fc46496417b1019d7e3959634c4edd957332c49b5417a7a6032ac33465f91701554ddf86a55c073893f3385153fffd7e2a620394fcfba3fe7a46d609a3cb095fda77410e6de1ed251d2d08e59e22079a6b64e153b9570aebffa1adbfcba35cbd0f954e00e2b4cefecd30bd60dfbca8f8e46a20c47dc13c5aa32d80a628a25cbf8a2f668a9647cc8f3dd5b13dd30979eb4881b263163397555364e4cc9b6a3d4638b89b3c65188449273271592d8f524f7c9ed0a623b6881b18f1bd971caa222", 0xeb}, {&(0x7f00000068c0)="c10904bcb92ad5544e0631df2b5e4ad1eee44449247658518ec77dda3a9a8d49d0960fa6a3be70d924ea15ad2e57208e2fa5a4af354ec6b7d03d5bf823e5cc4b36569a4845eae5d90581252c7571d97e4b4df58682d259f00f4135abeb9df55317dd016398f849ae61f3220ac753ec3342e3890631ffcde4084670bcc200e2099f64ad0fcf2177da91783377dfeac1375ab1c1993c19405eba3599d454678d83b521a66ba12356972b98f349e09a0ec955505a52cf3589e05160e53585399c23ec9049299767d416abb7f3c09640f810de4c22f394959948f989bca68e60e06aaf9a865b6660b4bc5d0d5b68c1b051835b45899abeb464f1bb03796c3db5c7af2b476eda24f1c7ca834ee71453357c80c4aa4433fb0289e8e2bf9d9080226fb22472071e774054ea88eb3a60b9f8b67f4a2c2a8ea4a3334fabf66dc1f9fa5add841463e33a5fe5582838c665de02b3d7557a47aee03c5fe0b33326b9e405dfd889afd02b42adf62ffdc0aa3d5b07be703f374ea3e9105a32a102e2a95549df7f81260494ee6ec478ea58f5aa60939b0ae73669b9748ab644bb99bacd97a44e5879d6c1db7120afd7937e22722c8794d638f69c21ccd4d08ade8a29635e35780734aa11cddb0e680ff6915fbc172c5ad673bc4a89113cd435b1e86889be3eb408f6bc6bf444676627a2dba9364d44aff5a5450a341a607b90b918422638ba0431928692788792c03bfeb7cd09fa8357d3f7b55b338457cad12d0e73b20df52ce42929270c26d95e9cc613573c44093e96e388ab7d74ad8ea1b43f8f0fc344816a459cb56f2118ca49e183eb91b9c3e8643fc07de595c97bbec9f2dbe851267375e05a3700d9b590ade6e51252182fd6cebdcef8f5a19aff84f67b9ae5d8e8518e074eddf1625aea7f1cb7b0100176d80f2526d639e3b52695b5465019902cded260827faea35a64bbc6e1c62f3f70229aa56f5d44adca10be18c9290e1021daabb43a5a34191582327e0194f0b64b69baeabdb143cda8f37156664d22bdf936fa3a21cb1aaa881766ade45f47737f760fbab856a80e85c6205d3bb0fd9ddac864174cb0ac5871f8a628ac6223c146845982ecd862ad1173119be3ec534397a7446441dff29b596e768920ce0af205050a314b1cbba2bf21572582b9e59c2573ed306ae312de296aecae0fa750c015c8dcb0ce3773248509864c5bef28468072c1acad9aa1d75d94ff0db0062e1ecea63820258d3203629e736c8475937588e1fa40c5ed6f35f685887030db53dd8e679cbb32dd829495a995758a78a90a5b535d2489091098c80d4ece7cac2f1b4304334ca73060eb023a17efed9baa341e49ac49769a9ff1a3fa0e7ec3068415cf9219e302de44457448243460aaea3a96cbeae1ee52a0b19221dec94c11aeb558031e31a4da40a460cdd3ff67b2f7ecc2d7efe67c94c7c8bd5d599e7faedd8431b1005bb36d7c8028fcd731510fc058394db90494bab471152169a2fba0047f9d6d1b00aecaf02f708e1f5ff2a98c48a70efcc79c40612208e7c433cfb806294b1b19323b9efe7359b92305f036e00bc4475b634247bf05e5c1073d1a65eaac9e54697607e11ff9a22fc10d816214244ab3d0614732b30b61ff6486c4c0ba9cb31ec482ec42621cc49739c7ff409f985ff9ad3870a2fe9a5fde8b18601b326cf3c0921da16e9fda1387d740a964fe568eb9e58d84a809167cb021fc013fb4da0aec067b426b3c39f128f08919a8de6d675e9a68c1f4409e2ff364dbe471ab6012a6f010b7283555d827d7241a65a1db932a64a0b1537d9a091c94b5c597f1670e5c7d5e43c04292d97c7622c78dbefe5fdd663bb6e88792035a7bd8c542c60cc2f33876b6d7875d648777d0f01d5dfdb598a83ccbc9747947d63c04be3a1c0bbfb7c8b41d444ee7e9294500e4cd56e1f1b03265e3e7f7706bffe2cf6713f8278f1ec9473ca4f4d178f75ceb296da88153e2b8aa55fa7c786719b9e1db8b55192954e4bb334731f589762ee740a95de00fa14f2f66ff208b86b146496f5000b4613ca97c70e3c683a3e52be7088862b2dfb46c40b84346fc6e13948747d882ccfdc6d90a1bb7ac6cb4f01da67294b53cbb052dcb68b1a133bf799921656d866dd40319cc454389d648c468ee548e7c07b470ca791ac8c1fd6326f654d04a80e5e0c7770bd1113e80d5200b815070cc10b0baa6f3f9e2b1e68ce7fb39294ca38d9179c16819fa2dfcda278fdb82b07c5dd7acd527c95689197f4250c3e19fd2b601d3c94c160b6ed5461ad6a3b6b626dee3ae9d4449e40d0c4442c7c4aec1528892f20be6d360671f6c423034df286c317549235e02f1150af2e19a588b2dec46ef6fe26775462aec078778ab8b67d4fd28261c815cdf25dd5bf2edf4a047d2a8fb28d48ace65727a45aab63680505bc5fbbc9febc32fe8ac44ab22454cf22a7322d73de82b302015ea5bfccd7fcd28203dcfc30d6b1976e1672d31685b80871a0ecbce65cbf94199610405e566833c896e43dee8b4d3ddc90a86fa6fc7478e6ce8b9a2d5853a66a0b8cea00f9ec555fbb4da27bb30f71d0dc1044bd6fdb735e85f351ca20f7c7015e208b90aec2ce1825d5a995def3f03734d2e118f03c8bc8d4ffeab614157676b29837b66e065737a9f94a677f1dbd09c3ba71d343b610de0048b77e689ba658f526dc0b165f82dc2cf5bf36b79e71bf676a5342e25adc0d936894e7a916ab28b75e92ba2de98abae30e9bf71c3448b37e5a77393b4f0db3ac6abc70e06a0f2d1c1f628c4592e8eb771c5d5de7927791e4a7877ebe3c504dc90b70061a3a1964cb3f47489e3bff3806e9e50a501e412fca14075262264e9a6221143f0c79000b78ac40d410aaaafee192f5655161143b0ea62b9672110ffac6c35c781cde0bbe5516d39da23338746af2eb511e819c2ae783b9b9ed677d070b36047dcab4d9d90a2764106dc2b829e990068db1ca89ed58268758e0e05f827c5e630e122582e5702c935c500ce42d75510fc0f8837ab38b5aa695b2d5771448bde147c98fd5d200d07b8ceeee1550600000000cd84f48edcf6fb522b266147bcfc57cd9208c39da6f3020cdbfad5892fc0a3cdbde22e942a489f2c75a7e5c2ba9ebf068c99e741ed0b8657425235241fd4b70b51ce65a193147fbbb665156218d9e44221aa5b5846b7a9ec34072406cda6c2f3423df9227aa03a64f8c52668c6988b572c7a8f9d63753e9d4c3ee6468648ee9fe2b584a0fe5d6d086ade347d538ba99bffcd48c3014527b523c1fcc2dc55e10c2df02607d8876e40224ea7a91dec17e041082ead0a75091b6cff970d40766db2f6222f04bdd3df9c8764459169686634d45d4200da874ddc114a8e676ba3cfe5b5ff2138defd38fd0c8e3a2a90f8e58149eed8640756b907218353251fb3994573b60a1e2558deb58624cab43cde5980803e99d6969601e77e0da9bfa1565a460d957c11ccb78306d598872588db21e525244d5717a5ae8092e92185566016b0e15c3523e90b3fc2b84f323aaf96ba41c6b65db70e53c5e4b4e427e4bd0b445e293ca0d1fe7ae6cf9af5e05a901c20535df5c86f0ca54218fda373565286094e9bb7b17545d709f38e2779adf14d56f440d58746972721c637f996a642296922c279eb933b78300a7b279d8c7adcb685aec43dd9fc4d1051ff16ce15486d9219c55304d0ed7f9c2b8056a5ba1f83673543f7d9b9c8ca14e94736525fc0c0bd7d45170e2c6294ee6fec10f7fb9d32259dc570e573a617d75c3094d4ea594609cd9b0c9d50a0a2f4907ff2f30685679044931046ac95665ebae008c264b5a5ba75291e141c3f0c240fec77346ea6d2387c9f3bed7eda027d83d5176fdd3684eaa91dd05c02018001dcd8042ead636bddaeae3e7d422aa1da2ea30e56f5f0219988c5bb453aae09a6f10b162ce4e114d9d667edda47c50187c1ca707e101a34eade358b89f3b7acd2b7c0e2652ef5118c96e783f89e80cb2f4b45c44c9881a959a7c2a5761a5a16e3d82b4c5baf7f276b8bcd1ed1314ae56465129f2e6b333cd0f9c2a7e6b77936b10816267e95aed3c5be9355f068452b1de969669c2b020d224aeac898d81735d37fc87cb4a6ea695bbc4a8edb0f7289491230e8d2d3507f3f538dec78befa1458faaad83ef2d770264bd6c9b9a7c6a9bd618f1700347df3198666c21504807403e61e269a2ccc1bd98ed26c1eefa48ce8355a7ade9f1275b7ed7cc074cb7b13ff89120f41ffd51c063498f5346358bb88225f2b294e61fdb15065b85da29b085660536ec293d449a21ac75f91dbd0aff124feb4d6ce3a3b5be66ce4fea6ff48085c59529506eb3c190f0282e3a098662c65a1e267bc8e0bc26df31da7e1a9c08ee89b78fefb2e3cea1f5e205d846e20fb97bd523019bac48595c76df0d0ac30b5ff5af2fabe8754902dee8a16f35dbb4faeab8a7dd11bb721617544ca36404f1eac11e3138e785902621f710e2fff38fc0a785e22f7cf548c1e3536211787a294c53ace754db00604ed17cbc5740b0a65581079ed865f698aec9eda9aa72663d43db735d21fb7e4285d7d407cdece945e4a1d71855aec89981fa6e198808393fbd54652767cd238127c5e62341ae35370301ee7fa9b46deea145332afb5f1414461ab65f209f9c3366915d278388ebfcc38db7bd0e8f5bedd9b33237ca072b8fb225963d9a97cccdd73c82fcb8bd5e636df5f85e4219a420469cf8fcb286cba70ac7060d18283ef32f6f26def1dc8c4b0daa35a0b8e141207aee936122e949bed82a1b4b5d134f27f6fd90215f37132c5b9777dce9f2f73109111b873e2a74e09e56de34b026f9b64705d7b9537d201c508958c6946e2112757d30da21e3adf593d07686cfcec08a6656839a8898000c794fe823fabbd127b7e8f0e9c5925271e418f43dfd2444c3ea45460d52cda2e132516189313a11426c7d1176fc44846e3ad81f00a09cda52bbe1825c6fb118ba068d6202e2e3b4d1a085cd9d10c6c29c06bfadc0c7ec4afdb201488afa2cf78a80776afe5670ce0e15d23429e93111d923857cb205dd02b19587ad236f1576034bb9625dfeda806deecb5c804e891097f2b14c3dea0aabda230931ef1c8d9bc1f280913fbdad9e342a0b9854239c0e28c106c7e2bba7f3810bc84b8704d8a7a07d18148b4fed9904bd104e0ed520c8035489c181634cb9515f2f8ce477ea41541268c4f8d0b905837dc6e59aad122f15fe5651afa8a427ace7988edc866a4cfa7c72dd7149db2ec63995f27c0fd1aaeee52abf1dffbfb6bbe06fc6029537b869c630bc5832ff1f05d21b8e2d92e2f3c4d85344518c2eb6677693d25cc10ac8c85eac9e7c450677c19cf9878ad9d92e0fa3366d5cd00fea26b2e4b2c3893935d93f6e2393b9659c89b05a1036f52026710f2343f93cb2cf6e884547e7ac557fd52e25d2e272c31c373d1d74eb359a6716bcef6a56e04d4bf97efb008325dd824c5e7500ee3d23349b571e9c92cecb3d1f66242d3e2091e1dcb8efb1cf59d104c587231bed0f88c1b688c3d6620795dd443e00158e306859c61345af130cab6041401d06bc338426095cd813ab177d0ffe582c3f6b33914c2b1865ed211fbc24f294a5e767396d2cc024071a90e9c4929b8b09a1b5c019152487ce3a9488f315b3c9b751b322fdf14000000910f6f0bfdd0bf6f42d1a2846b0a4656c8f3ca5560ba9c4d1aab2ff444e3119d8cfbdd370460928ce722a4aaa483813c9565b644f84933dc5611a617b938c435c28953dcc46603e3eeafa44b6190a9720233d72438b21849d4546b4d18b37ae8f156e1b6e5d3468578fea878a6a28f9b25809557568bb169831b177e88287050c8037355cdafb0e5b7e81fdfb2de5f57e95a54d1bd4b252a05dc0432b4cc171e9c0a1398ac00712496df85ee0aaa6bd0c756c024fcc80ff910815fbe558baff2cd7d4cf9113fa96396b7ce45a8c45284567d53794ef180e984d884ba5b0a5370d2c7230e7689a8501c61320bbbcf414b30aa374d4c0908ed965fb9caf17db8748beda43acd3e9c1beede1ae5e346d20a690077acaa439f6a4a0d54d09d0a3cc7e9db12e3ac7afde67be5448b033a626c7941311aaf03b246dde72b38de3d60639f2f888c2292d15b9dedd88da1386f3cdd990f6fb43e0764498761f5fc837d56ce59a9177af651461d6f006818b99f2d697af61fd5745eeda7246358282c8f1b7ed50a639e384a2ed7dfaa5f59b91e3c0275461d84942690dd3e", 0x115c}, {&(0x7f0000000bc0)="c793a0ed6df6e94b0f12eca1923c5e62b49a58dee57447bc91a6bb71c76119c2df510c011868208eec1fcf6a5221766e10df4564dce11c5985648a9195f2b6faa43d96b71ede447f77e1809eb85d7b0d939e44917d678ddbc7d3e67e12e5a25bb226947b736329d57f6d509a10c5cfee8ac57233ac9a374b93b54e1616f2b0443b41338613479936a8a3badd05b9fdccb86d7458ab21e46e1a009203738bcf70593dcbc58138abf43d6208af8c97365622e239816c2c2847ac05ae7021e8a5d70962d39030e183d9db03601c89", 0xcd}], 0x6, &(0x7f00000031c0)=ANY=[@ANYBLOB="200000000000000084000000020000003d6d0900feffffff06000000", @ANYRES32=r8, @ANYBLOB="20000000000000008400000002000000090009820800000007000000", @ANYRES32=r4, @ANYBLOB="18000030e20449ce00000001001100000000000000000d1d82f111079f5110639d417c1ddb2c4b15a95cacf7ea22f9d419678dba05169c7af139670af6c0c2bc073692f51006dbf1aaa8fc6de556420454e5f51669d62e0b6ee3627a4a40b1838a7e9c204ed2efc5f1f8d5a5d425316a9a5bafc4a5c9b471308cd593f990497bc47d75e47bdf6577ec4bb9d814f4c8aec4c7aae976f5ccfbb4a05ddb667a316e710d27126f908096679f8e02a217965b529dfe384a427a70dbd594077d9079ce50ac3ffe4b1f8aae3310ac16382d2226e29a26cdb7"], 0x58, 0x8000}, {&(0x7f0000001fc0)=@in6={0xa, 0x4e22, 0x56700831, @mcast1, 0x4}, 0x1c, &(0x7f0000000f40)=[{&(0x7f00000033c0)="0a0dd996ea57b0296e0473cdfaabddb1bf968ab00646b917b6f1581159c40d3bb72a7a06136aa93dedd3c138f2c5350587752d704f98614785d1c569928ed9a7ef62109153a3f1d36ceed9fd6b44505a031d575d3c37716503c20152ad7848aced929d93c102fc239e52c00dba68720c99d620f7fda82e4c15e8cf678d93208ee9670231d8e5144d8fe30d90044da04af11c7d3672dfe4525023973bf608aea3e255a69c8796cfb684bfaf7bdf07b1cc7d2745392813cdeec2a15822b7a175e2a2e6fab218ea0e7dedef61c0b06f063d02f74aada019f3572895c968fc7a7911578ba8e1474036", 0xe7}, {&(0x7f0000000dc0)="fabfc05534e0e852ddb8771316232f8e9a6fa9fc1bb7974764e12d76ba5d2c054172a5a1d3d3eafe6a2562c1e511fda6f345655db1b85b9abbedf5b8de40d989ad06ab0011a59c10b4eb393d9177ca627e5938e0e8abb9685ff0b2ae6683ce1a0c4ab3060a7dc9b5188be7c361fd14c75c43c7ce0c27b8c8b2e72e212ef121d90dc9db2bda39301b01a1dd2ffaf060ff0827b3488dbb5bab52ad5ae8ab427b919a7755a593b287adcc9536e58380214a97c310e3da69611ae0ef51c08eec", 0xbe}, {&(0x7f0000000e80)="e0ce3c584ff35c5292a3e0579a7c5bc6e814ca314fe122a2d8", 0x19}, {&(0x7f0000000ec0)="2ef881c78a00c68cfc36438a8bceb7b9ea3c70585e01eab21cc7be4be7a1dcbdfaeab51afef0ae2d0ef7a4", 0x2b}, {&(0x7f0000000f00)="76c655fae1cdef39557cacd4", 0xc}, {&(0x7f0000003300)="3827dad89817af6981de20d50d84790a0188ed0149e74bfdde183f0d0a3854fc757e0575a47b6500d02f59f8e29d54e01724b207f739154fa0444918bca338b18fa656c50044c734711dfbb12b674e4dc318b7759df3d24b77e5ed158aa24b03e298eccf01879556eea580ccbe4378b92ee738e5e27aea668de9669263aa22140b866de8c32137fbece94e1531881ca245bc2f301340fb2d052f4d8215973e1f3828b9ef6efa", 0xa6}], 0x6, &(0x7f0000002000)=ANY=[@ANYBLOB="18000000000000008400000007000000000000000800"/40], 0x38, 0x40080}], 0x2, 0x11) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4089, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f0000000540)=""/158, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 3.825466603s ago: executing program 6 (id=4604): ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000040)={0x20f0f002, 0x2}) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x2, 0xfffff010}, {0x20, 0x0, 0x20, 0xfffff034}, {0x6}]}, 0x10) (async) sendmmsg(r1, &(0x7f0000000180), 0x4000190, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x207, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x5c, 0x3, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc}, @NFTA_COUNTER_BYTES={0xc}]}]}], {0x14}}, 0xa4}}, 0x0) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[], 0xcc}}, 0x0) syz_usb_connect$hid(0x1, 0x50, &(0x7f0000000040)=ANY=[@ANYBLOB="120100000008ac0564020000000000f50802240001000080000904002003030002000921050000012205200905810300000000000000"], 0x0) (async) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r4, 0xc2604110, &(0x7f00000000c0)={0x1dc, [[0x4, 0xdff, 0x3, 0x20000008, 0xa, 0x3, 0x5, 0x4], [0x7, 0x9, 0x4cd4, 0x4, 0xffffffff, 0x8, 0xa42, 0x2], [0x2, 0x8508, 0x1, 0x400000, 0x480a9ea9, 0x7fffffff, 0x3ff, 0x5]], '\x00', [{0xfffffff2, 0x21}, {0x6, 0x2, 0x0, 0x1, 0x1, 0x1}, {0xf7d2, 0x9, 0x1}, {0xffff, 0x2, 0x0, 0x1, 0x1, 0x1}, {0x2, 0x4c39, 0x0, 0x1, 0x1}, {0x9, 0x10001, 0x1, 0x0, 0x1, 0x1}, {0x7, 0x9, 0x1, 0x0, 0x1}, {0xfffffff8, 0x0, 0x0, 0x1, 0x1}, {0x9, 0x8, 0x1, 0x1}, {0x8, 0xf, 0x0, 0x0, 0x0, 0x1}, {0xfffffff4, 0x9, 0x1}, {0x0, 0x3, 0x1}], '\x00', 0x5}) 3.723942392s ago: executing program 5 (id=4605): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000003c0)={r1}, 0x8) 3.628516314s ago: executing program 5 (id=4606): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000200)=[@acquire], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0xffffffffffffff18, &(0x7f0000000380)={@flat=@weak_handle={0x77682a85, 0x0, 0x1}, @flat=@handle={0x73682a85, 0xa, 0x2}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000400)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) (fail_nth: 1) 3.218057212s ago: executing program 6 (id=4607): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x3f73, 0x100, 0x0, 0x1d2}, &(0x7f0000000340)=0x0, &(0x7f0000000600)=0x0) r6 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$apparmor_exec(r6, &(0x7f00000000c0)={'exec ', ':\x00\b\xc4\x99\x10\tI\xc22b\xe8\r\xfa\xc1\xd6-\xe5\xd3-\xce\xeapE\xb53&\v\xa0\xd3\v#E\xc4I\x97\xfd'}, 0x2a) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x14, 0x1, r1, 0x0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{0x0}, {0x0}], 0x2}, 0x0, 0x20, 0x1, {0x2}}) io_uring_enter(r3, 0x3516, 0xf400, 0x0, 0x0, 0xf4) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000200)=[@acquire], 0x0, 0x0, 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r9, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x70, r8}, './file0\x00'}) r10 = dup3(r7, r0, 0x0) r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r11, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r11, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0xffffffffffffff18, &(0x7f0000000380)={@flat=@weak_handle={0x77682a85, 0x0, 0x1}, @flat=@handle={0x73682a85, 0xa, 0x2}, @fd={0x66642a85, 0x0, r10}}, &(0x7f0000000400)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 3.182198959s ago: executing program 5 (id=4608): r0 = eventfd(0xfffffff9) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000080)={0x0, r0}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0xb) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000140)=@arm64={0xe7, 0xc, 0x2}) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f00000002c0)={{0xc000, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0xa, 0x4e, 0x0, 0x7, 0x6, 0x1}, {0x5000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x5000, 0x0, 0x4, 0x7, 0x3, 0x1, 0x7, 0x11, 0x8, 0x6, 0x2}, {0xffff1000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0x2e, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0x8, 0x2}, {0xeeee8000, 0xeeee0000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x4, 0x3, 0x8, 0x5, 0xce}, {0x4, 0x7}, {0x6000, 0x5}, 0x80000035, 0x0, 0x0, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.935253646s ago: executing program 5 (id=4609): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001c00010029bd700000dcdf2507000000612480f5f38b7e685fae75d0e8e70f8a4f51c2e098d6ba6244c6f2270f4e1a62da660f7b0316a6b95b950f6d8b0c040641d89af9b9676f5f7d22d3ab99aa4bfb2d29e50a778ab34a764d453ff70d32bbb8651e4002155e977c88de9c6ed3c57f3ddb47e7aec74c72f159fc263ed798a9ce2062fdcee123b6a3b370c44157b0491af85fd8161a859dc5997dc9b461a83cfec013b62cdf90914f70816a9f944addd42f080e31fa04a72a7195e93eb3c89f10105036eb2d745ebbd9b9bc948a8c68e6886392982a38f46c397c022576749b9dfe6514c72eca0074776ae0d39cf1ec2986a6028ee6d1fbe919126bccbfbd736bc87e50b472b8e8b1f35444eb4543d056f0e8e1e1", @ANYRES32=r0, @ANYBLOB="80007f0a08000f00070000000a000200f5"], 0x30}, 0x1, 0x0, 0x0, 0x22000090}, 0xc6f36e0b6836a131) 2.899120131s ago: executing program 5 (id=4610): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x6, 0x50, 0xffffffffffffffff, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) recvmmsg(0xffffffffffffffff, &(0x7f0000004600), 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_usb_connect(0x0, 0x24, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x2000, 0x103) mknod$loop(&(0x7f0000000140)='./file7\x00', 0x2000, 0x0) ioctl$TCSETSW2(r3, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff}) socket$netlink(0x10, 0x3, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0), 0x18) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000300)={0x0, 0x0, 0x0}) 2.75010982s ago: executing program 1 (id=4611): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x29}, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@private1, 0x0, 0x2b}, @in6=@private0={0xfc, 0x0, '\x00', 0xfe}, {0x0, 0x0, 0x2, 0x0, 0x10000000, 0xffffffffffffffff}, {0x0, 0x200000, 0x7}, {0x40000, 0xfffffffd, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x34}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2b) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000140)={0x10000, 0x11a000, 0x1}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="a1ab00000000020000003200000008000300", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x48d4}, 0x40010) sendmsg$NL80211_CMD_DEL_PMKSA(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x5c, r4, 0x400, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfc000000, 0x16}}}}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x26}, @NL80211_ATTR_SSID={0xb, 0x34, @random="48c6165470a68c"}, @NL80211_ATTR_PMK={0x14, 0xfe, "81c198320625c659ecd46d59e8f00a82"}, @NL80211_ATTR_PMK={0x14, 0xfe, "cbc0b955498e58be3b7ea0cc97c19f4e"}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20044080) sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) 2.423237645s ago: executing program 1 (id=4612): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$sg(&(0x7f0000000000), 0xf3c, 0x181000) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000080)={0x53, 0xfffffffffffffffc, 0x6, 0x0, @buffer={0x20, 0xf5ff, 0x0}, &(0x7f0000000480)='+V+ZBi', 0x0, 0x0, 0x10, 0x0, 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r4 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r4, 0x0, 0x0) syz_usb_control_io$printer(r4, 0x0, 0x0) syz_usb_control_io$printer(r4, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000d00)={0x44, &(0x7f0000000a80)={0x20, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)={0x17, 0x78, 0x601, 0x0, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\a\x00\x00'}]}, 0x18}], 0x1}, 0x0) sendmsg$NL80211_CMD_RADAR_DETECT(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, r3, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}}, 0x20000000) 1.922222098s ago: executing program 6 (id=4613): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000001c0)={0x1, 0x0, [{0x48b, 0x0, 0x2}]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c0000002000010000000000000014000200fc02000000000000000000000000000108000d000200000014000100200100"/59], 0x4c}}, 0x20000000) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x40}}, 0x20040810) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000340)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0xfd5e, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x700, 0x0, 0x29, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0xffffff07}, @generic={0x0, 0x2, "d588380003c1"}]}}}}}}, 0xfd6c) 1.644073492s ago: executing program 6 (id=4614): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000001400030500008000ffdbdf2502075bff", @ANYRES32=r5, @ANYBLOB="080002007f00000108000400ac1e0001140003"], 0x3c}, 0x1, 0x0, 0x0, 0xc090}, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x0, 0x18000000, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) timer_create(0x0, 0x0, &(0x7f0000000300)=0x0) timer_gettime(r7, &(0x7f0000000380)) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f0000000280)}, 0x10) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) r9 = accept4(r8, 0x0, 0x0, 0x0) setsockopt$sock_int(r9, 0x1, 0x7, &(0x7f00000014c0)=0x10000b, 0x4) sendmmsg$alg(r9, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2, 0x0, 0x0, 0x700}, 0x0) 1.079515137s ago: executing program 3 (id=4615): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000) socket$can_bcm(0x1d, 0x2, 0x2) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000001400)={0x0, 0xec25, 0x400, 0x1, 0xd4}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000380)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}}) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="58010000100013040000000000000000ac1e0101000000000000000000000000200100000000000000000001872679c715c68c717b17ba393554f8fffd00004e241000020000200000000083e14425286c305253bf4e43b11bbee7e8049ea889848c281845bb649372dd1458d52f0e62d75b5564288db3c5d0e5661219e28e13e0b87acaaf35e57af59d3edb1dac0339f5d35c916c9fe8a5288d4681ffad82350d35b2d51c2fb17b234ba19f786de62e806d82238f013d5029eab37b409fbb14a46f4b23", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="640101000000000000000000000000000000002032000000fc0000000000000000000000000000010000000000000000070000000000000000000000000000000400000000000000070000000000000004000000000000000800000000020000010000000000000001000000010000000800000000000000cc000000000000000800000000000000f80000000000000000000000000000000400000002000001000000000000000067001200726663343330392863636d2861657329290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d800000080000000b512b3880e60fe3f6b54c6b909007c9f70d0cfe93e43e9da39542d00"], 0x158}}, 0x844) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x4, 0xffff2153, 0x2, 0xa, 0xd, 0x1c4, 0x7, 0x2, 0x6}}}}]}, 0x58}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000840)={0xffffffffffffffff}) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000004600)='map_files\x00') fchdir(r10) sendmmsg$unix(r9, &(0x7f0000002d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000080)=@abs={0x1, 0x30, 0x4e22}, 0x6e, 0x0}}], 0x2, 0x40008004) r11 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r13 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2) ioctl$UDMABUF_CREATE(r13, 0x40187542, 0x0) sendmsg$nl_route_sched(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000800)=@newtfilter={0x7c, 0x2c, 0xca7, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r12, {0x4, 0x4}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0x1, 0xffe0}}, @TCA_U32_SEL={0x44, 0x5, {0x44, 0xf, 0x3, 0x2, 0x7ae, 0x9, 0x8000, 0x65, [{0x7ffd, 0x20003fe, 0x80000000, 0x6}, {0x0, 0xe1, 0x8ad9, 0xfffffffd}, {0x3ff, 0xa, 0x76800, 0xd}]}}]}}]}, 0x7c}}, 0x20040054) 955.749234ms ago: executing program 3 (id=4616): ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000100)={0x1d, 0x0, 0x2, {0x3}}, 0x18) ioctl$KVM_SET_MSRS(r4, 0x4140aecd, &(0x7f0000000100)) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000002c0)={@in6={{0xa, 0x4e24, 0x8c, @private2={0xfc, 0x2, '\x00', 0x1}, 0xffffcb91}}, 0x0, 0x0, 0xc, 0x0, "3f114438efdaca16d374b49a08003535d5bd9db3c8572560f4d1be5cd41f771666fd81baadb27900"}, 0xd8) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16, @ANYBLOB="00012cbd7000fddbdf250400000006000e000000000005000600da000000080009000400000005002200010000000c001000f9fffffffffffff606001b004e220000060003000800000006001a004e2100000c00100003000000000000007eb403dc07b0027647188317070857d6bcc9bb76a35c89858921ef12903d70221853ec869c7f42f28bf1729e79a944c70f10a0cc11ff09643cdb6a377896f0892278084e08c18563d46377a79e7e881eaf3d7d8246797d4e74423f43090afb9ce7f401d5de8d5db22a153688d0376bab3f53f26ed6cab654894588c655d110aa2d41bd6f2ef0ca002a287eef397fa3767ebf391a8785402c37074692aedc6eb8c522f36c4cf09feddd885f8bff4269391f3d300d853701a35d01d913043a8b799325dc6d34f9277e736bd0b1d70d434a9db171ee92ecf0066b7e7fe47f380483763e5f11a122"], 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x8000) pipe2$9p(0x0, 0x80180) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023893) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x3, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000003bc0)={0x0, 0x0, &(0x7f0000003b80)={&(0x7f0000003640)=ANY=[@ANYBLOB="140000002900010027bd6000fedbdf2502"], 0x14}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000010) ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, &(0x7f0000000040)=0x1000) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x40000073, 0x0, 0x81}]}) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x21, 0xc, 0x0, 0x75, 0x81, 0x10, 0x0, 0x0, 0x82, 0x9, 0x0, 0x0, 0x0, 0x8, 0x0, 0xe, 0xff, 0x0, '\x00', 0x7}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 796.474652ms ago: executing program 4 (id=4617): bpf$PROG_LOAD(0x5, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c000000000803010000000000000000000000030900010073797a30000000048008000940000000023fae4f6fd00c29100000000000000000000000861e0c226b632712cac7bdeeb7031f2897659c0bf091396b59b4e928b860a59a6317ceba41f67ce9d9bba077379f1802ad46ed3d7f501fac7e2d4d2610558e53eac4ded67efca5771e29b332b59b5bfcd2192ed2125e9a9bcce14d0f7f3c8544176527a1a1371e7f3ce5e3acc41961a1d92129c2ea059df39c74369318c3ad83b80521e9ed36c5c2ee51e5ef6d9564160f375887f6cd917d49dca11e938a918c9574f3ad70dc34f21fbe8b6dd14a46b47521cc0fe7fc4371c54f2b2cc0965f85d6b32a0883e9c5b0c964f25a3caeacbafa5dd99495042ae3441b8950e0801eb83591b952a90c2ccf0f676388b30722054dc696353b43b872bd92a820"], 0x3c}}, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0xc8601, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x1, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", 0xffffffffffffffff}) r3 = syz_io_uring_setup(0xbdd, &(0x7f0000000640)={0x0, 0x6f34, 0x400, 0x200001, 0x3a1}, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x847ba, 0x79c, 0xe, 0x0, 0x0) r6 = accept$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local}, &(0x7f0000000440)=0x1c) connect$inet6(r6, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback, 0x8}, 0x1c) io_uring_register$IORING_REGISTER_IOWQ_AFF(r3, 0x11, &(0x7f00000006c0)="15b173e5a54763387cda9793a563f34defd2ec3ebee55fa4298f2c76035cde88801d966536a5cfc98d8bc55084db9023aea997115aa7ac4153689729db398800bb9a171b59fedbff6cfc01e07f8df408100b5435ad324b48d3476a41fd7a54bee7649372", 0x64) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f00000000c0)={"e50d1af80100007ea25edd00ff000000080000f6907ff16b7e00", r2, 0xffffffffffffffff}) ppoll(&(0x7f0000000100)=[{r7, 0x2}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x3c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x1, 0x15b}}}]}, 0x3c}}, 0x0) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000fcdbdf25120000001800018014000200766574683000000000000000080000000800090000000000080007"], 0x3c}, 0x1, 0x0, 0x0, 0x400c000}, 0x2004c0a0) dup3(r2, r1, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) r10 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9f, 0x18, 0x76, 0x20, 0x17ef, 0x7203, 0x2e36, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xbc, 0x0, 0x2, 0x9e, 0x88, 0x33, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x0, 0x3}}]}}]}}]}}, 0x0) syz_usb_control_io$rtl8150(r10, 0x0, 0x0) syz_usb_control_io$rtl8150(r10, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)={0x20, 0x3, 0x2, '~K'}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r10, 0x0, &(0x7f0000002640)={0x44, &(0x7f0000002400)={0x20, 0xe, 0x2, "02cf"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r10, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "31fb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r10, 0x0, &(0x7f00000027c0)={0x2c, &(0x7f0000002600)=ANY=[@ANYBLOB="201814"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r10, 0x0, &(0x7f0000000780)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x40, 0x9, 0x1, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r10, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r10, 0x0, 0x0) 120.599541ms ago: executing program 6 (id=4618): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 0s ago: executing program 6 (id=4619): timer_create(0x3, 0x0, &(0x7f0000000200)=0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000}) fallocate(r3, 0x20, 0x100000000, 0x2000007ffffffd) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) listen(r4, 0xb3) shutdown(r4, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) timer_gettime(r0, &(0x7f0000000000)) kernel console output (not intermixed with test programs): ] name failslab, interval 1, probability 0, space 0, times 0 [ 925.676482][T20668] CPU: 0 UID: 0 PID: 20668 Comm: syz.1.4263 Tainted: G L syzkaller #0 PREEMPT(full) [ 925.676508][T20668] Tainted: [L]=SOFTLOCKUP [ 925.676515][T20668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 925.676526][T20668] Call Trace: [ 925.676532][T20668] [ 925.676540][T20668] dump_stack_lvl+0xe8/0x150 [ 925.676565][T20668] should_fail_ex+0x412/0x560 [ 925.676590][T20668] should_failslab+0xa8/0x100 [ 925.676612][T20668] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 925.676637][T20668] ? __alloc_skb+0x186/0x7d0 [ 925.676657][T20668] ? __alloc_skb+0x1d0/0x7d0 [ 925.676682][T20668] ? __local_bh_enable_ip+0xd0/0x130 [ 925.676707][T20668] __alloc_skb+0x1d0/0x7d0 [ 925.676727][T20668] ? netlink_ack_tlv_len+0x6c/0x210 [ 925.676749][T20668] netlink_ack+0x146/0xa50 [ 925.676764][T20668] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 925.676783][T20668] ? ref_tracker_free+0x693/0x840 [ 925.676808][T20668] ? __copy_skb_header+0xa3/0x4a0 [ 925.676833][T20668] ? __pfx_ref_tracker_free+0x10/0x10 [ 925.676861][T20668] netlink_rcv_skb+0x2b6/0x4b0 [ 925.676883][T20668] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 925.676906][T20668] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 925.676930][T20668] ? netlink_deliver_tap+0x2e/0x1b0 [ 925.676954][T20668] netlink_unicast+0x80f/0x9b0 [ 925.676978][T20668] ? __pfx_netlink_unicast+0x10/0x10 [ 925.676997][T20668] ? netlink_sendmsg+0x650/0xb40 [ 925.677016][T20668] ? skb_put+0x11b/0x210 [ 925.677040][T20668] netlink_sendmsg+0x813/0xb40 [ 925.677069][T20668] ? __pfx_netlink_sendmsg+0x10/0x10 [ 925.677091][T20668] ? aa_sock_msg_perm+0xf1/0x1b0 [ 925.677113][T20668] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 925.677130][T20668] ? __pfx_netlink_sendmsg+0x10/0x10 [ 925.677149][T20668] ____sys_sendmsg+0xa68/0xad0 [ 925.677171][T20668] ? __pfx_____sys_sendmsg+0x10/0x10 [ 925.677188][T20668] ? import_iovec+0x73/0xa0 [ 925.677203][T20668] ___sys_sendmsg+0x2a5/0x360 [ 925.677220][T20668] ? __pfx____sys_sendmsg+0x10/0x10 [ 925.677257][T20668] ? __fget_files+0x2a/0x420 [ 925.677278][T20668] ? __fget_files+0x3a0/0x420 [ 925.677307][T20668] __x64_sys_sendmsg+0x1bd/0x2a0 [ 925.677330][T20668] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 925.677348][T20668] ? __pfx_ksys_write+0x10/0x10 [ 925.677363][T20668] do_syscall_64+0x14d/0xf80 [ 925.677373][T20668] ? trace_irq_disable+0x3b/0x150 [ 925.677386][T20668] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.677397][T20668] ? clear_bhb_loop+0x40/0x90 [ 925.677408][T20668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 925.677418][T20668] RIP: 0033:0x7fab6999c799 [ 925.677434][T20668] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 925.677448][T20668] RSP: 002b:00007fab6a7bf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 925.677468][T20668] RAX: ffffffffffffffda RBX: 00007fab69c15fa0 RCX: 00007fab6999c799 [ 925.677481][T20668] RDX: 0000000004040004 RSI: 0000200000000000 RDI: 0000000000000003 [ 925.677488][T20668] RBP: 00007fab6a7bf090 R08: 0000000000000000 R09: 0000000000000000 [ 925.677494][T20668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 925.677500][T20668] R13: 00007fab69c16038 R14: 00007fab69c15fa0 R15: 00007fab69d3fa48 [ 925.677515][T20668] [ 925.827768][ T5905] usb 5-1: Using ep0 maxpacket: 8 [ 925.917706][ T10] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 925.942063][ T5905] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 926.054979][ T5905] usb 5-1: can't read configurations, error -61 [ 926.061890][ T5905] usb usb5-port1: attempt power cycle [ 926.157999][ T10] usb 4-1: device descriptor read/64, error -71 [ 926.170849][T20677] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4266'. [ 926.180025][T20677] netlink: 80 bytes leftover after parsing attributes in process `syz.1.4266'. [ 926.268023][ T10] usb usb4-port1: attempt power cycle [ 926.316736][T20679] FAULT_INJECTION: forcing a failure. [ 926.316736][T20679] name failslab, interval 1, probability 0, space 0, times 0 [ 926.331366][T20679] CPU: 0 UID: 0 PID: 20679 Comm: syz.1.4267 Tainted: G L syzkaller #0 PREEMPT(full) [ 926.331394][T20679] Tainted: [L]=SOFTLOCKUP [ 926.331401][T20679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 926.331413][T20679] Call Trace: [ 926.331420][T20679] [ 926.331428][T20679] dump_stack_lvl+0xe8/0x150 [ 926.331457][T20679] should_fail_ex+0x412/0x560 [ 926.331483][T20679] should_failslab+0xa8/0x100 [ 926.331506][T20679] __kmalloc_cache_noprof+0x88/0x660 [ 926.331525][T20679] ? vkms_plane_duplicate_state+0x8d/0x110 [ 926.331545][T20679] ? __kmalloc_cache_noprof+0x15b/0x660 [ 926.331567][T20679] vkms_plane_duplicate_state+0x8d/0x110 [ 926.331602][T20679] drm_atomic_get_plane_state+0x25a/0x670 [ 926.331634][T20679] __drm_atomic_helper_set_config+0xfa/0xec0 [ 926.331663][T20679] ? __kmalloc_noprof+0x37d/0x760 [ 926.331683][T20679] ? __pfx___drm_atomic_helper_set_config+0x10/0x10 [ 926.331712][T20679] ? drm_atomic_state_init+0x306/0x3b0 [ 926.331740][T20679] drm_atomic_helper_set_config+0x8d/0x160 [ 926.331766][T20679] drm_mode_setcrtc+0xa68/0x1d20 [ 926.331796][T20679] ? security_file_ioctl+0xc3/0x2a0 [ 926.331828][T20679] ? __lock_acquire+0x6b5/0x2cf0 [ 926.331855][T20679] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 926.331900][T20679] ? do_raw_spin_unlock+0xf5/0x210 [ 926.331921][T20679] ? _raw_spin_unlock+0x28/0x50 [ 926.331943][T20679] ? drm_is_current_master+0x19f/0x200 [ 926.331963][T20679] drm_ioctl_kernel+0x2df/0x3b0 [ 926.331987][T20679] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 926.332008][T20679] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 926.332037][T20679] drm_ioctl+0x6ba/0xb80 [ 926.332064][T20679] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 926.332090][T20679] ? __pfx_drm_ioctl+0x10/0x10 [ 926.332125][T20679] ? __fget_files+0x2a/0x420 [ 926.332150][T20679] ? bpf_lsm_file_ioctl+0x9/0x20 [ 926.332164][T20679] ? __pfx_drm_ioctl+0x10/0x10 [ 926.332176][T20679] __se_sys_ioctl+0xfc/0x170 [ 926.332188][T20679] do_syscall_64+0x14d/0xf80 [ 926.332198][T20679] ? trace_irq_disable+0x3b/0x150 [ 926.332216][T20679] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.332234][T20679] ? clear_bhb_loop+0x40/0x90 [ 926.332256][T20679] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 926.332274][T20679] RIP: 0033:0x7fab6999c799 [ 926.332291][T20679] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 926.332305][T20679] RSP: 002b:00007fab6a7bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 926.332317][T20679] RAX: ffffffffffffffda RBX: 00007fab69c15fa0 RCX: 00007fab6999c799 [ 926.332324][T20679] RDX: 0000200000000400 RSI: 00000000c06864a2 RDI: 0000000000000003 [ 926.332331][T20679] RBP: 00007fab6a7bf090 R08: 0000000000000000 R09: 0000000000000000 [ 926.332337][T20679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 926.332343][T20679] R13: 00007fab69c16038 R14: 00007fab69c15fa0 R15: 00007fab69d3fa48 [ 926.332359][T20679] [ 926.497870][ T5905] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 926.700575][ T5905] usb 5-1: Using ep0 maxpacket: 8 [ 926.710130][ T5905] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 926.718035][ T5905] usb 5-1: can't read configurations, error -61 [ 926.740209][T20657] usb 7-1: dvb_usb_au6610: wlen=0, aborting [ 926.746180][T17374] zl10353_read_register: readreg error (reg=127, ret==0) [ 926.777731][ T10] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 926.808571][ T10] usb 4-1: device descriptor read/8, error -71 [ 926.858943][ T5905] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 926.873534][T11715] usb 6-1: USB disconnect, device number 6 [ 926.891523][ T5905] usb 5-1: Using ep0 maxpacket: 8 [ 926.909899][ T5905] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 926.919003][ T5905] usb 5-1: can't read configurations, error -61 [ 926.926410][ T5905] usb usb5-port1: unable to enumerate USB device [ 927.058194][ T10] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 927.088446][ T10] usb 4-1: device descriptor read/8, error -71 [ 927.198646][ T10] usb usb4-port1: unable to enumerate USB device [ 927.337938][ T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 927.487890][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 927.494629][ T10] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 927.503307][ T10] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 927.513877][ T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 927.524490][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 927.755662][T20690] netlink: 'syz.4.4272': attribute type 10 has an invalid length. [ 927.766408][T20690] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 927.795120][ T10] usb 7-1: USB disconnect, device number 12 [ 927.803174][T20690] team0: Failed to send options change via netlink (err -105) [ 927.818343][T20690] team0: Port device netdevsim0 added [ 927.843930][T20692] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4273'. [ 927.859395][T20692] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4273'. [ 927.932199][T20692] kvm: kvm [20691]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 927.941669][T20692] kvm: kvm [20691]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 928.148105][T17374] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 928.178599][T20702] loop5: detected capacity change from 0 to 3 [ 928.185798][T20702] Dev loop5: unable to read RDB block 3 [ 928.192686][T20702] loop5: AHDI p1 p2 [ 928.196768][T20702] loop5: partition table partially beyond EOD, truncated [ 928.334504][T17374] usb 5-1: config 0 has an invalid interface number: 11 but max is 0 [ 928.352160][T17374] usb 5-1: config 0 has no interface number 0 [ 928.371092][T17374] usb 5-1: config 0 interface 11 has no altsetting 0 [ 928.378743][T17374] usb 5-1: New USB device found, idVendor=1871, idProduct=0306, bcdDevice=1a.d2 [ 928.389714][T17374] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 928.414561][T17374] usb 5-1: config 0 descriptor?? [ 928.527473][T20713] fuse: Bad value for 'rootmode' [ 928.532979][ T5913] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 928.634628][T17374] usb 5-1: string descriptor 0 read error: -71 [ 928.645572][T17374] uvcvideo 5-1:0.11: Found multiple Units with ID 1 [ 928.664216][T17374] uvcvideo 5-1:0.11: Found UVC 0.00 device (1871:0306) [ 928.674403][T17374] uvcvideo 5-1:0.11: No valid video chain found. [ 928.687905][ T5913] usb 4-1: Using ep0 maxpacket: 8 [ 928.689075][T17374] usb 5-1: USB disconnect, device number 63 [ 928.700823][ T5913] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 928.712249][ T5913] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 928.726824][ T5913] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 928.737134][ T5913] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 928.747334][ T5913] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 928.760579][ T5913] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 928.769689][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 928.983318][ T5913] usb 4-1: GET_CAPABILITIES returned 0 [ 928.988873][ T5913] usbtmc 4-1:16.0: can't read capabilities [ 929.797761][ T5929] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 930.010447][ T5929] usb 7-1: not running at top speed; connect to a high speed hub [ 930.084830][ T5929] usb 7-1: config 95 has an invalid interface number: 1 but max is 0 [ 930.099041][ T5929] usb 7-1: config 95 has no interface number 0 [ 930.111507][ T5929] usb 7-1: config 95 interface 1 has no altsetting 0 [ 930.129523][ T5929] usb 7-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79 [ 930.138986][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 930.148179][T17374] usb 6-1: USB disconnect, device number 7 [ 930.170362][ T5929] usb 7-1: Product: syz [ 930.190525][ T5929] usb 7-1: Manufacturer: syz [ 930.210321][ T5929] usb 7-1: SerialNumber: syz [ 930.429440][T20725] sg_read: process 257 (syz.6.4283) changed security contexts after opening file descriptor, this is not allowed. [ 930.814423][ T5929] usb 7-1: USB disconnect, device number 13 [ 930.922503][T20753] netlink: 428 bytes leftover after parsing attributes in process `syz.4.4293'. [ 931.078540][T15045] udevd[15045]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 931.202619][T20756] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 931.231363][T20756] team0: Port device batadv1 added [ 931.259609][T20756] hub 9-0:1.0: USB hub found [ 931.267774][T20756] hub 9-0:1.0: 1 port detected [ 931.407064][ T10] usb 4-1: USB disconnect, device number 38 [ 931.436294][T20759] loop5: detected capacity change from 0 to 3 [ 931.449770][T20759] Dev loop5: unable to read RDB block 3 [ 931.455442][T20759] loop5: AHDI p1 p2 [ 931.459826][T20759] loop5: partition table partially beyond EOD, truncated [ 931.531775][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.541169][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.696796][T20765] C: renamed from team_slave_0 [ 931.760577][T20765] netlink: 'syz.4.4297': attribute type 4 has an invalid length. [ 931.779456][T20765] netlink: 116 bytes leftover after parsing attributes in process `syz.4.4297'. [ 931.806293][T20765] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 931.812782][T20770] blktrace: Concurrent blktraces are not allowed on sg0 [ 932.035383][T20774] netlink: 'syz.4.4298': attribute type 1 has an invalid length. [ 932.045587][T20774] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4298'. [ 932.793249][T20778] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4299'. [ 933.498171][T11715] usb 2-1: new full-speed USB device number 66 using dummy_hcd [ 933.567746][T17374] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 933.627695][T11715] usb 2-1: device descriptor read/64, error -71 [ 933.687712][ T5929] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 933.737703][T17374] usb 5-1: Using ep0 maxpacket: 8 [ 933.744408][T17374] usb 5-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 933.753676][T17374] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 933.764610][T17374] usb 5-1: config 0 descriptor?? [ 933.773431][T17374] uvcvideo 5-1:0.0: probe with driver uvcvideo failed with error -22 [ 933.837734][ T5929] usb 4-1: Using ep0 maxpacket: 8 [ 933.844832][ T5929] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 933.853387][ T5929] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 933.864657][ T5929] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 933.875596][ T5929] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 933.875612][T11715] usb 2-1: new full-speed USB device number 67 using dummy_hcd [ 933.894622][ T5929] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 933.907873][ T5929] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 933.916998][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 933.977031][ T5913] usb 5-1: USB disconnect, device number 64 [ 934.017748][T11715] usb 2-1: device descriptor read/64, error -71 [ 934.062939][T20797] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4306'. [ 934.130522][ T5929] usb 4-1: GET_CAPABILITIES returned 0 [ 934.146580][ T5929] usbtmc 4-1:16.0: can't read capabilities [ 934.152496][T11715] usb usb2-port1: attempt power cycle [ 934.507716][T11715] usb 2-1: new full-speed USB device number 68 using dummy_hcd [ 934.531362][T11715] usb 2-1: device descriptor read/8, error -71 [ 934.538536][T20802] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 934.599978][T20804] netlink: 'syz.4.4309': attribute type 1 has an invalid length. [ 934.608563][T20804] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4309'. [ 934.787932][T11715] usb 2-1: new full-speed USB device number 69 using dummy_hcd [ 934.810204][T11715] usb 2-1: device descriptor read/8, error -71 [ 934.938108][T11715] usb usb2-port1: unable to enumerate USB device [ 935.947897][T20824] kvm: kvm [20823]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 935.964444][T20824] kvm: kvm [20823]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 936.080139][T20827] netlink: 72 bytes leftover after parsing attributes in process `syz.5.4316'. [ 936.192703][T20831] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4318'. [ 936.248288][T20830] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 936.277771][T20830] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 936.401389][T20837] netlink: 'syz.4.4320': attribute type 1 has an invalid length. [ 936.430942][T20837] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4320'. [ 936.468909][ T10] usb 4-1: USB disconnect, device number 39 [ 936.592231][T20843] loop5: detected capacity change from 0 to 7 [ 936.601525][T20843] Dev loop5: unable to read RDB block 7 [ 936.607131][T20843] loop5: unable to read partition table [ 936.613650][T20843] loop5: partition table beyond EOD, truncated [ 936.633764][T20843] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 936.917006][ T29] kauditd_printk_skb: 102 callbacks suppressed [ 936.917022][ T29] audit: type=1326 audit(1772250505.773:2025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20852 comm="syz.1.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6999c799 code=0x7ffc0000 [ 936.982218][ T29] audit: type=1326 audit(1772250505.773:2026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20852 comm="syz.1.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6999c799 code=0x7ffc0000 [ 937.299598][ T29] audit: type=1326 audit(1772250505.773:2027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20852 comm="syz.1.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fab6999c799 code=0x7ffc0000 [ 937.406239][ T29] audit: type=1326 audit(1772250505.773:2028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20852 comm="syz.1.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6999c799 code=0x7ffc0000 [ 937.416248][T20862] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4327'. [ 937.572764][T20865] loop5: detected capacity change from 0 to 3 [ 937.580255][ T29] audit: type=1326 audit(1772250505.773:2029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20852 comm="syz.1.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fab6999c799 code=0x7ffc0000 [ 937.613936][T20865] Dev loop5: unable to read RDB block 3 [ 937.625256][T20865] loop5: AHDI p1 p2 [ 937.631986][ T29] audit: type=1326 audit(1772250505.773:2030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20852 comm="syz.1.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6999c799 code=0x7ffc0000 [ 937.654764][T20865] loop5: partition table partially beyond EOD, truncated [ 937.705707][ T29] audit: type=1326 audit(1772250505.773:2031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20852 comm="syz.1.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6999c799 code=0x7ffc0000 [ 937.764643][ T29] audit: type=1326 audit(1772250505.773:2032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20852 comm="syz.1.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6999c799 code=0x7ffc0000 [ 937.815118][ T29] audit: type=1326 audit(1772250505.773:2033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20852 comm="syz.1.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fab6999c799 code=0x7ffc0000 [ 937.850023][T20868] kvm: kvm [20867]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 937.863551][T20868] kvm: kvm [20867]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 937.879563][ T29] audit: type=1326 audit(1772250505.773:2034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20852 comm="syz.1.4325" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab6999c799 code=0x7ffc0000 [ 938.436269][T20876] netlink: 104 bytes leftover after parsing attributes in process `syz.1.4332'. [ 938.730907][ T5830] Bluetooth: hci3: command 0x0406 tx timeout [ 938.997693][T11715] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 939.262180][T20891] xt_CT: You must specify a L4 protocol and not use inversions on it [ 939.297879][T11715] usb 2-1: Using ep0 maxpacket: 16 [ 939.424201][T20894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 939.432955][T20894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 939.441886][T20894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 939.452492][T20894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 939.896109][T20905] loop5: detected capacity change from 0 to 7 [ 939.928308][T15045] Dev loop5: unable to read RDB block 7 [ 939.935508][T15045] loop5: unable to read partition table [ 940.371288][T15045] loop5: partition table beyond EOD, truncated [ 940.420504][T20905] Dev loop5: unable to read RDB block 7 [ 940.426247][T20905] loop5: unable to read partition table [ 940.436110][T20905] loop5: partition table beyond EOD, truncated [ 940.443377][T20905] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 940.734750][T20915] netlink: 104 bytes leftover after parsing attributes in process `syz.4.4344'. [ 940.892276][T20917] loop5: detected capacity change from 0 to 3 [ 940.903126][T20917] Dev loop5: unable to read RDB block 3 [ 940.912040][T20917] loop5: AHDI p1 p2 [ 940.915996][T20917] loop5: partition table partially beyond EOD, truncated [ 941.196747][T20922] netlink: 212248 bytes leftover after parsing attributes in process `syz.3.4348'. [ 941.328488][T20927] FAULT_INJECTION: forcing a failure. [ 941.328488][T20927] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 941.341861][T20927] CPU: 1 UID: 0 PID: 20927 Comm: syz.5.4350 Tainted: G L syzkaller #0 PREEMPT(full) [ 941.341891][T20927] Tainted: [L]=SOFTLOCKUP [ 941.341897][T20927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 941.341908][T20927] Call Trace: [ 941.341916][T20927] [ 941.341924][T20927] dump_stack_lvl+0xe8/0x150 [ 941.341952][T20927] should_fail_ex+0x412/0x560 [ 941.341979][T20927] _copy_from_user+0x2d/0xb0 [ 941.342004][T20927] binder_ioctl_write_read+0x16a/0xa660 [ 941.342030][T20927] ? is_bpf_text_address+0x26/0x2b0 [ 941.342051][T20927] ? is_bpf_text_address+0x292/0x2b0 [ 941.342069][T20927] ? is_bpf_text_address+0x26/0x2b0 [ 941.342089][T20927] ? kernel_text_address+0xa5/0xe0 [ 941.342110][T20927] ? __kernel_text_address+0xd/0x30 [ 941.342127][T20927] ? unwind_get_return_address+0x4d/0x90 [ 941.342151][T20927] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 941.342171][T20927] ? arch_stack_walk+0xfb/0x150 [ 941.342205][T20927] ? stack_trace_save+0xa9/0x100 [ 941.342223][T20927] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 941.342244][T20927] ? kasan_save_free_info+0x46/0x50 [ 941.342271][T20927] ? stack_depot_save_flags+0x33/0x810 [ 941.342292][T20927] ? format_decode+0xd0/0xe10 [ 941.342316][T20927] ? kasan_save_track+0x4f/0x80 [ 941.342332][T20927] ? kasan_save_track+0x3e/0x80 [ 941.342347][T20927] ? kasan_save_free_info+0x46/0x50 [ 941.342369][T20927] ? __kasan_slab_free+0x5c/0x80 [ 941.342389][T20927] ? __lock_acquire+0x6b5/0x2cf0 [ 941.342421][T20927] ? binder_debug+0x155/0x1d0 [ 941.342448][T20927] ? __pfx_binder_debug+0x10/0x10 [ 941.342467][T20927] ? do_raw_spin_lock+0x12b/0x2f0 [ 941.342499][T20927] ? _raw_spin_unlock+0x28/0x50 [ 941.342532][T20927] ? binder_get_thread+0x177/0x6d0 [ 941.342558][T20927] binder_ioctl+0x423/0x1b70 [ 941.342580][T20927] ? tomoyo_path_number_perm+0x219/0x630 [ 941.342601][T20927] ? tomoyo_path_number_perm+0x219/0x630 [ 941.342623][T20927] ? do_vfs_ioctl+0x1166/0x1530 [ 941.342643][T20927] ? __pfx_binder_ioctl+0x10/0x10 [ 941.342664][T20927] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 941.342693][T20927] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 941.342729][T20927] ? __fget_files+0x2a/0x420 [ 941.342754][T20927] ? __fget_files+0x2a/0x420 [ 941.342775][T20927] ? __fget_files+0x3a0/0x420 [ 941.342797][T20927] ? __fget_files+0x2a/0x420 [ 941.342822][T20927] ? bpf_lsm_file_ioctl+0x9/0x20 [ 941.342843][T20927] ? __pfx_binder_ioctl+0x10/0x10 [ 941.342865][T20927] __se_sys_ioctl+0xfc/0x170 [ 941.342887][T20927] do_syscall_64+0x14d/0xf80 [ 941.342902][T20927] ? trace_irq_disable+0x3b/0x150 [ 941.342925][T20927] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.342943][T20927] ? clear_bhb_loop+0x40/0x90 [ 941.342965][T20927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 941.342983][T20927] RIP: 0033:0x7f5a1e79c799 [ 941.343000][T20927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 941.343015][T20927] RSP: 002b:00007f5a1f64c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 941.343036][T20927] RAX: ffffffffffffffda RBX: 00007f5a1ea15fa0 RCX: 00007f5a1e79c799 [ 941.343048][T20927] RDX: 0000200000000640 RSI: 00000000c0306201 RDI: 0000000000000003 [ 941.343059][T20927] RBP: 00007f5a1f64c090 R08: 0000000000000000 R09: 0000000000000000 [ 941.343070][T20927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 941.343079][T20927] R13: 00007f5a1ea16038 R14: 00007f5a1ea15fa0 R15: 00007f5a1eb3fa48 [ 941.343104][T20927] [ 941.343113][T20927] binder: 20926:20927 ioctl c0306201 200000000640 returned -14 [ 941.538427][ T10] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 941.823593][T11715] usb 2-1: unable to get BOS descriptor or descriptor too short [ 941.834283][T11715] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 941.842316][T11715] usb 2-1: can't read configurations, error -71 [ 941.910851][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 941.919874][ T10] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 942.023168][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 942.033569][ T10] usb 4-1: Product: syz [ 942.038648][ T10] usb 4-1: Manufacturer: syz [ 942.043630][ T10] usb 4-1: SerialNumber: syz [ 942.621701][ T10] usb 4-1: config 0 descriptor?? [ 942.937111][ T10] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 040 [ 943.220201][T20952] netlink: 104 bytes leftover after parsing attributes in process `syz.6.4356'. [ 943.473734][T20955] vlan2: entered promiscuous mode [ 943.479590][T20955] bond0: entered promiscuous mode [ 943.505844][T20955] bond_slave_0: entered promiscuous mode [ 943.521067][T20955] bond_slave_1: entered promiscuous mode [ 943.603918][T20922] i2c i2c-1: failure reading status [ 943.883504][T20967] netlink: 'syz.6.4360': attribute type 1 has an invalid length. [ 944.186970][T20975] FAULT_INJECTION: forcing a failure. [ 944.186970][T20975] name failslab, interval 1, probability 0, space 0, times 0 [ 944.229866][T20975] CPU: 0 UID: 0 PID: 20975 Comm: syz.1.4363 Tainted: G L syzkaller #0 PREEMPT(full) [ 944.229894][T20975] Tainted: [L]=SOFTLOCKUP [ 944.229901][T20975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 944.229912][T20975] Call Trace: [ 944.229920][T20975] [ 944.229928][T20975] dump_stack_lvl+0xe8/0x150 [ 944.229957][T20975] should_fail_ex+0x412/0x560 [ 944.229980][T20975] should_failslab+0xa8/0x100 [ 944.230002][T20975] __kmalloc_cache_noprof+0x88/0x660 [ 944.230020][T20975] ? vkms_plane_duplicate_state+0x8d/0x110 [ 944.230043][T20975] ? __kmalloc_cache_noprof+0x15b/0x660 [ 944.230065][T20975] vkms_plane_duplicate_state+0x8d/0x110 [ 944.230085][T20975] drm_atomic_get_plane_state+0x25a/0x670 [ 944.230114][T20975] drm_atomic_add_affected_planes+0x23b/0x380 [ 944.230143][T20975] drm_atomic_helper_check_modeset+0x267b/0x3940 [ 944.230175][T20975] ? __pfx___drm_dev_dbg+0x10/0x10 [ 944.230194][T20975] ? __drm_dev_dbg+0xf1/0x200 [ 944.230218][T20975] drm_atomic_helper_check+0x24/0x190 [ 944.230237][T20975] ? __pfx_vkms_atomic_check+0x10/0x10 [ 944.230256][T20975] drm_atomic_check_only+0x1678/0x3090 [ 944.230306][T20975] drm_atomic_commit+0x167/0x2b0 [ 944.230331][T20975] ? __pfx_drm_atomic_commit+0x10/0x10 [ 944.230353][T20975] ? __pfx___drm_printfn_info+0x10/0x10 [ 944.230382][T20975] ? drm_atomic_state_init+0x306/0x3b0 [ 944.230408][T20975] drm_atomic_helper_set_config+0xe2/0x160 [ 944.230434][T20975] drm_mode_setcrtc+0xa68/0x1d20 [ 944.230464][T20975] ? security_file_ioctl+0xc3/0x2a0 [ 944.230495][T20975] ? __lock_acquire+0x6b5/0x2cf0 [ 944.230521][T20975] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 944.230564][T20975] ? do_raw_spin_unlock+0xf5/0x210 [ 944.230586][T20975] ? _raw_spin_unlock+0x28/0x50 [ 944.230605][T20975] ? drm_is_current_master+0x19f/0x200 [ 944.230625][T20975] drm_ioctl_kernel+0x2df/0x3b0 [ 944.230653][T20975] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 944.230676][T20975] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 944.230708][T20975] drm_ioctl+0x6ba/0xb80 [ 944.230736][T20975] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 944.230763][T20975] ? __pfx_drm_ioctl+0x10/0x10 [ 944.230797][T20975] ? __fget_files+0x2a/0x420 [ 944.230823][T20975] ? bpf_lsm_file_ioctl+0x9/0x20 [ 944.230843][T20975] ? __pfx_drm_ioctl+0x10/0x10 [ 944.230864][T20975] __se_sys_ioctl+0xfc/0x170 [ 944.230887][T20975] do_syscall_64+0x14d/0xf80 [ 944.230903][T20975] ? trace_irq_disable+0x3b/0x150 [ 944.230926][T20975] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.230944][T20975] ? clear_bhb_loop+0x40/0x90 [ 944.230965][T20975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.230983][T20975] RIP: 0033:0x7fab6999c799 [ 944.231000][T20975] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 944.231013][T20975] RSP: 002b:00007fab6a79e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 944.231033][T20975] RAX: ffffffffffffffda RBX: 00007fab69c16090 RCX: 00007fab6999c799 [ 944.231046][T20975] RDX: 0000200000000400 RSI: 00000000c06864a2 RDI: 0000000000000003 [ 944.231059][T20975] RBP: 00007fab6a79e090 R08: 0000000000000000 R09: 0000000000000000 [ 944.231070][T20975] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 944.231081][T20975] R13: 00007fab69c16128 R14: 00007fab69c16090 R15: 00007fab69d3fa48 [ 944.231110][T20975] [ 944.646320][T17374] usb 4-1: USB disconnect, device number 40 [ 944.737740][ T5929] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 944.758308][T20982] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4366'. [ 944.768529][T20982] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4366'. [ 944.927706][ T5929] usb 7-1: Using ep0 maxpacket: 32 [ 944.941932][ T5929] usb 7-1: config index 0 descriptor too short (expected 35577, got 27) [ 944.977351][ T5929] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 945.015451][ T5929] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 945.027801][T20990] netlink: 'syz.5.4369': attribute type 15 has an invalid length. [ 945.041878][T20984] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 945.078645][T17374] usb 2-1: new full-speed USB device number 72 using dummy_hcd [ 945.091768][ T5929] usb 7-1: config 1 has no interface number 0 [ 945.098967][ T5929] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 945.111852][ T5929] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 1796, setting to 1024 [ 945.123308][ T5929] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 945.139252][ T5929] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 945.141001][T20992] FAULT_INJECTION: forcing a failure. [ 945.141001][T20992] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 945.162075][T20992] CPU: 0 UID: 0 PID: 20992 Comm: syz.3.4368 Tainted: G L syzkaller #0 PREEMPT(full) [ 945.162104][T20992] Tainted: [L]=SOFTLOCKUP [ 945.162112][T20992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 945.162122][T20992] Call Trace: [ 945.162130][T20992] [ 945.162138][T20992] dump_stack_lvl+0xe8/0x150 [ 945.162166][T20992] should_fail_ex+0x412/0x560 [ 945.162188][T20992] copy_fpstate_to_sigframe+0xb4a/0xd90 [ 945.162211][T20992] ? copy_fpstate_to_sigframe+0x196/0xd90 [ 945.162234][T20992] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 945.162255][T20992] ? __lock_acquire+0x6b5/0x2cf0 [ 945.162277][T20992] ? ktime_get+0x45/0x200 [ 945.162293][T20992] ? seqcount_lockdep_reader_access+0xd4/0x100 [ 945.162312][T20992] ? read_tsc+0x9/0x20 [ 945.162330][T20992] ? ktime_get+0x1d2/0x200 [ 945.162351][T20992] ? fpu__alloc_mathframe+0xac/0x130 [ 945.162374][T20992] get_sigframe+0x5f7/0x820 [ 945.162402][T20992] ? __pfx_get_sigframe+0x10/0x10 [ 945.162426][T20992] ? posixtimer_deliver_signal+0x304/0x410 [ 945.162452][T20992] x64_setup_rt_frame+0x160/0xcb0 [ 945.162477][T20992] ? _raw_spin_unlock_irq+0x23/0x50 [ 945.162501][T20992] ? lockdep_hardirqs_on+0x7a/0x110 [ 945.162532][T20992] ? _raw_spin_unlock_irq+0x2e/0x50 [ 945.162554][T20992] ? get_signal+0x114f/0x1330 [ 945.162580][T20992] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 945.162609][T20992] arch_do_signal_or_restart+0x424/0x830 [ 945.162632][T20992] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 945.162659][T20992] ? ksys_read+0x242/0x270 [ 945.162686][T20992] exit_to_user_mode_loop+0x86/0x480 [ 945.162705][T20992] ? rcu_is_watching+0x15/0xb0 [ 945.162731][T20992] do_syscall_64+0x32d/0xf80 [ 945.162747][T20992] ? trace_irq_disable+0x3b/0x150 [ 945.162771][T20992] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.162789][T20992] ? clear_bhb_loop+0x40/0x90 [ 945.162811][T20992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.162829][T20992] RIP: 0033:0x7f407e59c797 [ 945.162846][T20992] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 [ 945.162859][T20992] RSP: 002b:00007f407f47d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 945.162878][T20992] RAX: 0000000000000000 RBX: 00007f407e815fa0 RCX: 00007f407e59c799 [ 945.162890][T20992] RDX: 00000000000000c9 RSI: 0000200000000080 RDI: 0000000000000003 [ 945.162901][T20992] RBP: 00007f407f47d090 R08: 0000000000000000 R09: 0000000000000000 [ 945.162912][T20992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 945.162924][T20992] R13: 00007f407e816038 R14: 00007f407e815fa0 R15: 00007f407e93fa48 [ 945.162952][T20992] [ 945.434117][ T5929] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 945.469836][T20977] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 945.480046][ T5929] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found [ 945.596684][T17374] usb 2-1: not running at top speed; connect to a high speed hub [ 945.668154][T17374] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 0 [ 945.676702][T17374] usb 2-1: can't read configurations, error -22 [ 945.688227][T20977] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 945.702383][ T5929] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now attached [ 945.807213][T21000] FAULT_INJECTION: forcing a failure. [ 945.807213][T21000] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 945.821259][T21000] CPU: 0 UID: 0 PID: 21000 Comm: syz.5.4372 Tainted: G L syzkaller #0 PREEMPT(full) [ 945.821285][T21000] Tainted: [L]=SOFTLOCKUP [ 945.821292][T21000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 945.821302][T21000] Call Trace: [ 945.821310][T21000] [ 945.821317][T21000] dump_stack_lvl+0xe8/0x150 [ 945.821346][T21000] should_fail_ex+0x412/0x560 [ 945.821371][T21000] _copy_from_user+0x2d/0xb0 [ 945.821397][T21000] binder_ioctl_write_read+0x99d/0xa660 [ 945.821422][T21000] ? is_bpf_text_address+0x26/0x2b0 [ 945.821455][T21000] ? unwind_get_return_address+0x4d/0x90 [ 945.821512][T21000] ? arch_stack_walk+0xfb/0x150 [ 945.821547][T21000] ? stack_trace_save+0xa9/0x100 [ 945.821564][T21000] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 945.821585][T21000] ? kasan_save_free_info+0x46/0x50 [ 945.821611][T21000] ? stack_depot_save_flags+0x33/0x810 [ 945.821631][T21000] ? format_decode+0xd0/0xe10 [ 945.821655][T21000] ? kasan_save_track+0x4f/0x80 [ 945.821670][T21000] ? kasan_save_track+0x3e/0x80 [ 945.821686][T21000] ? kasan_save_free_info+0x46/0x50 [ 945.821707][T21000] ? __kasan_slab_free+0x5c/0x80 [ 945.821727][T21000] ? __lock_acquire+0x6b5/0x2cf0 [ 945.821759][T21000] ? binder_debug+0x155/0x1d0 [ 945.821786][T21000] ? __pfx_binder_debug+0x10/0x10 [ 945.821805][T21000] ? do_raw_spin_lock+0x12b/0x2f0 [ 945.821837][T21000] ? _raw_spin_unlock+0x28/0x50 [ 945.821858][T21000] ? binder_get_thread+0x177/0x6d0 [ 945.821884][T21000] binder_ioctl+0x423/0x1b70 [ 945.821909][T21000] ? tomoyo_path_number_perm+0x219/0x630 [ 945.821930][T21000] ? tomoyo_path_number_perm+0x219/0x630 [ 945.821952][T21000] ? do_vfs_ioctl+0x1166/0x1530 [ 945.821971][T21000] ? __pfx_binder_ioctl+0x10/0x10 [ 945.821993][T21000] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 945.822023][T21000] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 945.822058][T21000] ? __fget_files+0x2a/0x420 [ 945.822083][T21000] ? __fget_files+0x2a/0x420 [ 945.822103][T21000] ? __fget_files+0x3a0/0x420 [ 945.822124][T21000] ? __fget_files+0x2a/0x420 [ 945.822149][T21000] ? bpf_lsm_file_ioctl+0x9/0x20 [ 945.822169][T21000] ? __pfx_binder_ioctl+0x10/0x10 [ 945.822191][T21000] __se_sys_ioctl+0xfc/0x170 [ 945.822211][T21000] do_syscall_64+0x14d/0xf80 [ 945.822234][T21000] ? trace_irq_disable+0x3b/0x150 [ 945.822257][T21000] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.822275][T21000] ? clear_bhb_loop+0x40/0x90 [ 945.822296][T21000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.822313][T21000] RIP: 0033:0x7f5a1e79c799 [ 945.822331][T21000] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 945.822346][T21000] RSP: 002b:00007f5a1f64c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 945.822365][T21000] RAX: ffffffffffffffda RBX: 00007f5a1ea15fa0 RCX: 00007f5a1e79c799 [ 945.822378][T21000] RDX: 0000200000000640 RSI: 00000000c0306201 RDI: 0000000000000003 [ 945.822390][T21000] RBP: 00007f5a1f64c090 R08: 0000000000000000 R09: 0000000000000000 [ 945.822402][T21000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 945.822413][T21000] R13: 00007f5a1ea16038 R14: 00007f5a1ea15fa0 R15: 00007f5a1eb3fa48 [ 945.822440][T21000] [ 945.822532][T21000] binder: 20999:21000 ioctl c0306201 200000000640 returned -14 [ 946.246270][T17374] usb 2-1: new full-speed USB device number 73 using dummy_hcd [ 946.450092][T17374] usb 2-1: not running at top speed; connect to a high speed hub [ 946.463522][T17374] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 0 [ 946.475060][T17374] usb 2-1: can't read configurations, error -22 [ 946.482530][T17374] usb usb2-port1: attempt power cycle [ 946.730599][ T5929] snd_usb_pod 7-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 946.750856][T21021] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4378'. [ 946.773472][ T10] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 946.858659][T17374] usb 2-1: new full-speed USB device number 74 using dummy_hcd [ 946.868194][ T29] kauditd_printk_skb: 194 callbacks suppressed [ 946.868211][ T29] audit: type=1804 audit(1772250515.723:2229): pid=21021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.4378" name="/newroot/145/file1" dev="fuse" ino=1 res=1 errno=0 [ 946.902004][T17374] usb 2-1: not running at top speed; connect to a high speed hub [ 946.941135][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 946.952463][ T10] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 946.960810][ T10] usb 5-1: can't read configurations, error -61 [ 946.969301][T17374] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 0 [ 946.986082][T17374] usb 2-1: can't read configurations, error -22 [ 947.107747][ T10] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 947.116303][T21038] xt_CT: You must specify a L4 protocol and not use inversions on it [ 947.137817][T17374] usb 2-1: new full-speed USB device number 75 using dummy_hcd [ 947.173029][T17374] usb 2-1: not running at top speed; connect to a high speed hub [ 947.183592][T17374] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 0 [ 947.193224][T17374] usb 2-1: can't read configurations, error -22 [ 947.200762][T17374] usb usb2-port1: unable to enumerate USB device [ 947.224300][T21040] FAULT_INJECTION: forcing a failure. [ 947.224300][T21040] name failslab, interval 1, probability 0, space 0, times 0 [ 947.237316][T21040] CPU: 0 UID: 0 PID: 21040 Comm: syz.3.4385 Tainted: G L syzkaller #0 PREEMPT(full) [ 947.237343][T21040] Tainted: [L]=SOFTLOCKUP [ 947.237350][T21040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 947.237361][T21040] Call Trace: [ 947.237368][T21040] [ 947.237376][T21040] dump_stack_lvl+0xe8/0x150 [ 947.237405][T21040] should_fail_ex+0x412/0x560 [ 947.237430][T21040] should_failslab+0xa8/0x100 [ 947.237453][T21040] __kmalloc_cache_noprof+0x88/0x660 [ 947.237470][T21040] ? drm_atomic_helper_check_planes+0x5fd/0x7e0 [ 947.237489][T21040] ? drm_atomic_helper_setup_commit+0x1c8/0x1a90 [ 947.237501][T21040] ? drm_self_refresh_helper_alter_state+0x491/0x520 [ 947.237520][T21040] drm_atomic_helper_setup_commit+0x1c8/0x1a90 [ 947.237545][T21040] drm_atomic_helper_commit+0x6a/0xb10 [ 947.237575][T21040] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 947.237596][T21040] drm_atomic_commit+0x246/0x2b0 [ 947.237622][T21040] ? __pfx_drm_atomic_commit+0x10/0x10 [ 947.237650][T21040] ? __pfx___drm_printfn_info+0x10/0x10 [ 947.237678][T21040] ? drm_atomic_state_init+0x306/0x3b0 [ 947.237704][T21040] drm_atomic_helper_set_config+0xe2/0x160 [ 947.237728][T21040] drm_mode_setcrtc+0xa68/0x1d20 [ 947.237756][T21040] ? security_file_ioctl+0xc3/0x2a0 [ 947.237784][T21040] ? __lock_acquire+0x6b5/0x2cf0 [ 947.237809][T21040] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 947.237851][T21040] ? do_raw_spin_unlock+0xf5/0x210 [ 947.237869][T21040] ? _raw_spin_unlock+0x28/0x50 [ 947.237889][T21040] ? drm_is_current_master+0x19f/0x200 [ 947.237909][T21040] drm_ioctl_kernel+0x2df/0x3b0 [ 947.237943][T21040] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 947.237968][T21040] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 947.238000][T21040] drm_ioctl+0x6ba/0xb80 [ 947.238026][T21040] ? __pfx_drm_mode_setcrtc+0x10/0x10 [ 947.238052][T21040] ? __pfx_drm_ioctl+0x10/0x10 [ 947.238092][T21040] ? __fget_files+0x2a/0x420 [ 947.238119][T21040] ? bpf_lsm_file_ioctl+0x9/0x20 [ 947.238139][T21040] ? __pfx_drm_ioctl+0x10/0x10 [ 947.238161][T21040] __se_sys_ioctl+0xfc/0x170 [ 947.238183][T21040] do_syscall_64+0x14d/0xf80 [ 947.238199][T21040] ? trace_irq_disable+0x3b/0x150 [ 947.238221][T21040] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.238239][T21040] ? clear_bhb_loop+0x40/0x90 [ 947.238261][T21040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.238279][T21040] RIP: 0033:0x7f407e59c799 [ 947.238297][T21040] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 947.238311][T21040] RSP: 002b:00007f407f47d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 947.238330][T21040] RAX: ffffffffffffffda RBX: 00007f407e815fa0 RCX: 00007f407e59c799 [ 947.238341][T21040] RDX: 0000200000000400 RSI: 00000000c06864a2 RDI: 0000000000000003 [ 947.238350][T21040] RBP: 00007f407f47d090 R08: 0000000000000000 R09: 0000000000000000 [ 947.238361][T21040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 947.238372][T21040] R13: 00007f407e816038 R14: 00007f407e815fa0 R15: 00007f407e93fa48 [ 947.238401][T21040] [ 947.708979][T17374] usb 7-1: USB disconnect, device number 14 [ 947.742268][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 947.751671][ T10] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 947.757395][T17374] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected [ 947.764342][ T10] usb 5-1: can't read configurations, error -61 [ 947.803224][ T10] usb usb5-port1: attempt power cycle [ 948.155632][ T10] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 948.288305][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 948.313878][ T10] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 948.321835][ T10] usb 5-1: can't read configurations, error -61 [ 948.699313][ T10] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 948.728565][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 948.977485][ T10] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 948.992226][ T10] usb 5-1: can't read configurations, error -61 [ 949.006398][ T10] usb usb5-port1: unable to enumerate USB device [ 949.017762][ T5929] usb 4-1: new full-speed USB device number 41 using dummy_hcd [ 949.230460][T21073] blktrace: Concurrent blktraces are not allowed on sg0 [ 949.295046][ T5929] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 949.305562][ T5929] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 949.321291][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 949.338319][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 949.438134][ T5929] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 949.485885][T21076] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 949.586933][ T5907] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 949.674397][ T5929] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 949.693386][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 949.703513][T21081] bridge0: entered allmulticast mode [ 949.730398][ T5929] usb 4-1: Product: syz [ 949.744309][ T5929] usb 4-1: Manufacturer: syz [ 949.755837][ T5929] usb 4-1: SerialNumber: syz [ 949.820139][ T5929] usb 4-1: config 0 descriptor?? [ 949.837399][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 949.874432][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 949.886870][ T5907] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 949.923300][ T5907] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 949.945977][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 949.986531][ T5907] usb 2-1: config 0 descriptor?? [ 950.202163][ T5929] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -71 [ 950.348938][ T5929] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5 [ 950.540870][ T5929] usb 4-1: USB disconnect, device number 41 [ 951.087207][ T5907] usbhid 2-1:0.0: can't add hid device: -71 [ 951.095762][ T5907] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 951.126745][ T5907] usb 2-1: USB disconnect, device number 76 [ 952.284899][T21108] loop5: detected capacity change from 0 to 3 [ 952.307232][T15045] Dev loop5: unable to read RDB block 3 [ 952.312941][T11715] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 952.372957][T15045] loop5: AHDI p1 p2 [ 952.381797][T15045] loop5: partition table partially beyond EOD, truncated [ 952.511510][T11715] usb 6-1: device descriptor read/64, error -71 [ 952.545026][T21108] Dev loop5: unable to read RDB block 3 [ 952.651676][T21108] loop5: AHDI p1 p2 [ 952.671499][T21108] loop5: partition table partially beyond EOD, truncated [ 952.767771][T11715] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 952.899348][T11715] usb 6-1: device descriptor read/64, error -71 [ 952.934884][T21117] FAULT_INJECTION: forcing a failure. [ 952.934884][T21117] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 952.973144][T21117] CPU: 0 UID: 0 PID: 21117 Comm: syz.3.4408 Tainted: G L syzkaller #0 PREEMPT(full) [ 952.973174][T21117] Tainted: [L]=SOFTLOCKUP [ 952.973181][T21117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 952.973192][T21117] Call Trace: [ 952.973200][T21117] [ 952.973209][T21117] dump_stack_lvl+0xe8/0x150 [ 952.973238][T21117] should_fail_ex+0x412/0x560 [ 952.973266][T21117] _copy_from_user+0x2d/0xb0 [ 952.973289][T21117] kstrtouint_from_user+0xd6/0x180 [ 952.973311][T21117] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 952.973345][T21117] proc_fail_nth_write+0x8e/0x210 [ 952.973366][T21117] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 952.973394][T21117] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 952.973419][T21117] vfs_write+0x29a/0xb90 [ 952.973446][T21117] ? __pfx_vfs_write+0x10/0x10 [ 952.973467][T21117] ? __fget_files+0x2a/0x420 [ 952.973494][T21117] ? __fget_files+0x3a0/0x420 [ 952.973516][T21117] ? __fget_files+0x2a/0x420 [ 952.973548][T21117] ksys_write+0x150/0x270 [ 952.973569][T21117] ? __pfx_ksys_write+0x10/0x10 [ 952.973599][T21117] do_syscall_64+0x14d/0xf80 [ 952.973616][T21117] ? trace_irq_disable+0x3b/0x150 [ 952.973639][T21117] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.973657][T21117] ? clear_bhb_loop+0x40/0x90 [ 952.973677][T21117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 952.973695][T21117] RIP: 0033:0x7f407e55cfce [ 952.973713][T21117] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 952.973729][T21117] RSP: 002b:00007f407f47cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 952.973749][T21117] RAX: ffffffffffffffda RBX: 00007f407f47d6c0 RCX: 00007f407e55cfce [ 952.973762][T21117] RDX: 0000000000000001 RSI: 00007f407f47d0a0 RDI: 0000000000000003 [ 952.973773][T21117] RBP: 00007f407f47d090 R08: 0000000000000000 R09: 0000000000000000 [ 952.973785][T21117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 952.973795][T21117] R13: 00007f407e816038 R14: 00007f407e815fa0 R15: 00007f407e93fa48 [ 952.973825][T21117] [ 953.187077][T21119] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4406'. [ 953.204521][T11715] usb usb6-port1: attempt power cycle [ 953.547705][T11715] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 953.568253][T11715] usb 6-1: device descriptor read/8, error -71 [ 953.607671][T17374] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 953.769547][T17374] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 953.779810][T17374] usb 5-1: config 0 interface 0 has no altsetting 0 [ 953.789057][T17374] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 953.798458][T17374] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 953.815010][T17374] usb 5-1: Product: syz [ 953.822509][T17374] usb 5-1: Manufacturer: syz [ 953.828932][T11715] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 953.836615][T17374] usb 5-1: SerialNumber: syz [ 953.848071][T17374] usb 5-1: config 0 descriptor?? [ 953.863583][T17374] usb 5-1: selecting invalid altsetting 0 [ 953.893001][T11715] usb 6-1: device descriptor read/8, error -71 [ 954.008403][T11715] usb usb6-port1: unable to enumerate USB device [ 954.324942][T17374] usb 5-1: USB disconnect, device number 69 [ 954.436005][T21138] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 954.987738][ T5929] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 955.157646][ T5929] usb 2-1: Using ep0 maxpacket: 16 [ 955.173257][ T5929] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 955.185304][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 955.195253][ T5929] usb 2-1: Product: syz [ 955.202005][ T5929] usb 2-1: Manufacturer: syz [ 955.209379][ T5929] usb 2-1: SerialNumber: syz [ 955.233893][ T5929] r8152-cfgselector 2-1: Unknown version 0x0000 [ 955.241277][ T5929] r8152-cfgselector 2-1: config 0 descriptor?? [ 955.325548][T21151] loop2: detected capacity change from 0 to 7 [ 955.377034][T15558] Dev loop2: unable to read RDB block 7 [ 955.386560][T15558] loop2: unable to read partition table [ 955.393229][T15558] loop2: partition table beyond EOD, truncated [ 955.411352][T21151] Dev loop2: unable to read RDB block 7 [ 955.417168][T21151] loop2: unable to read partition table [ 955.423841][T21151] loop2: partition table beyond EOD, truncated [ 955.430133][T21151] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 955.597654][T11715] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 955.765374][T21161] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4419'. [ 955.787663][T11715] usb 4-1: Using ep0 maxpacket: 16 [ 955.799233][T11715] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 955.802559][T21141] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 955.810298][T11715] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 955.835917][T11715] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 955.845881][T11715] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 955.859114][T11715] usb 4-1: Product: syz [ 955.863483][T11715] usb 4-1: Manufacturer: syz [ 955.868810][T11715] usb 4-1: SerialNumber: syz [ 957.301082][ T29] audit: type=1326 audit(1772250526.163:2230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21178 comm="syz.6.4424" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f03c099c799 code=0x0 [ 957.617882][ T5907] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 957.751752][ T10] r8152-cfgselector 2-1: USB disconnect, device number 77 [ 957.770458][ T5907] usb 6-1: Using ep0 maxpacket: 16 [ 957.779434][ T5907] usb 6-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 957.793568][ T5907] usb 6-1: config 0 interface 0 has no altsetting 0 [ 957.812857][ T5907] usb 6-1: New USB device found, idVendor=5543, idProduct=0005, bcdDevice= 0.00 [ 957.824823][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 957.836451][ T5907] usb 6-1: config 0 descriptor?? [ 958.138743][T21195] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4431'. [ 958.227764][ T10] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 958.237267][T21197] FAULT_INJECTION: forcing a failure. [ 958.237267][T21197] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 958.250547][T21197] CPU: 1 UID: 0 PID: 21197 Comm: syz.4.4432 Tainted: G L syzkaller #0 PREEMPT(full) [ 958.250574][T21197] Tainted: [L]=SOFTLOCKUP [ 958.250581][T21197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 958.250592][T21197] Call Trace: [ 958.250599][T21197] [ 958.250607][T21197] dump_stack_lvl+0xe8/0x150 [ 958.250632][T21197] should_fail_ex+0x412/0x560 [ 958.250653][T21197] _copy_from_user+0x2d/0xb0 [ 958.250677][T21197] __ia32_sys_rt_sigreturn+0x379/0x8e0 [ 958.250699][T21197] ? __lock_acquire+0x6b5/0x2cf0 [ 958.250720][T21197] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 958.250738][T21197] ? _raw_spin_unlock_irq+0x2e/0x50 [ 958.250783][T21197] ? __task_pid_nr_ns+0x28/0x470 [ 958.250806][T21197] do_syscall_64+0x14d/0xf80 [ 958.250821][T21197] ? trace_irq_disable+0x3b/0x150 [ 958.250842][T21197] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 958.250858][T21197] ? clear_bhb_loop+0x40/0x90 [ 958.250879][T21197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 958.250896][T21197] RIP: 0033:0x7fb5dd73db19 [ 958.250912][T21197] Code: 11 06 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 0c 25 [ 958.250927][T21197] RSP: 002b:00007fb5de6c9a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 958.250945][T21197] RAX: ffffffffffffffda RBX: 00007fb5dda15fa0 RCX: 00007fb5dd73db19 [ 958.250958][T21197] RDX: 00007fb5de6c9a80 RSI: 00007fb5de6c9bb0 RDI: 0000000000000021 [ 958.250971][T21197] RBP: 00007fb5de6ca090 R08: 0000000000000000 R09: 0000000000000000 [ 958.250982][T21197] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 958.250991][T21197] R13: 00007fb5dda16038 R14: 00007fb5dda15fa0 R15: 00007fb5ddb3fa48 [ 958.251017][T21197] [ 958.442277][ T5907] usbhid 6-1:0.0: can't add hid device: -71 [ 958.457888][ T5907] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 958.466292][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 958.489551][ T5907] usb 6-1: USB disconnect, device number 12 [ 958.497653][ T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00 [ 958.506746][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 958.529764][ T10] usb 2-1: config 0 descriptor?? [ 959.086214][ T10] logitech 0003:046D:C626.003E: hidraw0: USB HID v0.00 Device [HID 046d:c626] on usb-dummy_hcd.1-1/input0 [ 959.781743][T21214] IPv6: NLM_F_CREATE should be specified when creating new route [ 960.066528][T21222] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4441'. [ 960.664670][T17374] IPVS: starting estimator thread 0... [ 960.760815][T21231] IPVS: using max 35 ests per chain, 84000 per kthread [ 960.946355][ T5929] usb 2-1: USB disconnect, device number 78 [ 960.981562][T11715] usb 4-1: 0:2 : does not exist [ 960.996850][T11715] usb 4-1: unit 9 not found! [ 961.023429][T11715] usb 4-1: 4:0: cannot get min/max values for control 1 (id 4) [ 961.076553][T11715] usb 4-1: 4:0: cannot get min/max values for control 2 (id 4) [ 961.517979][ T5929] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 961.703494][ T5929] usb 2-1: Using ep0 maxpacket: 8 [ 961.720097][ T5929] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 961.728582][ T5929] usb 2-1: config 0 has no interface number 0 [ 961.738336][ T5929] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 961.761555][ T5929] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 961.775272][ T5929] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 961.786486][ T5929] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 961.811069][ T5929] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 961.826520][ T5929] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 961.845686][ T5929] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 961.873320][ T5929] usb 2-1: config 0 descriptor?? [ 961.888258][ T5929] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 962.143344][T21236] ldusb 2-1:0.55: Couldn't submit interrupt_in_urb -90 [ 962.154908][T13732] usb 2-1: USB disconnect, device number 79 [ 962.164015][T13732] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 962.395608][T21246] netlink: 172 bytes leftover after parsing attributes in process `syz.5.4448'. [ 964.017634][T13732] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 964.186849][T13732] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 964.199798][T13732] usb 2-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 964.211662][T13732] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 964.286769][T13732] usb 2-1: config 0 descriptor?? [ 964.333132][T15494] Bluetooth: hci0: command 0x0406 tx timeout [ 964.433381][T21271] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4456'. [ 964.448107][T21271] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4456'. [ 964.470907][T21271] tipc: Enabled bearer , priority 0 [ 964.478782][T21271] syzkaller0: entered promiscuous mode [ 964.484385][T21271] syzkaller0: entered allmulticast mode [ 964.494919][T21271] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 964.532790][T21271] netdevsim0: mtu greater than device maximum [ 964.543836][T13732] usbhid 2-1:0.0: can't add hid device: -71 [ 964.561787][T13732] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 964.583571][T13732] usb 2-1: USB disconnect, device number 80 [ 964.590022][T21270] tipc: Resetting bearer [ 964.640782][T21270] tipc: Disabling bearer [ 964.728779][T21277] FAULT_INJECTION: forcing a failure. [ 964.728779][T21277] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 964.745436][T21277] CPU: 0 UID: 0 PID: 21277 Comm: syz.1.4457 Tainted: G L syzkaller #0 PREEMPT(full) [ 964.745463][T21277] Tainted: [L]=SOFTLOCKUP [ 964.745468][T21277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 964.745477][T21277] Call Trace: [ 964.745484][T21277] [ 964.745492][T21277] dump_stack_lvl+0xe8/0x150 [ 964.745521][T21277] should_fail_ex+0x412/0x560 [ 964.745544][T21277] _copy_to_user+0x31/0xb0 [ 964.745567][T21277] simple_read_from_buffer+0xe1/0x170 [ 964.745592][T21277] proc_fail_nth_read+0x1bb/0x230 [ 964.745619][T21277] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 964.745644][T21277] ? rw_verify_area+0x2a6/0x4d0 [ 964.745661][T21277] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 964.745683][T21277] vfs_read+0x20c/0xa70 [ 964.745699][T21277] ? fdget_pos+0x246/0x320 [ 964.745725][T21277] ? __pfx___mutex_lock+0x10/0x10 [ 964.745742][T21277] ? __pfx_vfs_read+0x10/0x10 [ 964.745758][T21277] ? __fget_files+0x2a/0x420 [ 964.745781][T21277] ? __fget_files+0x3a0/0x420 [ 964.745815][T21277] ? __fget_files+0x2a/0x420 [ 964.745839][T21277] ksys_read+0x150/0x270 [ 964.745855][T21277] ? __pfx_ksys_read+0x10/0x10 [ 964.745881][T21277] do_syscall_64+0x14d/0xf80 [ 964.745894][T21277] ? trace_irq_disable+0x3b/0x150 [ 964.745914][T21277] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 964.745930][T21277] ? clear_bhb_loop+0x40/0x90 [ 964.745950][T21277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 964.745966][T21277] RIP: 0033:0x7fab6995cfce [ 964.745983][T21277] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 964.745995][T21277] RSP: 002b:00007fab6a7befe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 964.746012][T21277] RAX: ffffffffffffffda RBX: 00007fab6a7bf6c0 RCX: 00007fab6995cfce [ 964.746026][T21277] RDX: 000000000000000f RSI: 00007fab6a7bf0a0 RDI: 0000000000000005 [ 964.746036][T21277] RBP: 00007fab6a7bf090 R08: 0000000000000000 R09: 0000000000000000 [ 964.746045][T21277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 964.746054][T21277] R13: 00007fab69c16038 R14: 00007fab69c15fa0 R15: 00007fab69d3fa48 [ 964.746086][T21277] [ 964.974918][ T5929] usb 4-1: USB disconnect, device number 42 [ 965.077345][T21279] usb usb8: usbfs: process 21279 (syz.6.4458) did not claim interface 0 before use [ 965.150733][T21279] fuse: Unknown parameter 'gv' [ 965.289941][T21283] loop5: detected capacity change from 0 to 7 [ 965.307238][T15045] Dev loop5: unable to read RDB block 7 [ 965.316497][T15045] loop5: unable to read partition table [ 965.322801][T15045] loop5: partition table beyond EOD, truncated [ 965.341708][T21283] Dev loop5: unable to read RDB block 7 [ 965.347321][T21283] loop5: unable to read partition table [ 965.355849][T21281] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 965.370049][T21283] loop5: partition table beyond EOD, truncated [ 965.376409][T21283] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 965.437679][ T5905] usb 7-1: new full-speed USB device number 15 using dummy_hcd [ 965.590186][ T5905] usb 7-1: config 0 has an invalid interface number: 133 but max is 0 [ 965.598800][ T5905] usb 7-1: config 0 has no interface number 0 [ 965.617677][ T5905] usb 7-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid maxpacket 1215, setting to 64 [ 965.675996][ T5905] usb 7-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 965.694293][ T5905] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 965.713206][ T5905] usb 7-1: Product: syz [ 965.723047][ T5905] usb 7-1: Manufacturer: syz [ 965.734117][ T5905] usb 7-1: SerialNumber: syz [ 965.751431][ T5905] usb 7-1: config 0 descriptor?? [ 965.907752][T11715] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 966.037997][ T5913] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 966.057739][T11715] usb 2-1: Using ep0 maxpacket: 8 [ 966.064745][T11715] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 966.083977][T11715] usb 2-1: config 0 has no interface number 0 [ 966.098154][T11715] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 966.157865][T11715] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 966.189870][T11715] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 966.203989][ T5913] usb 6-1: Using ep0 maxpacket: 16 [ 966.212293][T11715] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 966.238242][T11715] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 966.258587][ T5913] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 966.274888][ T5913] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 966.284957][T11715] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 966.298500][ T5913] usb 6-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 966.307742][T11715] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 966.315895][ T5913] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 966.350912][T11715] usb 2-1: config 0 descriptor?? [ 966.370820][ T5913] usb 6-1: config 0 descriptor?? [ 966.397244][T11715] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 966.591544][T21293] ldusb 2-1:0.55: Couldn't submit interrupt_in_urb -90 [ 966.619087][ T5929] usb 2-1: USB disconnect, device number 81 [ 966.643509][ T5929] ldusb 2-1:0.55: LD USB Device #0 now disconnected [ 966.792099][ T5905] keyspan 7-1:0.133: Keyspan 1 port adapter converter detected [ 966.798880][ T5913] hid_parser_main: 5 callbacks suppressed [ 966.798900][ T5913] logitech 0003:046D:C50C.003F: unknown main item tag 0x0 [ 966.821947][ T5905] keyspan 7-1:0.133: unsupported endpoint type 0 [ 966.828942][ T5913] logitech 0003:046D:C50C.003F: unknown main item tag 0x0 [ 966.843566][ T5913] logitech 0003:046D:C50C.003F: unknown main item tag 0x0 [ 966.852717][ T5905] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 81 [ 966.859388][ T5913] logitech 0003:046D:C50C.003F: unknown main item tag 0x0 [ 966.870226][ T5913] logitech 0003:046D:C50C.003F: unknown main item tag 0x0 [ 966.877376][ T5913] logitech 0003:046D:C50C.003F: unknown main item tag 0x0 [ 966.877844][ T5905] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 1 [ 966.884688][ T5913] logitech 0003:046D:C50C.003F: unknown main item tag 0x0 [ 966.907784][ T5905] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 2 [ 966.909107][ T5913] logitech 0003:046D:C50C.003F: unknown main item tag 0x0 [ 966.923866][ T5913] logitech 0003:046D:C50C.003F: unknown main item tag 0x0 [ 966.931318][ T5913] logitech 0003:046D:C50C.003F: unknown main item tag 0x0 [ 966.938587][ T5905] usb 7-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 966.950480][ T5913] logitech 0003:046D:C50C.003F: item 0 0 0 8 parsing failed [ 966.960955][T21304] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4465'. [ 966.967936][ T5905] usb 7-1: USB disconnect, device number 15 [ 966.981048][ T5913] logitech 0003:046D:C50C.003F: parse failed [ 967.004448][ T5905] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 967.010935][ T5913] logitech 0003:046D:C50C.003F: probe with driver logitech failed with error -22 [ 967.053032][ T5905] keyspan 7-1:0.133: device disconnected [ 967.106897][T21307] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 967.175776][T21312] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 967.468150][T21321] veth3: entered promiscuous mode [ 967.567682][ T5905] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 967.707912][ T5905] usb 2-1: device descriptor read/64, error -71 [ 967.741488][T21324] openvswitch: netlink: Unexpected mask (mask=40040, allowed=10048) [ 967.933645][T21331] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 967.958923][ T5905] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 968.107811][ T5905] usb 2-1: device descriptor read/64, error -71 [ 968.218056][ T5905] usb usb2-port1: attempt power cycle [ 968.331862][T21340] loop5: detected capacity change from 0 to 3 [ 968.346053][T15045] Dev loop5: unable to read RDB block 3 [ 968.353785][T15045] loop5: AHDI p1 p2 [ 968.359508][T15045] loop5: partition table partially beyond EOD, truncated [ 968.372462][T21340] Dev loop5: unable to read RDB block 3 [ 968.378575][T21340] loop5: AHDI p1 p2 [ 968.397827][T21340] loop5: partition table partially beyond EOD, truncated [ 968.607714][ T5905] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 968.628918][ T5905] usb 2-1: device descriptor read/8, error -71 [ 968.718846][T21346] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 968.805935][T17374] usb 6-1: USB disconnect, device number 13 [ 968.867714][ T5905] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 968.898486][ T5905] usb 2-1: device descriptor read/8, error -71 [ 969.047169][ T5905] usb usb2-port1: unable to enumerate USB device [ 969.054635][T21354] bond1: option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 969.163451][T21354] bond1 (unregistering): Released all slaves [ 969.291145][T21360] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4480'. [ 969.650533][ T5905] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 969.676577][T21372] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 970.327731][ T5905] usb 5-1: Using ep0 maxpacket: 8 [ 970.334635][ T5905] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 970.346431][ T5905] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 970.357931][ T5905] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 970.368819][ T5905] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 970.381895][ T5905] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 970.391014][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 970.623716][ T5905] usb 5-1: usb_control_msg returned -32 [ 970.640399][ T5905] usbtmc 5-1:16.0: can't read capabilities [ 970.701795][T21381] netlink: 148 bytes leftover after parsing attributes in process `syz.6.4487'. [ 971.016679][ T5913] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 971.369862][T21391] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4481'. [ 971.394366][ C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 971.403778][ C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 971.413039][ C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 971.429634][T21391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 971.438509][T21391] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 971.498035][ T5913] usb 7-1: Using ep0 maxpacket: 8 [ 971.506385][ T5913] usb 7-1: unable to get BOS descriptor or descriptor too short [ 971.758192][ T5913] usb 7-1: config 4 has too many interfaces: 231, using maximum allowed: 32 [ 971.882108][ T5913] usb 7-1: config 4 has 1 interface, different from the descriptor's value: 231 [ 971.935374][ T5913] usb 7-1: config 4 interface 0 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 971.984113][ T5913] usb 7-1: config 4 interface 0 has no altsetting 0 [ 972.037858][ T5913] usb 7-1: string descriptor 0 read error: -22 [ 972.044115][ T5913] usb 7-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 972.056287][ T5913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 972.114486][ T5913] usb 7-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 972.158092][ T5913] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 972.183862][T21408] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4494'. [ 972.190754][ T5913] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 972.201869][ T5913] usb 7-1: media controller created [ 972.228928][ T5913] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 972.299783][T21413] CUSE: info not properly terminated [ 972.517712][T11715] usb 5-1: USB disconnect, device number 70 [ 972.579071][ C1] blk_print_req_error: 152 callbacks suppressed [ 972.579093][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 972.595079][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 972.602994][ C1] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 972.612607][ C1] Buffer I/O error on dev loop7, logical block 1, async page read [ 972.621193][ C1] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 972.630834][ C1] Buffer I/O error on dev loop7, logical block 2, async page read [ 972.638779][ C1] I/O error, dev loop7, sector 3 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 972.648389][ C1] Buffer I/O error on dev loop7, logical block 3, async page read [ 972.656276][ C1] I/O error, dev loop7, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 972.665913][ C1] Buffer I/O error on dev loop7, logical block 4, async page read [ 972.673828][ C1] I/O error, dev loop7, sector 5 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 972.683454][ C1] Buffer I/O error on dev loop7, logical block 5, async page read [ 972.691361][ C1] I/O error, dev loop7, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 972.700973][ C1] Buffer I/O error on dev loop7, logical block 6, async page read [ 972.727405][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 972.727543][ C0] I/O error, dev loop7, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 972.737033][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 972.746585][ C0] Buffer I/O error on dev loop7, logical block 4, async page read [ 972.746667][ C0] I/O error, dev loop7, sector 5 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 972.754444][ C1] Buffer I/O error on dev loop7, logical block 1, async page read [ 972.875069][ T5190] ldm_validate_partition_table(): Disk read failed. [ 972.909248][T21433] blktrace: Concurrent blktraces are not allowed on sg0 [ 972.935256][ T5190] Dev loop7: unable to read RDB block 0 [ 972.954456][ T5190] loop7: unable to read partition table [ 972.960752][ T5190] loop7: partition table beyond EOD, truncated [ 972.987311][T21431] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 973.313463][ T5907] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 973.348134][ T5913] zl10353_read_register: readreg error (reg=127, ret==0) [ 973.355356][T21381] usb 7-1: dvb_usb_au6610: wlen=0, aborting [ 973.621509][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 973.633954][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 973.650194][ T5907] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 974.066062][ T5907] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 974.106907][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 974.127254][ T5907] usb 5-1: config 0 descriptor?? [ 974.255980][T21427] MPI: mpi too large (109192 bits) [ 974.481012][ T5913] usb 7-1: USB disconnect, device number 16 [ 974.716172][T21447] bridge0: entered allmulticast mode [ 974.749788][ T5907] usbhid 5-1:0.0: can't add hid device: -71 [ 974.761202][ T5907] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 974.779445][ T5907] usb 5-1: USB disconnect, device number 71 [ 975.639972][T21465] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 975.986503][T21475] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 975.998139][ T10] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 976.234865][ T10] usb 7-1: Using ep0 maxpacket: 16 [ 976.264554][ T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 976.275064][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 976.304032][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 976.321435][ T10] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 976.332764][ T10] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 976.358820][ T10] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 976.405036][ T10] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 976.418876][ T10] usb 7-1: Manufacturer: syz [ 976.439584][ T10] usb 7-1: config 0 descriptor?? [ 978.738717][ T10] rc_core: IR keymap rc-hauppauge not found [ 978.748179][ T10] Registered IR keymap rc-empty [ 978.787284][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 978.819313][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 978.827674][ T5905] usb 5-1: new full-speed USB device number 72 using dummy_hcd [ 978.863187][ T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 978.905655][ T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input90 [ 978.947539][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 978.967782][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 978.988066][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 978.989665][ T5905] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 979.009012][ T5905] usb 5-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e [ 979.036408][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 979.045388][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 979.059272][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 979.086481][ T5905] usb 5-1: config 0 descriptor?? [ 979.137917][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 979.138218][ T5905] dvb-usb: found a 'TeVii S662' in warm state. [ 979.156879][ T5905] dw2102: su3000_power_ctrl: 1, initialized 0 [ 979.173435][ T5905] dvb-usb: bulk message failed: -22 (2/0) [ 979.176752][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 979.197750][ T5905] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 979.219173][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 979.221427][ T5905] dvb-usb: TeVii S662 error while loading driver (-19) [ 979.243190][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 979.297130][T21518] blktrace: Concurrent blktraces are not allowed on sg0 [ 979.378404][ T5905] usb 5-1: USB disconnect, device number 72 [ 979.408678][ T10] mceusb 7-1:0.0: Error: mce write submit urb error = -90 [ 979.449430][ T10] mceusb 7-1:0.0: Registered with mce emulator interface version 1 [ 979.465240][ T10] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 979.479362][T21525] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 979.518980][ T10] usb 7-1: USB disconnect, device number 17 [ 979.627685][T17374] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 979.642831][T21527] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4525'. [ 979.662143][T21527] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4525'. [ 979.799161][T17374] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 979.843983][T17374] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 979.860502][ T10] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 979.921560][T17374] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 979.985622][T17374] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 980.009770][T17374] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 980.026873][T17374] usb 4-1: config 0 descriptor?? [ 980.038535][ T10] usb 7-1: Using ep0 maxpacket: 16 [ 980.046072][ T10] usb 7-1: config index 0 descriptor too short (expected 65, got 36) [ 980.147770][ T5913] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 980.187744][ T10] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 980.202589][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 980.214415][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 980.233437][ T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 980.246398][ T10] usb 7-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 980.255992][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 980.282124][ T10] usb 7-1: config 0 descriptor?? [ 980.295898][T21538] loop8: detected capacity change from 0 to 3 [ 980.302891][T21513] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 980.315510][ T10] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input91 [ 980.343792][ T5905] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 980.357742][ T5913] usb 2-1: Using ep0 maxpacket: 16 [ 980.371376][ T5913] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 980.445338][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 980.479787][ T5913] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 980.487806][ T5905] usb 6-1: device descriptor read/64, error -71 [ 980.507748][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 980.515777][ T5913] usb 2-1: Product: syz [ 980.530718][T21513] FAULT_INJECTION: forcing a failure. [ 980.530718][T21513] name failslab, interval 1, probability 0, space 0, times 0 [ 980.545403][ T5913] usb 2-1: Manufacturer: syz [ 980.553221][ T5913] usb 2-1: SerialNumber: syz [ 980.562618][T21513] CPU: 0 UID: 0 PID: 21513 Comm: syz.6.4522 Tainted: G L syzkaller #0 PREEMPT(full) [ 980.562645][T21513] Tainted: [L]=SOFTLOCKUP [ 980.562652][T21513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 980.562709][T21513] Call Trace: [ 980.562717][T21513] [ 980.562725][T21513] dump_stack_lvl+0xe8/0x150 [ 980.562753][T21513] should_fail_ex+0x412/0x560 [ 980.562779][T21513] should_failslab+0xa8/0x100 [ 980.562802][T21513] __kmalloc_noprof+0xe8/0x760 [ 980.562821][T21513] ? tomoyo_encode+0x28b/0x550 [ 980.562840][T21513] tomoyo_encode+0x28b/0x550 [ 980.562855][T21513] tomoyo_realpath_from_path+0x58d/0x5d0 [ 980.562872][T21513] ? tomoyo_path_number_perm+0x219/0x630 [ 980.562885][T21513] tomoyo_path_number_perm+0x246/0x630 [ 980.562906][T21513] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 980.562925][T21513] ? __lock_acquire+0x6b5/0x2cf0 [ 980.562957][T21513] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 980.562992][T21513] ? __fget_files+0x2a/0x420 [ 980.563018][T21513] ? __fget_files+0x2a/0x420 [ 980.563038][T21513] ? __fget_files+0x3a0/0x420 [ 980.563051][T21513] ? __fget_files+0x2a/0x420 [ 980.563065][T21513] security_file_ioctl+0xc3/0x2a0 [ 980.563077][T21513] __se_sys_ioctl+0x47/0x170 [ 980.563094][T21513] do_syscall_64+0x14d/0xf80 [ 980.563109][T21513] ? trace_irq_disable+0x3b/0x150 [ 980.563132][T21513] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 980.563150][T21513] ? clear_bhb_loop+0x40/0x90 [ 980.563171][T21513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 980.563189][T21513] RIP: 0033:0x7f03c099c799 [ 980.563206][T21513] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 980.563217][T21513] RSP: 002b:00007f03c1833028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 980.563228][T21513] RAX: ffffffffffffffda RBX: 00007f03c0c15fa0 RCX: 00007f03c099c799 [ 980.563235][T21513] RDX: 0000200000000040 RSI: 0000000080184560 RDI: 0000000000000004 [ 980.563242][T21513] RBP: 00007f03c1833090 R08: 0000000000000000 R09: 0000000000000000 [ 980.563248][T21513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 980.563254][T21513] R13: 00007f03c0c16038 R14: 00007f03c0c15fa0 R15: 00007f03c0d3fa48 [ 980.563273][T21513] [ 980.563294][T21513] ERROR: Out of memory at tomoyo_realpath_from_path. [ 980.728027][ T5905] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 980.830387][T17374] usbhid 4-1:0.0: can't add hid device: -71 [ 980.842786][T15041] Dev loop8: unable to read RDB block 3 [ 980.848599][T17374] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 980.865361][T15041] loop8: unable to read partition table [ 980.877448][T15041] loop8: partition table beyond EOD, truncated [ 980.896263][T17374] usb 4-1: USB disconnect, device number 43 [ 980.922541][T21538] Dev loop8: unable to read RDB block 3 [ 980.937894][T21538] loop8: unable to read partition table [ 981.030015][ T5913] usb 2-1: config 0 descriptor?? [ 981.052744][T21538] loop8: partition table beyond EOD, truncated [ 981.082185][ T5913] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 981.144069][T13732] usb 7-1: USB disconnect, device number 18 [ 981.150150][ C1] pxrc 7-1:0.0: pxrc_usb_irq - usb_submit_urb failed with result: -19 [ 981.215019][ T5175] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -19 [ 981.224434][ T5905] usb 6-1: device descriptor read/64, error -71 [ 981.307196][ T5913] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 981.333102][T21538] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 981.364292][ T5905] usb usb6-port1: attempt power cycle [ 981.717704][ T5905] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 981.726156][ T5913] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 981.747426][ T5905] usb 6-1: device descriptor read/8, error -71 [ 981.759895][ T5913] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 982.068702][ T5905] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 982.108383][ T5905] usb 6-1: device descriptor read/8, error -71 [ 982.452378][ T5905] usb usb6-port1: unable to enumerate USB device [ 982.672508][ T5913] em28xx 2-1:0.0: Unknown AC97 audio processor detected! [ 982.680313][ T5913] em28xx 2-1:0.0: couldn't setup AC97 register 2 [ 982.687219][ T5913] em28xx 2-1:0.0: couldn't setup AC97 register 4 [ 982.771936][T21554] blktrace: Concurrent blktraces are not allowed on sg0 [ 982.951245][ T5913] em28xx 2-1:0.0: couldn't setup AC97 register 6 [ 982.958168][ T5913] em28xx 2-1:0.0: couldn't setup AC97 register 54 [ 982.966615][ T5913] em28xx 2-1:0.0: couldn't setup AC97 register 56 [ 983.077521][ T5913] usb 2-1: USB disconnect, device number 86 [ 983.097652][T13732] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 983.215412][T21562] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4535'. [ 983.300842][T13732] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 983.518747][T13732] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 983.532443][T13732] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 983.545418][T13732] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 983.555538][T13732] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 983.608913][T13732] usb 4-1: config 0 descriptor?? [ 984.208906][T13732] usbhid 4-1:0.0: can't add hid device: -71 [ 984.222855][T13732] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 984.237641][T13732] usb 4-1: USB disconnect, device number 44 [ 984.925577][T21575] FAULT_INJECTION: forcing a failure. [ 984.925577][T21575] name failslab, interval 1, probability 0, space 0, times 0 [ 984.957797][T21575] CPU: 1 UID: 0 PID: 21575 Comm: syz.5.4537 Tainted: G L syzkaller #0 PREEMPT(full) [ 984.957817][T21575] Tainted: [L]=SOFTLOCKUP [ 984.957821][T21575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 984.957827][T21575] Call Trace: [ 984.957832][T21575] [ 984.957841][T21575] dump_stack_lvl+0xe8/0x150 [ 984.957859][T21575] should_fail_ex+0x412/0x560 [ 984.957874][T21575] should_failslab+0xa8/0x100 [ 984.957887][T21575] __kmalloc_cache_noprof+0x88/0x660 [ 984.957897][T21575] ? __pfx_stack_trace_save+0x10/0x10 [ 984.957908][T21575] ? rtnl_newlink+0x136/0x1be0 [ 984.957927][T21575] rtnl_newlink+0x136/0x1be0 [ 984.957947][T21575] ? kasan_save_track+0x4f/0x80 [ 984.957962][T21575] ? kasan_save_track+0x3e/0x80 [ 984.957975][T21575] ? kasan_save_free_info+0x46/0x50 [ 984.957994][T21575] ? __kasan_slab_free+0x5c/0x80 [ 984.958010][T21575] ? kmem_cache_free+0x187/0x630 [ 984.958026][T21575] ? __dev_queue_xmit+0x16d1/0x3890 [ 984.958035][T21575] ? __netlink_deliver_tap+0x5ad/0x850 [ 984.958047][T21575] ? netlink_deliver_tap+0x19c/0x1b0 [ 984.958057][T21575] ? netlink_unicast+0x7e3/0x9b0 [ 984.958066][T21575] ? netlink_sendmsg+0x813/0xb40 [ 984.958077][T21575] ? __pfx_rtnl_newlink+0x10/0x10 [ 984.958088][T21575] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 984.958114][T21575] ? kasan_quarantine_put+0xbb/0x1f0 [ 984.958124][T21575] ? lockdep_hardirqs_on+0x7a/0x110 [ 984.958140][T21575] ? kmem_cache_free+0x187/0x630 [ 984.958150][T21575] ? nlmon_xmit+0xb0/0x100 [ 984.958169][T21575] ? __lock_acquire+0x6b5/0x2cf0 [ 984.958183][T21575] ? __local_bh_enable_ip+0xd0/0x130 [ 984.958211][T21575] ? lockdep_hardirqs_on+0x7a/0x110 [ 984.958225][T21575] ? __dev_queue_xmit+0x277/0x3890 [ 984.958234][T21575] ? __local_bh_enable_ip+0xd0/0x130 [ 984.958245][T21575] ? __dev_queue_xmit+0x277/0x3890 [ 984.958265][T21575] ? __pfx_rtnl_newlink+0x10/0x10 [ 984.958276][T21575] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 984.958291][T21575] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 984.958302][T21575] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 984.958313][T21575] ? ref_tracker_free+0x693/0x840 [ 984.958325][T21575] ? __copy_skb_header+0xa3/0x4a0 [ 984.958340][T21575] ? __pfx_ref_tracker_free+0x10/0x10 [ 984.958363][T21575] netlink_rcv_skb+0x232/0x4b0 [ 984.958375][T21575] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 984.958388][T21575] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 984.958404][T21575] ? netlink_deliver_tap+0x2e/0x1b0 [ 984.958419][T21575] netlink_unicast+0x80f/0x9b0 [ 984.958433][T21575] ? __pfx_netlink_unicast+0x10/0x10 [ 984.958444][T21575] ? netlink_sendmsg+0x650/0xb40 [ 984.958455][T21575] ? skb_put+0x11b/0x210 [ 984.958469][T21575] netlink_sendmsg+0x813/0xb40 [ 984.958485][T21575] ? __pfx_netlink_sendmsg+0x10/0x10 [ 984.958498][T21575] ? aa_sock_msg_perm+0xf1/0x1b0 [ 984.958511][T21575] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 984.958522][T21575] ? __pfx_netlink_sendmsg+0x10/0x10 [ 984.958533][T21575] ____sys_sendmsg+0xa68/0xad0 [ 984.958551][T21575] ? __pfx_____sys_sendmsg+0x10/0x10 [ 984.958568][T21575] ? import_iovec+0x73/0xa0 [ 984.958583][T21575] ___sys_sendmsg+0x2a5/0x360 [ 984.958599][T21575] ? __pfx____sys_sendmsg+0x10/0x10 [ 984.958628][T21575] ? __fget_files+0x2a/0x420 [ 984.958641][T21575] ? __fget_files+0x3a0/0x420 [ 984.958659][T21575] __x64_sys_sendmsg+0x1bd/0x2a0 [ 984.958674][T21575] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 984.958692][T21575] ? __pfx_ksys_write+0x10/0x10 [ 984.958707][T21575] do_syscall_64+0x14d/0xf80 [ 984.958716][T21575] ? trace_irq_disable+0x3b/0x150 [ 984.958730][T21575] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 984.958740][T21575] ? clear_bhb_loop+0x40/0x90 [ 984.958752][T21575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 984.958762][T21575] RIP: 0033:0x7f5a1e79c799 [ 984.958772][T21575] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 984.958781][T21575] RSP: 002b:00007f5a1f64c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 984.958792][T21575] RAX: ffffffffffffffda RBX: 00007f5a1ea15fa0 RCX: 00007f5a1e79c799 [ 984.958800][T21575] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 984.958806][T21575] RBP: 00007f5a1f64c090 R08: 0000000000000000 R09: 0000000000000000 [ 984.958812][T21575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 984.958818][T21575] R13: 00007f5a1ea16038 R14: 00007f5a1ea15fa0 R15: 00007f5a1eb3fa48 [ 984.958833][T21575] [ 985.693569][T21577] loop5: detected capacity change from 0 to 7 [ 985.715686][T21577] Dev loop5: unable to read RDB block 7 [ 985.777667][T21577] loop5: unable to read partition table [ 985.783429][T21577] loop5: partition table beyond EOD, truncated [ 985.854789][T21577] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 986.075994][T21592] bridge0: left allmulticast mode [ 986.590153][T21597] blktrace: Concurrent blktraces are not allowed on sg0 [ 986.909093][T13732] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 987.251915][T13732] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 987.297723][T13732] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 987.344438][T13732] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 987.391086][T13732] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 987.423659][T13732] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 987.466476][T13732] usb 4-1: config 0 descriptor?? [ 987.999608][T13732] usbhid 4-1:0.0: can't add hid device: -71 [ 988.011666][T13732] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 988.126886][T13732] usb 4-1: USB disconnect, device number 45 [ 988.133355][ T5905] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 988.304623][ T5905] usb 5-1: device descriptor read/64, error -71 [ 988.415515][T21618] netlink: 27 bytes leftover after parsing attributes in process `syz.1.4549'. [ 988.426106][T21616] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4549'. [ 988.587856][ T5905] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 988.718047][ T5905] usb 5-1: device descriptor read/64, error -71 [ 988.848668][ T5905] usb usb5-port1: attempt power cycle [ 989.207787][ T5905] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 989.241479][ T5905] usb 5-1: device descriptor read/8, error -71 [ 989.497698][ T5905] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 989.518891][ T5905] usb 5-1: device descriptor read/8, error -71 [ 989.588263][T17374] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 989.638044][ T5905] usb usb5-port1: unable to enumerate USB device [ 989.654221][T21635] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 989.662672][T21635] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 989.672048][T21635] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 989.680132][T21635] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 989.697661][ T5913] usb 6-1: new full-speed USB device number 18 using dummy_hcd [ 989.749538][T17374] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 989.760956][T17374] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 989.787673][T17374] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 989.797915][T17374] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 989.813611][T17374] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 989.824067][T17374] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 989.833199][T17374] usb 4-1: Manufacturer: syz [ 989.849066][T17374] usb 4-1: config 0 descriptor?? [ 989.879800][ T5913] usb 6-1: unable to get BOS descriptor or descriptor too short [ 989.888492][ T5913] usb 6-1: not running at top speed; connect to a high speed hub [ 989.908287][ T5913] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 989.927668][ T5913] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 989.954062][ T5913] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 989.969765][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 990.043883][ T5913] usb 6-1: Product: syz [ 990.052566][ T5913] usb 6-1: Manufacturer: syz [ 990.062946][ T5913] usb 6-1: SerialNumber: syz [ 990.280872][T17374] appleir 0003:05AC:8243.0040: item fetching failed at offset 0/1 [ 990.298463][T17374] appleir 0003:05AC:8243.0040: parse failed [ 990.307736][T17374] appleir 0003:05AC:8243.0040: probe with driver appleir failed with error -22 [ 990.337008][ T5913] usb 6-1: bad CDC descriptors [ 990.367890][ T5913] usb 6-1: USB disconnect, device number 18 [ 991.177785][T21652] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 991.223797][T21650] [U] [ 991.226624][T21650] [U] [ 991.229340][T21650] [U] [ 991.232035][T21650] [U] [ 991.311257][T21650] [U] [ 991.314000][T21650] [U] [ 991.316706][T21650] [U] [ 991.319419][T21650] [U] [ 991.457465][T21651] binder: 21649:21651 unknown command 1074553622 [ 991.464149][T21650] [U] [ 991.466875][T21650] [U] [ 991.469579][T21650] [U] [ 991.473826][T21651] binder: 21649:21651 ioctl c0306201 200000000640 returned -22 [ 991.597433][T21647] [U] [ 991.660757][T21662] blktrace: Concurrent blktraces are not allowed on sg0 [ 991.816019][T21665] binder: BINDER_SET_CONTEXT_MGR already set [ 991.865950][T21665] binder: 21663:21665 ioctl 4018620d 200000000100 returned -16 [ 992.017708][ T10] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 992.107686][ T5905] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 992.133637][T21669] tipc: Failed to remove unknown binding: 66,0,0/0:394277248/394277250 [ 992.146524][T21669] tipc: Failed to remove unknown binding: 66,0,0/0:394277248/394277249 [ 992.190989][T21674] loop5: detected capacity change from 0 to 3 [ 992.202464][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 992.214657][T18568] Dev loop5: unable to read RDB block 3 [ 992.223533][T18568] loop5: AHDI p1 p2 [ 992.227681][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 992.237529][T18568] loop5: partition table partially beyond EOD, truncated [ 992.245426][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 992.260869][T21674] Dev loop5: unable to read RDB block 3 [ 992.268099][T21674] loop5: AHDI p1 p2 [ 992.272439][T21674] loop5: partition table partially beyond EOD, truncated [ 992.297697][ T5905] usb 5-1: Using ep0 maxpacket: 16 [ 992.298876][ T10] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 992.348421][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 992.358718][T13732] usb 4-1: USB disconnect, device number 46 [ 992.372665][ T5905] usb 5-1: config index 0 descriptor too short (expected 65, got 36) [ 992.388089][ T5905] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 992.413753][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 992.431314][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 992.444465][ T5905] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 992.466150][T21681] loop5: detected capacity change from 0 to 7 [ 992.469772][ T10] usb 2-1: config 0 descriptor?? [ 992.478451][T21681] Dev loop5: unable to read RDB block 7 [ 992.486910][T21681] loop5: unable to read partition table [ 992.494939][T21681] loop5: partition table beyond EOD, truncated [ 992.503779][ T5905] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 992.514390][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 992.524326][T21681] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 992.572106][ T5905] usb 5-1: config 0 descriptor?? [ 992.595999][T21667] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 992.613292][ T5905] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input92 [ 992.809669][T21667] FAULT_INJECTION: forcing a failure. [ 992.809669][T21667] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 992.840973][T21667] CPU: 0 UID: 0 PID: 21667 Comm: syz.4.4564 Tainted: G L syzkaller #0 PREEMPT(full) [ 992.841009][T21667] Tainted: [L]=SOFTLOCKUP [ 992.841015][T21667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 992.841023][T21667] Call Trace: [ 992.841031][T21667] [ 992.841039][T21667] dump_stack_lvl+0xe8/0x150 [ 992.841069][T21667] should_fail_ex+0x412/0x560 [ 992.841095][T21667] _copy_to_user+0x31/0xb0 [ 992.841120][T21667] simple_read_from_buffer+0xe1/0x170 [ 992.841147][T21667] proc_fail_nth_read+0x1bb/0x230 [ 992.841172][T21667] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 992.841197][T21667] ? rw_verify_area+0x2a6/0x4d0 [ 992.841211][T21667] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 992.841233][T21667] vfs_read+0x20c/0xa70 [ 992.841249][T21667] ? fdget_pos+0x246/0x320 [ 992.841275][T21667] ? __pfx___mutex_lock+0x10/0x10 [ 992.841294][T21667] ? __pfx_vfs_read+0x10/0x10 [ 992.841314][T21667] ? __fget_files+0x2a/0x420 [ 992.841340][T21667] ? __fget_files+0x3a0/0x420 [ 992.841361][T21667] ? __fget_files+0x2a/0x420 [ 992.841393][T21667] ksys_read+0x150/0x270 [ 992.841413][T21667] ? __pfx_ksys_read+0x10/0x10 [ 992.841430][T21667] ? __pfx_evdev_ioctl+0x10/0x10 [ 992.841461][T21667] do_syscall_64+0x14d/0xf80 [ 992.841477][T21667] ? trace_irq_disable+0x3b/0x150 [ 992.841500][T21667] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.841518][T21667] ? clear_bhb_loop+0x40/0x90 [ 992.841540][T21667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.841557][T21667] RIP: 0033:0x7fb5dd75cfce [ 992.841576][T21667] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 992.841591][T21667] RSP: 002b:00007fb5de6c9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 992.841607][T21667] RAX: ffffffffffffffda RBX: 00007fb5de6ca6c0 RCX: 00007fb5dd75cfce [ 992.841619][T21667] RDX: 000000000000000f RSI: 00007fb5de6ca0a0 RDI: 0000000000000005 [ 992.841630][T21667] RBP: 00007fb5de6ca090 R08: 0000000000000000 R09: 0000000000000000 [ 992.841642][T21667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 992.841653][T21667] R13: 00007fb5dda16038 R14: 00007fb5dda15fa0 R15: 00007fb5ddb3fa48 [ 992.841682][T21667] [ 993.071907][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.079026][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.283822][ T10] usbhid 2-1:0.0: can't add hid device: -71 [ 993.289942][ T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 993.300895][ T10] usb 2-1: USB disconnect, device number 87 [ 993.389819][T13732] usb 5-1: USB disconnect, device number 77 [ 993.395808][ C1] pxrc 5-1:0.0: pxrc_usb_irq - usb_submit_urb failed with result: -19 [ 993.421310][ T5175] pxrc 5-1:0.0: pxrc_open - usb_submit_urb failed, error: -19 [ 993.717797][ T5905] usb 4-1: new full-speed USB device number 47 using dummy_hcd [ 993.800302][T21703] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 993.893985][ T5905] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 993.907447][ T5905] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 993.921155][T21706] FAULT_INJECTION: forcing a failure. [ 993.921155][T21706] name failslab, interval 1, probability 0, space 0, times 0 [ 993.921585][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 994.014456][T21706] CPU: 0 UID: 0 PID: 21706 Comm: syz.5.4577 Tainted: G L syzkaller #0 PREEMPT(full) [ 994.014485][T21706] Tainted: [L]=SOFTLOCKUP [ 994.014491][T21706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 994.014502][T21706] Call Trace: [ 994.014509][T21706] [ 994.014516][T21706] dump_stack_lvl+0xe8/0x150 [ 994.014543][T21706] should_fail_ex+0x412/0x560 [ 994.014570][T21706] should_failslab+0xa8/0x100 [ 994.014591][T21706] ? security_inode_alloc+0x39/0x310 [ 994.014613][T21706] kmem_cache_alloc_noprof+0x87/0x650 [ 994.014640][T21706] security_inode_alloc+0x39/0x310 [ 994.014663][T21706] inode_init_always_gfp+0x9ed/0xdc0 [ 994.014689][T21706] ? __pfx_sock_alloc_inode+0x10/0x10 [ 994.014707][T21706] alloc_inode+0x82/0x1b0 [ 994.014739][T21706] __sock_create+0x12d/0x9d0 [ 994.014768][T21706] mptcp_subflow_create_socket+0xfb/0x800 [ 994.014790][T21706] ? aa_label_sk_perm+0x532/0x6e0 [ 994.014812][T21706] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 994.014835][T21706] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 994.014858][T21706] __mptcp_nmpc_sk+0x155/0x790 [ 994.014877][T21706] ? register_lock_class+0x31/0x2e0 [ 994.014900][T21706] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 994.014920][T21706] ? __lock_acquire+0x6b5/0x2cf0 [ 994.014946][T21706] mptcp_connect+0x71/0x830 [ 994.014973][T21706] __inet_stream_connect+0x25a/0xdd0 [ 994.015004][T21706] ? do_raw_spin_lock+0x12b/0x2f0 [ 994.015024][T21706] ? __pfx___inet_stream_connect+0x10/0x10 [ 994.015052][T21706] ? inet_stream_connect+0x51/0xa0 [ 994.015079][T21706] ? __local_bh_enable_ip+0xd0/0x130 [ 994.015106][T21706] inet_stream_connect+0x66/0xa0 [ 994.015134][T21706] __sys_connect+0x312/0x450 [ 994.015159][T21706] ? __pfx___sys_connect+0x10/0x10 [ 994.015191][T21706] ? __pfx_ksys_write+0x10/0x10 [ 994.015215][T21706] __x64_sys_connect+0x7a/0x90 [ 994.015236][T21706] do_syscall_64+0x14d/0xf80 [ 994.015251][T21706] ? trace_irq_disable+0x3b/0x150 [ 994.015272][T21706] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 994.015288][T21706] ? clear_bhb_loop+0x40/0x90 [ 994.015308][T21706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 994.015322][T21706] RIP: 0033:0x7f5a1e79c799 [ 994.015338][T21706] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 994.015353][T21706] RSP: 002b:00007f5a1f62b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 994.015375][T21706] RAX: ffffffffffffffda RBX: 00007f5a1ea16090 RCX: 00007f5a1e79c799 [ 994.015387][T21706] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000006 [ 994.015399][T21706] RBP: 00007f5a1f62b090 R08: 0000000000000000 R09: 0000000000000000 [ 994.015410][T21706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 994.015421][T21706] R13: 00007f5a1ea16128 R14: 00007f5a1ea16090 R15: 00007f5a1eb3fa48 [ 994.015449][T21706] [ 994.300457][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 994.310645][ T5905] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 994.327691][T21706] socket: no more sockets [ 994.353816][T21707] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 994.612792][ T5905] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 994.648054][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 994.692562][ T5905] usb 4-1: Product: syz [ 994.702191][ T5905] usb 4-1: Manufacturer: syz [ 994.711445][ T5905] usb 4-1: SerialNumber: syz [ 994.729188][ T5905] usb 4-1: config 0 descriptor?? [ 994.833495][T21716] fuse: Bad value for 'group_id' [ 994.838781][T21716] fuse: Bad value for 'group_id' [ 995.041930][T21720] FAULT_INJECTION: forcing a failure. [ 995.041930][T21720] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 995.055100][ T10] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 995.064817][ T5905] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -71 [ 995.073252][T21720] CPU: 1 UID: 0 PID: 21720 Comm: syz.3.4573 Tainted: G L syzkaller #0 PREEMPT(full) [ 995.073280][T21720] Tainted: [L]=SOFTLOCKUP [ 995.073287][T21720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 995.073298][T21720] Call Trace: [ 995.073307][T21720] [ 995.073314][T21720] dump_stack_lvl+0xe8/0x150 [ 995.073344][T21720] should_fail_ex+0x412/0x560 [ 995.073370][T21720] _copy_from_user+0x2d/0xb0 [ 995.073396][T21720] kstrtouint_from_user+0xd6/0x180 [ 995.073420][T21720] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 995.073457][T21720] proc_fail_nth_write+0x8e/0x210 [ 995.073480][T21720] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 995.073508][T21720] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 995.073532][T21720] vfs_write+0x29a/0xb90 [ 995.073559][T21720] ? __pfx_vfs_write+0x10/0x10 [ 995.073579][T21720] ? __fget_files+0x2a/0x420 [ 995.073607][T21720] ? __fget_files+0x3a0/0x420 [ 995.073628][T21720] ? __fget_files+0x2a/0x420 [ 995.073666][T21720] ksys_write+0x150/0x270 [ 995.073687][T21720] ? __pfx_ksys_write+0x10/0x10 [ 995.073716][T21720] do_syscall_64+0x14d/0xf80 [ 995.073733][T21720] ? trace_irq_disable+0x3b/0x150 [ 995.073757][T21720] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 995.073775][T21720] ? clear_bhb_loop+0x40/0x90 [ 995.073797][T21720] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 995.073814][T21720] RIP: 0033:0x7f407e55cfce [ 995.073832][T21720] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 995.073846][T21720] RSP: 002b:00007f407f43afe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 995.073865][T21720] RAX: ffffffffffffffda RBX: 00007f407f43b6c0 RCX: 00007f407e55cfce [ 995.073878][T21720] RDX: 0000000000000001 RSI: 00007f407f43b0a0 RDI: 0000000000000003 [ 995.073889][T21720] RBP: 00007f407f43b090 R08: 0000000000000000 R09: 0000000000000000 [ 995.073900][T21720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 995.073910][T21720] R13: 00007f407e816218 R14: 00007f407e816180 R15: 00007f407e93fa48 [ 995.073939][T21720] [ 995.339419][ T5905] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5 [ 995.372613][ T5905] usb 4-1: USB disconnect, device number 47 [ 995.382391][ T10] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 995.408357][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 995.436849][ T10] usb 6-1: Product: syz [ 995.620191][ T10] usb 6-1: Manufacturer: syz [ 995.645337][ T10] usb 6-1: SerialNumber: syz [ 995.683598][ T10] usb 6-1: config 0 descriptor?? [ 995.707687][ T10] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 995.789664][T21726] loop5: detected capacity change from 0 to 3 [ 995.800583][T21726] Dev loop5: unable to read RDB block 3 [ 995.806263][T21726] loop5: AHDI p1 p2 [ 995.847832][T21726] loop5: partition table partially beyond EOD, truncated [ 996.108936][T21193] usb 6-1: USB disconnect, device number 19 [ 996.201136][T21733] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4584'. [ 996.942004][T21742] loop5: detected capacity change from 0 to 7 [ 996.953533][T15045] Dev loop5: unable to read RDB block 7 [ 996.967796][T15045] loop5: unable to read partition table [ 996.984347][T15045] loop5: partition table beyond EOD, truncated [ 996.996277][T21742] Dev loop5: unable to read RDB block 7 [ 997.008337][T21742] loop5: unable to read partition table [ 997.014222][T21742] loop5: partition table beyond EOD, truncated [ 997.023423][T21742] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 997.132378][T21755] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 997.211745][T21760] blktrace: Concurrent blktraces are not allowed on sg0 [ 997.778938][T21767] blktrace: Concurrent blktraces are not allowed on sg0 [ 997.787925][ T5905] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 998.189015][ T5905] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 998.214666][ T5905] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 998.237752][ T5905] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 998.316876][ T5905] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 998.372612][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 998.424085][ T5905] usb 2-1: config 0 descriptor?? [ 998.547672][ T29] audit: type=1326 audit(1772250567.393:2231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21768 comm="syz.3.4594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407e59c799 code=0x7ffc0000 [ 998.590177][T21775] binder: 21773:21775 ioctl 402c542d 200000000580 returned -22 [ 998.877713][ T29] audit: type=1326 audit(1772250567.393:2232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21768 comm="syz.3.4594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f407e59c799 code=0x7ffc0000 [ 998.943992][ T29] audit: type=1326 audit(1772250567.393:2233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21768 comm="syz.3.4594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407e59c799 code=0x7ffc0000 [ 999.037684][ T29] audit: type=1326 audit(1772250567.393:2234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21768 comm="syz.3.4594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f407e59c799 code=0x7ffc0000 [ 999.102862][ T29] audit: type=1326 audit(1772250567.393:2235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21768 comm="syz.3.4594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407e59c799 code=0x7ffc0000 [ 999.195118][ T29] audit: type=1326 audit(1772250567.393:2236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21768 comm="syz.3.4594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f407e59c799 code=0x7ffc0000 [ 999.253001][ T29] audit: type=1326 audit(1772250567.393:2237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21768 comm="syz.3.4594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407e59c799 code=0x7ffc0000 [ 999.277452][ T5905] usbhid 2-1:0.0: can't add hid device: -71 [ 999.277628][ T5905] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 999.282887][ T5905] usb 2-1: USB disconnect, device number 88 [ 999.346607][ T29] audit: type=1326 audit(1772250567.393:2238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21768 comm="syz.3.4594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f407e59c799 code=0x7ffc0000 [ 999.578807][ T29] audit: type=1326 audit(1772250567.393:2239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21768 comm="syz.3.4594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f407e59c799 code=0x7ffc0000 [ 999.653055][ T29] audit: type=1326 audit(1772250567.393:2240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21768 comm="syz.3.4594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f407e59c799 code=0x7ffc0000 [ 1000.107816][ T5905] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1000.237042][T21807] FAULT_INJECTION: forcing a failure. [ 1000.237042][T21807] name failslab, interval 1, probability 0, space 0, times 0 [ 1000.259670][ T5905] usb 5-1: device descriptor read/64, error -71 [ 1000.277834][T21807] CPU: 0 UID: 0 PID: 21807 Comm: syz.5.4606 Tainted: G L syzkaller #0 PREEMPT(full) [ 1000.277866][T21807] Tainted: [L]=SOFTLOCKUP [ 1000.277873][T21807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1000.277884][T21807] Call Trace: [ 1000.277892][T21807] [ 1000.277900][T21807] dump_stack_lvl+0xe8/0x150 [ 1000.277934][T21807] should_fail_ex+0x412/0x560 [ 1000.277959][T21807] should_failslab+0xa8/0x100 [ 1000.277981][T21807] __kmalloc_noprof+0xe8/0x760 [ 1000.278000][T21807] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1000.278028][T21807] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1000.278059][T21807] ? tomoyo_path_number_perm+0x219/0x630 [ 1000.278078][T21807] tomoyo_path_number_perm+0x246/0x630 [ 1000.278099][T21807] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1000.278121][T21807] ? __lock_acquire+0x6b5/0x2cf0 [ 1000.278153][T21807] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1000.278189][T21807] ? __fget_files+0x2a/0x420 [ 1000.278213][T21807] ? __fget_files+0x2a/0x420 [ 1000.278242][T21807] ? __fget_files+0x3a0/0x420 [ 1000.278264][T21807] ? __fget_files+0x2a/0x420 [ 1000.278287][T21807] security_file_ioctl+0xc3/0x2a0 [ 1000.278307][T21807] __se_sys_ioctl+0x47/0x170 [ 1000.278330][T21807] do_syscall_64+0x14d/0xf80 [ 1000.278346][T21807] ? trace_irq_disable+0x3b/0x150 [ 1000.278368][T21807] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1000.278386][T21807] ? clear_bhb_loop+0x40/0x90 [ 1000.278407][T21807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1000.278424][T21807] RIP: 0033:0x7f5a1e79c799 [ 1000.278442][T21807] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1000.278458][T21807] RSP: 002b:00007f5a1f64c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1000.278477][T21807] RAX: ffffffffffffffda RBX: 00007f5a1ea15fa0 RCX: 00007f5a1e79c799 [ 1000.278489][T21807] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 1000.278501][T21807] RBP: 00007f5a1f64c090 R08: 0000000000000000 R09: 0000000000000000 [ 1000.278513][T21807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1000.278523][T21807] R13: 00007f5a1ea16038 R14: 00007f5a1ea15fa0 R15: 00007f5a1eb3fa48 [ 1000.278552][T21807] [ 1000.278942][T21807] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1000.570992][ T5905] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 1000.670373][T21811] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1000.719241][ T5905] usb 5-1: device descriptor read/64, error -71 [ 1000.772426][T21815] binder: BINDER_SET_CONTEXT_MGR already set [ 1000.778547][T21815] binder: 21808:21815 ioctl 4018620d 200000004a80 returned -16 [ 1000.838071][ T5905] usb usb5-port1: attempt power cycle [ 1001.184019][ T5905] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 1001.238287][ T5905] usb 5-1: device descriptor read/8, error -71 [ 1001.497718][ T5905] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 1001.549293][ T5905] usb 5-1: device descriptor read/8, error -71 [ 1001.658981][ T5905] usb usb5-port1: unable to enumerate USB device [ 1001.778210][T17374] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 1001.937749][T17374] usb 2-1: Using ep0 maxpacket: 32 [ 1001.944771][T17374] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 1001.952957][T17374] usb 2-1: config 0 has no interface number 0 [ 1001.959711][T17374] usb 2-1: config 0 interface 89 has no altsetting 0 [ 1001.969803][T17374] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 1001.994433][T17374] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1002.012590][T17374] usb 2-1: Product: syz [ 1002.019243][T17374] usb 2-1: Manufacturer: syz [ 1002.025655][T17374] usb 2-1: SerialNumber: syz [ 1002.042783][T17374] usb 2-1: config 0 descriptor?? [ 1002.055745][T17374] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1002.070802][T17374] em28xx 2-1:0.89: Video interface 89 found: bulk [ 1002.654632][T17374] em28xx 2-1:0.89: unknown em28xx chip ID (0) [ 1002.690279][T21839] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4615'. [ 1003.179870][T21845] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4617'. [ 1003.343138][T17374] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 1003.355146][T17374] em28xx 2-1:0.89: board has no eeprom [ 1003.411033][T21847] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1003.447952][T17374] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67) [ 1003.456793][T17374] em28xx 2-1:0.89: analog set to bulk mode. [ 1003.501277][ T5905] em28xx 2-1:0.89: Registering V4L2 extension [ 1003.513665][T17374] usb 2-1: USB disconnect, device number 89 [ 1003.533763][T17374] em28xx 2-1:0.89: Disconnecting em28xx [ 1003.621841][ T5905] em28xx 2-1:0.89: Config register raw data: 0xffffffed [ 1003.637674][ T10] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 1003.655323][ T5905] em28xx 2-1:0.89: AC97 chip type couldn't be determined [ 1003.672876][ T5905] em28xx 2-1:0.89: No AC97 audio processor [ 1003.691695][ T5905] usb 2-1: Decoder not found [ 1003.722484][ T5905] em28xx 2-1:0.89: failed to create media graph [ 1003.749661][ T5905] em28xx 2-1:0.89: V4L2 device video103 deregistered [ 1003.797697][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 1003.803182][T21853] ================================================================== [ 1003.811248][T21853] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420 [ 1003.813085][ T5905] em28xx 2-1:0.89: Registering snapshot button... [ 1003.818619][T21853] Read of size 8 at addr ffff88807a674748 by task v4l_id/21853 [ 1003.818635][T21853] [ 1003.818646][T21853] CPU: 0 UID: 0 PID: 21853 Comm: v4l_id Tainted: G L syzkaller #0 PREEMPT(full) [ 1003.818669][T21853] Tainted: [L]=SOFTLOCKUP [ 1003.818675][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1003.818684][T21853] Call Trace: [ 1003.818693][T21853] [ 1003.818701][T21853] dump_stack_lvl+0xe8/0x150 [ 1003.818725][T21853] print_report+0xba/0x230 [ 1003.818745][T21853] ? v4l2_fh_open+0xac/0x420 [ 1003.818761][T21853] kasan_report+0x117/0x150 [ 1003.818784][T21853] ? v4l2_fh_open+0xac/0x420 [ 1003.818803][T21853] v4l2_fh_open+0xac/0x420 [ 1003.818819][T21853] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1003.818838][T21853] em28xx_v4l2_open+0x157/0x9a0 [ 1003.818859][T21853] ? do_raw_spin_lock+0x12b/0x2f0 [ 1003.818879][T21853] v4l2_open+0x1bf/0x3a0 [ 1003.818903][T21853] chrdev_open+0x4cd/0x5e0 [ 1003.818922][T21853] ? __pfx_chrdev_open+0x10/0x10 [ 1003.818940][T21853] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 1003.818972][T21853] ? __pfx_chrdev_open+0x10/0x10 [ 1003.818989][T21853] do_dentry_open+0x785/0x14e0 [ 1003.819015][T21853] vfs_open+0x3b/0x340 [ 1003.819033][T21853] ? path_openat+0x2df0/0x3860 [ 1003.819051][T21853] path_openat+0x2e08/0x3860 [ 1003.819072][T21853] ? __pfx_stack_trace_save+0x10/0x10 [ 1003.819090][T21853] ? stack_depot_save_flags+0x33/0x810 [ 1003.819113][T21853] ? __pfx_path_openat+0x10/0x10 [ 1003.819128][T21853] ? __x64_sys_openat+0x138/0x170 [ 1003.819148][T21853] ? do_syscall_64+0x14d/0xf80 [ 1003.819162][T21853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1003.819182][T21853] ? __lock_acquire+0x6b5/0x2cf0 [ 1003.819204][T21853] do_file_open+0x23e/0x4a0 [ 1003.819222][T21853] ? __pfx_do_file_open+0x10/0x10 [ 1003.819246][T21853] ? _raw_spin_unlock+0x28/0x50 [ 1003.819266][T21853] ? alloc_fd+0x64b/0x6c0 [ 1003.819290][T21853] do_sys_openat2+0x113/0x200 [ 1003.819311][T21853] ? __pfx_do_sys_openat2+0x10/0x10 [ 1003.819332][T21853] ? exc_page_fault+0x6a/0xc0 [ 1003.819355][T21853] ? do_user_addr_fault+0xc6f/0x1340 [ 1003.819377][T21853] __x64_sys_openat+0x138/0x170 [ 1003.819399][T21853] do_syscall_64+0x14d/0xf80 [ 1003.819413][T21853] ? trace_irq_disable+0x3b/0x150 [ 1003.819435][T21853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1003.819451][T21853] ? clear_bhb_loop+0x40/0x90 [ 1003.819469][T21853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1003.819486][T21853] RIP: 0033:0x7f9ea1aa7407 [ 1003.819501][T21853] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 1003.819516][T21853] RSP: 002b:00007ffec29e7750 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1003.819534][T21853] RAX: ffffffffffffffda RBX: 00007f9ea2251880 RCX: 00007f9ea1aa7407 [ 1003.819547][T21853] RDX: 0000000000000000 RSI: 00007ffec29e8f1c RDI: ffffffffffffff9c [ 1003.819559][T21853] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 1003.819570][T21853] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1003.819580][T21853] R13: 00007ffec29e79a0 R14: 00007f9ea23b8000 R15: 000055f063b434d8 [ 1003.819599][T21853] [ 1003.819606][T21853] [ 1004.135233][T21853] Allocated by task 5905: [ 1004.139538][T21853] kasan_save_track+0x3e/0x80 [ 1004.144195][T21853] __kasan_kmalloc+0x93/0xb0 [ 1004.148761][T21853] __kmalloc_cache_noprof+0x31c/0x660 [ 1004.154115][T21853] em28xx_v4l2_init+0x10b/0x2e70 [ 1004.159037][T21853] em28xx_init_extension+0x120/0x1c0 [ 1004.164301][T21853] process_scheduled_works+0xb02/0x1830 [ 1004.169821][T21853] worker_thread+0xa50/0xfc0 [ 1004.174389][T21853] kthread+0x388/0x470 [ 1004.178432][T21853] ret_from_fork+0x51e/0xb90 [ 1004.182999][T21853] ret_from_fork_asm+0x1a/0x30 [ 1004.187742][T21853] [ 1004.190041][T21853] Freed by task 5905: [ 1004.193992][T21853] kasan_save_track+0x3e/0x80 [ 1004.198641][T21853] kasan_save_free_info+0x46/0x50 [ 1004.203646][T21853] __kasan_slab_free+0x5c/0x80 [ 1004.208388][T21853] kfree+0x1c1/0x630 [ 1004.212271][T21853] em28xx_v4l2_init+0x1683/0x2e70 [ 1004.217269][T21853] em28xx_init_extension+0x120/0x1c0 [ 1004.222525][T21853] process_scheduled_works+0xb02/0x1830 [ 1004.228050][T21853] worker_thread+0xa50/0xfc0 [ 1004.232613][T21853] kthread+0x388/0x470 [ 1004.236663][T21853] ret_from_fork+0x51e/0xb90 [ 1004.241249][T21853] ret_from_fork_asm+0x1a/0x30 [ 1004.246010][T21853] [ 1004.248316][T21853] The buggy address belongs to the object at ffff88807a674000 [ 1004.248316][T21853] which belongs to the cache kmalloc-8k of size 8192 [ 1004.262385][T21853] The buggy address is located 1864 bytes inside of [ 1004.262385][T21853] freed 8192-byte region [ffff88807a674000, ffff88807a676000) [ 1004.276509][T21853] [ 1004.278817][T21853] The buggy address belongs to the physical page: [ 1004.285215][T21853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a670 [ 1004.294008][T21853] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1004.302488][T21853] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1004.310030][T21853] page_type: f5(slab) [ 1004.313998][T21853] raw: 00fff00000000040 ffff88813fea9280 dead000000000100 dead000000000122 [ 1004.322913][T21853] raw: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 1004.331480][T21853] head: 00fff00000000040 ffff88813fea9280 dead000000000100 dead000000000122 [ 1004.340126][T21853] head: 0000000000000000 0000000800020002 00000000f5000000 0000000000000000 [ 1004.348777][T21853] head: 00fff00000000003 ffffea0001e99c01 00000000ffffffff 00000000ffffffff [ 1004.357425][T21853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1004.366067][T21853] page dumped because: kasan: bad access detected [ 1004.372464][T21853] page_owner tracks the page as allocated [ 1004.378154][T21853] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5485, tgid 5485 (dhcpcd), ts 850420528946, free_ts 850390291274 [ 1004.397490][T21853] post_alloc_hook+0x231/0x280 [ 1004.402320][T21853] get_page_from_freelist+0x24dc/0x2580 [ 1004.407908][T21853] __alloc_frozen_pages_noprof+0x18d/0x380 [ 1004.413705][T21853] alloc_pages_mpol+0x232/0x4a0 [ 1004.418530][T21853] allocate_slab+0x83/0x660 [ 1004.423009][T21853] ___slab_alloc+0x150/0x6b0 [ 1004.427579][T21853] __kvmalloc_node_noprof+0x34d/0x8a0 [ 1004.432940][T21853] pfifo_fast_init+0x372/0x6c0 [ 1004.437687][T21853] qdisc_create_dflt+0x13b/0x510 [ 1004.442601][T21853] dev_activate+0x378/0x1150 [ 1004.447168][T21853] __dev_open+0x67a/0x830 [ 1004.451562][T21853] __dev_change_flags+0x1f7/0x690 [ 1004.456565][T21853] netif_change_flags+0x88/0x1a0 [ 1004.461477][T21853] dev_change_flags+0x130/0x260 [ 1004.466308][T21853] devinet_ioctl+0x9f2/0x1b30 [ 1004.470998][T21853] inet_ioctl+0x42a/0x560 [ 1004.475306][T21853] page last free pid 19343 tgid 19343 stack trace: [ 1004.481777][T21853] __free_frozen_pages+0xc2b/0xdb0 [ 1004.486995][T21853] __slab_free+0x263/0x2b0 [ 1004.491387][T21853] qlist_free_all+0x97/0x100 [ 1004.495950][T21853] kasan_quarantine_reduce+0x148/0x160 [ 1004.501379][T21853] __kasan_slab_alloc+0x22/0x80 [ 1004.506208][T21853] kmem_cache_alloc_noprof+0x2bc/0x650 [ 1004.511754][T21853] vm_area_alloc+0x24/0x140 [ 1004.516231][T21853] mmap_region+0x10eb/0x2240 [ 1004.520812][T21853] do_mmap+0xc39/0x10c0 [ 1004.524975][T21853] vm_mmap_pgoff+0x2c9/0x4f0 [ 1004.529543][T21853] do_syscall_64+0x14d/0xf80 [ 1004.534116][T21853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1004.539990][T21853] [ 1004.542287][T21853] Memory state around the buggy address: [ 1004.547890][T21853] ffff88807a674600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1004.555970][T21853] ffff88807a674680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1004.564012][T21853] >ffff88807a674700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1004.572048][T21853] ^ [ 1004.578434][T21853] ffff88807a674780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1004.586467][T21853] ffff88807a674800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1004.594500][T21853] ================================================================== [ 1004.650024][ T5905] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input93 [ 1004.673147][ T10] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 1004.692357][ T5905] em28xx 2-1:0.89: Remote control support is not available for this card. [ 1004.718034][ T10] usb 5-1: config 0 has no interface number 0 [ 1004.725921][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 1004.725937][ T29] audit: type=1326 audit(1772250573.553:2264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21856 comm="syz.6.4619" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f03c099c799 code=0x0 [ 1004.727874][ T10] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1004.769235][T21853] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1004.776472][T21853] CPU: 0 UID: 0 PID: 21853 Comm: v4l_id Tainted: G L syzkaller #0 PREEMPT(full) [ 1004.787067][T21853] Tainted: [L]=SOFTLOCKUP [ 1004.791393][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1004.801449][T21853] Call Trace: [ 1004.804720][T21853] [ 1004.807647][T21853] vpanic+0x56c/0xa60 [ 1004.811632][T21853] ? __pfx_vpanic+0x10/0x10 [ 1004.816120][T21853] panic+0xc5/0xd0 [ 1004.819830][T21853] ? __pfx_panic+0x10/0x10 [ 1004.824233][T21853] ? preempt_schedule_thunk+0x16/0x30 [ 1004.829589][T21853] ? preempt_schedule_thunk+0x16/0x30 [ 1004.835033][T21853] ? v4l2_fh_open+0xac/0x420 [ 1004.839610][T21853] check_panic_on_warn+0x89/0xb0 [ 1004.844537][T21853] ? v4l2_fh_open+0xac/0x420 [ 1004.849111][T21853] end_report+0x73/0x180 [ 1004.853344][T21853] ? v4l2_fh_open+0xac/0x420 [ 1004.858006][T21853] kasan_report+0x128/0x150 [ 1004.862501][T21853] ? v4l2_fh_open+0xac/0x420 [ 1004.867078][T21853] v4l2_fh_open+0xac/0x420 [ 1004.871480][T21853] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1004.877446][T21853] em28xx_v4l2_open+0x157/0x9a0 [ 1004.882282][T21853] ? do_raw_spin_lock+0x12b/0x2f0 [ 1004.887491][T21853] v4l2_open+0x1bf/0x3a0 [ 1004.891721][T21853] chrdev_open+0x4cd/0x5e0 [ 1004.896208][T21853] ? __pfx_chrdev_open+0x10/0x10 [ 1004.901129][T21853] ? fsnotify_open_perm_and_set_mode+0x135/0x6d0 [ 1004.907449][T21853] ? __pfx_chrdev_open+0x10/0x10 [ 1004.912370][T21853] do_dentry_open+0x785/0x14e0 [ 1004.917139][T21853] vfs_open+0x3b/0x340 [ 1004.921216][T21853] ? path_openat+0x2df0/0x3860 [ 1004.925988][T21853] path_openat+0x2e08/0x3860 [ 1004.930574][T21853] ? __pfx_stack_trace_save+0x10/0x10 [ 1004.935935][T21853] ? stack_depot_save_flags+0x33/0x810 [ 1004.941386][T21853] ? __pfx_path_openat+0x10/0x10 [ 1004.946312][T21853] ? __x64_sys_openat+0x138/0x170 [ 1004.951330][T21853] ? do_syscall_64+0x14d/0xf80 [ 1004.956072][T21853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1004.962127][T21853] ? __lock_acquire+0x6b5/0x2cf0 [ 1004.967062][T21853] do_file_open+0x23e/0x4a0 [ 1004.971551][T21853] ? __pfx_do_file_open+0x10/0x10 [ 1004.976649][T21853] ? _raw_spin_unlock+0x28/0x50 [ 1004.981486][T21853] ? alloc_fd+0x64b/0x6c0 [ 1004.985813][T21853] do_sys_openat2+0x113/0x200 [ 1004.990478][T21853] ? __pfx_do_sys_openat2+0x10/0x10 [ 1004.995662][T21853] ? exc_page_fault+0x6a/0xc0 [ 1005.000326][T21853] ? do_user_addr_fault+0xc6f/0x1340 [ 1005.005596][T21853] __x64_sys_openat+0x138/0x170 [ 1005.010432][T21853] do_syscall_64+0x14d/0xf80 [ 1005.015002][T21853] ? trace_irq_disable+0x3b/0x150 [ 1005.020014][T21853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1005.026063][T21853] ? clear_bhb_loop+0x40/0x90 [ 1005.030723][T21853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1005.036597][T21853] RIP: 0033:0x7f9ea1aa7407 [ 1005.040997][T21853] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 1005.060587][T21853] RSP: 002b:00007ffec29e7750 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1005.068987][T21853] RAX: ffffffffffffffda RBX: 00007f9ea2251880 RCX: 00007f9ea1aa7407 [ 1005.076955][T21853] RDX: 0000000000000000 RSI: 00007ffec29e8f1c RDI: ffffffffffffff9c [ 1005.084930][T21853] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 1005.092893][T21853] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1005.100851][T21853] R13: 00007ffec29e79a0 R14: 00007f9ea23b8000 R15: 000055f063b434d8 [ 1005.108816][T21853] [ 1005.112167][T21853] Kernel Offset: disabled [ 1005.116473][T21853] Rebooting in 86400 seconds..