last executing test programs: 29.606759897s ago: executing program 2 (id=152): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x5) fchdir(r1) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f00000006c0)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)}}], 0x2, 0x48000) r3 = syz_open_dev$loop(&(0x7f0000000080), 0x401, 0x800201) r4 = mq_open(&(0x7f0000000240)='nr0\x00', 0x2, 0x20, 0x0) mq_getsetattr(r4, 0x0, &(0x7f0000000280)) r5 = open(&(0x7f0000000180)='./bus\x00', 0x14507e, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = epoll_create(0x29) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000000)={0x110000000}) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r6, 0x84, 0x6b, &(0x7f0000000380)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000e00)=@gettaction={0x14, 0x5a, 0x1}, 0x14}}, 0x0) setsockopt(r6, 0x84, 0x7f, &(0x7f0000000040)="020000000980ff", 0x7) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000700)={r5, 0x1000, {0x0, 0x0, 0x0, 0x0, 0x100001, 0x0, 0x0, 0x1b, 0x15, "54c870a8634edc745dfa1ab0a34a10a233e6180aa539ec68114b5aba1c98911df5ba72296d56740d56ea4d0434aa3592a4791300", "fc0177a6f3bb16d5d5560f93e0e50bbf206c9d8db97c00040000000000005f8a654e14dc7c4cc6020004003b3acc9f02cd3eac8be657b534bfa1142100696b29", "4921095856cdf9fd8199034f3b870104000009e3c7a181fb1c16c99189819ef4", [0x1, 0x9]}}) getsockname$tipc(r5, &(0x7f0000000000)=@id, &(0x7f0000000040)=0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x40, 0x0) r9 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r9, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x20081f, &(0x7f00000003c0)={0x0, 0xbdae, 0x4000, 0x2, 0x30f}, &(0x7f00000000c0), &(0x7f0000000540)) r10 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r10, &(0x7f0000000000)=""/41, 0x29) 27.718661901s ago: executing program 2 (id=155): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) kexec_load(0x0, 0x0, 0x0, 0x0) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x4e21, 0x7, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0xff}, 0x1c) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340)={0x0, 0xff, 0x1c}, 0xc) getsockopt$sock_buf(r2, 0x1, 0x1c, 0x0, &(0x7f00000001c0)=0x3b) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r3, &(0x7f0000000100)="11e5a68e291a6f297bca1e72499a1c0b73c1486bc5cd08a7132b5dc14cefffc62d", 0x21, 0x40, &(0x7f0000000240)={0x2, 0x4e23, @local}, 0x10) lsm_get_self_attr(0x64, &(0x7f00000002c0)={0x0, 0x0, 0x35, 0x15, ""/21}, &(0x7f0000001280)=0x35, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$sg(0x0, 0xfffffffffffffffa, 0x109202) ioctl$TCFLSH(0xffffffffffffffff, 0x5608, 0x1) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="600000001000030d28bd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="8621020000800200400012800e0001006970366772657461700000002c0002801400060000000000000000000000ffff0000000014000700ff"], 0x60}, 0x1, 0x0, 0x0, 0x24008011}, 0x16c3035570970880) 22.164037303s ago: executing program 2 (id=169): openat$ocfs2_control(0xffffff9c, &(0x7f0000000040), 0x44000, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x395, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xffffffff, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x2002c810) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x18d7, &(0x7f0000000540)={0x0, 0x0, 0x2, 0x0, 0xc}, &(0x7f0000ffe000), &(0x7f0000ffe000)) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r2, 0x2, &(0x7f0000000180), 0xfe) r3 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r3, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r4, &(0x7f00000002c0)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x1, @local}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e23, 0x16f, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x536f}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=[@hopopts={{0x18, 0x29, 0x32, {0x4}}}], 0x18}}], 0x2, 0x20000000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r5, 0x0, 0x2d, 0x0, 0x0) close(r3) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc2c45513, &(0x7f0000002e00)={{0x9, 0x7, 0x3, 0x2, 'syz0\x00', 0x7b}, 0x0, [0x1, 0x100, 0x1000, 0x6950, 0x1d1, 0x7fffffff, 0x5, 0x5, 0xbc0, 0xd89e, 0x15b, 0xb27, 0x5948, 0x5, 0x7, 0x8004a7, 0x9, 0x5, 0xb, 0x3, 0x2c, 0x400, 0x2000040, 0x10040002, 0x7, 0x0, 0x2, 0x800, 0x803, 0x3, 0x4, 0x6, 0xffffffff, 0xfff, 0x3ff, 0x1, 0x5, 0x9, 0x3, 0x6, 0x100003, 0x78a, 0xbfff8007, 0x200000e, 0xe, 0x0, 0x1, 0x4, 0x3, 0x4, 0x9, 0x80000001, 0x3fe, 0x1ff, 0x9, 0xfffff647, 0x408, 0x4, 0x4000001, 0x9, 0x8, 0x9, 0x5, 0x8, 0x98, 0xbe, 0x3, 0xa, 0x7, 0x80000080, 0x81, 0x10004, 0x2, 0x80000001, 0x69e, 0xb, 0x7000000, 0x1, 0x8, 0x1e2, 0x7, 0x4, 0x1, 0x8, 0xffffeffd, 0x10002, 0x1, 0x4, 0x0, 0xcbe, 0x8, 0xff, 0x4, 0xfffffff9, 0xf8a, 0x58a0, 0xfc13, 0x9, 0x895, 0xc, 0x9, 0x89, 0xfffffffe, 0xa1a9, 0x8e0b2, 0x9, 0x3, 0x12, 0x3, 0x3, 0xfffffff8, 0x3, 0x2, 0x1, 0x2ba, 0x0, 0xe, 0x5, 0x8, 0x2, 0xfff, 0x4, 0x1ff, 0x7, 0x2, 0x1007, 0x6, 0x200ff]}) socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0) r6 = socket$kcm(0x10, 0x2, 0x4) recvmsg$kcm(r6, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20) sendmsg$inet(r6, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) 15.925362123s ago: executing program 1 (id=181): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001000)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x3, 0x6361, 0x6, 0xffffffff, 0x6b9}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x40000880) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, 0x0, 0x0) 12.592109625s ago: executing program 1 (id=187): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x1bc, 0x19, 0x1, 0x400, 0x25dfdbfe, {{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001}}, [@tmpl={0x104, 0x5, [{{@in=@local, 0x4d5, 0x32}, 0x0, @in6=@local, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {{@in=@broadcast, 0x0, 0x3c}, 0x0, @in6=@dev, 0x0, 0x0, 0x3}, {{@in=@loopback, 0x0, 0x6c}, 0x0, @in=@loopback, 0x0, 0x4, 0x0, 0x0, 0x3}, {{@in6=@local, 0x0, 0x33}, 0x0, @in6=@private2, 0x0, 0x0, 0x0, 0xfd, 0x204}]}]}, 0x1bc}}, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c) syz_emit_ethernet(0x9a, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, '\x00', 0x64, 0x11, 0xff, @local, @mcast2, {[], {0x4e1d, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x2, "54e90dade0f83f43817a33a14e885678a5f38ab436a174d6f2369fc532f6c82b", "fc7dfb6e5293418dd950af36edd6dc1c", {"9cf20b4958f15cd0a3eddaf23b2e0eaf", "6272f64f06756f4bee7a8933b1524843"}}}}}}}}, 0x0) 12.516594378s ago: executing program 2 (id=188): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) setrlimit(0x7, &(0x7f0000000f80)={0x2, 0x2}) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) 12.361789792s ago: executing program 3 (id=189): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=0x0, &(0x7f0000000480)=0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4040850) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r0, 0x0, 0x0}) io_uring_enter(r4, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0) dup3(r4, 0xffffffffffffffff, 0x80000) mkdirat(0xffffffffffffff9c, 0x0, 0x0) 12.285809866s ago: executing program 1 (id=190): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00'}) socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = socket$netlink(0x10, 0x3, 0x4) writev(r2, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={0x0, &(0x7f0000001fc0)=""/4115, 0x3c, 0x1013, 0x1}, 0x28) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_attach_bpf(r5, 0x1, 0x44, &(0x7f0000009000), 0x4) 12.250096541s ago: executing program 4 (id=191): r0 = syz_usb_connect(0x5, 0x24, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x17, &(0x7f00000006c0)=0x400, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) writev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f00000001c0)}], 0x1) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3) sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) shutdown(r1, 0x1) openat$ptp0(0xffffffffffffff9c, 0x0, 0x40001, 0x0) 6.375887182s ago: executing program 1 (id=192): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r0 = fsopen(&(0x7f0000000140)='f2fs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='test_dummy_encryption', &(0x7f0000000080)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r1, r1, r1}, &(0x7f0000000100)=""/103, 0x67, &(0x7f00000005c0)={&(0x7f00000000c0)={'ghash-generic\x00'}}) 6.322983911s ago: executing program 3 (id=193): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000140)={0x0, 0x9, 0x0, 0x81, 0xfffffff9, 0xa}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000001, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) remap_file_pages(&(0x7f0000603000/0x3000)=nil, 0x3000, 0x0, 0x4, 0x1) 6.211589264s ago: executing program 4 (id=194): openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000400)=ANY=[]) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$pppl2tp(0x18, 0x1, 0x1) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x9) bind$alg(0xffffffffffffffff, &(0x7f0000000340)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(khazad)\x00'}, 0x58) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0xa5) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') renameat2(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x2) io_uring_enter(0xffffffffffffffff, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) 5.832403015s ago: executing program 4 (id=195): socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket(0x10, 0x3, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'bond_slave_1\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000005e0001002bbd7000ffdbdf2500000000", @ANYRES32=r3, @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x831e368c771a0719}, 0x400c080) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) 5.67859506s ago: executing program 0 (id=196): getsockname(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000280)=@raw={'raw\x00', 0x701, 0x3, 0x258, 0x0, 0xb, 0x108, 0x0, 0x0, 0x1c0, 0x1c8, 0x1c8, 0x1c0, 0x1c8, 0x3, 0x0, {[{{@ip={@rand_addr, @broadcast, 0x0, 0x0, 'veth1_to_batadv\x00', '\x00', {}, {}, 0x32}, 0x0, 0xa0, 0x108, 0x0, {}, [@common=@inet=@esp={{0x30}, {[], 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x15, 0x1, 0x619, 0x6, 'snmp\x00', 'syz0\x00', {0x631}}}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'veth1_to_batadv\x00', 'ip6erspan0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x5, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2b8) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x109301) socket$igmp6(0xa, 0x3, 0x2) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f00000000c0)=0x800, 0x4) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, 0x0) ioctl$USBDEVFS_CLAIMINTERFACE(r4, 0x8004550f, 0x0) 4.352071226s ago: executing program 0 (id=197): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001000)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x3, 0x6361, 0x6, 0xffffffff, 0x6b9}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x40000880) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, 0x0, 0x0) 4.253896298s ago: executing program 4 (id=198): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x108}) r0 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_TRIM(r0, &(0x7f00000024c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000002480)={&(0x7f0000000280)={0x10, 0x3f6, 0x800, 0x70bd2d, 0x25dfdbfd, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000050}, 0x840) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x1000, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(0xffffffffffffffff, &(0x7f0000000340)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_open_procfs(r3, &(0x7f0000000040)='net/connector\x00') r4 = socket$inet6(0xa, 0x80002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000006feffff720af0fff8ffffff71a4f0ff000000002d030000000000001d400500000000004704000001ed00007203feff000201001d44000000000000db0a00fee10000007303f10100000000b500f3ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) setsockopt$sock_linger(r4, 0x1, 0x3c, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) r5 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000002380)={{{@in=@broadcast, @in6=@private2, 0x4e24, 0x10, 0x4e22, 0x0, 0x2, 0xa0, 0x10, 0x0, 0x0, r2}, {0x4ce, 0x8000000000000000, 0x0, 0xf, 0x54, 0x2, 0x8}, {0x4, 0x85cc, 0xfffffffffffff801, 0x1}, 0x0, 0x6e6bbb}, {{@in6=@private1, 0x4d3, 0x33}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3503, 0x1, 0x3, 0x5, 0x4, 0x3ff}}, 0xe8) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 4.249849861s ago: executing program 3 (id=199): sched_setscheduler(0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x802, 0x0) readahead(0xffffffffffffffff, 0x3, 0x2) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x7f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f00000001c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = dup(r5) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20000004) shutdown(0xffffffffffffffff, 0x2) 2.804842013s ago: executing program 3 (id=200): syz_usb_connect(0x0, 0x147, &(0x7f0000000000)=ANY=[@ANYBLOB="12010002a8cbc408e8048968680d010203010902", @ANYRES32], 0x0) 2.741359483s ago: executing program 4 (id=201): r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x5) fchdir(r1) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r2, &(0x7f00000006c0)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)}}], 0x2, 0x48000) r3 = syz_open_dev$loop(&(0x7f0000000080), 0x401, 0x800201) r4 = mq_open(&(0x7f0000000240)='nr0\x00', 0x2, 0x20, 0x0) mq_getsetattr(r4, 0x0, &(0x7f0000000280)) r5 = open(&(0x7f0000000180)='./bus\x00', 0x14507e, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = epoll_create(0x29) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f0000000000)={0x110000000}) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r6, 0x84, 0x6b, &(0x7f0000000380)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000e00)=@gettaction={0x14, 0x5a, 0x1}, 0x14}}, 0x0) setsockopt(r6, 0x84, 0x7f, &(0x7f0000000040)="020000000980ff", 0x7) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000700)={r5, 0x1000, {0x0, 0x0, 0x0, 0x0, 0x100001, 0x0, 0x0, 0x1b, 0x15, "54c870a8634edc745dfa1ab0a34a10a233e6180aa539ec68114b5aba1c98911df5ba72296d56740d56ea4d0434aa3592a4791300", "fc0177a6f3bb16d5d5560f93e0e50bbf206c9d8db97c00040000000000005f8a654e14dc7c4cc6020004003b3acc9f02cd3eac8be657b534bfa1142100696b29", "4921095856cdf9fd8199034f3b870104000009e3c7a181fb1c16c99189819ef4", [0x1, 0x9]}}) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xff, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x40, 0x0) r9 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r9, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x20081f, &(0x7f00000003c0)={0x0, 0xbdae, 0x4000, 0x2, 0x30f}, &(0x7f00000000c0), &(0x7f0000000540)) r10 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) getdents64(r10, &(0x7f0000000000)=""/41, 0x29) 2.560296019s ago: executing program 0 (id=202): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0xba01, 0x0, 0x4000050}, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x34, r5, 0x1, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x30) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="580000000008010200000000000000000200ffff0600024022eb000005000300ffff00000900010073797a3000000000260004"], 0x58}, 0x1, 0x0, 0x0, 0x20000015}, 0x40) r7 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r7, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) close_range(r2, 0xffffffffffffffff, 0x200000000000000) 2.27927801s ago: executing program 0 (id=203): syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) bpf$PROG_LOAD(0x5, 0x0, 0x0) capset(0x0, &(0x7f0000000040)={0x200000, 0x200000}) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000180)=[{&(0x7f0000000900)="580000001400192340834b80040d8c560a066e0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000007000200060c10000000010000000000", 0x58}], 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x11, 0x0, 0x0, &(0x7f0000000640)='syzkaller\x00', 0x7}, 0x94) 2.112971699s ago: executing program 1 (id=204): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x11, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000800)={r1, r1, r1}, 0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)={'sha384\x00'}}) 848.448222ms ago: executing program 0 (id=205): mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e24, 0x1, @empty, 0xffffffff}, 0x1c) listen(0xffffffffffffffff, 0x7fff) 792.011081ms ago: executing program 1 (id=206): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00'}) prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffd000/0x3000)=nil) brk(0x80ffd000) socket$inet6_sctp(0xa, 0x1, 0x84) epoll_create1(0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000300)=0x2) io_setup(0x6, &(0x7f0000001380)=0x0) io_submit(r2, 0x1, &(0x7f00000000c0)=[&(0x7f0000000040)={0x1000000, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0xb866dbe024edcb7c}]) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x3b0, 0xd8, 0x11, 0x148, 0x0, 0x0, 0x31c, 0x2a8, 0x2a8, 0x31c, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xb8, 0xd8, 0x0, {}, [@common=@inet=@set1={{0x24}, {{0x0, 0x5, 0x7}}}, @inet=@rpfilter={{0x24}, {0x2}}]}, @unspec=@TRACE={0x20}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, 0xff, 'vlan0\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x1, 0x7a}, 0x0, 0x1e4, 0x244, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'team_slave_1\x00', {0x5, 0xa, 0x2, 0xffffd5ee, 0x5, 0x1ff, 0xb, 0x18, 0x40}, {0x8}}}, @inet=@rpfilter={{0x24}, {0x1b}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x2, [0x5, 0x3, 0x0, 0x6, 0x1], 0x0, 0x1}, {0x1, [0x1, 0x0, 0x0, 0x4, 0x1, 0x3], 0x0, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x40c) connect$unix(r3, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e21}, 0x6e) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RGETLOCK(r5, &(0x7f00000000c0)=ANY=[], 0x200002e6) fcntl$setpipe(r5, 0x407, 0x7000000) ioctl$VHOST_SET_FEATURES(r5, 0x4008af00, &(0x7f0000000080)=0x8000000) r6 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f00000000c0)={0x84, @multicast1, 0x4e22, 0x3, 'lblcr\x00', 0x1, 0xfffffffe, 0x4}, 0x2c) socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) memfd_secret(0x80000) 702.749692ms ago: executing program 2 (id=207): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001900010000000000000000000a"], 0x1c}}, 0x0) 670.272073ms ago: executing program 0 (id=208): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001340)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4}, {}, {0x6, 0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff3, 0x8}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc858}, 0x80) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) 403.870886ms ago: executing program 3 (id=209): r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001440)={0x18, 0x3, &(0x7f00000001c0)=ANY=[@ANYRESDEC=r0], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000040)=0xfe) ioctl$PPPIOCGUNIT(0xffffffffffffffff, 0x4004743c, 0x0) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x0, 0x0}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6f) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) mknod$loop(&(0x7f00000000c0)='./bus/file0\x00', 0x80, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0) read$dsp(r3, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r2, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) 292.292188ms ago: executing program 2 (id=210): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x2001}, 0x10) bind$tipc(r0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f0000005c00), 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYRES32, @ANYBLOB="08002600940900"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xb0}, 0x1, 0x0, 0x0, 0x40080c0}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x88, r3, 0x100, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x44b8, 0x1f}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x57}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x15}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x8}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x43}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xa}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4b}]}, 0x88}, 0x1, 0x0, 0x0, 0x80c4}, 0x1) r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e7cc6120c4108a81ad7d0102030109021b00010000c005090423000103"], 0x0) syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f0000000c00)={0x44, &(0x7f0000000980)={0x60, 0x3, 0x3, "b3e71b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r5, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x9004) 137.035757ms ago: executing program 4 (id=211): sched_setscheduler(0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x802, 0x0) readahead(0xffffffffffffffff, 0x3, 0x2) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x7f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f00000001c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = dup(r5) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="640000000206030000000000fffff0000000000016000300686173683a6e65742c706f72742c6e6574000000050004000000000005000500020000000900020073797a3200000000050001000700000014000780080013400000000008001240"], 0x64}}, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20000004) shutdown(0xffffffffffffffff, 0x2) 0s ago: executing program 3 (id=212): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001000)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x3, 0x6361, 0x6, 0xffffffff, 0x6b9}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x40000880) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. [ 81.792314][ T5781] cgroup: Unknown subsys name 'net' [ 82.047158][ T5781] cgroup: Unknown subsys name 'cpuset' [ 82.128655][ T5781] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.044617][ T5781] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.021830][ T1229] cfg80211: failed to load regulatory.db [ 87.801620][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.802704][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.807007][ T5805] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.807568][ T5808] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.819625][ T5805] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.819938][ T5808] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.821933][ T5805] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.823145][ T5805] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.842355][ T5805] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.843850][ T5805] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.849074][ T60] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.854006][ T60] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.854700][ T60] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.856586][ T60] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.858924][ T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.888983][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.918243][ T5799] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.943326][ T5113] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.944477][ T5113] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.945112][ T5113] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.947218][ T5113] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.955162][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.960337][ T5799] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.961816][ T5799] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.008119][ T5799] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.793317][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 88.822146][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 89.068326][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 89.094852][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 89.131623][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 89.265484][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.266849][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.266978][ T5795] bridge_slave_0: entered allmulticast mode [ 89.270496][ T5795] bridge_slave_0: entered promiscuous mode [ 89.294100][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.294180][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.294315][ T5794] bridge_slave_0: entered allmulticast mode [ 89.295941][ T5794] bridge_slave_0: entered promiscuous mode [ 89.330442][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.330586][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.330996][ T5795] bridge_slave_1: entered allmulticast mode [ 89.332495][ T5795] bridge_slave_1: entered promiscuous mode [ 89.365305][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.365379][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.365500][ T5794] bridge_slave_1: entered allmulticast mode [ 89.367113][ T5794] bridge_slave_1: entered promiscuous mode [ 89.497621][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.535088][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.553665][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.553974][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.554079][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.554226][ T5804] bridge_slave_0: entered allmulticast mode [ 89.555895][ T5804] bridge_slave_0: entered promiscuous mode [ 89.583907][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.585115][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.585254][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.585739][ T5810] bridge_slave_0: entered allmulticast mode [ 89.589222][ T5810] bridge_slave_0: entered promiscuous mode [ 89.614128][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.614252][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.614754][ T5804] bridge_slave_1: entered allmulticast mode [ 89.617420][ T5804] bridge_slave_1: entered promiscuous mode [ 89.620182][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.620300][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.620815][ T5796] bridge_slave_0: entered allmulticast mode [ 89.625529][ T5796] bridge_slave_0: entered promiscuous mode [ 89.648261][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.648584][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.648741][ T5810] bridge_slave_1: entered allmulticast mode [ 89.651473][ T5810] bridge_slave_1: entered promiscuous mode [ 89.692896][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.693019][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.693509][ T5796] bridge_slave_1: entered allmulticast mode [ 89.697670][ T5796] bridge_slave_1: entered promiscuous mode [ 89.842143][ T5795] team0: Port device team_slave_0 added [ 89.871534][ T5794] team0: Port device team_slave_0 added [ 89.891781][ T5795] team0: Port device team_slave_1 added [ 89.894575][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.900338][ T60] Bluetooth: hci0: command tx timeout [ 89.900425][ T60] Bluetooth: hci1: command tx timeout [ 89.917617][ T5794] team0: Port device team_slave_1 added [ 89.925678][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.946032][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.949853][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.970728][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.978087][ T5799] Bluetooth: hci2: command tx timeout [ 90.002455][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.030641][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.030653][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.030669][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.103219][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.103233][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.103247][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.123698][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.123723][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.123745][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.127008][ T5804] team0: Port device team_slave_0 added [ 90.138043][ T5799] Bluetooth: hci3: command tx timeout [ 90.138216][ T5799] Bluetooth: hci4: command tx timeout [ 90.151500][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.151515][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.151537][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.154699][ T5810] team0: Port device team_slave_0 added [ 90.173301][ T5804] team0: Port device team_slave_1 added [ 90.177045][ T5796] team0: Port device team_slave_0 added [ 90.195913][ T5810] team0: Port device team_slave_1 added [ 90.224947][ T5796] team0: Port device team_slave_1 added [ 90.361014][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.361034][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.361061][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.420723][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.420743][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.420766][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.421954][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.421967][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.421992][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.430674][ T5795] hsr_slave_0: entered promiscuous mode [ 90.432123][ T5795] hsr_slave_1: entered promiscuous mode [ 90.435209][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.435221][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.435245][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.447633][ T5794] hsr_slave_0: entered promiscuous mode [ 90.449518][ T5794] hsr_slave_1: entered promiscuous mode [ 90.450593][ T5794] debugfs: 'hsr0' already exists in 'hsr' [ 90.450698][ T5794] Cannot create hsr debugfs directory [ 90.451675][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.451686][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.451710][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.455727][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.455742][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.455765][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.743233][ T5804] hsr_slave_0: entered promiscuous mode [ 90.744692][ T5804] hsr_slave_1: entered promiscuous mode [ 90.745367][ T5804] debugfs: 'hsr0' already exists in 'hsr' [ 90.745392][ T5804] Cannot create hsr debugfs directory [ 90.776819][ T5796] hsr_slave_0: entered promiscuous mode [ 90.781358][ T5796] hsr_slave_1: entered promiscuous mode [ 90.782319][ T5796] debugfs: 'hsr0' already exists in 'hsr' [ 90.782343][ T5796] Cannot create hsr debugfs directory [ 90.805269][ T5810] hsr_slave_0: entered promiscuous mode [ 90.806127][ T5810] hsr_slave_1: entered promiscuous mode [ 90.806702][ T5810] debugfs: 'hsr0' already exists in 'hsr' [ 90.806723][ T5810] Cannot create hsr debugfs directory [ 91.978207][ T60] Bluetooth: hci1: command tx timeout [ 91.978245][ T60] Bluetooth: hci0: command tx timeout [ 92.031284][ T5794] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.058191][ T5799] Bluetooth: hci2: command tx timeout [ 92.078949][ T5794] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.126506][ T5794] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.187237][ T5794] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.218091][ T5799] Bluetooth: hci4: command tx timeout [ 92.218131][ T5799] Bluetooth: hci3: command tx timeout [ 92.293998][ T5795] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.322406][ T5795] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.352942][ T5795] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.390383][ T5795] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.526481][ T5804] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.556848][ T5804] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.596072][ T5804] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.652359][ T5804] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.810075][ T5796] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.869792][ T5796] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.922025][ T5796] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.960170][ T5796] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.097140][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.113381][ T5810] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.155995][ T5810] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.211260][ T5810] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.255433][ T5810] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.341881][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.380910][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.386645][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.387602][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.441862][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.442020][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.493850][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.534164][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.534447][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.556031][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.582257][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.582415][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.644953][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.681838][ T785] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.681976][ T785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.721748][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.754297][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.755524][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.865947][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.877684][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.942732][ T3588] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.942936][ T3588] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.995770][ T3588] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.996003][ T3588] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.056118][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.059471][ T60] Bluetooth: hci0: command tx timeout [ 94.059502][ T60] Bluetooth: hci1: command tx timeout [ 94.111647][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.112517][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.138164][ T5799] Bluetooth: hci2: command tx timeout [ 94.167497][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.175478][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.175640][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.298672][ T5799] Bluetooth: hci3: command tx timeout [ 94.298708][ T5799] Bluetooth: hci4: command tx timeout [ 94.410179][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.576982][ T5794] veth0_vlan: entered promiscuous mode [ 94.648709][ T5794] veth1_vlan: entered promiscuous mode [ 94.675060][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.735627][ T5795] veth0_vlan: entered promiscuous mode [ 94.802776][ T5795] veth1_vlan: entered promiscuous mode [ 94.866818][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.876637][ T5794] veth0_macvtap: entered promiscuous mode [ 94.905823][ T5794] veth1_macvtap: entered promiscuous mode [ 95.000592][ T5804] veth0_vlan: entered promiscuous mode [ 95.020717][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.034346][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.051666][ T5795] veth0_macvtap: entered promiscuous mode [ 95.088949][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.091937][ T5795] veth1_macvtap: entered promiscuous mode [ 95.109094][ T5804] veth1_vlan: entered promiscuous mode [ 95.129418][ T43] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.136234][ T43] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.156192][ T43] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.174587][ T43] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.257094][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.311633][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.406401][ T101] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.426452][ T101] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.447402][ T101] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.462665][ T5804] veth0_macvtap: entered promiscuous mode [ 95.464794][ T5810] veth0_vlan: entered promiscuous mode [ 95.465214][ T101] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.534342][ T5804] veth1_macvtap: entered promiscuous mode [ 95.551205][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.551226][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.617241][ T5810] veth1_vlan: entered promiscuous mode [ 95.703234][ T5796] veth0_vlan: entered promiscuous mode [ 95.737475][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.737497][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.753833][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.794986][ T5796] veth1_vlan: entered promiscuous mode [ 95.807084][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.821248][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.821268][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.863665][ T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.879165][ T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.902374][ T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.907724][ T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.954104][ T101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.954126][ T101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.993070][ T5810] veth0_macvtap: entered promiscuous mode [ 96.041227][ T5810] veth1_macvtap: entered promiscuous mode [ 96.138657][ T60] Bluetooth: hci1: command tx timeout [ 96.138691][ T60] Bluetooth: hci0: command tx timeout [ 96.184134][ T5796] veth0_macvtap: entered promiscuous mode [ 96.218066][ T5799] Bluetooth: hci2: command tx timeout [ 96.285895][ T5796] veth1_macvtap: entered promiscuous mode [ 96.379145][ T5799] Bluetooth: hci4: command tx timeout [ 96.379184][ T5799] Bluetooth: hci3: command tx timeout [ 96.517501][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.517522][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.530439][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.538810][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.555018][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.648778][ T5924] GUP no longer grows the stack in syz.3.4 (5924): 200000006000-200000009000 (200000004000) [ 97.648848][ T5924] CPU: 0 UID: 0 PID: 5924 Comm: syz.3.4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 97.648873][ T5924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 97.648887][ T5924] Call Trace: [ 97.648896][ T5924] [ 97.648907][ T5924] dump_stack_lvl+0xe8/0x150 [ 97.648949][ T5924] fixup_user_fault+0x637/0x6f0 [ 97.648990][ T5924] fault_in_user_writeable+0x71/0xd0 [ 97.649024][ T5924] futex_lock_pi+0x80c/0xb00 [ 97.649062][ T5924] ? __pfx_futex_lock_pi+0x10/0x10 [ 97.649119][ T5924] ? __pfx_futex_wake_mark+0x10/0x10 [ 97.649150][ T5924] ? __pfx_futex_wake+0x10/0x10 [ 97.649182][ T5924] ? __schedule+0x1569/0x5240 [ 97.649211][ T5924] ? __pfx___schedule+0x10/0x10 [ 97.649243][ T5924] do_futex+0x292/0x420 [ 97.649270][ T5924] ? __pfx_do_futex+0x10/0x10 [ 97.649291][ T5924] ? lockdep_hardirqs_on+0x7a/0x110 [ 97.649327][ T5924] __se_sys_futex+0x3a8/0x450 [ 97.649357][ T5924] ? __pfx___se_sys_futex+0x10/0x10 [ 97.649378][ T5924] ? rcu_is_watching+0x15/0xb0 [ 97.649409][ T5924] ? __x64_sys_futex+0x21/0xf0 [ 97.649433][ T5924] do_syscall_64+0x14d/0xf80 [ 97.649462][ T5924] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.649485][ T5924] ? clear_bhb_loop+0x40/0x90 [ 97.649521][ T5924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.649543][ T5924] RIP: 0033:0x7eff0b82c799 [ 97.649564][ T5924] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 97.649582][ T5924] RSP: 002b:00007eff09a44028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 97.649607][ T5924] RAX: ffffffffffffffda RBX: 00007eff0baa6180 RCX: 00007eff0b82c799 [ 97.649623][ T5924] RDX: 0000000000000002 RSI: 000000000000008d RDI: 0000200000004000 [ 97.649637][ T5924] RBP: 00007eff0b8c2bd9 R08: 0000000000000000 R09: 0000000000000082 [ 97.649651][ T5924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 97.649663][ T5924] R13: 00007eff0baa6218 R14: 00007eff0baa6180 R15: 00007ffdbaa61f28 [ 97.649698][ T5924] [ 98.112456][ T1480] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.132046][ T1480] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.135824][ T1480] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.171027][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.173865][ T101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.173888][ T101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.174261][ T1480] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.260031][ T43] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.350818][ T43] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.376722][ T43] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.394858][ T43] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.588211][ T5930] capability: warning: `syz.3.10' uses deprecated v2 capabilities in a way that may be insecure [ 98.593624][ T5930] netlink: 40 bytes leftover after parsing attributes in process `syz.3.10'. [ 99.535747][ T3588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.535761][ T3588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.774929][ T3588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.774957][ T3588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.078476][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.080489][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.163776][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.167109][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.327898][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.409047][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.410135][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.410339][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.410543][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 100.410749][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.082984][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.083011][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.588112][ T1224] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.588129][ T1224] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.381332][ T1237] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 116.969875][ T6026] syzkaller0: entered promiscuous mode [ 116.969906][ T6026] syzkaller0: entered allmulticast mode [ 116.982103][ T6025] tipc: Started in network mode [ 116.982140][ T6025] tipc: Node identity 0a87b1942df1, cluster identity 4711 [ 116.982601][ T6025] tipc: Enabled bearer , priority 0 [ 117.119604][ T6024] tipc: Resetting bearer [ 117.337558][ T6024] tipc: Disabling bearer [ 118.052379][ T1237] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 118.838946][ T1237] usb 1-1: New USB device found, idVendor=13d3, idProduct=3211, bcdDevice=7a.67 [ 118.838982][ T1237] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.839001][ T1237] usb 1-1: Product: syz [ 118.839015][ T1237] usb 1-1: Manufacturer: syz [ 118.839028][ T1237] usb 1-1: SerialNumber: syz [ 119.346430][ T1237] dvb-usb: found a 'Pinnacle PCTV 310e' in cold state, will try to load a firmware [ 119.346455][ T1237] dvb-usb: did not find the firmware file '(null)' (status -22). You can use /scripts/get_dvb_firmware to get the firmware [ 119.391724][ T1237] usb 1-1: USB disconnect, device number 2 [ 119.450856][ T6051] binder: BINDER_SET_CONTEXT_MGR already set [ 119.450873][ T6051] binder: 6050:6051 ioctl 4018620d 200000004a80 returned -16 [ 119.460889][ T6051] binder: 6050:6051 ioctl c0306201 0 returned -14 [ 119.934644][ T6061] syzkaller0: entered promiscuous mode [ 119.934675][ T6061] syzkaller0: entered allmulticast mode [ 119.980799][ T6061] tipc: Started in network mode [ 119.980837][ T6061] tipc: Node identity 42972df9797f, cluster identity 4711 [ 119.981050][ T6061] tipc: Enabled bearer , priority 0 [ 120.188605][ T6059] tipc: Resetting bearer [ 121.323753][ T6059] tipc: Disabling bearer [ 121.481287][ T1237] tipc: Node number set to 1005071865 [ 121.567218][ T6075] IPVS: length: 528 != 8 [ 122.256835][ T6079] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 122.505703][ T6081] faux_driver vgem: [drm] Unknown color mode 727; guessing buffer size. [ 122.819145][ T6084] warning: `syz.2.52' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 123.442950][ T6087] delete_channel: no stack [ 124.113893][ T6117] Zero length message leads to an empty skb [ 124.187042][ T6117] syzkaller0: entered promiscuous mode [ 124.187075][ T6117] syzkaller0: entered allmulticast mode [ 124.291889][ T6112] tipc: Started in network mode [ 124.291926][ T6112] tipc: Node identity de16ea7942b8, cluster identity 4711 [ 124.292152][ T6112] tipc: Enabled bearer , priority 0 [ 124.338270][ T6110] tipc: Resetting bearer [ 124.694010][ T6123] IPVS: length: 528 != 8 [ 125.829638][ T6110] tipc: Disabling bearer [ 126.184065][ T5800] tipc: Node number set to 2628708985 [ 128.253108][ T6147] netlink: 324 bytes leftover after parsing attributes in process `syz.2.72'. [ 130.271512][ T6139] delete_channel: no stack [ 131.031929][ T6159] wg2: entered promiscuous mode [ 131.031960][ T6159] wg2: entered allmulticast mode [ 131.576988][ T37] audit: type=1326 audit(1772725034.660:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6168 comm="syz.4.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 131.797480][ T37] audit: type=1326 audit(1772725034.740:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6168 comm="syz.4.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 131.797938][ T37] audit: type=1326 audit(1772725034.930:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6168 comm="syz.4.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 131.797983][ T37] audit: type=1326 audit(1772725034.930:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6168 comm="syz.4.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 132.776253][ T6181] mmap: syz.4.81 (6181) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 132.829181][ T37] audit: type=1326 audit(1772725035.950:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6168 comm="syz.4.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 132.829226][ T37] audit: type=1326 audit(1772725035.950:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6168 comm="syz.4.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 132.829251][ T37] audit: type=1326 audit(1772725035.950:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6168 comm="syz.4.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 133.078633][ T37] audit: type=1326 audit(1772725036.220:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6168 comm="syz.4.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 133.078693][ T37] audit: type=1326 audit(1772725036.220:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6168 comm="syz.4.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 133.119594][ T37] audit: type=1326 audit(1772725036.220:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6168 comm="syz.4.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 133.201476][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.201583][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.246804][ T6185] netlink: 4 bytes leftover after parsing attributes in process `syz.1.86'. [ 134.085786][ T6202] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 136.490989][ T6220] Bluetooth: MGMT ver 1.23 [ 138.255458][ T6243] netlink: 28 bytes leftover after parsing attributes in process `syz.0.104'. [ 138.363840][ T6243] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 138.651057][ T6247] syz.1.105 uses obsolete (PF_INET,SOCK_PACKET) [ 138.715488][ T6251] kvm: pic: non byte read [ 138.721768][ T6251] kvm: pic: level sensitive irq not supported [ 138.727406][ T6251] kvm: pic: non byte read [ 138.731090][ T6251] kvm: pic: level sensitive irq not supported [ 138.736654][ T6251] kvm: pic: non byte read [ 138.989454][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 138.989469][ T37] audit: type=1326 audit(1772725042.110:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.2.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 138.989536][ T37] audit: type=1326 audit(1772725042.130:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.2.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 139.010363][ T37] audit: type=1326 audit(1772725042.130:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.2.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 139.012025][ T37] audit: type=1326 audit(1772725042.130:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.2.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 139.012086][ T37] audit: type=1326 audit(1772725042.130:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.2.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 139.012130][ T37] audit: type=1326 audit(1772725042.130:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.2.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 139.012174][ T37] audit: type=1326 audit(1772725042.130:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.2.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 139.012217][ T37] audit: type=1326 audit(1772725042.140:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.2.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 139.013785][ T37] audit: type=1326 audit(1772725042.140:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.2.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 139.013837][ T37] audit: type=1326 audit(1772725042.140:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6255 comm="syz.2.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 141.885790][ T6276] netlink: 'syz.3.112': attribute type 27 has an invalid length. [ 141.885815][ T6276] netlink: 8 bytes leftover after parsing attributes in process `syz.3.112'. [ 142.002786][ T6276] bond0: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 143.338110][ T6283] binder: BINDER_SET_CONTEXT_MGR already set [ 143.338127][ T6283] binder: 6282:6283 ioctl 4018620d 200000004a80 returned -16 [ 145.725286][ T6299] netlink: 76 bytes leftover after parsing attributes in process `syz.4.119'. [ 147.798853][ T6302] netlink: 96 bytes leftover after parsing attributes in process `syz.3.121'. [ 150.017939][ T37] kauditd_printk_skb: 49 callbacks suppressed [ 150.017964][ T37] audit: type=1326 audit(1772725053.140:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6331 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0b82c799 code=0x7ffc0000 [ 150.018733][ T37] audit: type=1326 audit(1772725053.140:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6331 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0b82c799 code=0x7ffc0000 [ 150.018783][ T37] audit: type=1326 audit(1772725053.140:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6331 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7eff0b82c799 code=0x7ffc0000 [ 150.027955][ T37] audit: type=1326 audit(1772725053.140:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6331 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0b82c799 code=0x7ffc0000 [ 150.035438][ T37] audit: type=1326 audit(1772725053.140:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6331 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7eff0b82c799 code=0x7ffc0000 [ 150.037290][ T37] audit: type=1326 audit(1772725053.140:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6331 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0b82c799 code=0x7ffc0000 [ 150.037336][ T37] audit: type=1326 audit(1772725053.140:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6331 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7eff0b82c799 code=0x7ffc0000 [ 150.037376][ T37] audit: type=1326 audit(1772725053.140:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6331 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0b82c799 code=0x7ffc0000 [ 150.037417][ T37] audit: type=1326 audit(1772725053.150:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6331 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7eff0b82c799 code=0x7ffc0000 [ 150.037458][ T37] audit: type=1326 audit(1772725053.150:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6331 comm="syz.3.130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff0b82c799 code=0x7ffc0000 [ 150.112667][ T6338] netlink: 76 bytes leftover after parsing attributes in process `syz.4.132'. [ 151.168829][ T6345] process 'syz.0.135' launched './file2' with NULL argv: empty string added [ 155.109661][ T37] kauditd_printk_skb: 45 callbacks suppressed [ 155.109681][ T37] audit: type=1326 audit(1772725058.250:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6358 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff613d2c799 code=0x7ffc0000 [ 155.109848][ T37] audit: type=1326 audit(1772725058.250:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6358 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff613d2c799 code=0x7ffc0000 [ 155.117113][ T37] audit: type=1326 audit(1772725058.250:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6358 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff613d2c799 code=0x7ffc0000 [ 155.149917][ T37] audit: type=1326 audit(1772725058.290:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6358 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff613d2c799 code=0x7ffc0000 [ 155.149967][ T37] audit: type=1326 audit(1772725058.290:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6358 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff613d2c799 code=0x7ffc0000 [ 155.150005][ T37] audit: type=1326 audit(1772725058.290:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6358 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff613d2c799 code=0x7ffc0000 [ 155.150042][ T37] audit: type=1326 audit(1772725058.290:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6358 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff613d2c799 code=0x7ffc0000 [ 155.150079][ T37] audit: type=1326 audit(1772725058.290:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6358 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff613d2c799 code=0x7ffc0000 [ 155.151278][ T37] audit: type=1326 audit(1772725058.290:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6358 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7ff613d2c799 code=0x7ffc0000 [ 155.151322][ T37] audit: type=1326 audit(1772725058.290:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6358 comm="syz.0.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff613d2c799 code=0x7ffc0000 [ 157.256549][ T6385] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.146'. [ 157.788006][ T6004] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 157.898827][ T6009] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 157.998069][ T6004] usb 4-1: Using ep0 maxpacket: 32 [ 158.030606][ T6004] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.030646][ T6004] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.035203][ T6004] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 158.035237][ T6004] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 158.035258][ T6004] usb 4-1: Product: syz [ 158.035272][ T6004] usb 4-1: Manufacturer: syz [ 158.148912][ T6009] usb 5-1: Using ep0 maxpacket: 16 [ 158.266968][ T6009] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 158.267040][ T6009] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 158.267071][ T6009] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 158.267089][ T6009] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 158.267104][ T6009] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 158.343528][ T6009] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 158.343563][ T6009] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 158.343583][ T6009] usb 5-1: Manufacturer: syz [ 158.354164][ T6009] usb 5-1: config 0 descriptor?? [ 158.770956][ T6004] hub 4-1:4.0: USB hub found [ 158.793975][ T6004] hub 4-1:4.0: 2 ports detected [ 160.023213][ T6405] netlink: 4 bytes leftover after parsing attributes in process `syz.0.154'. [ 160.359971][ T6004] hub 4-1:4.0: hub_hub_status failed (err = -32) [ 160.360004][ T6004] hub 4-1:4.0: config failed, can't get hub status (err -32) [ 160.718575][ T5868] usb 4-1: USB disconnect, device number 2 [ 160.798697][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 160.798714][ T37] audit: type=1326 audit(1772725063.930:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6410 comm="syz.2.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 160.798752][ T37] audit: type=1326 audit(1772725063.930:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6410 comm="syz.2.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 160.798775][ T37] audit: type=1326 audit(1772725063.930:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6410 comm="syz.2.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 160.798798][ T37] audit: type=1326 audit(1772725063.930:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6410 comm="syz.2.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 160.798821][ T37] audit: type=1326 audit(1772725063.930:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6410 comm="syz.2.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 160.798844][ T37] audit: type=1326 audit(1772725063.930:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6410 comm="syz.2.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 160.798867][ T37] audit: type=1326 audit(1772725063.930:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6410 comm="syz.2.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 160.798892][ T37] audit: type=1326 audit(1772725063.930:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6410 comm="syz.2.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 160.798915][ T37] audit: type=1326 audit(1772725063.930:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6410 comm="syz.2.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 160.798939][ T37] audit: type=1326 audit(1772725063.930:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6410 comm="syz.2.155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fd28084c799 code=0x7ffc0000 [ 161.323564][ T6009] rc_core: IR keymap rc-hauppauge not found [ 161.323588][ T6009] Registered IR keymap rc-empty [ 161.324203][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 161.338053][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 161.402478][ T6009] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 161.405152][ T6009] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input5 [ 161.533949][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 161.548094][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 161.568083][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 161.588033][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 161.608273][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 161.650232][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 161.668946][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 161.795058][ T6436] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 162.759075][ T6437] netlink: 16 bytes leftover after parsing attributes in process `syz.4.160'. [ 163.065524][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 163.078014][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 163.111376][ T6009] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 163.132135][ T6009] mceusb 5-1:0.0: Registered with mce emulator interface version 1 [ 163.132161][ T6009] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 163.242188][ T6009] usb 5-1: USB disconnect, device number 2 [ 163.585963][ T6448] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 163.934786][ T6452] syzkaller0: entered promiscuous mode [ 163.934814][ T6452] syzkaller0: entered allmulticast mode [ 165.212437][ T6457] loop7: detected capacity change from 0 to 1 [ 169.207185][ T6478] block nbd3: shutting down sockets [ 169.461367][ T6004] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 169.528176][ T5875] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 169.638097][ T6004] usb 2-1: Using ep0 maxpacket: 32 [ 169.691288][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.691327][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.691431][ T5875] usb 1-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.ba [ 169.691456][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.304921][ T37] kauditd_printk_skb: 26 callbacks suppressed [ 170.304945][ T37] audit: type=1326 audit(1772725073.400:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6487 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 170.304996][ T37] audit: type=1326 audit(1772725073.400:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6487 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 170.305227][ T37] audit: type=1326 audit(1772725073.400:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6487 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 170.305276][ T37] audit: type=1326 audit(1772725073.400:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6487 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 170.305322][ T37] audit: type=1326 audit(1772725073.400:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6487 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 170.305365][ T37] audit: type=1326 audit(1772725073.400:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6487 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 170.305409][ T37] audit: type=1326 audit(1772725073.400:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6487 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 170.305454][ T37] audit: type=1326 audit(1772725073.400:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6487 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 170.305496][ T37] audit: type=1326 audit(1772725073.410:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6487 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 170.305533][ T37] audit: type=1326 audit(1772725073.410:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6487 comm="syz.4.179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f418f9dc799 code=0x7ffc0000 [ 170.531096][ T6004] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 170.531119][ T6004] usb 2-1: config 0 has no interface number 0 [ 170.531163][ T6004] usb 2-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 170.531177][ T6004] usb 2-1: config 0 interface 89 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 170.531191][ T6004] usb 2-1: config 0 interface 89 has no altsetting 0 [ 170.607991][ T6004] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 170.608026][ T6004] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.608046][ T6004] usb 2-1: Product: syz [ 170.608061][ T6004] usb 2-1: Manufacturer: syz [ 170.608075][ T6004] usb 2-1: SerialNumber: syz [ 171.103674][ T6004] usb 2-1: config 0 descriptor?? [ 171.152777][ T5875] usb 1-1: config 0 descriptor?? [ 171.273424][ T6004] usb 2-1: can't set config #0, error -71 [ 171.312432][ T6004] usb 2-1: USB disconnect, device number 2 [ 171.677542][ T5875] stadia 0003:18D1:9400.0001: ignoring exceeding usage max [ 171.783146][ T5875] stadia 0003:18D1:9400.0001: hidraw0: USB HID v0.00 Device [HID 18d1:9400] on usb-dummy_hcd.0-1/input0 [ 171.783184][ T5875] stadia 0003:18D1:9400.0001: no inputs found [ 171.783198][ T5875] stadia 0003:18D1:9400.0001: force feedback init failed [ 171.839099][ T6500] syzkaller0: entered promiscuous mode [ 171.839127][ T6500] syzkaller0: entered allmulticast mode [ 171.905060][ T5875] usb 1-1: USB disconnect, device number 3 [ 172.323983][ T6506] netlink: 40 bytes leftover after parsing attributes in process `syz.3.182'. [ 173.005316][ T6503] fido_id[6503]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 174.943243][ T5875] IPVS: starting estimator thread 0... [ 175.048167][ T6523] IPVS: using max 7 ests per chain, 16800 per kthread [ 183.078507][ T6553] syzkaller0: entered promiscuous mode [ 183.078538][ T6553] syzkaller0: entered allmulticast mode [ 184.868037][ T1229] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 185.067996][ T1229] usb 4-1: Using ep0 maxpacket: 8 [ 185.086260][ T1229] usb 4-1: config index 0 descriptor too short (expected 65535, got 309) [ 185.086293][ T1229] usb 4-1: config 255 has too many interfaces: 255, using maximum allowed: 32 [ 185.086314][ T1229] usb 4-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 185.086333][ T1229] usb 4-1: config 255 has 0 interfaces, different from the descriptor's value: 255 [ 185.099628][ T1229] usb 4-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice= d.68 [ 185.099663][ T1229] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.099681][ T1229] usb 4-1: Product: syz [ 185.099694][ T1229] usb 4-1: Manufacturer: syz [ 185.099715][ T1229] usb 4-1: SerialNumber: syz [ 186.360972][ T9] usb 4-1: USB disconnect, device number 3 [ 186.642064][ T37] kauditd_printk_skb: 63 callbacks suppressed [ 186.642088][ T37] audit: type=1326 audit(1772725089.760:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6582 comm="syz.1.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd014d6c799 code=0x7ffc0000 [ 186.642138][ T37] audit: type=1326 audit(1772725089.780:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6582 comm="syz.1.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd014d6c799 code=0x7ffc0000 [ 186.680317][ T37] audit: type=1326 audit(1772725089.820:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6582 comm="syz.1.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd014d6c799 code=0x7ffc0000 [ 186.680372][ T37] audit: type=1326 audit(1772725089.820:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6582 comm="syz.1.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd014d6c799 code=0x7ffc0000 [ 186.682022][ T37] audit: type=1326 audit(1772725089.820:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6582 comm="syz.1.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd014d6c799 code=0x7ffc0000 [ 186.682065][ T37] audit: type=1326 audit(1772725089.820:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6582 comm="syz.1.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd014d6c799 code=0x7ffc0000 [ 186.682103][ T37] audit: type=1326 audit(1772725089.820:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6582 comm="syz.1.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fd014d6c799 code=0x7ffc0000 [ 186.682143][ T37] audit: type=1326 audit(1772725089.820:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6582 comm="syz.1.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd014d6c799 code=0x7ffc0000 [ 186.682181][ T37] audit: type=1326 audit(1772725089.820:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6582 comm="syz.1.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=12 compat=0 ip=0x7fd014d6c799 code=0x7ffc0000 [ 186.682218][ T37] audit: type=1326 audit(1772725089.820:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6582 comm="syz.1.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd014d6c799 code=0x7ffc0000 [ 186.839085][ T9] IPVS: starting estimator thread 0... [ 186.938047][ T6587] IPVS: using max 7 ests per chain, 16800 per kthread [ 187.387959][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 187.537935][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 187.540882][ T9] usb 3-1: config 0 has an invalid interface number: 35 but max is 0 [ 187.540911][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 187.540932][ T9] usb 3-1: config 0 has no interface number 0 [ 187.540980][ T9] usb 3-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 187.578049][ T9] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 187.578081][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.578100][ T9] usb 3-1: Product: syz [ 187.578112][ T9] usb 3-1: Manufacturer: syz [ 187.578125][ T9] usb 3-1: SerialNumber: syz [ 187.635770][ T9] usb 3-1: config 0 descriptor?? [ 187.686925][ T9] radio-si470x 3-1:0.35: could not find interrupt in endpoint [ 187.696751][ T9] radio-si470x 3-1:0.35: probe with driver radio-si470x failed with error -5 [ 187.851861][ T9] radio-raremono 3-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 188.085070][ T9] radio-raremono 3-1:0.35: V4L2 device registered as radio48 [ 188.105833][ T9] ================================================================== [ 188.105852][ T9] BUG: KASAN: vmalloc-out-of-bounds in __list_add_valid_or_report+0x4e/0x130 [ 188.105894][ T9] Read of size 8 at addr ffffc9000f4dc008 by task kworker/0:0/9 [ 188.105910][ T9] [ 188.105925][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 188.105952][ T9] Tainted: [L]=SOFTLOCKUP [ 188.105960][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 188.105974][ T9] Workqueue: usb_hub_wq hub_event [ 188.106006][ T9] Call Trace: [ 188.106016][ T9] [ 188.106024][ T9] dump_stack_lvl+0xe8/0x150 [ 188.106065][ T9] print_report+0xba/0x230 [ 188.106086][ T9] ? __list_add_valid_or_report+0x4e/0x130 [ 188.106111][ T9] kasan_report+0x117/0x150 [ 188.106144][ T9] ? __list_add_valid_or_report+0x4e/0x130 [ 188.106177][ T9] __list_add_valid_or_report+0x4e/0x130 [ 188.106206][ T9] kcov_remote_stop+0x457/0x680 [ 188.106233][ T9] hub_event+0x49d8/0x4f60 [ 188.106256][ T9] ? __lock_acquire+0x6b5/0x2cf0 [ 188.106292][ T9] ? __pfx_hub_event+0x10/0x10 [ 188.106323][ T9] ? process_scheduled_works+0xa25/0x1830 [ 188.106347][ T9] ? process_scheduled_works+0xa25/0x1830 [ 188.106370][ T9] process_scheduled_works+0xb02/0x1830 [ 188.106407][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 188.106435][ T9] ? assign_work+0x3d5/0x5e0 [ 188.106459][ T9] worker_thread+0xa50/0xfc0 [ 188.106492][ T9] kthread+0x388/0x470 [ 188.106522][ T9] ? __pfx_worker_thread+0x10/0x10 [ 188.106546][ T9] ? __pfx_kthread+0x10/0x10 [ 188.106566][ T9] ret_from_fork+0x51e/0xb90 [ 188.106591][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 188.106614][ T9] ? __switch_to+0xc7d/0x1450 [ 188.106637][ T9] ? __pfx_kthread+0x10/0x10 [ 188.106657][ T9] ret_from_fork_asm+0x1a/0x30 [ 188.106683][ T9] [ 188.106691][ T9] [ 188.106696][ T9] The buggy address belongs to a vmalloc virtual mapping [ 188.106715][ T9] Memory state around the buggy address: [ 188.106726][ T9] ffffc9000f4dbf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 188.106739][ T9] ffffc9000f4dbf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 188.106751][ T9] >ffffc9000f4dc000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 188.106760][ T9] ^ [ 188.106770][ T9] ffffc9000f4dc080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 188.106781][ T9] ffffc9000f4dc100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 188.106790][ T9] ================================================================== [ 188.106862][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 188.106880][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 188.106904][ T9] Tainted: [L]=SOFTLOCKUP [ 188.106910][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 188.106921][ T9] Workqueue: usb_hub_wq hub_event [ 188.106947][ T9] Call Trace: [ 188.106954][ T9] [ 188.106961][ T9] vpanic+0x56c/0xa60 [ 188.106990][ T9] ? __pfx_vpanic+0x10/0x10 [ 188.107016][ T9] ? __pfx___schedule+0x10/0x10 [ 188.107041][ T9] panic+0xc5/0xd0 [ 188.107067][ T9] ? __pfx_panic+0x10/0x10 [ 188.107090][ T9] ? preempt_schedule_thunk+0x16/0x30 [ 188.107115][ T9] ? __list_add_valid_or_report+0x4e/0x130 [ 188.107141][ T9] check_panic_on_warn+0x89/0xb0 [ 188.107163][ T9] ? __list_add_valid_or_report+0x4e/0x130 [ 188.107189][ T9] end_report+0x73/0x180 [ 188.107216][ T9] ? __list_add_valid_or_report+0x4e/0x130 [ 188.107242][ T9] kasan_report+0x128/0x150 [ 188.107271][ T9] ? __list_add_valid_or_report+0x4e/0x130 [ 188.107304][ T9] __list_add_valid_or_report+0x4e/0x130 [ 188.107331][ T9] kcov_remote_stop+0x457/0x680 [ 188.107354][ T9] hub_event+0x49d8/0x4f60 [ 188.107378][ T9] ? __lock_acquire+0x6b5/0x2cf0 [ 188.107413][ T9] ? __pfx_hub_event+0x10/0x10 [ 188.107444][ T9] ? process_scheduled_works+0xa25/0x1830 [ 188.107468][ T9] ? process_scheduled_works+0xa25/0x1830 [ 188.107492][ T9] process_scheduled_works+0xb02/0x1830 [ 188.107539][ T9] ? __pfx_process_scheduled_works+0x10/0x10 [ 188.107571][ T9] ? assign_work+0x3d5/0x5e0 [ 188.107604][ T9] worker_thread+0xa50/0xfc0 [ 188.107641][ T9] kthread+0x388/0x470 [ 188.107660][ T9] ? __pfx_worker_thread+0x10/0x10 [ 188.107685][ T9] ? __pfx_kthread+0x10/0x10 [ 188.107705][ T9] ret_from_fork+0x51e/0xb90 [ 188.107733][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 188.107756][ T9] ? __switch_to+0xc7d/0x1450 [ 188.107780][ T9] ? __pfx_kthread+0x10/0x10 [ 188.107803][ T9] ret_from_fork_asm+0x1a/0x30 [ 188.107826][ T9] [ 188.108148][ T9] Kernel Offset: disabled